Betting on Monero

August 8, 2021

Consider this information as my personal notes. I’m a self-taught enthusiast, not a hardcore cryptography or blockchain engineer. Don't take any of this as truth, do your own research, and politely disagree with me.

Introduction

Since 2013 I’ve been interested in Bitcoin. I did not know anything about it at that time but the high level proposition caught my interest. A fully digital and decentralized asset that can be transmitted between peers without the involvement of a third party. Sounds promising. It was not until late 2015 before I actually started studying the technology a bit more and realized about the potential of cryptocurrencies. Shortly after, Monero came on my radar via one of my friends and I have never left it since. In spring of 2020 I decided to properly write about the topics I’ve got an interest in. This writing about Monero is the first piece of this series.

Monero

Monero is a cryptocurrency that came into existence in April 2014. It focuses on fungibility, privacy, and decentralisation. In contrast to Bitcoin’s open ledger, Monero uses an obfuscated public ledger, meaning everyone on the network can send transactions but without it being possible to outside observers to see the amount of the transaction, the source, and the receiver. Although this is the biggest feature of Monero, there are other core characteristics that Monero does different than its biggest competitor, Bitcoin. In this article I’ll dive into the things that I think makes Monero work in the long run.

How it started

Monero initially launched in 2014 under the name of BitMonero but the story goes back further. On December 12th of 2012 a group or an individual under the name of Nicolas van Saberhagen, released the CryptoNote v1.0 white paper. Some people say CryptoNote's Saberhagen and Bitcoin’s Satoshi Nakamoto are the same group or individual. The CryptoNote white paper focusses on deficiencies of Bitcoin such as its traceability, proof-of-work function, and irregular emission, and proposes solutions to these “shortcomings” of Bitcoin.

Bytecoin, scams, and forks

Shortly after Saberhagen’s white paper was released Bytecoin launched, the first cryptocurrency based on Saberhagen’s Cryptonote technology. The launch of Bytecoin was followed by a trail of scams. It’s even doubtful whether Bytecoin even existed in 2012, which they claim. There is no evidence of it and the creators of it faked a 2 year existence of the currency’s blockchain, pre-mined 80% of the coins, and earned a lot of money over the backs of holders of Bytecoin. (If you want to dive deeper in the Bytecoin fiasco, you can find a lot more about this here.)

Source

Monero emerged

In April 2014 a developer that goes by the name of "thankful_for_today" (TFT) forked the Bytecoin chain into a new chain, and called it Bitmonero. This same person was likely also involved in the Bytecoin scams mentioned above. TFT rushed BitMonero into existence, allegedly to have a first movers advantage. The code was buggy and had a critical flaw around the coin’s emission curve, which would have created 86% of the coins in 2 years. To give your perspective on this, 85% of all Bitcoin was mined in August 2019. This is 10 years after Bitcoin came into existence. Twelve days after BitMonero’s launch, and due to TFT not willing to listen to the project's community, a new Github repo was created, the coin’s name was changed to Monero, and a decentralized core team with the developers Ricardo Spagni (FluffyPony), David Latapie, tacotime, eizh, NoodleDoodle, othe, and smooth took over the project. The last five persons want to remain anonymous.

Privacy and why it matters

When talking about Monero and its privacy features many people immediately link it to criminal and darkweb transactions. Although this might be true, privacy is not just for criminals. As Ricardo Spagni is presenting in his talks (a.o. on Bitcoinference 2015), there are many reasons as of why privacy should matter to all of us.

For your reference and in contrast to Monero, Bitcoin is completely open and public. The moment you transfer Bitcoin from your wallet to someone else's wallet, this person can see how much Bitcoin you hold, who you have transacted with, and how much Bitcoin comes into your wallet. As Dr. Daniel Kim puts it mildly, "Monero is what Bitcoin noobs thought they bought."

Keeping your net worth private

If you transact with the wrong person, and then that person can see how much value you’re storing in your wallet, you could become the victim of a targeted crime. In extreme cases you could be tortured till you hand in all of your coins. While Bitcoin is public by default, Monero’s obfuscated ledger prevents outsiders from looking into your financial data.

Prevent leakage of sensitive financial and business info

As a company you don’t want everyone to know about your financial status. This could harm you in negotiations with clients or, in the case of a poor financial condition, make you lose business. Neither do you want your competitors to be able to find out with what partners you work with and how much money is involved, this could harm your competitive advantage.

Fend off targeted ads (and propoganda)

Most internet users prefer targeted ads because it serves them better than random ads. I find this concerning. Even more concerning is the fact that only 8% of US citizens considers their basic purchasing habits very sensitive. The same targeted ads that are used for selling you better suiting products and services can also be used for political and radicalizing propaganda. Which is already happening today as pointed out by people like Jaron Lanier and Edward Snowden, and shown in documentaries like "The Social Dilemma".
Source: The state of privacy in America | Pew Research Center

One Monero will always be one Monero

Because of Monero’s obfuscated ledger, it’s practically impossible to link an amount of the coin to a specific transaction or the people involved in this transaction. This means that if coins are used in a criminal transaction they won't lose their value and are still worth the same as before this illicit transaction. They are not tainted because they have been used in a illicit transaction. For Bitcoin and other open ledger cryptocurrencies this is not the case. I'm diving deeper into this topic further down, where I explain fungibility.

Avoid unwillingly complicity in criminal acts

If authorities can identify that certain coins have been used in illicit transactions, and by sheer bad luck these coins end up in your possession, you risk these coins being seized or locked up. Monero’s privacy on a core level solves this problem and is making Monero as fungible as Dollars or gold.

A Swiss bank account with finite space

Naval Ravikant has described Bitcoin in a very interesting way on Tim Ferriss's . He compares Bitcoin with a Swiss bank account with finite space. If you want to own some of this space, you have to buy it from someone who is already in. Although I like this comparison a lot, the thing not being mentioned is that everyone can look into your Swiss bank account. Monero is all of this but without observers being able to look in. Here you can find this specific part of the podcast.

Fungibility

Looking up the definition of ‘Fungible’ you get the following: “Easy to exchange or trade for something else of the same type and value.”. For example, gold or money are fungible. If a person lent you $50 he or she probably does not care about getting back the exact same $50, any other $50 will do the trick. The same counts if we replace the $50 with an ounce of gold in this example. You don’t need to get the exact same ounce of gold when it’s paid back. Other examples of fungible goods are gasoline, chemicals, commodities, stocks, options, etcetera. Non-fungible goods are among the likes of real estate, art, jewellery, diamonds, collector items, etc. You get the point.

Cryptocurrency and fungibility

If cryptocurrency is considered a form of money then you could say that it’s fungible. But within the context of cryptocurrencies fungibility is more complicated. First understand this example: If you have a 100 dollar bill in your pocket, it does not really matter who this belonged to before you had it, even if it was being used in a criminal transaction. The same principle would count for cryptocurrencies. But because most cryptocurrencies are backed by open and decentralised blockchain protocols, meaning everyone could look into all transactions made on the network, this is not the case. If you possess Bitcoin that has been used in criminal transactions, it’s tainted since it can be traced back to this event which can potentially lead to your Bitcoin being confiscated.

Why Monero is fungible

Monero’s architecture has privacy built into its core. A mechanism called Ring Signatures mixes the spender’s input with other transactions and through its cryptographic algorithm it’s technically impossible to determine who send money, who received money, and what amount was sent.Because Monero is private by default it’s impossible to see what the Monero you hold has been used for in the past. So just like with Dollars or Euros, 1 Monero is always equal to any other 1 Monero.

Monero’s privacy mechanisms

It’s clear why we should care about Monero’s biggest competitive advantage being privacy. To get a deeper understanding of how Monero achieves this, I lay out the privacy features below. I’m trying to explain it as simple as possible and added links to more technical explanations on every topic.

TL;DR - Stealth addresses hide the receiver's identity, Ring Signutures hide the sender's identity, and RingCT technology hides the amount of Monero being sent.

Stealth addresses

This mechanism was designed to prevent the linking of a transaction to the receiver's identity. Stealth addresses require the sender of funds to take the recipient’s public address and convert this into a random one-time-use address that is publicly unlinkable to the receiver's original public address. Only the recipient can acquire the secret key associated with the one-time-use address to access and retrieve the funds. Stealth addresses make it possible for users within the Monero network to have a fixed public address without this address being able to be linked to their holdings or transactions. If you’d like to read a more technical explanation of how stealth addresses work, read this or see the CryptoNote whitepaper.


Ring Signatures

To protect users’ privacy on the input side of a transaction, Monero uses ring signature technology. To understand what this is and why Monero uses it, you first need to understand the standard among cryptocurrencies.

Let’s take Bitcoin as an example. The blockchain behind it is basically a chain of signatures that transact ownership of amounts of Bitcoin from one party to another. To create a transaction there are two keys required from an user: a public key and a private key. In Bitcoin’s case the private key is a randomly generated string of 64 characters in the range 0-9 and A-F. This private key is always mathematically related to the public key, but practically impossible to reverse engineer due to the strong encryption. (see this explanation on Bitcoin’s case).

The network makes sure that there are no fraudulent transactions (this is the role of miners - I explain more about mining further down), but to do this the user’s public key is required and thus given away in the process. The public key is the user’s identity on the network and because of Bitcoin’s public ledger it enables everyone that knows someone’s public key to look into transactions and holdings attached to this public key. While this makes Bitcoin very transparent, it’s the biggest reason why Bitcoin’s privacy is very weak. Anyone you transact with, can retrieve your public key, and thus can retrieve your financial status and all the other public keys you’ve transacted with.

This is where Monero’s ring signature technology comes in. When a user on the Monero network creates a transaction, the ring signature feature comes to action. Randomly picked public keys from the blockchain are added to a ring signature to sign the transaction. Just like with Bitcoin miners, miners on the Monero network process transactions and need valid keys and signatures to process these. But because there are now multiple public keys attached to one single transaction, miners are unable to determine the key of the true signer. The randomly picked public keys that participate in a ring signature are used without any permission or cooperation from the linked user. The theory of ring signatures comes from MIT professor Ron Rivest. You can find more detailed information about it here.

RingCT

In the beginning of Monero, the value of a transaction was still visible to outside observers. So if Bob would send 1 Monero to Alice, the transaction would not be able to be traced back to Bob and Alice but the amount would still be visible to others on the network. RingCT stands for Ring Confidential Transactions and is an extension of Monero's Ring Signature technology. It's the part that makes sure the transaction amounts are hidden within the Monero network, and went live on 10 January, 2017. RingCT achieves hiding the transaction's amount through Range Proofs. This is a mathematical function that still allows public observers to see the transactions are legit, while only the sender and receiver can know the actual amount being sent.

Bulletproofs

A problem that came with adding RingCT to Monero was the increase of size of the transaction. An improved form of range proofs, called Bulletproof, was added to the Monero protocol on 18th November, 2018. Bulletproof creates significantly smaller range proofs to be used in Monero's RingCT, while it increases privacy. The new range proof method decreases the size of cryptographic proof in a transaction from more than 10kB to less than 1kB. Because the decrease of the transactions's byte size due to this technology, it makes transactions lighter and thus cheaper. Users on the network pay transaction fees based on the size a transaction takes up on the blockchain. Using less bytes means paying less fees.

RandomX mining and ASIC resistance

Before understanding the proposition of RandomX mining, we first need to understand why this technology came to life in the first place. Let’s take Bitcoin as an example for this. Bitcoin incentivizes people within the Bitcoin network to process transactions broadcasted by users. The network rewards the people with new Bitcoin. This process is called mining and the people processing the transactions in the network are called miners. Miners compete against each other to process transactions on the network to get their reward of freshly minted Bitcoin. This goes as follows. Before transactions made by people in the network can be processed they are first broadcasted to the network. Miners collect these pending transactions and bundle them in a block. When this is done, the miner needs to solve a mathematical puzzle before the block can actually be added to blockchain. The miner who is the first to fix this puzzle receives the reward. The answer to this mathematical puzzle is a random number that can only be found by brute-forcing, meaning trying millions of random numbers. For this, Bitcoin uses a cryptographic hash function called SHA-256. Any data set that’s put into the SHA-256 function will result in a 64 hexadecimal string of letters and numbers, which in this case is the answer to the puzzle. Because every puzzle has the same type of output, it’s suitable for specialized mining hardware, ASIC miners.

ASIC mining and why this might cause problems

ASIC stands for ‘Application-specific Integrated Circuit’. In simplified language this means that ASIC hardware is designed to solely perform one specific type of function. In the case of Bitcoin this means that the ASIC mining gear needs to focus all computing power on finding the answer to the puzzle (the 64 hexadecimal string of letters and numbers created by the SHA-256 cryptographic hash function) to be able to add a block to the blockchain and earning the reward.The problem with this is that ASIC mining gear is very expensive. In the early days anyone with a decent CPU or GPU could mine Bitcoin. But with the rise of ASIC mining gear entire farms with large ASIC mining setups are taking over the mining of Bitcoin, rendering CPU and GPU miners obsolete. This makes the Bitcoin network less decentralised which increases the risk of a 51% attack.

How Monero solves this problem with RandomX mining

ASIC resistance has always been a focus of the Monero community. Monero underwent hard forks where the algorithm was tweaked and improved, rendering existing specialized ASIC gear useless every time a hard fork was executed. Although this brings mining power back to CPU and GPU miners for a short while, the ASIC mining gear adapted quickly and quickly took over again from CPU and GPU miners. To end this cycle for once and for all and create a more sustainable solution, developers from the Monero community developed RandomX mining, an entirely new Proof-of-Work (PoW) algorithm designed to be ASIC resistant. RandomX is a PoW algorithm that is optimized for CPUs by using random code execution and several memory-hard techniques. The random code execution is hard for ASIC gear because ASIC gear is designed to do one sole thing. The built-in memory-hard techniques attacks ASIC gear on memory, which is expensive on an ASICs. RandomX’s design minimizes the efficiency advantage of ASIC mining gear, making the distribution of block rewards within the Monero network more decentralized and egalitarian.

Monero Hashrate - Source: Coin Metrics

Dynamic block size

Blockchains face problems when it comes down to scalability. And one part of this issue of scaling is in transactions. Transactions are clustered in a block and with most protocols, which includes Bitcoin, these blocks have a size limit. This means that if there are more transactions than a block can be filled with, the remaining transactions have to wait. And when this happens, the only way to have your transaction processed as fast as possible is to pay higher transaction fees. In the crypto boom of 2017 transaction fees on the Bitcoin network reached almost $60 due to congestion.

To avoid scaling issues like this Monero took a different approach, that is through having a dynamic system when it comes to block size. To describe it in simple terms, Monero's dynamic block size mechanism scales up when there is an increase of transactions on the network and scales down when there is a decrease. This results in shorter waiting times when transactions are spiking and prevents the network from congesting.

Monero still has a cap on its block size so that there won't be extremely large blocks but this limit is automatically set by the activity on the network. Since each transaction is worth money for miners, there is an incentive for miners to fill up the block with as much transactions as possible. For this Monero has created a clever penalty system that forces miners to pay a fine when they raise the size of their block. Meaning that miners will only raise the size of the block if the transaction fees outweigh the penalty.

Monero's tail emission

One thing we have not talked about yet, is one of the fundamental parts of Monero's supply. To understand the approach of Monero on this we first have to take a look at Bitcoin again. Bitcoin has a fixed supply of 21 million coins. While it perfectly sustains the argument of scarcity, Bitcoin over the longer term is facing a challenge on mining incentives. When all Bitcoins are mined, miners will no longer receive block rewards and will be solely incentivized by transaction fees, assuming there are no major changes to the Bitcoin protocol in the meantime. Currently transaction fees are only roughly 3,3% of the miners' compensation.

Fixed inflation

Monero has a system that allows miners to be compensated for processing transactions in perpetuity, namely fixed inflation. The main emission of Monero is 18.4 million coins, which will all be mined in mid 2022. After this the tail emission will kick in, issuing 0.6 Monero per block into infinity. This mechanism secures miner incentives. If miners lose this incentive they stop mining, which then reduces the security of the network.

This inflationary system gives Monero an inflation rate of 0.9% in the first year of the tail emission. This percentage will become lower each year, given the fixed supply of 0.6 Monero per block. To give you a bit of a perspective on this, gold has a current inflation rate of around 1.6%.

Even though Monero is inflationary, it's expected that the amount of lost coins will outweigh the fresh yearly supply of new Monero. This results in increasing scarcity and thus is generally comparable to Bitcoin on this matter.

Monero’s Funding System

Monero is funded through donations. There are two ways to donate to the project. You can donate Monero to the General Fund, which is managed by the core team of Monero. These funds are mainly spent on developments lead by the core team, infrastructure, and server costs. In case you want to know more about how the GF is spent, you can check out the transparency report here.

The second way to donate to the project is through Monero's Community Crowdfunding System (CCS) and is also fully donation based. Via the platform, which you can find here, anyone can propose ideas to improve the Monero ecosystem. The community discusses the proposals, and gives feedback on these. If necessary proposals can be adjusted according the feedback. Once it reaches consensus the idea is moved to the next phase, which is funding.

In the funding stage, anyone can donate Monero for the project. The needed funds are collected and when it reaches the funding goal the proposal is moved to Work in Progress. Meaning the development team can start working on it and get paid from the collected funds.

Regulatory pressure and compliance

Monero is always been a bit of a problem child when it comes down to compliance due to its privacy-by-default protocol, rendering it the go-to coin for money laundering and illicit activities. Large exchanges such as Coinbase are hesitant with listing Monero due to the untested grounds for regulators in the United States. Even though Coinbase's CEO, Brian Armstrong, said he personally would like to list it. As Armstrong mentions on Peter McCormack's podcast 'What Bitcoin Did', the regulatory burden on his company is pretty high. Around 35% of his company's employees work in some sort of way on legal and compliance. The total amount of Coinbase employees is around 1100.

As a response to the uncertainty around compliance, Tari Labs and the Monero community have hired Perkins Coie, a top tier law firm, to produce a 40 page report devoted to the Anti Money Laundering (AML) regulation of privacy coins.

With this document released, the Monero community hopes it will be easier for exchanges to list Monero. The main takeaways of this report are (taken from this tweet from the Monero Twitter handle):

1 - "Allowing VASPs (Virtual Asset Service Providers) to support privacy tokens under current, tested AML regulations strikes the appropriate policy balance between preventing money laundering and allowing beneficial, privacy-preserving technology to develop."

2 - "Not only do privacy coins provide public benefits that substantially outweigh their risks, existing AML regulations properly and sufficiently cover those risks, providing a proven framework for combatting money laundering and related crimes."

3 - "Businesses rely on and expect financial privacy. Without maintaining confidentiality, commercial transactions would be visible for competitors and nefarious actors to analyze, predict, front-run, and exploit."

4 - "...privacy coins have enabled users to transact in a low-cost, decentralized manner, while maintaining the added benefit of financial privacy that was only previously available through financial intermediaries and institutions in the traditional financial system."

5 - "Privacy coins essentially combine the benefits that the traditional financial system and initial cryptocurrencies like Bitcoin offered."

6 - "... [the NYDFS] similarly does not require the use of on-chain surveillance tools. When these on-chain surveillance tools are not available, regulated companies can still meet their compliance obligations through other robust means of off-chain information sharing."

7 - "Even in the case of privacy coins, VASPs should and will remain the primary subject of AML and CFT regulations, just as they do in traditional financial transactions."

8 - "privacy coins and other cryptocurrencies arguably pose a lower risk, in [the "ease of crossing borders" factor], than cash, card, or paper payment instruments, which can cross borders with no transfer record at all (i.e., not even a publicly broadcast blockchain transaction)."

9 - "If anything, privacy coins pose lower inherent AML risk than other cryptocurrencies when considering evidence of illicit use in practice."

10 - "privacy coins do not pose an inherent AML risk that is uniquely or unmanageably high, since that risk does not appear materially greater than other high-risk traditional products that VASPs have long supported in a responsible and compliant manner."

11 - "Ultimately, absent evidence that existing AML regulations cannot adequately address the risks posed by privacy coins, there is no reason to impose new and overbroad AML requirements that specifically target privacy coins."

You can find the full report here.

Private by default and optional transparency

We now understand that Monero has privacy baked into its core. But what many don't understand is that Monero is optionally transparent. Monero has a two layered system, containing a spend key and a view key. With the spend key users are able to transfer Monero from their wallet. Now this is where it becomes interesting, with the view key you can give third parties insight to your transactions without them being able to transfer funds. In the case that you need to prove your government that you are paying the right amount of taxes,  you can hand in you view key. Enabling tax services to view transactions, while it's still a secret to the public. View keys are only giving insights in the key's owner. So anyone you have transacted funds with will remain private.

Self-sovereignty and financial freedom

There is a case to be made against governmental control of your wealth. Why would your government need to know about all of your wealth and assets? Apart from the obvious reasoning of taxation, there are potential dark scenarios lurking.In 1933 the United States confiscated their citizens’ gold under the reasoning of “fighting the Great Depression”. Which meant that under the leadership of president Roosevelt, Americans were forced to hand in their gold. If you did not oblige, you were facing a penalty of $10,000 and up to 10 years imprisonment.A more extreme example, that also started in 1933, is the forced expulsion of Jews from business life in Nazi Germany. On 26 April 1938, Jews were ordered to report all wealth over 5,000 Reichsmarks, and their access to bank accounts was restricted.Although events like these seem impossible these days for many, history has proven that large power shifting events occur over larger cyclical saeculum, a length of time roughly equal to the potential lifetime of a person or, equivalently, of the complete renewal of a human population. And yes, we are around the ending of one.Crypto technologies like Bitcoin and Monero could function as ports in the storm to avoid total financial annihilation in extreme circumstances like these. I think Monero could actually outperform Bitcoin on this matter due to privacy being baked into the core, making it harder for government to know about (parts of) people’s wealth being stored in it.

Crypto and especially Monero as financial safe havens

Present-day events like the hyperinflation in Venezuela or the economic unrest in Argentina are showing that the usage of cryptocurrencies are rising in those countries. One particular case in Venezuela shows that a man was holding all of his money in Bitcoin, only converting his BTC to the Venezuelan Bolivar when he needed to buy things.

Network usage and valuation

As I’m writing this piece Bitcoin’s market cap is $345B, dominating the cryptocurrency’s total market capitalization with 62%. Monero does not even come close to this with a market cap of a bit above $2.3B, not even shown in the chart below.

Total Market Cap

In 2020 the amount of transactions on Monero’s network is rising and currently ranges between 7,000 and 21,000 transactions per day. This while Bitcoin does between 250,000 and 350,000 transactions per day.

Monero vs Bitcoin daily transactions (Bitcoin is the orange line, Monero the blue)

Anyone looking at this can see that Bitcoin is king. However, if we look closer you can see that relative to the market cap there are way more transactions on Monero than on Bitcoin.

Let’s take October 2020. In that entire month Monero had 501,273 transactions on its network. This against Bitcoin counting 9,284,673 transactions in the same month (Source). A quick calculation for that month shows Monero has 217,944 transactions per billion dollars worth of its market cap, while Bitcoin does 26,912 transactions per billion dollars of the entire cap.

Tx per $B vs. Valuation

Currently Bitcoin’s total valuation is roughly 150 times the market cap of Monero while the transactions on Bitcoin’s network are only 18.5 times the transactions of the Monero network. If price should reflect the usage or the amount of transactions on the network, and given the fact of it being a solid project, you could say that Monero is one massive asymmetric bet within the crypto space.

Great sources for learning more about Monero

Monero: Sound Money, Safe Mode

Dr. Daniel Kim gives an excellent lecture about Monero and how it works. I find it unbelievable that this video still has under 6k views by the time of this writing.

Monero talk at Bitcoinference

Ricardo Spagni, a Monero core team member, presents Monero in a very understandable way. For the ones who don't know him, he's the most publicly known person from the Monero project. Find him here on Twitter.

How does Bitcoin work?

This one is not about Monero but it's a great Eli5 video about how Bitcoin actually works. To understand better why Monero is solving things that are wrong with Bitcoin, it's nice to understand Bitcoin's workings.