Weapon’s Grade Privacy
A recent hard fork in the privacy network Monero has seen the implementation of its Bulletproof Update. The update has generated a lot of interest in the Monero community, as it provides a clear improvement in the scalability of the network. We will unpack the technical portion of the update, and evaluate what it means for the currency going forward.
Until the Bulletproof update, Monero has been attempting to improve its network performance whilst maintaining its sophisticated privacy solution known as The RingCT system. Traditional blockchain networks ask for just a single signer on each transaction, meaning any transaction can be traced back to the sender simply by looking at the signature. Monero instead uses a ‘ring’ of ’n’ signatures (the decoys are called ‘mixins’) to hide the actual signer, with the level of privacy of the transaction increasing in ’n’. These ’n’ signatures consist of a random combination from signers in previous Monero transactions, along with the signature of the actual signer of the transaction. By having other ‘decoy’ signers on each transaction, the actual signer is given plausible deniability that they were the active signer in a transaction. Users are given the option to increase the amount of decoy signatures with their transactions, with fees and processing time taking longer for higher levels of privacy.
Additional to the Ring system, Monero also hides both the amount sent and the receiving address. Amounts are obfuscated via the use of a an encoding process involving a Pederson Commitment. Basically, a number of decoy value inputs are aggregated with the actual transaction value in order mask the amount transacted. Part of the aggregation is the creation of something called a ‘range-proof’, a mechanism which proves the transaction amount falls within a valid range (amount > 0 and < the balance of the transactor). Receiving addresses are hidden via the use of a “Stealth Addresses” mechanism, whereby a random number generator is used in combination with the receivers private key in order to generate a single-use address for this transaction.
The bulletproof update addresses a major performance constraint on the current system, mainly via the reduction in data size of the amount range proofs. The main change contained in the update was the introduction of a new Zero Knowledge Proof (ZKP) mechanism. Without getting too technical, a ZKP allows one party to prove that some process or action has been completed without providing any actual knowledge of the process/action. In this context, the specific application of a non-interactive ZKP allows an improvement in the performance over the previous method for parsing Monero range proofs.
The net effect of this new ZKP system is making amount range proofs scale in size logarithmically rather than linearly. In simple terms, Monero range proofs will decrease considerably in size because each individual proof involved in the aggregate proof takes up less data space. As transaction size decreases, as do the associated fees for mining those transactions to the blockchain. Since the release of the Bulletproof update, the average transaction size has decreased from 18kb to 3kb, whilst transaction fees have gone from an average of 54 cents to 2.1 cents — see the diagram below:
Additional to optimising the range proofs, the Bulletproof update also includes a significant enough changes to its PoW mechanisms to target and disincentivise the development of ASICs (Application-specific integrated circuit) for Monero mining. In simple terms, ASICs are developed in order to solve very specific algorithmic computations. By continuously changing the algorithm the ASIC chips are designed to mine, ASICs are quickly rendered obsolete — such that the costly investment required to develop them becomes inefficient. Monero’s goal of having an ASIC resistant PoW algorithm is grounded in its desire to avoid the centralisation of mining seen in other major PoW coins, such as the prevalence of China’s Bitmain in mining Bitcoin. The implications of mining centralisation in a privacy network like Monero obviously are more significant than those in a payment or transaction network like Bitcoin, as the added layer of sensitivity around transaction information creates further issues.
For Monero, the performance aspect of the Bulletproof update is the major relevant part for its future success. The ability to process transactions cheaply and at scale in a secure and sensitive manner is not something its competitors are currently capable of. More generally, the Bulletproof update is yet another example of a network developing a sophisticated scaling solution, signalling optimism for the many other projects facing similar issues.
Monero is an asset worth following. The development team is highly capable and they have a real desire to maintain a decentralised approach, hence their opposition to ASIC mining. Nobody really knows how important a decentralised focus will be over time but Monero’s dedication to this goal is backed up by the actions of the development team, they have carved out a real niche and it’s one to watch.