All you need to know about Monero

Monero (XMR) is an open-source cryptocurrency created in April 2014 that focuses on privacy and decentralization that runs on Windows, macOS, Linux, Android, and FreeBSD.

Monero uses a public ledger to record transactions while new units are created through a process called mining. Monero aims to improve on existing cryptocurrency design by obscuring sender, recipient and amount of every transaction made as well as making the mining process more egalitarian.

The focus on privacy has attracted illicit use by people interested in evading law enforcement. The egalitarian mining process made it viable to distribute the mining effort opening new funding avenues for both legitimate online publishers and malicious hackers who covertly embed mining code into websites and apps.

Architecture.

Unlike many cryptocurrencies that are derivatives of Bitcoin, Monero is based on the CryptoNight proof-of-work hash algorithm, which comes from the CryptoNote protocol.It possesses significant algorithmic differences relating to blockchain obfuscation. By providing a high level of privacy, Monero is fungible, meaning that every unit of the currency can be substituted by another unit. This makes Monero different from public-ledger cryptocurrencies like Bitcoin, where addresses with coins previously associated with undesired activity can be blacklisted and have their coins refused by other users.

In particular, the ring signatures mix the spender’s address with a group of others, making it exponentially more difficult to establish a link between each subsequent transaction. Also, the “stealth addresses” generated for each transaction make it impossible to discover the actual destination address of a transaction by anyone else other than the sender and the receiver. Finally, the “ring confidential transactions” mechanism hides the transferred amount.

Monero is designed to be resistant to application-specific integrated circuit mining, which is commonly used to mine other cryptocurrencies such as Bitcoin.

 It can be mined somewhat efficiently on consumer grade hardware such as x86, x86-64, ARM and GPUs.

History

The underlying CryptoNote protocol that Monero is based on was originally launched by pseudonymous author Nicolas van Saberhagen in October 2013.

Monero was originally launched by a Bitcointalk forum user only known as “thankful_for_today” under the name BitMonero which is a compound of Bit (as in Bitcoin) and Monero (literally meaning “coin” in Esperanto). Five days later, the currency’s supporters opted for the name to be shortened to Monero.

In September 2014, Monero was attacked when an unknown party exploited a flaw in CryptoNote that permitted the creation of two subchains that refused to recognize the validity of transactions on each other. CryptoNote later released a patch for the flaw, which Monero implemented.

Monero experienced rapid growth in market capitalization and transaction volume during the year 2016, partly due to adoption in 2016 by major darknet market AlphaBay, which was closed in July 2017 by law enforcement.

On January 10, 2017, the privacy of Monero transactions were further strengthened by the adoption of Bitcoin Core developer Gregory Maxwell’s algorithm Confidential Transactions, hiding the amounts being transacted, in combination with an improved version of Ring Signatures.

Privacy

Graphical representation of ring signature tracking.

Monero’s blockchain protects privacy in three ways. Ring signatures enable the sender to hide among other transaction outputs, stealth addresses hide the receiving address of the transaction and RingCT hides the amount of the transaction. As a consequence, Monero features an opaque blockchain. This is sharp contrast with transparent and traceable blockchain used by Bitcoin. Thus, Monero is said to be “private, optionally transparent”.

Monero has two sets of keys, called a “view key” and a “spend key”. View key can be separately shared to enable optional transparency. However, the system is designed to ease processing on mobile devices, as it is impossible to calculate an accurate wallet balance without a spend key.

Transaction linkability

In April 2017 research highlighted three major threats to Monero user’s privacy. The first relies on leveraging the ring signature size of zero, and ability to see the output amounts. The second, described as “Leveraging Output Merging”, involves tracking transactions where two outputs belong to the same user, such as when a user is sending the funds to himself (“churning”). Finally the third threat, “Temporal Analysis”, shows that predicting the right output in a ring signature is easier than previously thought.

Monero development team addressed the first concern in early 2017 with introduction of Ring Confidential Transactions (ringCT) as well as mandating a minimum size of ring signatures in the March 2016 protocol upgrade. Monero developers also noted that Monero Research Labs, their academic and research arm, already noted and outlined the deficiency in two public research papers in 2014 and 2015.

Client software

Monero Client
Monero-Logo.svg
Monero Client GUI running on Ubuntu 17.10 whilst connected to a remote node.

Monero Client GUI running on Ubuntu 17.10 whilst connected to a remote node.
Original author(s) The Monero Project
Initial release April 18, 2014; 3 years ago
Preview release
v0.11.1.0 “Helium Hydra”/ October 15, 2017; 4 months ago
Repository github.com/monero-project/monero/
Written in C++, C
Operating system Windows, Linux, macOS, FreeBSD (CLI only), DragonflyBSD (CLI only)
Platform IA-32, x86-64, ARMv7, ARMv8
License BSD license
Website getmonero.org

A user needs client software, a so-called wallet, to interact with the Monero network. The Monero Project produces the reference implementation of a Monero wallet. This implementation is broken up into three parts. The main software daemon is called monerod and it is responsible for reading the blockchain and claiming the user’s transactions. monero-wallet-cli is responsible for managing the user’s account, also known as wallet address, and generating new transactions. Finally, Monero GUI allows the user to interact with the aforementioned components through a graphical user interface. All of the software produced by The Monero Project is open source and licensed under a broadly permissive BSD license.

Other third party implementations of Monero clients exist such as Monerujo which also make it possible to use Monero on Android. Finally, a web wallet allows users to interact with the network entirely through the browser using a third party website.

Illicit use

The feasibility of CPU mining Monero has made it viable for malicious actors to covertly distribute miners embedded in malware, using the victim’s hardware and electricity for the financial gain of the malware developer.

The JavaScript implementation of Monero miner Coinhive has made it possible to embed the miner into a website in such a way to use website visitor’s CPU to mine the cryptocurrency while the visitor is consuming the content of the webpage. While this can be done with user’s consent in an effort to provide an alternative funding model to serving ads, some websites have done this without informed consent which has prompted the in-browser miners to be blocked by browser extensions and ad blocking subscription lists.

Monero is sometimes employed by Bitcoin users to break link between transactions, with bitcoins first converted to Monero, then after some delay, converted back and sent to an address unrelated to those used before. Researchers have reported that the operators behind the global ransomware incident WannaCry have converted their proceeds into Monero. It is also the preferred payment method of choice for The Shadow Brokers. Exchanges ShapeShift and Changelly are cooperating with police after it emerged that the WannaCry attackers used it to convert Bitcoin to Monero. “Any transactions made through ShapeShift can not be hidden or obscured and are thus 100 percent transparent” stated ShapeShift.