Monero — An Anonymous CryptoCurrency

Akash Kandpal
Dec 29, 2017 · 9 min read

Monero vs Bitcoin Overview

Let’s face it. Bitcoin is traceable.

  • You can send bitcoin only by literally pointing to a previous tx in the chain that sent them to you
  • That tx points to the previous tx all of the way back until the coinbase transaction that it was originally created in.
  • You can look up your transaction in a blockchain explorer.
  • Can be hard to do manually (complexity gets exponential with more txs), but easy if you write a search script.
  • Just ask the founder of Silk Road (he’s in jail now)

You could attempt anonymous transactions with Bitcoin 3 way

  1. Create a new wallet before and after every tx, but an investigator could easily follow the movement of money from one wallet address to the next. (as soon as the money is used, that endpoint person can be squeezed for info!)
  2. You could “wash” your money through a “tumbler”. It aggregates your money with many other funds, then sweeps them through large financial institutions, and then out to smaller wallets at random intervals in small, random balances. (could be deemed supporting evidence of criminal intent by a court)
  3. You could also wash your money by purchasing assets, then shifting it back into Bitcoin, and with each transaction passing through a combinator. (usually illegal)

Who controls what money? Who owns which wallet???

Wait, isn’t untraceability only good for criminals? No.

  • Companies mine your your identity/purchase history/buying habits all the time.
  • But you should control who gets access to this data. You should earn profit when companies mine your data for predictive analytics. Anonymity gives control of your data back to you.

The Cryptonote Protocol introduced the idea of anonymous, not pseudonymous txs

  • It powers several privacy oriented digital currencies (including Monero)
  • CryptoNote’s transactions cannot be followed through the blockchain in a way that reveals who sent or received coins.
  • Monero is a version of cryptonote that hides the sender, amount, transaction broadcast, and receiver with ring signatures, RingCT, Kovri, and stealth addresses, respectively.

Unlinkable transactions

The concept of ‘unlinkability’ means that received transactions are associated with a one-time address that is not linked to your public address. It also means that two transactions sent to your public address cannot be associated as having the same recipient.

In Bitcoin….

  • Everyone has a public address, like this: 1EjqMGa5j6JNQDMNXkrRZq7WSmqLRzn9fU
  • Use it to receive funds, anyone can see how much
  • When sending funds, you announce to the entire Bitcoin network that the funds that you own now belong to the recipient’s public address. The tranaction is fully public.

in Monero….

  • Everyone has a public address, like this 43EH3omZSUYCmJYskCUx2tV5oB5tLVrp58AeMYLrFhcz2umUVQHiHu62nG5CS3mvcfgKHC3fPtq6DHkEbMjqvCAZJW5nw9E
  • Unlike Bitcoin, your funds are not associated with your public address.
  • When you send funds to someone’s public address, you actually send the funds to a randomly created brand new one-time destination address. No public record of sending or receiving funds.
  • Your public address will never appear in the public record of transactions. Instead, a ‘stealth address’ is recorded in a way that only you, the recipient, can recognize the incoming funds.
  • When the recipient checks for funds, they need to scan the Monero blockchain to see if any transactions are destined for them. The recipient has a secret view key which is used to check each transaction to see if it was addressed to them. Because the recipient is the only one that knows the secret view key, only the recipient can see that funds have been sent to them.
  • This is why, if you launch your Monero wallet, you will see it ‘scanning’ the blockchain. This is done to check if any transactions have occurred that have you as the recipient. Note that you can give your ‘secret view key’ to others so that they can also see what funds you have received. They will only be able to view the transactions and not make any transactions on your behalf.

Untraceable payments

  • The Monero money supply is divided into outputs (divisions of currency).
  • These outputs store a certain value of Monero each, and the value they hold can change over time.
  • Suppose these are all the outputs that exist, and the one you control and can spend is highlighted in red.
  • When you create a Monero transaction, you use a ring signature to hide which input is actually being spent.
  • This is done by making it seem as if all of the chosen inputs are the possible real sender.
  • In the photo, your real input is red, and five selected inputs are blue. These inputs can be controlled by anyone else, and you do not need their permission to add their input to the ring signature. You will sign all of these inputs such that an outside observer can not determine which is the real one being spent. Obviously, no one knows that yours is highlighted red :)

Once you have selected the other inputs, you need to finish creating the RingCT ring signature.

You sign it so it appears in such a way that all these inputs appear to be the real one used. This signature includes several other important elements

The key image is critically important. It’s a one-way reference to the real input (the red one). This key image is given to the network as proof that the signature was created appropriately. The network verifies that this image has not been used before (to prevent double spends) and that it isn’t a made-up number (to prevent people from spending money they never had). The network can verify this information without knowing which input is the real one.

Next is the pedersen commitment. This is used to prevent other people from knowing how much is actually being spent. You can use this commitment to commit to spending a certain value that you have the authority to spend, but other people no longer know what this value is.

This pedersen commitment is the critical component of ring confidential transactions, or RingCT. It hides the actual value a by adding a random number x. The commitment value is calculated for the set of inputs and outputs in the transaction, and it is broadcast to the network.

It all comes together to form the RingCT ring signature. This results in an unknown amount of Monero being spent. The commitment public key is what is used by the network to verify the commitment.

So how do outputs get used over time? Let’s compare Bitcoin and Monero to find out.

In the picture above, I have created a theoretical history for the output you control. All of the blocks highlighted red are ones where the output appears. If this was for Bitcoin, you would be able to easily tell that this output was transferred from user A to B to C, etc. However with Monero, this is not so simple.

There are three reasons for an output to show up in a block:

  • It is new money and a coinbase transaction
  • It was actually spent
  • It was added as a decoy in a ring signature

Since there is no way to differentiate between case #2 and case #3, outside observers have no idea if an output is actually being spent, even though it appears on the blockchain several times. Since every transaction includes multiple decoys, it’s more likely than not that the output is not actually spent despite appearing in a certain block.

And with that, we have completed the discussion on ring signatures and RingCT!

  • We don’t want the sender of a transaction to notice when the recipient of the transaction then spends the funds in a new transaction. Monero solves this problem through the use of ‘ring signatures’.
  • Ring signatures enable ‘transaction mixing’ to occur. Transaction mixing means that when funds are sent, the sender randomly chooses several other users’ funds to also appear in the transaction as a possible source of the funds being sent.
  • The cryptographical nature of the ring signature means that no one can tell which of the funds were really the source of the transaction — not even the person that gave the funds to the sender in the first place.
  • A system of ‘key images’ associated with each ring signature ensures that although no one can tell the true source of the funds, it can be easily detected if the sender attempts to anonymously send their funds twice.
  • The number of people that are added to the list of possible senders in a transaction is often referred to as the ‘mixin’ level. Because using a larger mixin level increases the size of the transaction for the Monero network to process, there is a slightly larger fee associated with your transaction if you increase the mixin level.
  • In addition to providing that no one can tell whom they have received funds from, an extension to the system of ring transactions has been developed known as RingCT. It hides not only the source of funds being sent, but also hides the amounts of the funds being sent from being visible on the blockchain. This is achieved by applying a mathematical function to all funds such that public observers can see that the transactions are legitmate, but only the sender and receiver can know the actual amounts. This prevents theoretical attacks through blockchain analysis that could otherwise be possible if the real amounts of transactions taking place were a matter of public record.
  • Finally, project Kovri, which is currently in development, will hide your internet traffic so that passive network monitoring cannot reveal that you are using Monero at all. This is achieved by encrypting all of your Monero traffic and routing it through I2P (Invisible Internet Project) nodes. These nodes pass your messages along and have no visibility over what is in them. They do also not know whether the destination they’re sending your messages to is the final destination or just a waypoint which will further forward your message. Passive listeners can tell you are using I2P, but cannot tell what you are using it for or what destinations you are interacting with.

double-spending proof

blockchain analysis resistance

A CryptoNote blockchain reveals only amounts and one-time addresses that cannot be linked to any other transactions made by the sender or recipient, rendering blockchain analysis useless to anyone seeking to identify individuals transacting in these currencies.

adaptive parameters

As we went over, a Monero transaction has an ambiguous output origin, an unknown amount in a commitment, and an unknown receiver. For every transaction on the network, all of the information stored on the blockchain is obfuscated.

How to buy Monero ??

Mining Monero

Credit :: Siraj Raval

Final words :

Follow me as I write about Algorithms ,Competitive Programming , Python , Web Development,Machine Learning ,Deep Learning and Data Science . You can follow me and my code on Github

Have a nice day !!!

Happy Coding !!

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade