Monero (XMR) vs PIRATE (ARRR)

A technical comparison between the highest valued privacy-centered cryptocurrency Monero and the strongly upcoming privacy-centered cryptocurrency PIRATE.

Flexatron

Published in

Pirate Chain

9 min readNov 9, 2018

Welcome to the 2nd installment of our technical comparison series featuring no other than Monero!

As it stands, Monero is the highest valued cryptocurrency focused on privacy. We strive to stay as objective as possible and reference every source. Let me know if anything’s off or outdated in the comments please.

Let’s STARRRT!

XMR

Monero is one of the pioneers of the CryptoNote technology which was forked from Bytecoin and therefore it doesn’t need much introduction. According to their website Monero should be the following:

Monero is the leading cryptocurrency with a focus on private and censorship-resistant transactions. Monero transactions are confidential and untraceable.

We are gonna dive deeper into these characteristics which are mentioned above.

Privacy and censorship-resistant

Cryptonote technology is an improvement to the Bitcoin protocol in terms of privacy. Cryptonote transactions combine unlinkable public keys and untraceable ring signatures [1]. Since the 19th of October 2018, Monero uses a ring signatures protocol called “Bulletproof”.
Bulletproof is a simple and efficient multi-party computation (MPC) protocol that allows multiple parties with secret committed values to jointly generate a single small range proof for all their values, without revealing their values to each other [2]. This protocol is possible without a trusted setup, contrary to Zcash and its forks. The trusted setup is a much debated topic with opposing views. Read more about that here.

Ring signature blockchain analysis. Source here.

Because of the use of ring signatures, analysis of Monero’s blockchain is difficult, as pictured in the figure above. The difficulty of finding the correct sender is increasingly difficult with bigger ring sizes. The ring size is the total number of possible signers, including yours, which in turn determines the complexity and difficulty of finding the “real output”. A higher ring size number thus provides a higher level of privacy than a lower number. However, it’s not adviced to reuse an odd recognizable ring size number to prevent standing out from other transactions [3].

Forced usage of ring signatures with unlinkable public keys makes Monero more fungible compared to protocols containing the usage of transparent addresses.

What’s meant with fungible?

Fungibility

In economics, fungibility is the property of a good or a commodity whose individual units are essentially interchangeable. Wikipedia

In short, attempting to execute private transactions on a transparent chain can damage the fungibility of the currency. Activity on the blockchain can reveal for instance that one attempted to mix coins. This act in itself could be considered money laundering your coins, or you could receive coins that have been masked as laundered. This brings fungibility risks such as the possibility of blacklisting coins or potentially degrading the value of the coins. It is therefore desirable to use a cryptocurrency which doesn’t have a history of transparent transaction in its blockchain, if you want to conduct private transactions that is.

Other non-privacy related features of Monero [4]:

Block time: 2 minutes
It uses the CryptoNight v8 algorithm for consensus (ASIC resistant)
Dynamic blocksize
Dynamic transaction fee (current fee: roughly 0.02$)
Unlimited supply (current supply: 16.5M XMR, 18.1M before June 2022, after that 0.3 XMR reward per block infinitely)
Transaction per second: 4–1600+ TPS (largely limited by storage and bandwidth limitations -> transactions are approx. 3 kb)

Monero is a cryptocurrency with awesome features such as forced anonymity, fungibility and a signature scheme which doesn’t need a trusted setup to work. It has earned its stripes through the years and it’s constantly improving its encryption scheme such as increasing the minimum ring size and lowering the transaction size for scalability and adoption. Monero especially showed to care about its privacy features, when a group of researchers found that 80% of the transactions conducted before February 2017 were relatively easily traceable to the source because of a weak mixin samping distribution scheme part of the Ring CT [5].
The fundamental problem of coin mixing methods though, is that transaction data is not being hidden through encryption. RingCT is a system of disassociation where information is still visible. Keep in mind that a vulnerability might still be discovered at some point in the future which allows traceability, since Monero’s blockchain provides a record of every transaction that has taken place.
Another smaller weakness of Monero is an attack where a node can figure out the IP addresses of incoming transaction when the sender uses a light wallet. This is being solved with the development of Kovri, which is an Invisible Internet Project (I2P) router in C++. With Kovri implemented and activated, transactions would be pushed to the network within I2P. However, I2P speeds are limited so many nodes would likely still sync over clearnet.
Furthermore, Monero is theoretically subject to potential 51% attack as it is dependent on the security of its own hashrate, however that would be a very costly endeavour and thus very unlikely.

ARRR

PIRATE (ARRR) is an assetchain (independent blockchain) out of the Komodo ecosystem which makes it based on Zcash tech, but with different features which are determined by the parameters set in the Komodo assetchain.

Zcash technological background and superior privacy tech

Zcash uses specific zero-knowledge proofs called zk-SNARKs (zero-knowledge succinct non-interactive arguments of knowledge) which allow transaction data to be validated without revealing ANY information about the amount and the parties involved [6]. Zcash allows users to send from either transparent addresses (t-addresses) or shielded addresses (z-addresses). Privacy of Zcash’s shielded transactions is achieved through hashing of the commitments(UTXO) and nullifiers (spent outputs). For each new note created by a shielded payment, a commitment is published which consists of a hash of: the address to which the note was sent, the amount being sent, a unique number “rho” later used to derive the nullifier and a random nonce [7]. The zk-SNARK technology is heralded as superior to Monero’s Ring CT in terms of privacy by a firm in a recent study.

What does Monero core dev: Riccardo “fluffypony” Spagni have to say?

zk-SNARKS provide a much stronger untraceability characteristic than Monero according to a Core Monero Dev

Riccardo “fluffypony” Spagni, one of Monero’s core devs openly stated zk-SNARKS provide a much stronger untraceability characteristic than Monero.

Zcash’s zero-knowledge proofs rely on a set of public parameters which allow users to construct and verify private transactions. Due to cryptographic limitations, these parameters must be generated in a setup phase (ceremony): random numbers referred to as “toxic waste” are sampled. In order to ensure the toxic waste does not come into existence and wreaks havoc on the system, Zcash team designed multi-party computation (MPC) protocols which allow multiple independent parties to collaboratively construct the parameters. An improved process and an increased number of participants was used for Sapling called Powers of Tau, the world’s largest multi-party computation ceremony. The higher the number of participants the lower the chance they all will collude.

Shielding addresses in Zcash used to require a significant amount of computational power, which in turn might explain the relative low % of shielded funds in Zcash. With Sapling active, this is currently changing: payments involving Sapling z-addresses can be constructed in as little as a few seconds and with only 40 megabytes of memory, this should in theory encourage the usage of shielded funds.

But…

Fungibility in Zcash with Sapling

The performance upgrades of Sapling unfortunately comes at a privacy cost. Sapling transactions reveal more metadata than the legacy JoinSplit operations as they show the number of inputs and outputs used. Legacy JoinSplit transactions on the other hand hid the number of inputs and outputs used/sent in a transaction. Researchers and attackers now have an additional method of tracing transactions, as the type of shielded transactions sent can be deduced from the information about the number of in- and outputs. Previous research before Sapling, had already identified most of the shielded pool as related to “mixing” which greatly hurts the fungibility.

One of the solutions to this fungibility problem would be to restrict the transactions to the usage of shielded only.

So…

What if we would have a coin with a complete pool of shielded funds?
That would make Zcash near perfect..

Ultimate Privacy in PIRATE..

What makes PIRATE unique is that it’s a forced shielded-transactions only blockchain utilizing zk-SNARKS technology (z-transactions) the best privacy tech there is and it is protected by BTC hashrate. PIRATE is mined into a transparent address, but can only go into a shielded address from there [8]. The result of this feature is that atleast 99.99% of ARRR is shielded, dramatically increasing the privacy of the usage of the blockchain for sending funds. Furthermore, PIRATE supports TOR to obfuscate geographic location (IP).

Security

PIRATE is protected against majority hash attacks (reorganizations) through bitcoin’s hash rate. Bitcoin network hashrate is insanely high and will probably not be surpassed at any point in the foreseeable future. Delayed proof-of-work utilizes this enormous power of the bitcoin network to protect its blockchain to 51% attacks. Protection is achieved by storing backups of the KMD blockchain onto the Bitcoin blockchain. dPoW has been successfully implemented in Komodo, Game Credits, Einsteinium, Pungo, HUSH and PIRATE.

Other non-privacy related features of PIRATE [9]:

Blocktime: 60 seconds
Mining algorithm: Equihash PoW
dPoW implementation
Transaction fee: 0.0001 ARRR
Max. supply of 200 million ARRR
Transactions per second: 6–26 TPS (Higher TPS expected with Sapling)
Sapling support in development making shielded tx sizes +- 2000 bytes and a host of other benefits.

Conclusion

Monero is a cryptocurrency which has earned its stripes through being one of the most used anonymous coin and continuously improving its privacy tech, such as after being warned by scientists. Monero contains respectable features such as forced anonymity, fungibility and Bulletproof Ring CT (coin mixing) which doesn’t need a trusted setup to work. Problems may arise in the future though because of the inherent properties of coin mixing methods, which is that transaction data is not being hidden through encryption. RingCT is a system of disassociation where information is still visible after mixing and there lies always a risk sophisticated computers and agencies may crack it. Monero is more vulnerable to 51% attacks than PIRATE because PIRATE is protected through bitcoin’s hash rate which is more expensive than Monero’s hashrate right now.

Another advantage of PIRATE compared to Monero is that PIRATE offers forced anonymity and fungibility with a fully encrypted private blockchain which is made possible by zk-SNARKS, to hide all traces of the transactions and account balances.
The workings of zk-SNARKS does need a trusted setup. An improved ceremony process protocol is proposed and an increased number of participants has been used for Sapling called Powers of Tau, the world’s largest multi-party computation ceremony.

PIRATE and Monero both do not have a premine or dev tax such as Zcash, so there are others similarities amongst the two cryptocurrencies as well.

We are hereby, again, ending the article with a summary of the main conclusion of the comparison: