{"id":24783,"date":"2016-09-01T20:27:13","date_gmt":"2016-09-01T20:27:13","guid":{"rendered":"http:\/\/ci027cfe7fe0002697"},"modified":"2016-09-01T20:27:13","modified_gmt":"2016-09-01T20:27:13","slug":"how-bitcoin-users-reclaim-their-privacy-through-its-anonymous-sibling-monero-1472761633","status":"publish","type":"post","link":"https:\/\/bitcoinmagazine.com\/culture\/how-bitcoin-users-reclaim-their-privacy-through-its-anonymous-sibling-monero-1472761633","title":{"rendered":"How Bitcoin Users Reclaim Their Privacy Through Its Anonymous Sibling, Monero"},"content":{"rendered":"
<\/div>
<\/figure>\n

Bitcoin right now is not really anonymous<\/a>. While Bitcoin addresses aren’t necessarily linked to real-world identities, they can be. Monitoring the unencrypted peer-to-peer network, analyses of the public blockchain and Know Your Customer (KYC) policy or Anti-Money Laundering (AML) regulations can reveal a lot about who’s using Bitcoin and for what.<\/p>\n

This is not great from a privacy perspective. For example, Bitcoin users might not necessarily want the world to know where they spend their money, what they earn or how much they own; similarly, businesses may not want to leak transaction details to competitors.<\/p>\n

Additionally, the fact that the transaction history of each bitcoin is traceable puts the fungibility<\/a> of all bitcoins at risk. \u201cTainted\u201d bitcoins, for example, may be valued less than other bitcoins, possibly even calling into question Bitcoin’s value proposition as money.<\/p>\n

There are potential solutions that may increase privacy and improve fungibility in Bitcoin. But most of these solutions are either partial, works-in-progress or just largely theoretical.<\/p>\n

To reclaim their privacy right now, therefore, some<\/a> bitcoiners<\/a> have begun to utilize one of its competitors: the altcoin Monero.<\/p>\n

The Bitcoin Scenario<\/strong><\/h2>\n

Perhaps the main reason Bitcoin does not offer a whole lot of privacy is that different transactions are easily linked together.<\/p>\n

This is because all Bitcoin transactions consist of inputs and outputs. Inputs refer to addresses bitcoins are sent \u201cfrom\u201d and outputs refer to addresses bitcoins are sent \u201cto\u201d. Naturally, then, outputs from one transaction become inputs in the next. The receiver of one output and the sender of the subsequent input are usually the same person.<\/p>\n

Moreover, since most transactions are made by one person only, all input addresses typically belong to that same person as well. Meanwhile, that one person usually sends bitcoins to only one other person per transaction. That means that if there are two different outputs, one of these must be a change address, used by the sender to send excess bitcoins back to himself.<\/p>\n

All these links in the chain make individual bitcoins traceable; it\u2019s possible to determine in which transactions a certain bitcoin was previously used, thereby potentially harming fungibility and decreasing privacy, as all these links allow blockchain analysts to figure out which bitcoins likely belong(ed) to whom.<\/p>\n

The Monero Scenario<\/strong><\/h2>\n

As opposed to the majority of altcoins, Monero is not based on Bitcoin\u2019s code-base or protocol. Instead, the cryptocurrency, launched in 2014, is based on the CryptoNote<\/a> reference implementation, an altcoin that was designed from scratch.<\/p>\n

Monero was created by the pseudonymous developer thankful for today<\/a>, who was himself effectively \u201cfired\u201d by the community less than a month after Monero\u2019s launch, as the project was forked away from him. It has since been led by a core team of seven developers<\/a>, including Riccardo \u201cfluffypony\u201d Spagni and Francisco \u201cArticMine\u201d Caba\u00f1as. Its native curreny, XMR, is one of the top altcoins by market cap<\/a>, and is now accepted as payment<\/a> on several dark net markets.<\/p>\n

In Monero, the basic structure of Bitcoin transactions still holds up: each consists of inputs (\u201cfrom\u201d) and outputs (\u201cto\u201d). But there are two key differences. For one, outputs can only consist of rounded decimal numbers. So instead of an output worth 15.7 XMR, there will be three outputs, worth 10, 5 and 0.7 XMR. And the change outputs are also rounded. So if the input was worth, say, 60 XMR, the change outputs will be worth 40, 4 and 0.3 XMR for a combined output total of 60. Six outputs (40, 10, 5, 4, 0.7 and 0.3), where only the sender and receiver know which ones are payments and which are change. This already makes blockchain analysis a bit harder.<\/p>\n

But this is really only the setup of the trick.<\/p>\n

Ring signatures<\/strong><\/h2>\n

The actual magic comes from a cryptographic signature scheme called \u201cring signatures<\/a>,\u201d based on the older concept of \u201cgroup signatures<\/a>.\u201d Ring signatures exist as several iterations and variations, but all share the property of obfuscating which <\/em>cryptographic key signed \u201cwhich\u201d message, while still proving \u201cthat\u201d a cryptographic key signed \u201ca\u201d message. The version used by Monero is called \u201cTraceable Ring Signatures<\/a>,\u201d invented by Eiichiro Fujisaki and Koutarou Suzuki.<\/p>\n

Taking the example above, where an input worth 60 XMR was used to create six outputs, Monero utilizes ring signatures as follows.<\/p>\n

The sender who created the 60 XMR input must have previously received these 60 XMR as an output of an earlier transaction. After all, he can only create a 60 XMR input if he controls a 60 XMR output first.<\/p>\n

But with ring signatures, the sender can obfuscate \u201cwhich\u201d 60 XMR output he controlled. Instead, he can take several<\/em> 60 XMR outputs from different transactions, and bundle them together in such a way that proves he owns \u201cone\u201d of these outputs \u2014 without revealing \u201cwhich one\u201d. And since Monero only works with round numbers, there should be plenty of 60 XMR outputs available on the blockchain to mix with.<\/p>\n

As a result, Monero transactions are almost completely unlinkable. At best, blockchain-analysts can calculate the odds that transactions are linked, based on how many outputs were used in the mix to create an input. (This is configurable by the sender, with a minimum of three.)<\/p>\n

And Back Again…<\/strong><\/h2>\n

So how does any of this help Bitcoin or Bitcoin users?<\/p>\n

Simple: Monero is used to \u201cunlink\u201d Bitcoin transactions in much the same way that Monero transactions are themselves unlinked.<\/p>\n

Specifically, Bitcoin users sell bitcoin for XMR, ideally on a Tor-friendly exchange that does not require AML\/KYC, like Shapeshift<\/a> or Bitsquare<\/a>. Later, they simply sell these XMR back for bitcoin on a different platform, which can also be done on XMR.to<\/a>. If the buys and sells are spread over time a bit (since low transaction volume on Monero can be a slight giveaway in some cases), this leaves virtually no link on any blockchain at all.<\/p>\n

For more information on Monero \u2014 which includes additional privacy options as well as other features \u2014 visit getmonero.org<\/a>. Using Monero in itself does not always guarantee full privacy; the more precautions taken, the better.<\/p>\n","protected":false},"excerpt":{"rendered":"

As opposed to the majority of altcoins, Monero is not based on Bitcoin\u2019s code-base or protocol. Instead, the cryptocurrency, launched in 2014, is based on the CryptoNote reference implementation, an altcoin that was designed from scratch.<\/p>\n","protected":false},"author":2509,"featured_media":24784,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[410,2198,708],"class_list":{"0":"post-24783","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-culture","8":"tag-addresses","9":"tag-monero","10":"tag-transactions"},"author_data":{"id":2509,"name":"Aaron van Wirdum","nicename":"aaron-van-wirdum","avatar_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/12\/aaron-van-wirdum-96x96.jpg"},"featured_image_url":"https:\/\/bitcoinmagazine.com\/wp-content\/uploads\/2024\/11\/how-bitcoin-users-reclaim-their-privacy-through-its-anonymous-sibling.jpg","_links":{"self":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/24783","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/users\/2509"}],"replies":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/comments?post=24783"}],"version-history":[{"count":0,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/posts\/24783\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media\/24784"}],"wp:attachment":[{"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/media?parent=24783"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/categories?post=24783"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bitcoinmagazine.com\/wp-json\/wp\/v2\/tags?post=24783"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}