Monero: Difference between revisions

Monero

Monero Logo
Denominations
Plural	Monero, moneroj
Symbol	ɱ
Code	XMR[a]
Previous names	BitMonero
Subunits
1⁄1000000000000	piconero
Development
Original author(s)	Nicolas van Saberhagen
White paper	CryptoNote v 2.0
Initial release	18 April 2014 (10 years ago) (2014-04-18)
Latest release	0.12.0.0 / 24 March 2018 (6 years ago) (2018-03-24)
Code repository	github.com/monero-project
Operating system	Windows, Linux, macOS, BSD
Source model	BSD 3-Clause
Ledger
Timestamping scheme	Proof-of-work
Hash function	CryptoNight
Issuance schedule	Decentralized, block reward
Block time	2 minutes (previously 1 minute)
Block explorer	xmrchain.net
Circulating supply	15,962,350 XMR (as of 24 April 2018[update])
Valuation
Exchange rate	$137 (as of 9 July 2018[update])
Demographics
Official user(s)	Worldwide
Administration
Date of introduction	18 April 2014; 10 years ago (2014-04-18)
Website
Website	getmonero.org
Compatible with ISO 4217.

Monero (XMR) is an open-source cryptocurrency created in April 2014 that focuses on fungibility and decentralization. Monero uses an obfuscated public ledger, meaning anybody can broadcast or send transactions, but no outside observer can tell the source, amount or destination. Monero uses a Proof of Work mechanism to issue new coins and incentivize miners to secure the network and validate transactions.

The privacy afforded by Monero has attracted illicit use by people interested in evading law enforcement during events such as the WannaCry Ransomware Attack, or on the deep web buying illegal substances.^[1][2] This has been acknowledged by Monero, and not entirely disavowed.^[3] Despite this, Monero is actively encouraged to those seeking financial privacy, since payments and account balances remain entirely hidden, which is not the standard for most cryptocurrencies.^[4][5][6]

The egalitarian mining process of Monero has made it an alternative choice for websites and applications looking for substitute sources of income. In 2018, Change.org lead the way by implementing a Monero miner on their screensaver to raise funds for the Change.org Foundation.^[7] While some organizations use Monero miners to cover hosting costs as an alternative to paywalls or advertisements, malicious hackers have also used it via covertly embedding mining code into websites and apps seeking profit for themselves.^[8]

Architecture

Unlike many cryptocurrencies that are derivatives of Bitcoin, Monero is based on the CryptoNight proof-of-work hash algorithm, which comes from the CryptoNote protocol.^[9] It possesses significant algorithmic differences relating to blockchain obfuscation.^[10][11] By providing a high level of privacy, Monero is fungible, meaning that every unit of the currency can be substituted by another unit. This makes Monero different from public-ledger cryptocurrencies like Bitcoin, where addresses with coins previously associated with undesired activity can be blacklisted and have their coins refused by other users.

In particular, the ring signatures mix the spender's input with a group of others, making it exponentially more difficult to establish a link between each subsequent transaction.^[2][12] Also, the "stealth addresses" generated for each transaction make it impossible to discover the actual destination address of a transaction by anyone else other than the sender and the receiver. Finally, the "ring confidential transactions" mechanism hides the transferred amount.^[2]

Monero is designed to be resistant to application-specific integrated circuit mining, which is commonly used to mine other cryptocurrencies such as Bitcoin.^[13] It can be mined somewhat efficiently on consumer grade hardware such as x86, x86-64, ARM and GPUs.^[13]

History

History of Bytecoin

Bytecoin, the first CryptoNote based coin was launched on July 4th, 2012, shortly before the first CryptoNote whitepaper which was launched later that year.^[14][15] CryptoNote was the first cryptocurrency protocol to support Ring Signatures, a method of obscuring the sender in a cryptocurrency transaction.

Despite being written in 2012, Bytecoin only made its first public appearance in March 2014 along with the release of the CryptoNote v2.0 whitepaper. The community began questioning how such a a coin was unheard of for the past two years and why the whitepaper was on the second version. Upon closer inspection, Bytecoin was caught faking signatures, timestamps and staging references, all of which lead to believe that the Bytecoin developers faked these timestamps in order to pre-mine 80% of the total supply.^[16][17] Bytecoin entirely denies these accusations, and published a paper in early 2017 clarifying their actions.^[18]

The Controversial Launch of BitMonero

On April 18th, 2014 Bitcointalk forum user known as thankful_for_today forked the codebase of Bytecoin into the name BitMonero, which is a compound of Bit (as in Bitcoin) and Monero (literally meaning "coin" in Esperanto).^[2][19] The release of BitMonero was very poorly received by the community that initially backed it. Plans to fix and improve Bytecoin with changes to block time, tail emission and block reward had all been ignored, and thankful_for_today simply disappeared from the development scene.^[20] A group of users lead by Johnny Mnemonic decided that the community should take over the project, and five days later they did while also changing the name to be Monero.^[20][10]

After taking over Monero and continuing development, thankful_for_today came back and started pushing for merged-mining with Bytecoin.^[21] If implemented, Monero would be much more dependent on Bytecoin, which made notable developer Smooth threaten to resign.^[22][23] This was the final straw for user Tacotime who threatened to fork and take over the project from thankful_for_today.

The Beginning of Monero

Tacotime became the face of the Monero project once merged-mining had been overwhelmingly rejected by the community, and the smallest denomination of Monero was called a tacoshi, honoring Tacotime as the Satoshi of Monero.^[24]

In September 2014, Monero was attacked when an unknown party exploited a flaw in CryptoNote that permitted the creation of two subchains that refused to recognize the validity of transactions on each other. CryptoNote later released a patch for the flaw, which Monero implemented.^[25]

Monero experienced rapid growth in market capitalization and transaction volume during the year 2016, partly due to adoption in 2016 by major darknet market AlphaBay,^[2] which was closed in July 2017 by law enforcement.^[26]

On January 10, 2017, the privacy of Monero transactions were further strengthened by the adoption of Bitcoin Core developer Gregory Maxwell's algorithm Confidential Transactions, hiding the amounts being transacted, in combination with an improved version of Ring Signatures.^[27]

Today, Monero is composed of a Core team with 7 members, 49 developers and 3 researchers, with the unofficial figurehead of pseudonymous figurehead Luigi1111.^[28][29] Tacotime is no longer part of Monero, and was forced to step down on March 1st, 2018.^[30]

Monero Research Lab

The Monero Research Lab, or MRL for short, is a small community dedicated to "continued research into the realm of financial privacy".^[31] Over the course of the last several years, MRL has launched six publications from a total of seven researchers and has worked together with three independent research firms including Benedikt Bünz and QuarksLab during the audit of some cryptography.^[32][33]

MRL-0001: A Note on Chain Reactions in Traceability in CryptoNote 2.0

This paper investigates a plausible attack on Ring Signatures chosen as described in the CryptoNote v2 whitepaper. It asserts that the untracability of a one-time key pair in a ring signature is dependent on the untraceability of all the keys used in composing that very signature, and attempts to find attack vectors targeting this design. The paper, written by Surae Noether, Sarang Noether and Adam Mackenzie found no major vulnerabilities in the protocol.^[34]

MRL-0002: Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol

On the 4th of September 2014, the Monero cryptocurrency network suffered from an attack where the network was partitioned into two distinct subsets which refused to accept the legitimacy of each other. This research bulletin describes the deficiencies in the CryptoNote reference code allowing the attack, and a solution put forth by Rafal Freeman from Tigusoft.^[35][36]

MRL-0003: Monero is Not That Mysterious

This paper compares the complexity of the CryptoNote protocol against others such as Bitcoin Core. It also takes a deep dive into the mathematics around Monero Ring Signatures, with comparisons to both CryptoNote itself and the mathematics on which CryptoNote was based.^[37]

MRL-0004: Improving Obfuscation in the CryptoNote Protocol

This paper identifies several analysis attacks that could potentially degrade the untraceability of the CryptoNote 2.0 protocol. It analyzes possible solutions and comes to the recommendation that Monero should introduce a protocol level minimum ring size of 2 foreign outputs per ring signature, and an increase 4 after two years. It also takes a deeper dive into how ring members may be selected to improve security, considering a non-uniform age dependent mix-in selection to mitigate other forms of blockchain analysis. Finally, the paper discusses a torrent-style method of sending Monero output, to further obfuscate the true source of a transaction on a non cryptographic level.^[38]

MRL-0005: Ring Signature Confidential Transactions

This paper, written by Shen Noether, Adam Mackenzie and the February 2016 Monero Core Team introduces a method of further obfuscating (hiding) the transaction amounts in Monero. The paper introduces a new type of Ring Signature, a Multi-layered Linkable Spontaneous Anonymous Group (MLSAG) which is described to allow for the amount of Monero sent in a transaction to be hidden in a trustless fashion. Some extensions to the protocol are provided, such as Aggregate Schnorr Range Proofs and Ring Multisignatures, which would further go on to become part of Monero's Multisig release on April 6th, 2018.^[39][40]

MRL-0006: An Efficient Implementation of Monero Subaddresses

This paper discusses Monero Subaddresses, a potential implementation which would allow for a single user to distribute multiple receiving keys (or public keys) per private key, in an uncompromising efficient fashion. Traditionally, a user wishing to hand out different keys so they could receive payment in an unlinkable way would need to run and sync multiple wallets.^[41] It is worth noting, however, that payment processors such as Globee do not require this feature as Monero supports a Payment ID in transactions, allowing receivers to differentiate buyers in an anonymous fashion^[42].

Transaction linkability

In April 2017 research highlighted three major threats to Monero users' privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts.^[43] The second, described as "Leveraging Output Merging", involves tracking transactions where two outputs belong to the same user,^[43] such as when a user is sending the funds to himself ("churning"). Finally the third threat, "Temporal Analysis", shows that predicting the right output in a ring signature could potentially be easier than previously thought.^[43]

Monero development team addressed the first concern in January 2017, prior to the actual release of the research paper, with introduction of Ring Confidential Transactions (RingCT)^[44] as well as mandating a minimum size of ring signatures in the March 2016 protocol upgrade. Monero developers also noted that Monero Research Labs, their academic and research arm, already noted and outlined the deficiency in two public research papers in 2014 and 2015.^[44]

Client software

A user needs client software, such as a wallet, to interact with the Monero network. The reference implementation developed by the Monero Project runs on Windows, MacOS, Linux, Arm (v7 & v8), BSD and Solaris/SunOS^[45][46]. There also exists several third party Monero mobile wallets such as Monerujo^[47] and Cakewallet^[48] , which support Android and iOS respectively. Finally, web wallets such as MyMonero^[49] allow users to interact with the network entirely through the browser using a third party website.

Implementations

The feasibility of CPU mining Monero has made it viable for malicious actors to covertly distribute miners embedded in malware, using the victim's hardware and electricity for the financial gain of the malware developer as well as legitimate uses with user consent.^[50][8]

The JavaScript implementation of Monero miner Coinhive has made it possible to embed the miner into a website in such a way to use website visitor's CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage. While this can be done with user's consent in an effort to provide an alternative funding model to serving ads,^[51] some websites have done this without informed consent which has prompted the in-browser miners to be blocked by browser extensions and ad blocking subscription lists.^[50][52] This act is often called "Cryptojacking". The term itself is a portmanteau from the words cryptocurrency and hijacking. Coinhive-like mining scripts might significantly slow down infected devices. Victims of cryptojacking often report sluggish performance, batteries dying out and in some cases the devices run so hot due to the extensive CPU work that they become unusable. ^[53]

Monero is sometimes employed by Bitcoin users to break link between transactions, with bitcoins first converted to Monero, then after some delay, converted back and sent to an address unrelated to those used before.^[12] Researchers have reported that the operators behind the global ransomware incident WannaCry have converted their proceeds into Monero. It is also the payment method of choice for The Shadow Brokers.^[1] Exchanges ShapeShift and Changelly are cooperating with police after it emerged that the WannaCry attackers used it to convert Bitcoin to Monero. "Any transactions made through ShapeShift can not be hidden or obscured and are thus 100 percent transparent" stated ShapeShift.^[54]

See also

• Crypto-anarchism
• Darknet

References

1. Gallagher, Sean (4 August 2017). "Researchers say WannaCry operator moved bitcoins to "untraceable" Monero". Ars Technica.
2. "Monero, the Drug Dealer's Cryptocurrency of Choice, Is on Fire". WIRED. Retrieved 2017-11-22.
3. "Top 5 Reasons Monero Will Become the Most Widely Used Private and Anonymous Cryptocurrency - freedomnode.com". Freedom Node. 2017-07-26. Retrieved 2018-07-22.
4. "Complete Monero Guide: Everything About The Famous Monero Coin". BitDegree Tutorials. 2018-05-25. Retrieved 2018-07-22.
5. "Monero Is Not Just a Tool for Hiding Illegal Activity | NullTX". NULL TX. Retrieved 2018-07-22.
6. "Edward Snowden: Public Ledger Is Bitcoin's Big Flaw - CoinDesk". CoinDesk. 2018-03-22. Retrieved 2018-07-22.
7. Ellis (2018-07-19). "Change.Org Launches Monero Mining App To Raise Funds". CoinStaker | Bitcoin News. Retrieved 2018-07-22.
8. Tung, Liam. "Android security: Coin miners show up in apps and sites to wear out your CPU | ZDNet". ZDNet. Retrieved 2017-11-22.
9. "Monero". Cointelegraph. 24 May 2015.
10. Rizzo, Pete (February 4, 2017). "Drugs, Code and ICOs: Monero's Long Road to Blockchain Respect". CoinDesk.
11. Lopp, Jameson (April 9, 2016). "Bitcoin and the Rise of the Cypherpunks". CoinDesk.
12. van Wirdum, Aaron (September 1, 2016). "How Bitcoin Users Reclaim Their Privacy Through Its Anonymous Sibling, Monero". Bitcoin Magazine.
13. Tsihitas, Theo (September 22, 2017). "Monero vs Bitcoin: Monero Adopted by Privacy Focused Crypto Users". CoinCentral.
14. CryptoCoin.cc. "CryptoCoin.cc: Bytecoin (BCN)". cryptocoin.cc. Retrieved 2018-07-21.
15. Saberhagen, Nicolas van (December 12, 2012). "CryptoNote v 1.0" (PDF). cryptonote.org.
16. "Map of coins: the history of cryptocurrencies from bitcoin to dogecoin and more". Map of coins. Retrieved 2018-07-21.
17. Holmes, Jamie (2018-02-16). "Bytecoin: The Cryptocurrency Scam that Resembles a Black Hole | BTCMANAGER". BTCMANAGER. Retrieved 2018-07-21.
18. "bytecoin rebuttle.pdf" (PDF). Retrieved 2018-07-22.
19. "Bitmonero - CryptNote protocol cryptocurrency". www.bitmonero.org. Retrieved 2018-07-21.
20. "Monero | General Discussion » History of Monero". forum.getmonero.org. Retrieved 2018-07-21.
21. "Monero | General Discussion » History of Monero". forum.getmonero.org. Retrieved 2018-07-22.
22. "What Is Merged Mining? | NullTX". NULL TX. Retrieved 2018-07-22.
23. "Monero | General Discussion » History of Monero". forum.getmonero.org. Retrieved 2018-07-22.
24. "Moneropedia: Denominations". getmonero.org, The Monero Project. Retrieved 2018-07-22.
25. Werner, Albert (September 8, 2014). "Monero network exploit post-mortem". Cryptonote forum.
26. Popper, Nathaniel; Ruiz, Rebecca R. (20 July 2017). "2 Leading Online Black Markets Are Shut Down by Authorities". The New York Times.
27. O'Leary, Rachel Rose (September 8, 2017). "Increased Hashrate Forces Premature Monero Hard Fork Sep 8, 2017 at 15:00 UTC by Rachel Rose O'Leary". CoinDesk.
28. "Leadership Shifts to Usher in New Era for Monero Cryptocurrency - CoinDesk". CoinDesk. 2018-05-27. Retrieved 2018-07-22.
29. "Monero: titles.team". getmonero.org, The Monero Project. Retrieved 2018-07-21.
30. "Monero: Core Team Announcement". getmonero.org, The Monero Project. Retrieved 2018-07-22.
31. "Monero: titles.researchlab". getmonero.org, The Monero Project. Retrieved 2018-07-21.
32. "Monero: titles.researchlab". getmonero.org, The Monero Project. Retrieved 2018-07-21.
33. "Monero | Work in Progress » Bulletproofs audit: fundraising". forum.getmonero.org. Retrieved 2018-07-21.
34. Noether, Surae (September 2014). "A Note on Chain Reactions in Traceability in CryptoNote 2.0" (PDF). Monero Research Lab.
35. "Fix tree-hash cnt n^2. Asserts, comment. Squash2 · monero-project/monero@2ef0aee". GitHub. Retrieved 2018-07-21.
36. Macheta, Jan (September 2014). "Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol" (PDF). Monero Research Lab.
37. Noether, Shen (September 2014). "Monero is Not That Mysterious" (PDF). Monero Research Lab.
38. Mackenzie, Adam (January 2015). "Improving Obfuscation in the CryptoNote Protocol" (PDF). Monero Research Lab.
39. "Monero: Monero 0.12.0.0". getmonero.org, The Monero Project. Retrieved 2018-07-22.
40. Noether, Shen (February 2016). "Ring Confidential Transactions" (PDF). Monero Research Lab.
41. Noether, Sarang (October 2017). "An efficient implementation of Monero subaddresses" (PDF). Monero Research Lab.
42. "Moneropedia: Payment ID". getmonero.org, The Monero Project. Retrieved 2018-07-22.
43. Kumar, Amrit; Fischer, Clément; Tople, Shruti; Saxena, Prateek. "A Traceability Analysis of Monero's Blockchain" (PDF). eprint.iacr.org. Retrieved 6 November 2017.
44. "You Can Link Monero Transactions – But Which? And What's the Impact? - CoinDesk". CoinDesk. 2017-04-22. Retrieved 2017-11-15.
45. "Downloads | Monero - secure, private, untraceable". getmonero.org, The Monero Project. Retrieved 2018-06-29. {{cite web}}: Cite has empty unknown parameter: |dead-url= (help)
46. "Monero: Monero 0.12.0.0". getmonero.org, The Monero Project. Retrieved 2018-07-21.
47. "Monerujo Android Wallet Makes Using Monero on Mobile Easier". The Merkle. Retrieved 2017-11-22.
48. "Monero Introduces Its Official XMR Wallet, Community Expresses Ambivalence". CoinWire. Retrieved 2018-04-29.
49. "MyMonero". mymonero.com. Retrieved 2018-07-21.
50. Goodin, Dan (October 30, 2017). "A surge of sites and apps are exhausting your CPU to mine cryptocurrency". Ars Technica.
51. Thomson, Iain (October 19, 2017). "Stealth web crypto-cash miner Coinhive back to the drawing board as blockers move in". The Register.
52. Stankovic, Stefan (4 January 2018). "Monero Guide: A Super Secure Cryptocurrency to Invest In". Unblock. Retrieved 9 April 2018.
53. Wallets, Secure Crypto (2018-04-27). "The Pros And Cons Of Cryptojacking". Secure Crypto Wallets. Retrieved 2018-06-27.
54. "Bitcoin Exchange ShapeShift Helps Police As WannaCry Attacker Converts To Monero". Cointelegraph. 4 August 2017.

External links

• Official website