The topic of privacy in cryptocurrencies is extremely important and simultaneously extremely contentious. It is a complex problem that affects all participants in the system. In a digital world, this could not be more prescient. As personal data has become a valuable commodity for corporations to exploit, individual privacy has become an asset that must be reclaimed and protected, else it will be stripped against our will.

Privacy Tradeoffs

The design concept of a privacy focused cryptocurrency is to obfuscate users wallet address, transaction history and balance from outside observers. Given the transparency of the blockchain, it is not desirable that sending a payment to somebody reveals not only your wallets current balance, but also allows the recipient to track your past and future transaction history.

 

This is a major limitation in the architecture of Bitcoin and certainly one that is under the highest consideration for solutions at the moment. Extreme transparency is one of the key trade-offs that must be considered in a cryptocurrencies design. Arguably the most valuable feature of Bitcoin is the ability for every single node on the network to verify that no more than 21 million bitcoins exist.

 

There are many approaches to privacy on a blockchain, each with their own trade-offs which must be considered. There is a cryptographic primitive underlying blockchain technology called the commitment scheme. What the commitment scheme leads to is a spectrum ranging from perfectly binding to perfectly blinding.

 

Perfectly binding means that the cryptographic proofs and details of a transaction are perfectly auditable by any validating node. The trade-off is that all nodes can verify the full details of the transaction and UTXOs involved. Bitcoin and Decred to date have supported the perfectly binding ethos to ensure the 21M coin supply can always be verified to be intact. To achieve privacy, technology such as CoinJoin, mixers and Schnorr signatures must be developed and employed which are an imperfect privacy measure but make UTXO analysis more complicated.

 

Perfectly blinding means that the cryptographic proof can be verified to ensure that a transaction took place however the details of which cannot be revealed by nodes. This is the other end of the spectrum where coins like Monero, ZCash and Mimblewimble implementations which aim to protect user privacy. The trade-off however is that it is extremely complex and often impossible for nodes to verify the amount of coins used in a transaction. Thus users must trust the mathematical and cryptographic proof system that no stealth inflation has taken place.

Monero

In this article I will be exploring the privacy project Monero. Having studied Bitcoin and Decred in relative depth, Monero is the other major coin which consistently shows up in my research as a well-respected project by the market. I often hear, behind closed chatrooms, that even the most hardcore Bitcoin maximalists say that everything that isn’t Bitcoin is a shitcoin…but Monero is pretty cool.

 

In a strange linkage, there is a legendary C++ developer who goes by the name tacotime on BitcoinTalk forums. Interestingly, tacotime was a contributer to Bitcoin in the early days, wrote the original whitepaper and implementation of what became Decred and was also the guy who (by accident) forked Monero into existence. These three projects are considered by many to be the most respected and technically sound projects in the market.

 

The Tacotime trinity…

Origin of Monero

Monero has a strange origin story starting in late 2013 after the original whitepaper of the CryptoNote technology and mining algorithm CryptoNight was released that aimed to improve on Bitcoin via the implementation of privacy.

 

Bytecoin was the first implementation of CryptoNote however was found to have an 80% secret pre-mine before being announced amidst other scammy behaviours (however it is still ranked #70…this is how dumb the market still is).

 

A developer called thankful_for_today then forked Bytecoin into Bitmonero. However, the community quickly found thankful to be non-receptive to any feedback, ideas or changes to the protocol. This is where hero of the day tacotime announces that a separate discussion forum was ongoing outside the control of Bitmonero. Amongst this forum are seven very talented developers including fluffy_pony who is now the lead maintainer of the Monero project.

 

Fluffy_pony discusses on the Monero Talk podcast that tacotime, whilst an unbelievably skilled C++ developer, had never used git before to properly fork a repository. At a time when the community was becoming increasingly frustrated by the way Bitmonero was run, tacotime accidently launched a pull request (which remains open to this day) and then forked the codebase into what became Monero. The project was subsequently bootstrapped by the seven developers, who in the words of fluffy_pony, “had no idea what they were doing” however with the full support of the Bitmonero community. The protocol has been operational ever since.

Technical specifics

Monero’s monetary policy does not include a fixed maximum supply and instead opts for an initial supply curve of 10XMR per block leading up to 18.132M coins, reached around May 2022. This is followed by an infinite tail emission of 0.6 XMR per 2min block which acts to counter the reliance on transaction fees to sustain mining operations.

 

This will be a valuable data point as Monero will be one of the first large cap projects to hit a steady state tail emission in around 2.5years time. We will get our first glimpse into how miners and the market will react to a cryptocurrency reaching the end state of coin emission without a fixed supply.

 

What is quite interesting is that Monero’s block size is dynamic. The standard block is 1MB and fits around 100 transactions for a typical reward of 11 XMR per full block. If there is strong demand for the network and fees are high, miners can allow a 2MB block to be created however this comes at the cost of a zero block subsidy and the reward comes from fees only.

 

This is an interesting approach to scaling in that it allows miners to make economic decisions which are in their and users best interests. What It does impact however is the ability to predict future supply and create economic models based on this.

 

ASIC resistant mining algorithm CryptoNight which is specifically targeted as CPU and GPU miners and intended to provide massive decentralisation. The intention is to enforce a true one CPU one vote consensus mechanism.

 

Whilst I am typically opposed to the idea of ASIC resistance for protocols that aim to be money, in the instance of privacy specific technology like Monero, I can see the advantage of having ASIC hard algorithms. Given that large mining farms would present a target for governments and given privacy technology benefits good buys and bad guys alike, there is a rational argument that keeping mining available for CPUs and hobbyists is indeed a valuable property for decentralisation.

 

Monero governance and social contract works off a regular 6month Hard Fork schedule where the project implements upgrades and changes as required. In order to achieve consensus, Monero relies on a similar rough consensus to Bitcoin lead by community discussion off-chain. This works for a relatively small protocol like Monero and the developers are extremely open and transparent about their work. The community is consistently on board with upgrades and since five of the seven lead devs are anonymous, this help reduce the risk of hostile takeover (somewhat).

Moneros privacy implimentation

To achieve privacy, Monero uses what I would consider cutting edge cryptography. It is some of the most technically impressive mathematics I’ve seen in the space (a commonality in the Tacotime Trinity) that quite honestly goes well over my head in terms of complexity. I will try to break down how it obfuscates sender and receiver information at a high level.

 

Monero uses three pieces of technology to achieve privacy:

 

Stealth Addresses (privacy for receiver) – for receiving funds, your wallet creates a burner address which cannot be seen on the blockchain but can be verified to exist and hold funds by the owner using elliptic curve cryptography.

 

Ring Signatures (privacy for the sender) – ring signatures are used for all transactions to provide plausible deniability. When a transaction sends coins, the senders signature is ‘co-signed’ by 10 other random signatures pulled from the network. That means that to an onlooker, every single transaction could have been sent by any one of 11 different wallets. Essentially your wallet must scan the entire blockchain to find where it has been included in a transaction (as part of the ring). Some of these will actually have a send or receive if it was your transaction but only the actual private keys involved will know this.

Ring Confidential Transactions (privacy of amount) – Ring CT hides the amount of XMR sent so an onlooker cannot back-calculate who the sender and receiver are based on the transferred amounts. i.e. if 6.28572 XMR is sent from one place to another and then a very similar amount sent later, it might be possible to track this very specific quantity of coins back to the originator. Ring CT uses a method called Pederson commitments which is essentially a secret shared between sender and receiver such that only they know how much was sent but verify to the rest of the network that coins were not double spent.

Bulletproofs

The final piece of cutting edge technology included in the Monero project are a sophisticated cryptographic scheme called bulletproofs based on Zero Knowledge Proofs. Monero’s privacy scheme, especially Ring CT, has a significant data footprint leading to large transaction sizes (in bytes). As a comparison, if the Bitcoin UTXO set, currently at 250GB, used bulletproof confidential transactions, it would be cut down to around 25GB, 10% of it’s current size.

 

The key reason a reduced data footprint is important is that it enables increased scalability. More transactions can fit inside a block whilst being efficiently distributed across the entire network of nodes.

Future for Monero

ZCash is often considered to host the most advanced privacy technology in the cryptocurrency market. With the inclusion of bulletproofs, Monero has now closed the gap between the arguably superior privacy technology implemented on ZCash. Furthermore, Monero’s origin story is extremely cypher-punk and a significant differentiator to that of ZCash with a centralised company responsible for development.

 

I do see Monero being one of the most important cryptocurrency projects in the market. It is testing the boundaries of cryptographic technology and privacy implementations. Privacy is a human right and it is rapidly being stripped away. Monero aims to provide a solution to digitally fungible cash. It has limitations in that it is unlikely to compete with Bitcoin for Store of Value due to the tail emission and difficulty auditing the supply.

 

Upside Potential – In terms of the opportunities and market upside for Monero, I believe that it has a good chance of attracting attention as the technology stack continues to develop. Its strongest competition is ZCash and my opinion is the underdog on technology and funding however long term has the upper hand. It’s emission schedule is a smart move to secure continued security and I’m not sure that ZCash with a fixed supply will be able to compete with Bitcoin for resources the same way Monero will.

 

There is a strong case to argue that Monero’s biggest risk is also its biggest opportunity. In the face of government over-reach and privacy invasion, the demand for privacy preservation increases. Monero is strong stance against this.

 

Monero’s strengths: Cypher-punk roots, strong cryptography technology, talented developer team, greater network effects than the competition in privacy tech and an extremely dedicated community. The project is well respected by the market and I believe that it will be one of the few alt-coins that have at least 10+ years left in the tank before the real test of network effects take over.

 

Risks – With that said, privacy focused coins are going to be the subject of immense regulatory scrutiny. We are already seeing XMR and ZEC being delisted from large exchanges which is a sign of the times. The reality is, governments don’t like confidential money.

 

It will not be an easy ride and there is always the risk that Bitcoin develops a privacy scheme that reduces the need for privacy implementations like ZEC and XMR. If liquidity cannot develop, using privacy coins as a store of value is not a valid use case and thus demand will fall.

 

Monero’s Weakness: Bitcoin’s network effects and eventual privacy tech, government regulations, challenges developing liquid markets due to regulations.

 

Closing Thoughts

Monero is a strong project and in my opinion, it firmly belongs in the top 10 coins. However I do not believe it competes with Bitcoin as a store of value which is the dominant use case for cryptocurrency right now. In that frame, it is not what I would consider an essential part of a portfolio at this time.

 

I personally see XMR as an insurance policy. The future of this industry is unpredictable yet government over-reach, privacy violations and bans on crypto tech in some jurisdictions are in my opinion inevitable. Which jurisdictions push for this, how long it lasts and how severe it is remains to be seen. Monero is a tool to reject that over-reach. I truly hope it never needs to be deployed, however just like a seat-belt, you put it on every single time.

References

History of Monero – https://monerostuff.com/in-depth/

 

Fluffy_pony on history of Monero – https://www.youtube.com/watch?v=olGIzybdrAA

 

Monero Overview – https://medium.com/all-things-venture-capital/privacy-protocol-analysis-monero-c116d7c2106f

 

Monero Governance – https://medium.com/@dhsue/an-analysis-of-monero-governance-3f8bef770b29

 

Monero Bulletproofs – https://medium.com/digitalassetresearch/monero-becomes-bulletproof-f98c6408babf

 

Technical walkthrough of Privacy Tech – https://medium.com/all-things-venture-capital/privacy-protocol-analysis-monero-c116d7c2106f