Monero: Difference between revisions

Monero

Monero Logo
ISO 4217
Unit
Plural	Monero, moneroj
Symbol	ɱ‎
Demographics
Date of introduction	18 April 2014; 10 years ago (2014-04-18)
User(s)	Worldwide
Unofficial.

Monero (XMR) is an open-source cryptocurrency created in April 2014 that focuses on privacy, decentralisation and scalability. Unlike many cryptocurrencies that are derivatives of Bitcoin, Monero is based on the CryptoNote protocol and possesses significant algorithmic differences relating to blockchain obfuscation.^[1] Monero experienced rapid growth in market capitalization (from US$5M to US$185M)^[2] and transaction volume^[3] during the year 2016, partly due to adoption by major darknet market AlphaBay at the end of summer 2016.^[4]

History

Monero was launched on 18 April 2014 originally under the name BitMonero, which is a compound of Bit (as in Bitcoin) and Monero (literally meaning "coin" in Esperanto). Five days later, the community opted for the name to be shortened just to Monero. It was launched as the first fork of CryptoNote-based currency Bytecoin, however was released with two major differences. Firstly, the target block time was decreased from 120 to 60 seconds, and secondly, the emission speed was decelerated by 50% (later Monero reverted to 120 seconds block time while keeping the emission schedule by doubling the block reward per new block). In addition, the Monero developers found numerous incidents of poor quality code that were subsequently cleaned and re-constituted.^{[citation needed]}

A few weeks after launch, an optimized GPU miner for CryptoNight proof-of-work function was developed.^[5]

On 4 September 2014, Monero recovered from an unusual and novel attack executed against the cryptocurrency network.^[6]

On 10 January 2017, the privacy of Monero transactions strengthened further with the optional use of Bitcoin Core developer Gregory Maxwell's algorithm Ring Confidential Transactions, starting at block #1220516.^[7][8][9] A ring signature algorithm introduced an additional layer of confidentiality by not displaying the amounts implicated in a transaction to someone who did not directly take part in it. RingCT transactions are enabled by default, but it is still possible to send a transaction without RingCT until the next hard fork in September 2017.^[10] By early February, over 95% of all non-coinbase transactions used the optional RingCT feature.^[11]

Features

Monero is an open-source pure proof-of-work cryptocurrency. It runs on Windows, Mac, Linux and FreeBSD.^[12]

Its main emission curve will issue about 18.4 million coins to be mined in approximately 8 years.^[13][14] (more precisely 18.132 Million coins by ca. end of May 2022^[15][16]) After that, a constant "tail emission" of 0.6 XMR per 2-minutes block (modified from initially equivalent 0.3 XMR per 1-minute block) will create a sub-1% perpetual inflation (more precisely [see ref. above] starting with 0.87% yearly inflation around May 2022) to prevent the lack of incentives for miners once a currency is not mineable anymore.^[17] The emission uses a smoothly decreasing reward with no block halving (any block generates a bit less monero than the previous one, formula: Emission per 2-minutes block = max(0.6, floor((M − A)×2⁻¹⁹)×10⁻¹²) XMR, with M = 2⁶⁴ − 1 and A = 10¹² times the amount of XMR already emitted). The smallest resolvable currency unit is 10⁻¹² XMR. The proof-of-work algorithm, CryptoNight, is AES-intensive and "memory heavy", which significantly reduces the advantage of GPU over CPU.

Privacy

The changes in the results of blockchain analysis after implementing the ring signatures.

Monero protects privacy in three ways for all transactions on the network: 1) ring signatures hide the sending address, 2) RingCT hides the amount of the transaction (currently enabled by default and mandatory by the end of the 2017), and 3) stealth addresses hide the receiving address of the transaction.^[18] A planned fourth way conceals the origin node for transactions in I2P, and the Kovri router that would allow for this is currently in development. The following paragraphs describe these three technologies in more depth.

Monero daemon uses the original CryptoNote protocol except for the initial changes (as the block time and emission speed). The protocol itself is based on stealth addresses and "one-time ring signatures"^[19], invented by Ron Rivest, Adi Shamir, and Yael Tauman (2001)^[20] and modified by E. Fujisaki and K. Suzuki (2007)^[21]. Cryptography used for signature is essentially Daniel J. Bernstein's library for Ed25519, which is Schnorr signatures on the Twisted Edwards curve. The end result is passive, decentralised mixing based on heavily-tested algorithms.^[22]

However, several improvements were suggested by Monero Research Lab which covered the proper use of ring signatures for better privacy.^[23] Specifically, the proposals included "a protocol-level network-wide minimum mix-in policy of n = 2 foreign outputs per ring signature", "a nonuniform transaction output selection method for ring generation" and "a torrent-style method of sending Monero output".^[24] These changes, which were implemented in version 0.9.0 "Hydrogen Helix",^[25] can help protect user's privacy in a CryptoNote-based currency according to the authors.

As a consequence, Monero features an opaque blockchain (with an explicit allowance system called the viewkey), in sharp contrast with transparent blockchain used by any other cryptocurrency not based on CryptoNote. Thus, Monero is said to be "private, optionally transparent". On top of very strong privacy by default, such a system permits net neutrality on the blockchain (miners cannot become censors, since they do not know where the transaction goes or what it contains) while still permitting auditing when desired (for instance, tax audit or public display of the finances of an NGO).^[26] Furthermore, Monero is considered by many to offer truly fungible coins.^[27][28][29]

In April 2017, several research papers criticized the input selection method,^[30][31] arguing that the current method makes it easier to guess the real transaction input than ideal. Community discussions have been in progress through most of 2017 to improve this selection algorithm to better reflect real use.^[32]

Decentralisation

"Monero is powered strictly by Proof of Work, but specifically, it employs a mining algorithm that has the potential to be efficiently tasked to billions of existing devices (any modern x86 CPU)."^[33] Monero uses the CryptoNight Proof of Work (PoW) algorithm, which is designed for use in ordinary CPUs.^[34]

The smart mining feature allows transparent CPU mining on the user's computer, far from the de facto centralization of mining farms and pool mining, pursuing Satoshi Nakamoto's original vision of a true P2P currency.^[35] Smart mining is currently available in the CLI wallet for all operating systems.

Scalability

Monero has no hardcoded maximum block size, which means that unlike Bitcoin it does not have a 1 MB block size limit preventing scaling. However, a block reward penalty mechanism is built into the protocol to avoid a too excessive block size increase: The new block's size (NBS) is compared to the median size M100 of the last 100 blocks. If NBS>M100, the block reward gets reduced in quadratic dependency of how much NBS exceeds M100. E.g. if NBS is [10%, 50%, 80%, 100%] greater than M100, the nominal block reward gets reduced by [1%, 25%, 64%, 100%]. Generally, blocks greater than 2*M100 are not allowed, and blocks <= 60kB are always free of any block reward penalties.

Release 0.10.1 added a dynamic fee system using the formula Fee=(R/R0)*(M0/M)*F0.^[36] As usage of Monero increases, the per-transaction fees will decrease while the total transaction fees will increase.^[37]

The Monero Core Team also released a standard called OpenAlias,^[38] which permits much more human-readable addresses and "squares" the Zooko's triangle. OpenAlias can be used for any cryptocurrency and is already implemented in Monero, Bitcoin (in latest Electrum versions) and HyperStake.

Ongoing work and side projects

• RingCT: a way to implement confidential transactions in Monero. Confidential transactions (CT) is a method for hiding the value of transactions in Bitcoin.^{[39] [40]}
• OpenAlias: an extensive aliasing blockchain-based system;^[41]
• Kovri: a privacy solution for integrating I2P in Monero;^[42]
• URS: the proof-of-concept of an anonymous voting system, based on ring signatures ^[43]
• 0MQ: a C API library used by clients to connect to the Monero daemon service.^[44]
• Electrum's mnemonic seeds for deterministic -key creation in webwallet ^[45]
• The Monero Core Team continues to depart from the original Bytecoin code with numerous patches and improvements to its implementation of the CryptoNote protocol.^[46]

Release history

Version	Release Date	Major Updates
0.8.8.6	8 December 2014	Fixed Windows builds, multilanguage mnemonic
0.9.0 "Hydrogen Helix"	1 January 2016	ARM support, 32-bit Windows support, OpenAlias, LMDB, block time increased to 2 minutes
0.9.1 "Hydrogen Helix"	15 January 2016	Bug fixes and security improvements
0.9.2 "Hydrogen Helix"	16 March 2016	LMDB improvements, bug fixes
0.9.3 "Hydrogen Helix"	21 March 2016	Windows 32-bit, bug fixes
0.9.4 "Hydrogen Helix"	2 April 2016	Bug fixes
0.10.0 "Wolfram Warptangent"	18 September 2016	RingCT, performance improvements to HDDs, ARMv8 support, key image import and export
0.10.1 "Wolfram Warptangent"	13 December 2016	RingCT improvements, dynamic fee system, support for "fluffy blocks", GUI support
0.10.2 "Wolfram Warptangent"	22 February 2017	Android support, smart mining on Linux, speed improvements to RingCT, fix to exploit vulnerability.
0.10.3 "Wolfram Warptangent"	25 March 2017	Wallet scanning improvements, peer bugfixes
0.10.3.1 "Wolfram Warptangent"	26 March 2017
0.11.0 "Helium Hydra"	7 September 2017
0.11.1 "Helium Hydra"	25 Oktober 2017

See also

• Alternative currency
• Alternative finance
• Anonymous Internet banking
• Bitcoin
• Crypto-anarchism
• Electronic money
• Esperanto
• Private currency
• Proof-of-work system
• World currency

References

1. "Nope. You are confused. You should consider this great news because you are abou... | Hacker News". news.ycombinator.com. Retrieved 2015-10-04.
2. "Monero (XMR) Market Capitalization". www.coinmarketcap.com. Retrieved 5 September 2016.
3. http://monerostats.com/charts/?type=transactions
4. Aliens, C. (23 August 2016). "AlphaBay and Oasis Markets to Begin Accepting Monero for Payments".
5. Andersen, David. "Minting Money with Monero ... and CPU vector intrinsics". da-data.blogspot.ru. Retrieved 30 March 2015.
6. Macheta, Jan; Noether, Surae; Noether, Sarang; Smooth, Javier. "Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol" (PDF). getmonero.org. Retrieved 4 April 2015.
7. https://lab.getmonero.org/pubs/MRL-0005.pdf
8. "monero-project/monero". GitHub. Retrieved 2017-01-10.
9. "blox.supportXMR.com". explore.moneroworld.com. Retrieved 2017-01-10.
10. "Will there be a January hard-fork for RingCT?". stackexchange.org. Retrieved 27 January 2017.
11. "RingCT transactions (excluding coinbase)". MoneroBlocks. Retrieved 4 March 2017.
12. Latapie, David. "What's so special about Monero". Getmonero.org. Retrieved 19 March 2015.
13. "Monero Economy". bitcointa.lk. Archived from the original on March 7, 2016. Retrieved 4 April 2015. {{cite web}}: Unknown parameter |deadurl= ignored (|url-status= suggested) (help)
14. "Bitcoin and Monero – Comparison of Money Supply and Block Reward". imgur.com. Retrieved 4 September 2016.
15. "Reddit – What are the basic parameters/characteristics of Monero – Answer by XMR Core Team Member". reddit.com. Retrieved 4 Sep 2016.
16. "Reddit – Useful For Learning About Monero: Coin Emission And Block Reward Schedules: Bitcoin vs. Monero, all at a glance!". reddit.com. Retrieved 4 Sep 2016.
17. Hutchinson, Martin. "Breakingviews: Bitcoin's defects will hasten its demise in 2015". reuters.com. Retrieved 19 March 2015.
18. "Monero: The Essentials". YouTube. Retrieved 4 March 2017.
19. Saberhagen, Nicolas. "CryptoNote" (PDF). cryptonote.org. Retrieved 5 October 2015.
20. How to leak a secret, Ron Rivest, Adi Shamir, and Yael Tauman, ASIACRYPT 2001, pp 552-565. doi:10.1007/3-540-45682-1_32
21. Eiichiro Fujisaki and Koutarou Suzuki. Traceable ring signature. In Public Key Cryptography, pages 181–200, 2007.
22. Spagni, Riccardo. "Alright devs, own up: what's the deal with "magic" block 202612?". Reddit. Retrieved 29 March 2015. Based on our current level of technology and our current understanding of cryptography there is no vulnerability in ring signatures, not in theory nor in our implementation (which is mostly based on old, exceedingly well-tested cryptography and code from SUPERCOP / libsodium / NaCL). The cryptography is directly based on work that is nearly 10 years old, which in turn is grounded in cryptography in a paper from 1991, so we're talking about something that has already been analysed by very gifted cryptographers.
23. "Monero Research Labs". getmonero.org. Monero. Retrieved 31 March 2015.
24. Mackenzie, Adam; Noether, Surae; Monero Core Team. "Improving Obfuscation in the CryptoNote Protocol" (PDF). getmonero.org. Retrieved 31 March 2015.
25. https://getmonero.org/2016/01/01/monero-0.9.0-hydrogen-helix-released.html
26. Latapie, David. "March FinTech Open Mic Night – Monero". youtube.com. Retrieved 4 April 2015.
27. "Monero is not an Altcoin – The arrival of fungible digital money". steemit.com. Retrieved 3 September 2016.
28. "On Fungibility, Bitcoin, Monero and why ZCash is a bad idea". weuse.cash. Retrieved 3 September 2016.
29. "About Monero". getmonero.org. Retrieved 3 September 2016.
30. Miller, Andrew; et al. "An Empirical Analysis of Linkability in the Monero Blockchain" (PDF). MoneroLink. Decentralized Systems Lab. Retrieved 4 May 2017. {{cite web}}: Explicit use of et al. in: |last1= (help)
31. Kumar, Amrit; et al. "A Traceability Analysis of Monero's Blockchain". University of Singapore. Retrieved 4 May 2017. {{cite web}}: Explicit use of et al. in: |last1= (help)
32. "[Discussion] Raising the mandatory ringsize in the v6 hardfork, September 2017". GitHub. GitHub. Retrieved 4 May 2017.
33. "About Monero". getmonero.org. Retrieved 3 September 2016.
34. "CryptoNight". Bitcoin Wiki. Retrieved 3 September 2016.
35. "Bitcoin whitepaper". Bitcoin Wiki. Retrieved 5 April 2015.
36. "Dynfee #1276". GitHub. Retrieved 28 February 2017.
37. "How does the dynamic fee calculation work?". StackExchange. Retrieved 28 February 2017.
38. "OpenAlias official website". openalias.org. Retrieved 19 March 2015.
39. http://eprint.iacr.org/eprint-bin/getfile.pl?entry=2015/1098&version=20151217:200440&file=1098.pdf
40. Allison, Ian (9 September 2016). "Monero opens up: 'We're about as private as you can get'". International Business Times UK. Retrieved 5 June 2017.
41. "OpenAlias official website". getmonero.org. Retrieved 30 March 2015.
42. "The-Privacy Solutions Project". geti2p.net. Retrieved 30 March 2015.
43. "monero-project/urs". GitHub. Retrieved 2017-04-18.
44. "0MQ GitHub". github.com. Retrieved 3 September 2016.
45. "MyMonero". mymonero.com. Retrieved 30 March 2015.
46. "Github – monero-project". github.com. Retrieved 4 April 2015.

External links

• Official website
• The Monero project on github
• Monero on reddit
• Monero on StackExchange