Monero: Difference between revisions

Monero

Monero Logo
Denominations
Plural	Monero, moneroj
Symbol	ɱ
Code	XMR[a]
Previous names	BitMonero
Subunits
1⁄1000000000000	piconero
Development
Original author(s)	Nicolas van Saberhagen
White paper	CryptoNote v 2.0
Initial release	18 April 2014 (10 years ago) (2014-04-18)
Latest release	0.12.0.0 / 24 March 2018 (6 years ago) (2018-03-24)
Code repository	github.com/monero-project
Operating system	Windows, Linux, macOS, BSD
Source model	BSD 3-Clause
Ledger
Timestamping scheme	Proof-of-work
Hash function	CryptoNight
Issuance schedule	Decentralized, block reward
Block time	2 minutes (previously 1 minute)
Block explorer	xmrchain.net
Circulating supply	15,962,350 XMR (as of 24 April 2018[update])
Valuation
Exchange rate	$137 (as of 9 July 2018[update])
Demographics
Official user(s)	Worldwide
Administration
Date of introduction	18 April 2014; 10 years ago (2014-04-18)
Website
Website	getmonero.org
Compatible with ISO 4217.

Monero (XMR) is an open-source cryptocurrency created in April 2014 that focuses on privacy and decentralization. Monero uses an obfuscated public ledger, meaning anybody can broadcast or send transactions, but no outside observer can tell the source, amount or destination. Monero uses a Proof of Work mechanism to issue new coins and incentivize miners to secure the network and validate transactions.

The focus on privacy has attracted illicit use by people interested in evading law enforcement.^[1][2] The egalitarian mining process made it viable to distribute the mining effort opening new funding avenues for both legitimate online publishers and malicious hackers who covertly embed mining code into websites and apps.^[3]

Architecture

Unlike many cryptocurrencies that are derivatives of Bitcoin, Monero is based on the CryptoNight proof-of-work hash algorithm, which comes from the CryptoNote protocol.^[4] It possesses significant algorithmic differences relating to blockchain obfuscation.^[5][6] By providing a high level of privacy, Monero is fungible, meaning that every unit of the currency can be substituted by another unit. This makes Monero different from public-ledger cryptocurrencies like Bitcoin, where addresses with coins previously associated with undesired activity can be blacklisted and have their coins refused by other users.

In particular, the ring signatures mix the spender's input with a group of others, making it exponentially more difficult to establish a link between each subsequent transaction.^[2][7] Also, the "stealth addresses" generated for each transaction make it impossible to discover the actual destination address of a transaction by anyone else other than the sender and the receiver. Finally, the "ring confidential transactions" mechanism hides the transferred amount.^[2]

Monero is designed to be resistant to application-specific integrated circuit mining, which is commonly used to mine other cryptocurrencies such as Bitcoin.^[8] It can be mined somewhat efficiently on consumer grade hardware such as x86, x86-64, ARM and GPUs.^[8]

History

Bytecoin, the first CryptoNote based coin was launched on July 4th, 2012, shortly before the first CryptoNote whitepaper which was launched later that year.^[9][10] CryptoNote was the first cryptocurrency protocol to support Ring Signatures, a method of obscuring the sender in a cryptocurrency transaction.

However, due to heavy controversies that arose shortly after Bytecoin's first announcement in March 2014, including faked signatures, dates and staged references, many users in the cryptocurrency community forked Bytecoin's code to create their own CryptoNote coin.^[11][12] The reasoning behind this is had Bytecoin actually faked these dates, it would be possible that the developers control up to 80% of the total supply.^[12] On April 18th, 2014 Bitcointalk forum user known as "thankful_for_today" forked the codebase into the name BitMonero, which is a compound of Bit (as in Bitcoin) and Monero (literally meaning "coin" in Esperanto).^[2][13]

The release of BitMonero was unfortunately not well received by the community that initially backed it. Plans such as the block time, tail emission and block reward had all been changed from plans initially discussed, and thankful_for_today simply disappeared from the development scene.^[14] A user by the name Johnny Mnemonic decided that the community should take over the project, and five days later they did while also changing the name to be Monero.^[14][5] Johnny Mnemonic and many others including Tacotime who lead the project takeover are no longer part of the Monero Core Team today.^[15]

In September 2014, Monero was attacked when an unknown party exploited a flaw in CryptoNote that permitted the creation of two subchains that refused to recognize the validity of transactions on each other. CryptoNote later released a patch for the flaw, which Monero implemented.^[16]

Monero experienced rapid growth in market capitalization and transaction volume during the year 2016, partly due to adoption in 2016 by major darknet market AlphaBay,^[2] which was closed in July 2017 by law enforcement.^[17]

On January 10, 2017, the privacy of Monero transactions were further strengthened by the adoption of Bitcoin Core developer Gregory Maxwell's algorithm Confidential Transactions, hiding the amounts being transacted, in combination with an improved version of Ring Signatures.^[18]

Today, Monero is composed of a Core team with 7 members, 49 developers and 3 researchers.^[19] However, as an open source and crowd-funded project, these numbers are subject to frequent change.

Monero Research Lab

The Monero Research Lab, or MRL, is a small community dedicated to "continued research into the realm of financial privacy".^[20] Over the course of the last several years, MRL has launched six publications from a total of seven researchers and has worked together with 3 independent several research firms including Benedikt Bünz and QuarksLab.^[21][22]

MRL-0001: A Note on Chain Reactions in Traceability in CryptoNote 2.0

This paper written by Surae Noether, Sarang Noether and Adam Mackenzie investigates a plausible attack on Ring Signatures chosen as described in the CryptoNote v2 whitepaper. The untraceability of a one-time key pair in a ring signature is dependent on the untraceability of all the keys used in composing that very signature. The paper found no major vulnerabilities in the protocol.^[23]

MRL-0002: Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol

On the 4th of September 2014, the Monero cryptocurrency network suffered from an attack where the network was partitioned into two distinct subsets which refused to accept the legitimacy of the other subset. This research bulletin describes the deficiencies in the CryptoNote reference code allowing the attack, and a solution put forth by Rafal Freeman from Tigusoft.^[24][25]

MRL-0003: Monero is Not That Mysterious

This paper compares the complexity of the CryptoNote protocol against others such as Bitcoin Core. It also takes a deep dive into the mathematics around Monero Ring Signatures, with comparisons to both CryptoNote itself and the mathematics on which CryptoNote was based.^[26]

MRL-0004: Improving Obfuscation in the CryptoNote Protocol

This paper identifies several analysis attacks that could potentially degrade the untraceability of the CryptoNote 2.0 protocol. It analyzes possible solutions and comes to the recommendation that Monero should introduce a protocol level minimum ring size of 2 foreign outputs per ring signature, and an increase 4 after two years. It also takes a deeper dive into how ring members may be selected to improve security, considering a non-uniform age dependent mix-in selection to mitigate other forms of blockchain analysis. Finally, the paper discusses a torrent-style method of sending Monero output, to further obfuscate the true source of a transaction on a non cryptographic level.^[27]

MRL-0005: Ring Signature Confidential Transactions

This paper, written by Shen Noether, Adam Mackenzie and the February 2016 Monero Core Team introduces a method of further obfuscating (hiding) the transaction amounts in Monero. The paper introduces a new type of Ring Signature, a Multi-layered Linkable Spontaneous Anonymous Group (MLSAG) signature is described which allows for the amount of a transaction to be hidden in a trustless fashion. Some extensions to the protocol are provided, such as Aggregate Schnorr Range Proofs and Ring Multisignatures, which would further go on to become part of Monero's Multisig release on April 6th, 2018.^[28][29]

MRL-0006: An Efficient Implementation of Monero Subaddresses

This paper discusses Monero Subaddresses, a potential implementation which would allow for a single user to distribute multiple receiving keys (or public keys) per private key, in an uncompromising efficient fashion. Traditionally, a user wishing to hand out different keys so they could receive payment in an unlinkable way would need to run and sync multiple wallets.^[30] It is worth noting, however, that payment processors such as Globee do not require this feature as Monero transactions to the same address can be differentiated via either a 16 or 64 hexadecimal character Payment ID^[31].

Transaction linkability

In April 2017 research highlighted three major threats to Monero users' privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts.^[32] The second, described as "Leveraging Output Merging", involves tracking transactions where two outputs belong to the same user,^[32] such as when a user is sending the funds to himself ("churning"). Finally the third threat, "Temporal Analysis", shows that predicting the right output in a ring signature could potentially be easier than previously thought.^[32]

Monero development team addressed the first concern in January 2017, prior to the actual release of the research paper, with introduction of Ring Confidential Transactions (RingCT)^[33] as well as mandating a minimum size of ring signatures in the March 2016 protocol upgrade. Monero developers also noted that Monero Research Labs, their academic and research arm, already noted and outlined the deficiency in two public research papers in 2014 and 2015.^[33]

Client software

A user needs client software, such as a wallet, to interact with the Monero network. The reference implementation developed by the Monero Project runs on Windows, MacOS, Linux, Arm (v7 & v8), BSD and Solaris/SunOS^[34][35]. There also exists several third party Monero mobile wallets such as Monerujo^[36] and Cakewallet^[37] , which support Android and iOS respectively. Finally, web wallets such as MyMonero^[38] allow users to interact with the network entirely through the browser using a third party website.

Implementations

The feasibility of CPU mining Monero has made it viable for malicious actors to covertly distribute miners embedded in malware, using the victim's hardware and electricity for the financial gain of the malware developer as well as legitimate uses with user consent.^[39][3]

The JavaScript implementation of Monero miner Coinhive has made it possible to embed the miner into a website in such a way to use website visitor's CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage. While this can be done with user's consent in an effort to provide an alternative funding model to serving ads,^[40] some websites have done this without informed consent which has prompted the in-browser miners to be blocked by browser extensions and ad blocking subscription lists.^[39][41] This act is often called "Cryptojacking". The term itself is a portmanteau from the words cryptocurrency and hijacking. Coinhive-like mining scripts might significantly slow down infected devices. Victims of cryptojacking often report sluggish performance, batteries dying out and in some cases the devices run so hot due to the extensive CPU work that they become unusable. ^[42]

Monero is sometimes employed by Bitcoin users to break link between transactions, with bitcoins first converted to Monero, then after some delay, converted back and sent to an address unrelated to those used before.^[7] Researchers have reported that the operators behind the global ransomware incident WannaCry have converted their proceeds into Monero. It is also the payment method of choice for The Shadow Brokers.^[1] Exchanges ShapeShift and Changelly are cooperating with police after it emerged that the WannaCry attackers used it to convert Bitcoin to Monero. "Any transactions made through ShapeShift can not be hidden or obscured and are thus 100 percent transparent" stated ShapeShift.^[43]

See also

• Crypto-anarchism
• Darknet

References

1. Gallagher, Sean (4 August 2017). "Researchers say WannaCry operator moved bitcoins to "untraceable" Monero". Ars Technica.
2. "Monero, the Drug Dealer's Cryptocurrency of Choice, Is on Fire". WIRED. Retrieved 2017-11-22.
3. Tung, Liam. "Android security: Coin miners show up in apps and sites to wear out your CPU | ZDNet". ZDNet. Retrieved 2017-11-22.
4. "Monero". Cointelegraph. 24 May 2015.
5. Rizzo, Pete (February 4, 2017). "Drugs, Code and ICOs: Monero's Long Road to Blockchain Respect". CoinDesk.
6. Lopp, Jameson (April 9, 2016). "Bitcoin and the Rise of the Cypherpunks". CoinDesk.
7. van Wirdum, Aaron (September 1, 2016). "How Bitcoin Users Reclaim Their Privacy Through Its Anonymous Sibling, Monero". Bitcoin Magazine.
8. Tsihitas, Theo (September 22, 2017). "Monero vs Bitcoin: Monero Adopted by Privacy Focused Crypto Users". CoinCentral.
9. CryptoCoin.cc. "CryptoCoin.cc: Bytecoin (BCN)". cryptocoin.cc. Retrieved 2018-07-21.
10. Saberhagen, Nicolas van (December 12, 2012). "CryptoNote v 1.0" (PDF). cryptonote.org.
11. "Map of coins: the history of cryptocurrencies from bitcoin to dogecoin and more". Map of coins. Retrieved 2018-07-21.
12. Holmes, Jamie (2018-02-16). "Bytecoin: The Cryptocurrency Scam that Resembles a Black Hole | BTCMANAGER". BTCMANAGER. Retrieved 2018-07-21.
13. "Bitmonero - CryptNote protocol cryptocurrency". www.bitmonero.org. Retrieved 2018-07-21.
14. "Monero | General Discussion » History of Monero". forum.getmonero.org. Retrieved 2018-07-21.
15. "Monero: Core Team Announcement". getmonero.org, The Monero Project. Retrieved 2018-07-21.
16. Werner, Albert (September 8, 2014). "Monero network exploit post-mortem". Cryptonote forum.
17. Popper, Nathaniel; Ruiz, Rebecca R. (20 July 2017). "2 Leading Online Black Markets Are Shut Down by Authorities". The New York Times.
18. O'Leary, Rachel Rose (September 8, 2017). "Increased Hashrate Forces Premature Monero Hard Fork Sep 8, 2017 at 15:00 UTC by Rachel Rose O'Leary". CoinDesk.
19. "Monero: titles.team". getmonero.org, The Monero Project. Retrieved 2018-07-21.
20. "Monero: titles.researchlab". getmonero.org, The Monero Project. Retrieved 2018-07-21.
21. "Monero: titles.researchlab". getmonero.org, The Monero Project. Retrieved 2018-07-21.
22. "Monero | Work in Progress » Bulletproofs audit: fundraising". forum.getmonero.org. Retrieved 2018-07-21.
23. Noether, Surae (September 2014). "A Note on Chain Reactions in Traceability in CryptoNote 2.0" (PDF). Monero Research Lab.
24. "Fix tree-hash cnt n^2. Asserts, comment. Squash2 · monero-project/monero@2ef0aee". GitHub. Retrieved 2018-07-21.
25. Macheta, Jan (September 2014). "Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol" (PDF). Monero Research Lab.
26. Noether, Shen (September 2014). "Monero is Not That Mysterious" (PDF). Monero Research Lab.
27. Mackenzie, Adam (January 2015). "Improving Obfuscation in the CryptoNote Protocol" (PDF). Monero Research Lab.
28. "Monero: Monero 0.12.0.0". getmonero.org, The Monero Project. Retrieved 2018-07-22.
29. Noether, Shen (February 2016). "Ring Confidential Transactions" (PDF). Monero Research Lab.
30. Noether, Sarang (October 2017). "An efficient implementation of Monero subaddresses" (PDF). Monero Research Lab.
31. "Moneropedia: Payment ID". getmonero.org, The Monero Project. Retrieved 2018-07-22.
32. Kumar, Amrit; Fischer, Clément; Tople, Shruti; Saxena, Prateek. "A Traceability Analysis of Monero's Blockchain" (PDF). eprint.iacr.org. Retrieved 6 November 2017.
33. "You Can Link Monero Transactions – But Which? And What's the Impact? - CoinDesk". CoinDesk. 2017-04-22. Retrieved 2017-11-15.
34. "Downloads | Monero - secure, private, untraceable". getmonero.org, The Monero Project. Retrieved 2018-06-29. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
35. "Monero: Monero 0.12.0.0". getmonero.org, The Monero Project. Retrieved 2018-07-21.
36. "Monerujo Android Wallet Makes Using Monero on Mobile Easier". The Merkle. Retrieved 2017-11-22.
37. "Monero Introduces Its Official XMR Wallet, Community Expresses Ambivalence". CoinWire. Retrieved 2018-04-29.
38. "MyMonero". mymonero.com. Retrieved 2018-07-21.
39. Goodin, Dan (October 30, 2017). "A surge of sites and apps are exhausting your CPU to mine cryptocurrency". Ars Technica.
40. Thomson, Iain (October 19, 2017). "Stealth web crypto-cash miner Coinhive back to the drawing board as blockers move in". The Register.
41. Stankovic, Stefan (4 January 2018). "Monero Guide: A Super Secure Cryptocurrency to Invest In". Unblock. Retrieved 9 April 2018.
42. Wallets, Secure Crypto (2018-04-27). "The Pros And Cons Of Cryptojacking". Secure Crypto Wallets. Retrieved 2018-06-27.
43. "Bitcoin Exchange ShapeShift Helps Police As WannaCry Attacker Converts To Monero". Cointelegraph. 4 August 2017.

External links

• Official website