There have been quite a few privacy-conscious alternatives to Bitcoin released over the past few years, but Monero has been the only one to gain non-speculative users. Monero is currently ranked fourth among all cryptocurrencies in terms of market cap, and darknet market AlphaBay recently revealed that Monero transactions account for 2 percent of their business (the rest is done via Bitcoin).
But how does Monero offer better privacy than Bitcoin? There are four main privacy features in Monero that help shield users from effective blockchain analysis.
Bitcoin has similar alternatives to some of the privacy features found in Monero, but a key difference is that the privacy enhancements in Monero are enabled by default.
Without taking too much of a technical deep dive, let’s take a look at Monero’s four main privacy-enabling features.
Dual-key Stealth Addresses
Monero uses dual-key stealth addresses to mask where a payment is sent.
With Bitcoin, the public address where a transaction is sent can be viewed on the blockchain. The receiving address can also be seen on the Monero blockchain, but it is a one-use address that is automatically generated from the receiver’s public Monero address.
A Monero user’s public address is not connected to these one-use addresses that are actually used for payments. That public address is merely used to generate a new receiving address for each payment.
Bitcoin also has systems for generating new addresses for each payment, such as reuseable payment codes and the payment protocol, but these solutions are not enabled by default.
Ring Signatures
Monero uses ring signatures to mask the origin of a transaction.
From the perspective of someone watching the blockchain, it’s unclear which specific outputs were used in a transaction. In other words, an onlooker sees a few possible origins of a payment rather than the payment’s one, true origin.
The level of anonymity provided by this feature grows over time because the number of possible outputs used in a particular transaction increases with each newly created transaction. This is due to the fact that outputs are never actually “spent” from the view of an observer.
The feature in Bitcoin that is most similar to Monero’s use of ring signatures is CoinJoin, but CoinJoin is not implemented by default in Bitcoin and requires active communication between those who wish to mix their UTXOs (unspent transaction outputs).
Although Monero’s ring signatures enable a greater anonymity set for users, they also cause unbounded growth of the TXO set.
Ring Confidential Transactions
Ring confidential transactions (RingCT) is a feature based on Blockstream’s confidential transactions, which may eventually come to Bitcoin by way of a soft fork or a sidechain. The basic idea here is to mask the amounts involved in transactions.
One of the main issues with the use of CoinJoin in Bitcoin in the past was that it was trivial to see where a payment was sent by simply matching the amounts of the inputs and outputs of a mixing transaction. If one person sent 5 bitcoins into a CoinJoin transaction, then it’s easy to see where those 5 bitcoins ended up by looking to see who received 5 bitcoins.
Without confidential transactions, CoinJoin users tend to avoid this issue by mixing inputs of equal value. JoinMarket is the most popular solution at this time.
In Monero, transaction inputs are split into common denominations to avoid this issue.
RingCT was recently added to Monero via a hard fork, and it will become a mandatory feature via another hard fork later this year.
Use of i2p
The fourth privacy feature when buying Monero is the use of i2p to hide a transaction’s originating IP address.
I2p is an anonymizing network, similar to Tor. When a node is notified of a new transaction, that node only knows from which i2p address the transaction originated, which isn’t easily tied to any sort of physical location (unlike normal IP addresses).
Bitcoin users can broadcast their transactions via Tor, but again, this is not something that is enabled by default.
Monero’s i2p integration is still a work-in-progress.
This article is largely based on a recent presentation recently by Monero developer Riccardo “FluffyPony” Spagni at the Coinbase headquarters in San Francisco. Thank you to Riccardo for offering feedback on Monero’s use of ring signatures.