Monero

General History/Overview

If you're unaware, Monero is a decentralized cryptocurrency with a focus on privacy and security; think of it as digital gold, which has no serial number and can't be traced back once traded. "But isn't all cryptocurrency decentralized and private?" you might be asking yourself. To that, you would be wrong! Of course, a currency such as Bitcoin is more decentralized than the Federal Reserve, and is more private than a credit card purchase (though, this could be disputed), but it trails behind Monero in both of these respects.

You see, Monero started out as a fork of Bytecoin, originally called BitMonero, and since Monero is the Esperanto word for coin, it was a play on the much-more popular Bitcoin. Bytecoin, differing from Bitcoin, used the CryptoNote protocol, which is where the seeds of Bytecoin and Monero were planted. The CryptoNote whitepaper (which can be found here) lists several greivances against Bitcoin and its lack of privacy for day to day use. A list of the main points can be found below. To solve the underlying privacy concerns which Bitcoin has, Satoshi Nakamoto, in the infamous Bitcoin Whitepaper, suggested to make a new address for every transaction. This is impractical, sicut manifestum est. It would be far-more ideal to have your currency be unlinkable and untraceable per se. Had the owner of the infamous Silk Road used Monero, it is unlikely that he would be in jail today.

Considering I am writing about Monero and not Bytecoin, it is clear that Bytecoin was not met with the success Monero has seen in its eleven year history. Bytecoin was the first known coin which used the CryptoNote protocol, and was unveiled in a BitcoinTalk forum post. Bytecoin was criticized for not implementing the CryptoNote protocol in a manner which was acceptable, as the emission rate of Bytecoin was worse than that of Bitcoin's, with most of all the coins being mined only a year in to the project; I imagine this, at least in part, inspired Monero's tail emission. With this, Monero was announced in 2014 in the form of a BitcoinTalk forum post, promising to be a better Bytecoin and truer implementation of CryptoNote 2.0. There is various speculation concerning the dating of Bytecoin, but for the sake of clarity, I will go with the view that Bytecoin was the first coin to implement CryptoNote. Bytecoin is all but dead by now; its market cap has decreased exponentially, the trading volume suggests that its not used very much, and it has been delisted by every major exchange. In fact, it was only in researching for this article that I had learned of the existence of Bytecoin. Though, just as S. John the Baptist was the forerunner of One much greater, Bytecoin was the forerunner of Monero.

CryptoNote Critiques of BTC

Firstly, Bitcoin is entirely traceable, in so far as the transaction sender is unequiovocal. This is easily proved by the existence of transaction and blockchain explorers. Secondly, Bitcoin is linkable, i.e., two transactions could be proved they were sent to the same person. Thirdly, if 51% of the mining power is usurped by an individual, the blockchain could be manipulated; this is true of all PoW coins, and therefore of Monero as well. Fourthly, Voting power is centralized to users with more powerful GPUs; this system causes ASICs and other specialized machines. Monero, on the other hand, uses RandomX, which is an algorthim more true to Satoshi's view of "one-cpu-one-vote," for it favors CPU mining as opposed to GPU mining. Finally, there exist arbitrary constraints (see section 2.4 of the CryptoNote whitepaper).

RandomX

RandomX is the proof-of-work algorithm Monero uses within its blockchain. One of the more unique features of RandomX would be the fact that it is CPU-bound, and is optimized for general purpose CPUs as opposed to some specialized equipment (e.g., ASICs). Since the CPU is general purpose, it makes the blockchain egalitarian, allowing for more participants to participate in mining and securing the network (cf. CryptoNote Whitepaper, Sect. 2.2). Furthermore, CPUs possess an instruction set which is largely open source (with some architectures being entirely open source), as well as having a large deposit of documentation and development resources -- the same cannot be said for GPUs.

Advantages of Monero

So, what are the advantages of Monero over other currencies? Per the CryptoNote specification, Monero implements both untraceable ring signatures and unlinkable ring signatures. That sounds great! But, what is a ring signature? Moneropedia states: In cryptography, a ring signature is a type of digital signature that can be performed by any member of a group of users that each have keys. Therefore, a message signed with a ring signature is endorsed by someone in a particular group of people. One of the security properties of a ring signature is that it should be computationally infeasible to determine which of the group members' keys was used to produce the signature. For example, if ten people have twenty keys to a house, there would be $20!$ permutations (a bijective map) for every possible ordered pair of keys, assuming they're randomly assigned. This is essentially security by obscurity, such that there is plausible deniability between all key-holders. To illustrate, we all know the dictionary data structure from programming: Key 0 belongs to Eric, Key 1 belongs to Sally, &c (this is simplified for this article). Of course, guessing which key belongs to who in this scenario would be a $\frac{1}{4}$% chance. Therefore, here, we have a set of key-value pairs: {($K_1 V_1) \dots (K_4 V_4$)}. Nobody in their right mind would use plain dictionaries as a hashing function, but this is to serve as an analogy for a cryptological setup. The keys are like the public-keys, while the values are the messages behind them. Though, in a ring signature, it is not a key-value pair per se, but rather, a key-identity pair where key itself is a secret key-public key pair

So, how does this ring signature stuff really work? It is quite a process, but to simplify (At times, I am verbatim copying from How to Leak a Secret by Rivest, Shamir, and Tauman): Given a message m, which is to be signed, the secret key $S_s$ and a sequence of public keys $P_1, P_2 \dots P_r$ of all ring members, the signer is able to compute a ring signature. Firstly, the signer computes the symmetric key $k$ as the hash of the message $m$ to be signed as $k = h(m)$. The signer then picks an initialization value $v$ at random from the domain ${0, 1}^{b}$ where b is some b-bit value. Then, the signer picks some random $x_i$ for all ring members $1 \leq i \leq r$ from ${0, 1}^{b}$, which computes as $y_i = g_i(x_i)$ where g is an extended trapdoor permutation function. Then, the signer solves a ring equation for $y_i$ to get $v$ where $v$ is a unique value which can be computed efficiently. Then, the signer inverts $g_s$ to get $x_s$ with their knowledge of the trapdoor permutation. The ring signature is then outputted as a $(2r+1)$-tuple: $(P_1, P_2,\dots, P_r;v;x_1, x_2, \dots, x_r)$ on the message $m$. Therefore, only the signer, or the possessor of the secret key is able to generate and know their ring signature, from this lengthy process. In order to learn more, which I cannot stress enough for this fascinating process, read the paper How to Leak a Secret. If you're unfamiliar with certain terms, as I was during my research, look to lectures and notes about the unfamilar terms. This is how, in essence, Monero achieves unlinkability and untraceability.

RingCT / Forks

Since 2017, Monero has hid transaction amounts by implementing a more powerful version of ring signatures, called RingCT. One of Monero's forks, Aeon, did not utilize RingCT because of their commitment to supply soundness. WOWnero, another fork, does use RingCT, while also having a higher ring signature size of 22. The theoretical advantage of a higher ring signature size is that it would be more private.

Privacy Considered

Privacy is a cognate of the Latin privatus (which is also where the word "privation" comes from) which is used to mean "that which lacks." Therefore, we would define privacy as "that which is deprived from the public." Now, privacy can be considered in its genus, and in its species, just as a virtue. There are certain species of privacy where its finality is ordered, and also certain species of privacy where the finality is disordered. For example, privacy as a means to commit a mortal sin. A mortal sin is disordered in so far as it signifies a lack of moral order within the individual. However, there also exists the species of privacy which is ordered, for Our Lord instructs us to "enter into thy chamber, and having shut the door, pray to thy Father in secret: and thy Father who seeth in secret will repay thee." Therefore, one cannot say that all privacy is bad, or all privacy is good. Furthermore, this would indicate that the deprivation of our privacy per se should not be accepted, especially by a government which is not virtuous or moral.

How to Use Monero

You can use Monero by downloading and creating a wallet. You can mine Monero by downloading and configuring XMRig. You can host your own Monero node by downloading monerod.

Return from whence thee came