With the cryptocurrency industry booming, privacy on the blockchain has become an increasing concern. Since major tokens such as Bitcoin, Ethereum, and Litecoin only attain pseudo-anonymity, a project to implement privacy on cryptocurrency came into being. The following article will focus on the privacy aspect of Monero, the ultimate privacy cryptocurrency. (For more information about the special PoW algorithm that makes Monero unique, please refer to this article.)
Here are the five main privacy features, we’ll go through each with details
- Multiple Keys: fund viewing and moving access is isolated
- I2P: anonymizes the user from the networking aspect
- Ring Signatures: cloaks signatures by utilizing decoys
- Stealth Addresses: makes transactions unlinkable
- RingCT: hides transaction amount
The first thing that most users notice when they use Monero for the first time, is that the key pair consists of two key pairs instead of the usual one. A public and private key for both view and spend keys.
- Public View Key: aka stealth address generator, the first section of a Monero address is derived from it
- Private View Key: key used to scan the blockchain for owned funds
- Public Spend Key: used to verify key image signature, the second section of a Monero address is derived from it
- Private Spend Key: key image creator, used to send transactions
To sum it up, the view keys are for verifying that a transaction is received, while spend keys are used to send a transaction. Note that private view keys can be used (and is the only way) to create a watch-only wallet.
Proposal of I2P integration utilizing the kovri project, which is based on I2P specifications and written in C++ was proposed but later abandoned two years into development. The main feature of I2P is the ability to guard against network monitoring. Network packets are encrypted and routed through I2P nodes, which passes around the packets to hide the sender, receiver and contents. This provides an extra layer of protection on the networking level, effectively protecting the user from IP tracing.
However, Monero daemon still supports by using I2P via I2P-zero as a proxy option in addition to tor socks. It allows users to still benefit from the privacy that I2P provides without going through much trouble.
Normal cryptocurrency payments relies on inputs and outputs to record the transactions onto the ledger. Explorers and analysis software can trace the flow of funds via the data, which makes all transactions on the chain public. This is a trait that privacy coins, such as Monero, tries to avoid.
In order to maintain the privacy of the sender, a concept called ring signatures is introduced to Monero. Users can select a number of random outputs on the blockchain and sign them along with the output of the transaction he/she wants to send while generating a unique key image (to prevent double spending). The total number of the decoys and actual outputs is called ring size.
So now, all outputs are likely to be the transaction sent, resulting in observers unable to tell which output was actually sent by the sender. On the other hand, anyone in possession of a private view key will be able to scan the blockchain and identify which transaction is in the corresponding wallet.
After considering the method to anonymize the sender, we now will discuss the receiver’s part. This is when the “stealth address” comes in.
Normally in a crypto transaction, when someone sends a transaction to you, the balance is credited to your address. However, this action is pseudo-anonymous. If your address gets linked to your real identity, all your transactions will be linked back to you.
So basically, the solution that Monero offers is to generate a new one-time disposable address for each transaction that can be spent by the receiver.
Stealth addresses are generated by the sender with the receiver’s public view key and public spend key. The sender then sends the funds to the disposable address. The receiver can check if funds are received by scanning the blockchain with his private view key, and spend the funds by generating a corresponding private key for the stealth address by his private spend key.
Now, our payment flow has successfully anonymized both the receiver and sender. However, anyone can simply correlate amounts specified in the transaction and analyze the sender/receiver of each transaction.
Basically, RingCT (Ring Confidential Transactions) works by obfuscating the the amount transferred via cryptography and leaving sufficient information. The zero-knowledge proof scheme used by RingCT is Pedersen commitments. The commitment is calculated on the input and output values to check if they are equal(you spend what you own) and that both parties of the transaction are not fraudulent.
Another crucial component of RingCT is range proofs. Since comparing commitments can only ensure that the input and output is equal, a method has to be implemented to ensure that malicious actors cannot simply transact negative amounts(and boost their balance). Range proof is an accumulative commitment of Borromean signatures of bit commitments(signed individual spoofed bits). It ensures that the input and output amounts are not negative.
In my opinion, Monero is the only mainstream cryptocurrency currently that provides complete and impenetrable privacy features. As privacy becomes more of an international concern, I shall say that it will continue to evolve in the foreseeable future.
Let me know what you think!