Monero - Privacy Features Overview

Monero

Privacy Features Overview

Ahmet Hrnjadovic
by Ahmet Hrnjadovic
on January 20, 2022
time to read: 5 minutes

Keypoints

Use private transactions with Monero

  • Monero focusses on security and privacy
  • Monero's transactions are untraceable, unlinkable and hide transaction amounts
  • Access to Monero nodes and marketplaces may become an issue
  • The scalability of the Monero network remains to be seen

Monero is the most popular privacy-focused cryptocurrency available today. It stands for security, privacy, and decentralization. Monero’s ambitious privacy claims are often met with surprise by newcomers, followed by a questioning of how the seemingly magic privacy features are achieved. This article takes a look at Monero’s remarkable combination of privacy features and some of their implementations.

Monero

This article assumes basic knowledge on blockchain technologies and how they are used by cryptocurrencies. Marc Ruef introduced the Blockchain technology in the article Blockchain is the future.

Stealth Addresses

When preparing a transaction, the sender wallet will not generate outputs for the public address of the recipient. In order to hide the recipient on the blockchain, the sender derives a one-time, disposable stealth address from the recipient’s public address. The stealth-address cannot be linked back to the recipient’s public address. Multiple transactions for the same public address will all point to different, unlinkable stealth addresses. Another benefit is that funds are distributed across multiple stealth addresses and therefore even more difficult to track when inputs are pulled from multiple addresses. Monero uses 2 key pairs: View and spend keys. A public Monero address is made up of the public view key and the public spend key. Both keys are used when deriving the stealth address As:

As = Hs(r * PV | i) * G + PS

r is the sender’s transaction private key, PV is the recipient’s public view key and i is the output index. Hs is a hashing function which returns a scalar using the Keccak-256 hashing algorithm. G is the prime ED25519 basepoint. PS is the public spend key.

To register that funds were received, the recipient needs to scan every transaction and calculate the stealth address using his private view key and the public transaction key from the transaction currently being examined. The formula is simply:

As = Hs(R * pV | i) * G + PS

Where R is the transaction public key and pV is the recipients private view key.

Ring Confidential Transactions

Ring Confidential Transactions (RingCT) hide the transaction amount. This of course opens up some questions, such as how overspending is prevented if both the inputs and outputs of funds are hidden from everyone other than sender and recipient. One way to ensure that Monero is not created or destroyed, is to check if inputs and outputs of a transaction are the same. How are inputs and output compared if they are hidden? This is accomplished with Homomorphic Pederson Commitments, which have the following properties:

The transaction value is enclosed in a Pedersen Commitment, allowing the volume of transaction inputs and outputs to be compared without disclosing the transaction value. The math behind Pederson Commitments is significant and will not be included here. More information on the math can be found in the article Confidential Transactions from Basic Principles.

Ring Signatures

After hiding transaction recipients and amounts, the only thing left to anonymize are the transaction initiators. Here, Ring Signatures come into play. Ring Signatures authorize transactions in Monero. A Ring Signature allows a participant of a group to sign content on behalf of the group. The signature cannot be traced back to the signer, and there is no indication, which one of the group members created the signature. A public key of any group member will reveal a valid signature, if the signature was made by a group member. In Monero, this concept is used to add decoy public keys from the blockchain to the transaction. Only the funds from the true signer who contributed the private key will be used as transaction input, however this cannot be determined by outside observers.

Each Ring Signature includes a key image. A key image is derived from the transaction output and is used to detect double spending. If an output is spent more than once, the same key image would be generated and the network would reject the transaction.

Invisible Internet Project

Because of Monero’s surveillance evading properties, it is at risk of being targeted by oppressive governments through measures such as IP address blocking, similar to the Tor network for example. For this reason, an integration with I2P was planned in the past, however the project hasn’t been completed yet and may be dropped. I2P provides anonymous access to hidden services in a similar fashion to Tor, but its focus lies on hidden services. All traffic entering I2P should be contained and it is not intended to run exit nodes.

Conclusion

Monero’s privacy features are impressive and an indication of the talent involved in the project. It remains to be seen if Monero is able to be scaled up for more widespread adoption. Centralized exchanges are increasingly under pressure to de-list the coin from their marketplaces due to its popularity in non-government condoned circles. The advent of a next generation of more performant and cost effective decentralized exchanges is likely to alleviate this availability issue, however this may cause Monero to lose some adoption with more casual cryptocurrency users in the midterm.

About the Author

Ahmet Hrnjadovic

Ahmet Hrnjadovic is working in cybersecurity since 2017. There he is focused in topics like Linux, secure development and web application security testing. (ORCID 0000-0003-1320-8655)

Links

Is your data also traded on the dark net?

We are going to monitor the digital underground for you!

×
I want a "Red Teaming"

I want a "Red Teaming"

Michael Schneider

Human and AI

Human and AI

Marisa Tschopp

Vehicle forensics

Vehicle forensics

Michèle Trebo

Isn’t business continuity part of security?

Isn’t business continuity part of security?

Andrea Covello

You want more?

Further articles available here

You need support in such a project?

Our experts will get in contact with you!

You want more?

Further articles available here