monero

The knock on effect with any privacy-related project is that it can be used for nefarious purposes. That this is happening comes as no surprise to the people who built the untraceable cryptocurrency Monero, but their goal from the start was always to create a safe and secure system of money.

Monero hit the headlines towards the end of last month when its price began to spike following an announcement by leading darknet market AlphaBay that it would be integrating Monero on 1 September.

Monero core developer Riccardo Spagni says it's not about specific use cases, but about creating a digital version of cash and enabling user privacy to the best extent possible.

He told IBTimes UK: "The way we see it, if somebody sends you money, like to your bank account, they shouldn't be able to tell what your bank balance is. If you pay with your credit card online, they shouldn't be able to tell what your bank balance is. So that's really what we are trying to create with Monero.

"Of course guys like AlphaBay and Oasis and the darknet market operators obviously tend to be more interested in privacy than the average man on the street and so I guess it's not surprising that they identified Monero at this relatively early stage. But I am hoping and expecting that there will be other people who will use it for use cases beyond that."

The Monero bull run was perhaps triggered by the news that anonymous email service SIGAINT decided to host a Monero node on Tor. This happened around the middle of August. Monero has been in development for close to two-and-a-half years, so why is it coming to prominence now?

Spagni takes a step back. A lot of open source work that is essentially done for altruistic reasons can take a long time, while many cryptocurrency projects have funding and attract the most engineers, he said.

"That's unfortunate because it means that projects like Monero, where there is no funding, where there is no crowdsale, where there is no corporate backing, end up attracting engineering excellence only altruistically. Nobody has really worked on it full time.

"But what is interesting is that people have been watching; projects like SIGAINT have been watching Monero for the past couple of years because some people in the community have hounded them to accept Monero.

"There have been some things along the way where services have accepted Monero donations and so on. I think we are at a turning point now where people are realising that being private and using Bitcoin is extremely hard because your OPSEC ends up relying on the OPSEC of others."

A rather unkind parallel has been swirling around the community between the recent rise of Monero and the theft of $60m in Bitcoin from Hong Kong exchange Bitfinex.

Cyber crimes are a rising threat to UK businesses according to a PwC economic crime survey
Hong Kong exchange Bitfinex lost $60 in Bitcoin back at the start of August Reuters

Spagni fielded this observation candidly: "I guess on the one hand I wouldn't be surprised if somebody was using Monero to do something like that. Again, this goes back to the fact that privacy projects can be used for things that are good and things that are not so good and things that are somewhat in between or morally ambiguous.

"That said I have yet to see evidence of this happening. I haven't spent a whole bunch of time tracking the stolen coins to see where they have gone, but yes sure, if someone had evidence that the stolen coins were deposited on Poloniex and traded into Monero that would make for a compelling argument.

"I think you never really know what is going on behind the scenes and who is doing what and who is involved with who. But I think a lot of people are reaching for explanations like that, when the simpler explanation is just that there is a larger interest in financial privacy and it's been building for two-and-a-half years. And now it is starting to explode."

Another interesting event in crypto circles was the announcement from Apple that it would not allow Dash, another coin with enhanced privacy, in the App Store.

Spagni said: "It's difficult to tell why Apple made that decision. I guess in part because they probably have a whole bunch of pressure from the 700 or 800 altcoins and their respective communities to have a wallet for this and wallet for that.

"Apple has got to be somewhat responsible for what they allow on the App Store. I read a lot of people saying look Apple is anti-privacy, but I don't think that is the case at all. I think Apple is just anti letting everything on App Store that could potentially either be a scam or potentially be at risk in terms of the legislation in some of the territories that Apple are in. I think it remains to be see what will come out of that and how they feel about Monero in the future."

Taking a high level look under the hood at the privacy part of Monero's protocol, Spagni said there are basically three components to it.

The first involves outputs. So in terms of who you are paying, Monero uses something called dual-key stealth addresses. When paying an address with Bitcoin, you can see that address on the blockchain using a block explorer. But Monero uses some non-interactive cryptography between the sender and the recipient without the recipient needing to do anything, which computes a destination, and that destination has a random value.

"If you look at a block explorer every single Monero transaction appears to go to this random address and even though multiple transactions might go to the same person, you can't tell that they are going to the same person because they all seem to be going to different random addresses. So that sort of already breaks a lot of the linkability."

To further obfuscate traceability, Monero uses ring signatures. This means that instead of coins coming from a previous transaction, they appear to come from that transaction and a number of others. There is no way for an observer to tell which one of those transactions is the real one.

The third component is something called ring CT which stands for ring confidential transactions. Spagni explained: "Ring CT is based on Greg Maxwell's work on confidential transactions, and from a lot of that ground work we created a novel cryptographic signature scheme, which allows us to hide or obscure amounts in Monero.

"So with those three combined you basically can't tell where it comes from, you can't tell where it is going to, and you can't tell how much was paid. We're about as private as you are going to get."

Work being done by Blockstream is aiming to provide breakthroughs in privacy that will attract enterprise customers like banks to blockchain technology. Bringing privacy to so-called private blockchains is an area of intense interest. IBTimes asked Monero if it sees a future over on the real dark side.

Spagni said: "I had an interesting discussion with Barclays oddly enough a couple of years ago about Monero and one of things that they liked about it was the privacy.

"So not for everything but certainly for like bank A needs to move funds to bank B and they don't really want Bank C to know they are doing that. So I think that potentially Monero might find some use for multinational corporations and banks, and sure that could be fantastic because it's again another pro-privacy use case that doesn't involving darknet markets.

"I think building privacy stuff is exceptionally hard. Not only because it requires a strong handle on cryptography, but a lot of it also requires a knowledge of game theory and incentives.

"One of Monero's strongest points is that we don't use new cryptography; the cryptography we are using is stuff from like 2005, 2006 at the newest. And most of the stuff much older so tried and tested and proven cryptography plays a big role.

"I feel a lot of projects coming out have created new-fangled stuff, which is untested and not peer reviewed. Trusting a money system to that is a little bit dangerous."