Monero A privacy preserving electronic cash system

Aimed at privacy-preservation and fungibility, Monero is a Bytecoin code fork providing anonymous value transfer through ring signatures, stealth addresses, confidential transactions, and bulletproofs. Monero offers anonymity by default in contrast to the optional privacy preserving functionalities of its peers. In pursuit of decentralization Monero continually changes its proof-of-work algorithm in order to prevent ASICs from dominating and centralizing the mining process.


Monero traces its origins back to Bytecoin, the first implementation of CryptoNote, which was an application layer protocol aimed at solving various issues with Bitcoin such as traceability, mining centralization, and irregular coin emission. Bytecoin launched in March 2014; however, after a controversial 80% premine, a Bitcointalk forum user known as thankfulfortoday forked the codebase of Bytecoin into the a new project named BitMonero, a compound of Bit (as in Bitcoin) and Monero (meaning "coin" in Esperanto).

The release of BitMonero was poorly received by the community that initially backed it, leading seven community members to fork BitMonero into a new project called Monero. This largely pseudonymous group, led by Fluffypony (Riccardo Spagni), ultimately became the first Monero Core team. Monero launched its project in April 2014 with no premine.

Monero's payment anonymity has garnered significant attention from a panoply of crypto-curious persons. Since its launch Monero has become one of the most widely used darknet currencies in the world due to its anonymity by default features. In 2017 Monero further enhanced its privacy features by incorporating Ring CT signatures, a solution proposed by Bitcoin Core developer Greg Maxwell, that obscures transaction amounts for each entry in the ring signature, in addition to obscuring the transaction address. This provided near complete transaction anonymity in contrast to just sender anonymity as it was previously. In October 2018, Monero implemented bulletproofs, a zero-knowledge proof technology that replaced the previous zero-knowledge range proofs that its confidential transactions relied on. Bulletproofs cut the size of its confidential transactions by at least 80 percent, significantly increasing transaction efficiency.

Monero undergoes scheduled hard forks every six months intended to allow Monero to evolve at a regular cadence, while still leaving users enough time to update before being forked away from the network. These hard forks tend to include everything from patches and bug fixes to hashing algorithm changes and functionality upgrades.

In December 2019, Fluffypony (Riccardo Spagni), Monero's lead maintainer stepped down from the project in an effort to further decentralize the project.


Monero, the protocol, is a distributed, time-stamped ledger of unspent transaction output (UTXO) transfers stored in an append-only chain of dynamic-sized data blocks. A network of mining and economic nodes maintains this blockchain by validating, propagating, and competing to include pending transactions (mempool) in new blocks. Economic nodes (aka "full nodes") receive transactions from other network participants, validate them against network consensus rules and double-spend vectors, and propagate the transactions to other full nodes that also validate and propagate. Valid transactions are sent to the network's mempool waiting for mining nodes to confirm them via inclusion in the next block.

Mining nodes work to empty the mempool usually in a highest-to-lowest fee order by picking transactions to include in the next block and racing against each other to generate a hash less than the target number set by Monero's difficulty adjustment algorithm. Monero uses a Proof-of-Work (PoW) consensus mechanism to establish the chain of blocks with the most accumulated “work” (a.k.a., energy spent on solved hashes) as the valid chain.

Monero runs a proof-of-work algorithm called RandomX, an algorithm using random code execution and memory-hard techniques for ASIC resistance. Monero initiates hard forks every 6 months to implement upgrades to the protocol, often times changing its PoW algorithm to prevent ASICs from joining the network.

Monero's privacy enhancements stem from ring signatures, which mask sender identities and offers single-use keys to make transactions untraceable. Ring signatures merge a group of signers together to better preserve the anonymity of the true signer. The group is comprised of the actual signers single use key initiating the transaction and past transaction outputs from Monero’s blockchain. Including past transaction outputs helps preserve the senders anonymity because they are theoretically indistinguishable to an outside observer as the valid transaction itself.

In January 2017, Monero implemented Ring Confidential Transactions (Ring CTs) in an effort to combat concerns around the true degree of anonymity offered by Monero. Ring signatures only provided privacy for the sender of the transaction, and required outputs to be broken up into separate rings because ring signatures could only contain outputs of the same value. Ring CT signatures aimed to alleviate these concerns by obscuring transaction amounts for each entry in the ring signature, in addition to obscuring the transaction address. With Ring CTs wallets could arbitrarily select ring members from any output size. To prove that certain amounts were spent, Ring CTs used range proofs, a zero knowledge cryptography technique used to prove the amount used in a transaction with revealing the details.

However, the range proofs used in Monero's confidential transactions to ensure the integrity of transactions, were computationally intensive, leading the Monero blockchain to bloat due to the onerous data requirements of each transaction. Thus, in October 2018 Monero implemented bulletproofs, which addressed this scalability issue, cutting the size of its confidential transactions by at least 80 percent and significantly increasing transaction efficiency. Bulletproofs are a non-interactive zero-knowledge proof that does not require a trusted setup. Bulletproofs aggregate information into new data structures that scale logarithmically, rather than linearly, allowing even greater scaling for larger transactions that contain multiple outputs.