Retracing Monero’s Steps in 2019
Monero is a privacy-focused cryptocurrency launched in 2014. Unlike some other cryptocurrencies, Monero is not a Bitcoin fork and is based on its own whitepaper and codebase.
Over the years, Monero has implemented many privacy-enhancing technologies with a twice-a-year hard fork schedule. For instance, hiding transaction amounts with confidential transactions has been implemented into the protocol. Back in 2018, the Monero community activated a drastic optimization in the size of confidential transactions, known as Bulletproofs.
With the hard fork-friendly attitude in mind, it comes as no surprise that 2019 was another eventful year for the privacy coin. Not only did Monero tweak their privacy mechanisms, but they also switched to another proof of work algorithm. Let’s run through the highlights and draw a bottom line.
Following the hard fork schedule, the Monero protocol was upgraded to version 0.14 (Boron Butterfly) in March of 2019. The changes included a mandatory payment ID for all transactions on a protocol level, a slightly more efficient RingCT format and a new algorithm for the maximum block size.
The Depreciation of Payment IDs
The plan for 2019 was to depreciate the antiquated system of payment IDs in two steps. Originally, payment IDs were a means for merchants to match Monero transactions to transactions in their online shop. However, since the advent of sub-addresses, this could be achieved in a more elegant way.
To understand the problem, we have to visualize the Monero blockchain (you can also go look at it on a block explorer).
In the XMR blockchain, all transactions look alike. Nowadays there are 11 possible spending outputs for each actual spending out. This is called a ring signature and effectively gives the true spender of an output plausible deniability. The amount of a transaction is completely hidden by the aforementioned confidential transaction, or RingCT, as it is called in Monero. The recipient’s address is also encrypted in the blockchain (this is called a stealth address.) Since privacy in Monero is the default, all transactions have these features and are indistinguishable for an outside observer of the blockchain.
Payment IDs, however, were optional until Boron Butterfly. That meant that an observer could gain at least some insight on transactions when spotting a payment ID transaction. For instance, some exchanges required payment IDs to match the funds to a given customer. An observer could now use heuristics to analyze the blockchain: if a transaction did feature a payment ID, it was a somewhat special transaction and stood out among the rest.
Therefore optional payment IDs represented a potential risk to the users’ privacy and had to be eliminated in two steps: 1) make it mandatory for a transaction to feature a random payment ID with Boron Butterfly and 2) get rid of payment IDs altogether with the next hard fork. The two-step approach was chosen to give exchanges a head start for adjusting their internal procedures.
The Mitigation of the Big Bang attack
Monero does not have a hard-capped block weight as Bitcoin does. The block size in Monero is rather dynamic and adjusts to the demand of the network. While the details are too complicated to go into herein, it’s safe to say that the more transactions there are on the Monero network, the bigger the blocks can get.
In September of 2018, a possible attack vector was described for dynamic block size systems like Monero. The attacker could spam transactions over a longer period of time and thereby blow up the size of the blockchain. A speedily increasing blockchain size, in turn, would lead to issues for full-node operators when it comes to storage space and bandwidth. The rapid expansion described by the attack vector could be compared to the very beginning of our universe, which gave the attack its name: the Big Bang attack.
The Monero Community responded with a new algorithm for the block weight in Boron Butterfly, which makes the Big Bang attack less feasible. Boron Butterfly also introduced “pruning” to the blockchain. After the user has downloaded and verified the entire Monero blockchain, pruning discards about two-thirds of the data. This measure allows full-node owners to consume less space when storing the blockchain (for example 20 Gigabyte instead of 60 GB).
Tweaking the PoW Algorithm
Last but not least the Boron Butterfly hard fork brought a tweak into the proof of work. For readers unfamiliar with the recent mining history of Monero, here is a quick recap.
The crypto-note whitepaper, of which Monero is an implementation, specifies an egalitarian proof of work. Egalitarian means the often proclaimed “1 CPU, 1 vote” of Bitcoin. While Satoshi Nakamoto espoused to this ideal in the Bitcoin whitepaper, the reality soon looked different thanks to the emergence of ASICs. An ASIC (Application Specific Integrated Circuit) is a special piece of hardware designed only for a single purpose: to hash with a given hashing algorithm. ASICs are so efficient in hashing (or mining) that they push the layman out of the mining business. In Bitcoin, this has led to a geographical centralization of the mining industry in China.
While Monero strives for a CPU-friendly mining process, it is easier said than done. For some years ASIC rumors plagued Monero. The original Proof-of-Work algorithm of Monero was officially broken in 2018 when Bitmain announced their Monero ASIC. In turn, the Monero community began tweaking the proof of work. Even with small changes in the algorithm, ASICs would become useless, since ASICs are designed for a very specific algorithm and cannot work properly with any other. The game of gotcha started: on the one hand, ASIC manufacturers began investing in research and development to come up with a new miner, while on the other hand, Monero began tweaking the proof of work with each hard fork. As a result, the implementation of the Boron Butterfly hard fork decreased the network hash rate from 1 GH/s to 270 MH/s, which is almost 70%.
The second hard fork of 2019 was titled Carbon Chamaeleon. This time, the main change was the Proof-of-Work algorithm itself. Pained by the constant threat of ASICs, the community opted for a new innovation in the proof of work department: RandomX. Although the tweaking of the proof of work did what it was meant to do, it introduced a constant risk of bugs for the entire project. RandomX was conceived as a permanent solution to the mining problem as it is a new POW algorithm made for CPUs. The hope is not only to banish ASICs once and for all, but also to make mining more decentralized and incentivize laymen to participate with their own hardware. Surprisingly, after the hard fork, the hash rate actually rose from 300 MH/s to over 1 GH/s. This can be explained by the more efficient performance of CPUs with RandomX. Still, whether RandomX is successful in the long-run to keep out ASICs remains to be seen.
Carbon Chamaeleon also eliminated payment IDs entirely and made certain transaction attributes mandatory on a protocol level. For example, every transaction needs to have at least two outputs to be valid. Previously, this was enforced only by the official / endorsed Monero wallets. The logic is the same as for the payment IDs: make every transaction on the blockchain look like any other to increase privacy.
The Monero Community Takes a Step Forward
So far we have only explored the technical advances of Monero, however, the community itself made notable strides in 2019, too.
Keeping in mind that Monero is not even six years old, the project has shown remarkable professionalism this year. The RandomX algorithm, for instance, was audited by four different parties, leaving little doubt concerning the implementation. Three of these audits were partly funded by the community through the newly set up Community Crowdfunding System (CCS). Hopefully, this will be an ongoing trend since the project is growing and getting more responsible.
The outward presentation improved as well. As a fully decentralized cryptocurrency, Monero has no marketing plan whatsoever. Nonetheless, there is an outreach workgroup seeking to educate newcomers and respond quickly to issues like the Big Bang attack. Just like programmers, researchers and auditors, the Monero Outreach is funded entirely by the CCS. Monero was represented at conferences, like DevCon in Las Vegas (USA) and the 36C3 in Leipzig (Germany) and also held their first official conference, the Monero Konferenco in Denver (USA).
In terms of code commits, Monero is in third place among all cryptocurrencies, topped only by Bitcoin and Ethereum). By the time of writing, over 300 programmers have contributed to the Monero codebase. With the growing maturity of the project, Ricardo “fluffypony” Spagni, stepped down in late 2019 as the lead maintainer.
Regarding the issue of adoption, Monero was added as a donation option for well-known projects such as the VLC player, the TOR project and Linux Mint. An eager code contributor even released a custodial MoneroTipBot for Telegram, which enables users to send each other Monero with their username.
Issues and Headaches
But not everything is rosy in the Monero-verse considering the growing scrutiny by regulators. With the anti-money-laundering (AML) narrative, some countries pressure exchanges to stop any privacy coin-related activities. Law enforcement agencies also seem to have a close eye on Monero. As it features an obfuscated blockchain, Monero offers privacy not only to law-abiding citizens but also to shady and downright criminal individuals. With the sender, receiver and amount of every transaction being hidden, analysis of the blockchain does not have the same effect as in Bitcoin. Europol expert Jerek Jakubcek stated that Europol is hitting dead ends when suspicious funds are moved from transparent blockchains like Bitcoin and Ethereum into Monero. Going into the new decade growing regulation may become an issue for the marketability of privacy coins.
The Monero website also suffered an attack in 2019. After the release of Carbon Chamaeleon, the binaries for the Command Line Interface Wallet on the official getmonero.org website were compromised for about an hour. An attacker had replaced the official wallet binaries with an altered version. The doctored wallet would drain user funds. While the attack only concerned a very specific group of users for a short amount of time, it alarmed the whole community. As a result, they separated the hosting of the getmonero.org website and the binaries for the wallets. Users are always encouraged to verify the signature of the downloaded wallets before using them. Until today it remains unknown how this attack was carried out.
Monero Compared to Other Cryptocurrencies
Privacy is an emerging concern not only in the financial industry but also on social media platforms. Users do not feel comfortable being surveilled and data-mined.
Even in Bitcoin, the demand for greater privacy is becoming more widespread. Technologies like Schnorr Signatures (making MultiSig transactions indistinguishable from MonoSig transactions), the Lightning Network (which uses onion-routing to hide the originator and receiver of a transaction), and Taproot/Graphroo (that hide scripts in a transaction), are making waves. However, Bitcoin is extremely conservative with introducing changes to the protocol and therefore these innovations take their time to be usable. It may well be the price Bitcoin has to pay for being the first and largest cryptocurrency.
Whilst other privacy-oriented cryptocurrencies like Dash and Zcash improve their projects, Monero remains somewhat unique in their midst as the protocol is private by default. Users have to take no extra steps to hide from prying eyes and this leads to better privacy. With Bitcoin, Dash, Zcash, and others, users have to know what they are doing to use the privacy-enhancing features, and even then they may make mistakes and reveal their identity. Opt-in privacy means that only users really looking for it will use the features, which in turn means a smaller crowd to get lost in (which is exactly what you want if you wish to be private). Monero is the biggest cryptocurrency with default privacy in a unique position to satisfy the demands of every paranoiac out there.
Monero starts the new decade with solid technological fundamentals and an engaged community. The project embraces innovation towards better privacy and follows a clear ethos of remaining truly anonymous money for the internet.
In 2019, the project was able to improve its privacy and adopt new technologies to realize the vision set forth in the original whitepaper. Even though most cryptocurrencies struggled with the bear market in 2019, Monero was able to keep its momentum and move forward. It will be one of the cryptocurrencies to keep an eye out for in the following years.
Written by Alex Anarcho, the host of multiple cryptocurrency podcasts and a private coin enthusiast.
Subscribe to our Newsletter<
- Researchers Disclose Bot in Disguise Mining Crypto and Stealing User Data
- Data Brokers: How Law Enforcement Rely on Inaccurate Data to Supplement Investigations
- Messenger App Steals User Data and Hacks Their Devices, ESET Research
- Hacker Group Targeting Fintech Companies and Personal Data Has Been Under Radar For Years, NOD32 Developer Finds
- Former Yahoo! Engineer Who Hacked 6,000 Email Accounts Looking for Sexually Explicit Media Avoids Jail
- Secure Identity Expert Explains How Cryptography Gives Us Power Over Personal Data
- Telegram User Data From Earlier Leaks Found on Dark Web, Contact Import Feature Is to Blame
- How to Defend Yourself Against Scammers, Corporations, and Government: Hacker’s Perspective