Daily Archives: 2016-11-24

Introduction to Monero

Published by:

1. Monero – a short history

Monero is a cryptocurrency, launched on april 18 2014 as a fork of Bytecoin. Bytecoin was the original coin that first implemented the Cryptonote protocol (more on that further down). Once it surfaced the Bitcointalk forums, people discovered all sorts of shady things, among it the fact that more than 80% of the coins were already mined. So the community decided to fork a new coin, starting with 0 coins in circulation. Monero was born.

In the first months, Monero was only usable with a “command line wallet”. Therefore, a lot of people kept asking the devs, who didn’t even completely understood the basics of the Monero code, to create a GUI (Graphical User Interface). They started working on it, but on september 4 2014 a sophisticated attack happened on the Monero Network, so the devs changed course and started prioritizing the underlying code, to make the Monero network more resilient (more details at lab.getmonero.org MRL-2)

At the end of 2014, a Monero webwallet was launched by Riccardo “Fluffypony” Spagni, called “MyMonero”. You can find it at mymonero.com. Meanwhile, nothing much seemed to be happening “on the surface” for most people looking from the outside. But a lot of important work was in progress, such as the creating of a database-system which enabled the wallet to operate with only a little bit of RAM in stead of Gigabytes of RAM. Other improvements were implementing mnemonics, for easy backup. A lot of new code and documentation was written to implement options for faster syncing, faster node operation, integration with I2P started, etc. And eventually the GUI project was picked up again at the start of 2016.

This all was done by crowdfunding which means that community members donated money regularly to the development team. There is no “premine” or “ICO”. Monero is launched in a very fair manner, it’s open source and clearly is a grassroots currency.

2. Fungibility

The purpose of Monero is creating a fungible currency network. What does fungibility mean and why is it important?
Fungibility is an important property of any functioning currency. It’s the property that makes one unit of a currency always 100% exchangeable for another unit of the same currency. There shouldn’t be differences. Every coin need to be worth the same as another coin.

In Bitcoin, every transaction is traceable. This can lead to problems when receiving coins from an unknown source and later spending them. You can be accused of crimes in which those coins were used. This effectively decreases the value of these “tainted coins”. Another problem with traceability is that people can try to figure out your account balance or know on what items you spend your money.

You can however try to hide the traces of your coins. These techniques are called “mixing” and can be done in different ways. Sometimes centralized, sometimes decentralized, but there is always a possibility to see that certain coins were mixed. This can still lead to problems though, because mixed coins are probably tainted as well. Optional privacy doesn’t solve the fungibility issue of a traceable currency. I suggest to read the first part of this article I wrote to understand more about this topic: http://weuse.cash/2016/06/09/btc-xmr-zcash/

You can try to hide the traces of your coins as much as you want, if you tried to mix your non-fungible coins using a mixer, coinjoin or another type of “anonymity enhancing feature”, these transactions can still be flagged as “possible suspicious activity on the blockchain” because they are mixed, even if you are anonymous. So don’t confuse fungibility with anonymity. This is why “mixing technology” only works if it’s “on by default”. If everybody is mixing all the transactions all the time, then you can’t say anything useful about the data in the blockchain.

3. Ring Signatures

Ring signatures are used for obfuscating the real input in a transaction so it’s impossible to tell what the history is of every output on the blockchain.

Definition by Wikipedia:
In cryptography, a ring signature is a type of digital signature that can be performed by any member of a group of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular group of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the group members’ keys was used to produce the signature. (…) Ring signatures were invented by Ron Rivest, Adi Shamir, and Yael Tauman, and introduced at ASIACRYPT in 2001.

Ring signatures are applied on every input in every transaction. The sender just randomly selects some other outputs with the same amount from the blockchain and signs it with his private spend key. He doesn’t need any approval from the owners of the other outputs. This can even be done offline, making it possible to do secure offline signing and broadcasting the signed transaction on an online computer.

Maybe you ask yourself by now how you can detect double spends when there is plausible deniability for every transaction output? The answer lies in the mathematics again. A “key image” is published alongside a transaction. The key image proves that one of the inputs in the ring signature is real and when sender tries to double spend the same input, the key image will be exactly the same. You can find out more about the cryptography behind the key image in the Cryptonote whitepaper.

Because ring signatures are enforced across the network, all coins are mixed all the time. This adds fungibility to the protocol level of Monero. If we compare this with privacy features implemented in Bictoin, ZCash or DASH, we can clearly see the difference: if traceable transactions are still possible on the network, regulation can force this traceability in certain circumstances so you can never have fungibility.

And last but not least, this is tested cryptography. It exists since 2001 so we can assume it’s pretty reliable. Unlike ZCash, which is new cryptography and still largely untested.

4. Stealth addresses

Monero implements ‘Stealth addresses’, which is one (public) address that you can share with anyone, without enabling spectators to know anything about the transaction history or balance of this address. The Monero addressing system uses 2 private keys: a private viewkey and a private spendkey.

The private spend key pretty much works the same as in Bitcoin: you sign transactions with it. The private viewkey however is needed to search the blockchain for incoming payments. Only if you have access to that key, you can know a certain transaction output is associated with you Monero address.

In bitcoin (and most of the other cryptocurrencies) address reuse is often happening, which greatly decreases the pseudonimity of the network. Stealth addresses provide an easy way to protect and enhance your privacy. The blockchain data will not show any links between multiple transactions.

Although this isn’t perfect: if you use your address in multiple locations, there can be “off blockchain linking”. If you withdraw coins from an exchange and use the same address to withdraw funds from your webshop where you are selling plants, law enforcement is able to link your accounts based on the usage of the same address. Therefore, it is suggested to use a special kind of “one time address” for every service. All funds will enter the same account, but off blockchain linking won’t be possible.

5. RingCT

RingCT, short for Ring Confidential Transactions, is a new signature system proposed by Shen Noether in the MRL-5 paper. You can find it in the first edition of Ledger at ledgerjournal.org. It is based on the research by Gregory Maxwell on Confidential Transactions, but adapted to be able to work with Ring Signatures.

This technology enables users to hide the transaction amounts of transactions. It is “the last piece of the puzzle” for complete anonymity on the Monero network. It also solves some edge cases that could compromise the untraceability of Monero. RingCT is went live on the Monero main net on January 9 2016. At first, RingCT will be optional, but in the next hard fork (september 2017), RingCT transactions will be enforced by the network, without any option to “opt out”.

6. Kovri – I2P

Blockchain data is only one attack vector for the privacy of cryptocurrency users. It’s known that the Chainalysis company tries to identify users/nodes in the P2P network based on their IP address. The Kovri project tries to develop an I2P router in C++ that will eventually enable Monero users to hide their IP addresses when sending transactions. Kovri is not yet integrated with Monero and is still in a pre-alpha stage.

7. Conclusion

Monero is very important and revolutionary technology. It hides the sender, receiver and history of transactions. Soon the amounts will be hidden as well. It is pretty easy to deploy, doesn’t need a trusted setup (unlike ZCash) and it’s being tested in the wild for almost 3 years. The privacy features are enforced by the network which results in a much bigger anonymity set than bitcoin mixers or cryptocurrency with optional privacy features. It enables users to transact privately with a fungible currency in a decentralized network and therefore can withstand regulation from governments. Monero is true digital cash.