Difference between revisions of "CryptoNote"

From Bitcoin Wiki
Jump to: navigation, search
(Altcoins are off-topic, no need to list them)
 
(14 intermediate revisions by 5 users not shown)
Line 1: Line 1:
CryptoNote is an open-source technology that allows creation of completely anonymous cryptocurrencies.
+
CryptoNote is an open-sourced protocol that allows for increased privacy in cryptocurrency transactions.
It proposes concepts and features, which aren't supported by Bitcoin yet.
 
  
 
== Features ==  
 
== Features ==  
  
=== Untraceable payments ===
+
===Difficult to trace and link payments ===
  
Unlike traditional cryptocurrencies that mostly use unambiguous signatures to verify the transfer, CryptoNote utilizes [https://en.wikipedia.org/wiki/Ring_signature ring signature]. Ring signature is a more sophisticated scheme, which in fact may demand several different public keys for verification. In this case the transaction is signed by a group of users. Thus, the verifier may only identify that one of them was a signer, but not who exactly that was. The public key of a user may appear in a large number of ring signatures even if it was already used to sign her own transaction.
+
Unlike traditional cryptocurrencies that mostly use unambiguous signatures to verify the transfer, CryptoNote utilizes [https://en.wikipedia.org/wiki/Ring_signature ring signature]. Ring signature is a more sophisticated scheme that demand several different public keys for verification. In this case the transaction is signed by a group of users. Thus, the verifier may only identify that one of them was a signer, but not who exactly that was. Though this does not offer provable anonymity (like [[Zerocoin]]), the increase in privacy in comparison to Bitcoin is considerable.  
  
=== Unlinkable transactions ===
+
CryptoNote automatically creates multiple unique one-time addresses for each of the payments, which are created from the single public key. Even though the payment is sent to a public address, in the block chain it appears as if it is sent to a one-time address. The sender uses random data and the public address of the receiver to calculate this one-time key of the payment. The redemption of the funds requires the receiver's private key, so only the latter may receive the money sent to the one-time address. Moreover, no third party can discover the link between the one-time key and the receiver's public address.
 
 
CryptoNote automatically creates multiple unique one-time addresses for each of the payments, which are created from the single public key. Even though the payment is sent to a public address, in the block chain it appears as if sent to a one-time address.
 
 
 
The sender uses randam data and the public address of the receiver to calculate this one-time key of the payment. The redemption of the funds requires the receiver's private key, so only the latter may receive the money sent to the one-time address. Moreover, no third party can discover the link between the one-time key and the receiver's public address.
 
  
 
=== Double-spending proof ===
 
=== Double-spending proof ===
  
In spite of being anonymous, CryptoNote's ring signatures restrict the double-spending attempt by linking the transactions with the same private key. The protocol uses the key image, derived from a private key through a one-way function. All the users keep the list of all the used key images, which are checked against a new transaction. In case there is a duplicate key image, the transaction is rejected as a double-spending attempt. However, the identity of the sender would still be unknown, since it is impossible to get the private key from its image.
+
CryptoNote's ring signatures restrict the double-spending attempt by linking the transactions with the same private key. The protocol uses the key image, derived from a private key through a one-way function. All the users keep the list of all the used key images, which are checked against a new transaction. In case there is a duplicate key image, the transaction is rejected as a double-spending attempt. However, the identity of the sender would still be unknown, since it is impossible to get the private key from its image.
  
 
=== Block chain analysis resistance ===  
 
=== Block chain analysis resistance ===  
Line 24: Line 19:
 
=== Adaptive limits ===  
 
=== Adaptive limits ===  
  
There are no hard constants and magic numbers in CryptoNote. Each limit (e.g., max block size, or min fee amount) is re-calculated based on the historical data of the system. Moreover, the difficulty and the max block size are automatically adjusted with each new block.  
+
There are no hard constants and magic numbers in CryptoNote. Each limit (e.g., max block size, or min fee amount) is re-calculated based on the historical data of the system. Moreover, the difficulty and the max block size are automatically adjusted with each new block. The main idea of the algorithm is to sum all the work that nodes have performed during the last 720 blocks and divide it by the time they have spent to accomplish it. The measure of the work is the corresponding difficulty value for each of the blocks.  
The main idea of the algorithm is to sum all the work that nodes have performed during the last 720 blocks and divide it by the time they have spent to accomplish it. The measure of the work is the corresponding difficulty value for each of the blocks.  
 
  
 
=== Smooth emission ===
 
=== Smooth emission ===
Line 33: Line 27:
 
  BaseReward = (MSupply - A) >> 18
 
  BaseReward = (MSupply - A) >> 18
 
  MSupply = 2^64 - 1 (atomic units)
 
  MSupply = 2^64 - 1 (atomic units)
 +
 +
CryptoNote forks DarkNote and MonetaVerde implement alternative emission logic: in DarkNote emission halves each month and in MonetaVerde block reward increases with difficulty.
  
 
=== Egalitarian proof of work ===
 
=== Egalitarian proof of work ===
Line 45: Line 41:
  
 
The first version of CN – CryptoNote v.1 (December 12 2012) was published in Tor http://ol346fucnsjru223.onion/whitepaper.pdf  
 
The first version of CN – CryptoNote v.1 (December 12 2012) was published in Tor http://ol346fucnsjru223.onion/whitepaper.pdf  
In this paper Bytecoin was mentioned as the first CryptoNote currency.
 
 
Little is known about CryptoNote's origins. The official website uses supposedly fake names for the team members, while the white paper's author is Nicolas van Saberhagen, which is also likely to be a pseudonym. The white paper "CryptoNote v 2.0" is dated back to October 2013<ref>https://cryptonote.org/whitepaper.pdf</ref>.
 
  
The developers have mentioned at CryptoNote's official forum that the team actually consists of cryptographers, developers, and economists, but their identities have to be concealed currently<ref>https://forum.cryptonote.org/viewtopic.php?f=3&t=21#p61</ref>. It was also mentioned that the team developing CryptoNote had experience a schism and went separate ways<ref>https://forum.cryptonote.org/viewtopic.php?f=3&t=21#p73</ref>.
+
Little is known about CryptoNote's origins. The official website uses supposedly fake names for the team members, while the white paper's author is Nicolas van Saberhagen, which is also likely to be a pseudonym. The white paper "CryptoNote v 2.0" is dated back to October 2013.<ref>https://cryptonote.org/whitepaper.pdf</ref> There are claims that this date isn't correct: bitcointalk.org user rethink-your-strategy discovered copies of CryptoNote whitepapers with XPM properties set to 2014 on cryptonote.org site<ref>https://bitcointalk.org/index.php?topic=740112.0</ref> while nearly same documents with 2013 and 2012 years in XPM properties were available on bytecoin.org site.<ref>https://bitcointalk.org/index.php?topic=740112.msg8409063#msg8409063</ref>
  
CryptoNote's website mentions "2011—2014" in the footer.
+
It was also mentioned that the team developing CryptoNote had experienced a schism and went separate ways.
  
 
== Philosophy ==
 
== Philosophy ==
Line 57: Line 50:
 
CryptoNote philosophy has several key points: privacy as a fundamental human right; government's influence and control remission as an aim.  
 
CryptoNote philosophy has several key points: privacy as a fundamental human right; government's influence and control remission as an aim.  
 
The economy should be separated from politics, communities should set new transparent principles, and impartial cryptographic algorithms should control its implementation.
 
The economy should be separated from politics, communities should set new transparent principles, and impartial cryptographic algorithms should control its implementation.
 
== CryptoNote based coins ==
 
* Bytecoin (BCN)
 
Bytecoin is the first CryptoNote-based currency, with release dating as early as July 2012. It possess one of the largest ecosystems.
 
* duckNote (duck)
 
duckNote is a new experimental currency (a fork of Bytecoin).
 
* Fantomcoin (FCN)
 
Fantomcoin is the first CryptoNote currency to support merged mining of different CryptoNote-based coins.
 
As a result, the cryptographic security of the coins is increased.
 
* Monero (XMR)
 
It has been launched as a fork of Bytecoin in April 2014.
 
XMR has the fastest block generation speed of 1 minute.
 
* Quazarcoin (QCN)
 
It has a flatter emission curve and a clear launch for the wider community.
 
* Boolberry (BBR)
 
BBR utilizes blockchain-based Wild Keccak hash function instead of CryptoNight.
 
  
 
== See also ==
 
== See also ==
Line 85: Line 62:
 
* [https://cryptonote.org/whitepaper.pdf White paper]
 
* [https://cryptonote.org/whitepaper.pdf White paper]
 
* [https://cryptonote.org/coins.php CryptoNote Currencies]
 
* [https://cryptonote.org/coins.php CryptoNote Currencies]
 
  
 
== References ==
 
== References ==

Latest revision as of 21:37, 24 December 2014

CryptoNote is an open-sourced protocol that allows for increased privacy in cryptocurrency transactions.

Features

Difficult to trace and link payments

Unlike traditional cryptocurrencies that mostly use unambiguous signatures to verify the transfer, CryptoNote utilizes ring signature. Ring signature is a more sophisticated scheme that demand several different public keys for verification. In this case the transaction is signed by a group of users. Thus, the verifier may only identify that one of them was a signer, but not who exactly that was. Though this does not offer provable anonymity (like Zerocoin), the increase in privacy in comparison to Bitcoin is considerable.

CryptoNote automatically creates multiple unique one-time addresses for each of the payments, which are created from the single public key. Even though the payment is sent to a public address, in the block chain it appears as if it is sent to a one-time address. The sender uses random data and the public address of the receiver to calculate this one-time key of the payment. The redemption of the funds requires the receiver's private key, so only the latter may receive the money sent to the one-time address. Moreover, no third party can discover the link between the one-time key and the receiver's public address.

Double-spending proof

CryptoNote's ring signatures restrict the double-spending attempt by linking the transactions with the same private key. The protocol uses the key image, derived from a private key through a one-way function. All the users keep the list of all the used key images, which are checked against a new transaction. In case there is a duplicate key image, the transaction is rejected as a double-spending attempt. However, the identity of the sender would still be unknown, since it is impossible to get the private key from its image.

Block chain analysis resistance

CryptoNote creates an obstacle for an analyst by using ring signatures and one-time addresses covered above. Every address of the payment is a unique one-time key, which is created from both the sender's and the receiver's data, and the usage of ring signature hides the exact outputs that have been spent for the input. Therefore, each next transaction increases the number of possible senders and hides the actual connection even more.

Adaptive limits

There are no hard constants and magic numbers in CryptoNote. Each limit (e.g., max block size, or min fee amount) is re-calculated based on the historical data of the system. Moreover, the difficulty and the max block size are automatically adjusted with each new block. The main idea of the algorithm is to sum all the work that nodes have performed during the last 720 blocks and divide it by the time they have spent to accomplish it. The measure of the work is the corresponding difficulty value for each of the blocks.

Smooth emission

The coins are emitted smoothly, as the reward changes with each new block. This allows a predictable steady growth of money supply determined by the formula[1]:

BaseReward = (MSupply - A) >> 18
MSupply = 2^64 - 1 (atomic units)

CryptoNote forks DarkNote and MonetaVerde implement alternative emission logic: in DarkNote emission halves each month and in MonetaVerde block reward increases with difficulty.

Egalitarian proof of work

CryptoNote uses CryptoNight hashing algorithm as its proof-of-work. The proof of work mechanism is actually a voting system. Users vote for the right order of the transactions, for enabling new features in the protocol and for the honest money supply distribution.

Origins

The first version of CN – CryptoNote v.1 (December 12 2012) was published in Tor http://ol346fucnsjru223.onion/whitepaper.pdf

Little is known about CryptoNote's origins. The official website uses supposedly fake names for the team members, while the white paper's author is Nicolas van Saberhagen, which is also likely to be a pseudonym. The white paper "CryptoNote v 2.0" is dated back to October 2013.[2] There are claims that this date isn't correct: bitcointalk.org user rethink-your-strategy discovered copies of CryptoNote whitepapers with XPM properties set to 2014 on cryptonote.org site[3] while nearly same documents with 2013 and 2012 years in XPM properties were available on bytecoin.org site.[4]

It was also mentioned that the team developing CryptoNote had experienced a schism and went separate ways.

Philosophy

CryptoNote philosophy has several key points: privacy as a fundamental human right; government's influence and control remission as an aim. The economy should be separated from politics, communities should set new transparent principles, and impartial cryptographic algorithms should control its implementation.

See also

External links

References