MONERO Announcement Bitcointalk

in MONERO 07.05.2017 14:50
von Twerdy • 59 Beiträge | 581 Punkte

››› Windows 64-bitOS X LinuxFreeBSDSource code ‹‹‹

We are moving away from Bitcointalk. For latest information, check out News, announcements and editorials on the official forum

Website: getmonero.org
Official Forum: forum.getmonero.org

Monero EconomyMonero Support* • Monero MiningMonero Speculation* • Monero Dev* • Monero large OTC
* self-moderated

#monero • #monero-dev • #monero-otc • #monero-markets • #monero-pools • QQ Group: 272729907

Monero (XMR) is a privacy-focused cryptocurrency that is not based on Bitcoin's code.

Monero aims to be a fungible and untraceable digital medium of exchange. It intrinsically has a higher degree of privacy than Bitcoin or any of its various forks. It was launched on April 18, 2014 (preannounced and no premine/ICO/etc.).

The official core team members are (in no particular order) - Riccardo "fluffypony" Spagni, luigi1111, NoodleDoodle, smooth, tacotime, Franciso "ArticMine" Cabañas, othe

Please visit News, announcements and editorials on the Monero Forum for the latest news.
Visit our StackExchange site, where yo]u can ask, answer, and view technical questions!


Untraceable payments
Unlinkable transactions
Blockchain analysis resistance
Adaptive parameters

Academic and Theory

Monero's functionality is backed up by academic research and cryptographically proven schemes. Much of this research is done by the Monero Research Lab. Since Monero was initially based on the CryptoNote protocol, the CryptoNote whitepaper is also an invaluable reference for validating Monero's unlinkability and untraceability claims.

The CryptoNote Whitepaper
Initial Review of the CryptoNote Whitepaper
MRL-0001: A Note on Chain Reactions in Traceability in CryptoNote 2.0
MRL-0002: Counterfeiting via Merkle Tree Exploits within Virtual Currencies Employing the CryptoNote Protocol
MRL-0003: Monero is Not That Mysterious
MRL-0004: Improving Obfuscation in the CryptoNote Protocol
MRL-0005: Ring Signature Confidential Transactions


PoW algorithm: CryptoNight [1]
Max supply: Infinite (see note below) [2]
Block reward: Smoothly varying [3]
Block time: 120 seconds
Difficulty: Retargets at every block

[1] CPU + GPU mining (about 1:1 performance for now). Memory-bound by design using AES encryption and several SHA-3 candidates.
[2] Initial number of atomic units is M = 264 - 1. However, once the block reward reaches 0.3 XMR per minute (sometime in 2022) that is treated as the minimum subsidy, which means that Monero's total emission will forever increase by ~157680 XMR annually.
[3] Uses a recurrence relation. Block reward = (M - A) * 2-20 * 10-12, where A = current circulation. Roughly 86% mined in 4 years (see graph).

Official downloads and links

Getting Started - Follow the guide to set up the software and start mining.

Official forum

Source and binaries
Also see below for optional GUI.

Latest release: Wolfram Warptangent

Source code
Windows, 64-bit (downloads.getmonero.org/win64) - SHA256: 727a53dd154b61fd653f81da27788077fdf519301c81d3c1eb033c1ff2bf97c6
Windows, 32-bit (downloads.getmonero.org/win32) - SHA256: ce77137b33bcaeb59273cb73b86e426e35e6209fb52a7e74fd9432a5a3018041
OS X, 64-bit (downloads.getmonero.org/mac64) - SHA256: 447cebae257864b3706a8622f495bfd9fae780a6b277e1e31ac83bef7bc855c6
Linux, 64-bit (downloads.getmonero.org/linux64) - SHA256: bf09eea27c957e7e2bdd62dac250888b301d4d25abe18d4a5b930fa7477708c7
Linux, 32-bit (downloads.getmonero.org/linux32) - SHA256: 9a18d274970df85d6bc926dc99407959c680c36f19017996be9c758f6c02cf06
ARMv7 (downloads.getmonero.org/arm) - SHA256: 57221605997a3cd815f2a9689486abbdb124263fff047ca61068900eb7cb1839
FreeBSD 64-bit (downloads.getmonero.org/freebsd64) - SHA256: 3858d4786b65a37e981b142e9c0f256ac66662314794d05f595c4c30cb5b6ddb

Donations for general development

address (OpenAlias) donate.getmonero.org
address (full) 44AFFq5kSiGBoZ4NMDwYtN18obc8AemS33DBLWs3H7otXft3XjrpDtQGv7SqSsaBYBb98uNbr2VBBEt7f2wfn3RVGQBEP3A
viewkey: f359631075708155cc3d92a32b75a7d02a5dcf27756707b47a2b31b21c389501


Monero Community Hall of Fame

Alternative Clients

Please visit: How to choose a Monero client

CPU, open source - Wolf`'s CPU miner.
CPU, closed source - yvg1900 - Yam M8a Miner New version - use at your own risk.
GPU, open source - Tsiv Nvidia GPU Miner (based on ccminer) Early in development - Thanks Tsiv!
GPU, closed source - Claymore AMD GPU miner - Early in development - use at your own risk.

Blockchain explorer


Exchanges, Services, and Related Projects

Please visit Merchants and services directory


For an up-to-date list of pools, go to [url]http://moneropools.com

For a longer FAQ, check Community FAQ

What is CryptoNote?
CryptoNote is the technology that allows creation of privacy-centric cryptocurrencies. You can visit their website here. The level of anonymity provided by CryptoNote isn't possible with Bitcoin code base by design. Bytecoin (BCN) was the CryptoNote reference implementation, and XMR is based on BCN's code.

Two of the main features of CryptoNote are ring signatures that mask sender identities by mixing and one-time keys that make transactions unlinkable. Their combined effect gives a high degree of anonymity without any extra effort on the part of the user.

Unlike Bitcoin, your funds are not held in the address you give out to others. Instead, every time you receive a payment it goes to an unlinkable address generated with random numbers. When you decide to spend the funds in that one-time address, the amount will be broken down and the components will be indistinguishable from identical outputs in the blockchain.

For example if 556.44 XMR are sent, the protocol will break it down into 500 + 50 + 6 + 0.4 + 0.04 and a ring signature will be performed with other 500's, 50's, 6's, 0.4's, and 0.04's in the blockchain. Unlike the "CoinJoin" mixing method, CryptoNote mixes outputs not transactions. This means no other senders need to be participating with you at the same time or with the same amounts. Any arbitrary amount sent at any time can always be rendered fundamentally indistinguishable (a mathematical proof is given in the white paper).

The degree of anonymity is also a choice rather than decided by the protocol: do you want to be hidden as one among five or one among fifty? The size of the signature grows linearly as O(n+1) with the ambiguity so greater anonymity is paid for with higher fees to miners.

Ring signatures are explained below. Reproduced from CryptoNote:

A normal signature looks like this. There's only one participant, which allows one-to-one mapping.

A ring signature obscures identities because it only proves that a signer belongs to a group.

This allows a high level of anonymity in cryptocurrency transactions. You can think of it as decentralized and trustless mixing.

How does this compare to other anonymous solutions?
Ring signatures originate from the work of Rivest et al. in 2001 and the implementation in CryptoNote relies in particular on Fujisaki and Suzuki's work on traceable ring signatures. There are two other anonymity implementations currently available or in development. One is ZeroCoin/ZeroCash's use of zero-knowledge proofs. The others are based on gmaxwell's CoinJoin idea (such as mixing services for Bitcoin or the altcoin Darkcoin).

1. Comparison with ZeroCoin and ZKP-based approaches:
You can read about ZeroCoin and zero-knowledge proofs (ZKP) here. The ZK environment allows an anonymity set that includes everyone in the network because the validity of an output can be proven without knowing the corresponding public key until it is spent. The largest risk is that this is recent research-level cryptography that hasn't been subjected to years of cryptanalysis, so exploits may emerge down the road. Ring signatures are much simpler and more mature, with many peer-reviewed papers published over more than a decade.

Other issues with ZKP include the RSA private key used to initiate the accumulator, which must be trusted to be destroyed by the generating party. It also obscures the entire economy, not just sender/receiver identities. If the ZK system is compromised, then an attacker can continuously spend coins that don't exist using false proofs. This damage is hidden from everybody due to total blinding and consequently at any given time it's not possible to know if the network has already been compromised. There is a tradeoff between these inherent risks and the maximal anonymity set provided by ZKP. CryptoNote aims for a different balance through the dual layers of privacy provided by one-time keys and ring signatures.

2. Comparison with CoinJoin-based approaches:
XMR is more qualitatively similar to mixing implementations like CoinJoin. The differences arise in the departure from the Bitcoin protocol, which allows XMR to use new cryptography to provide decentralized and trustless mixing of superior quality. The critical problem with mixing services is the need to trust the operators. As an example, blockchain.info's mixer gives the following disclaimer: "However if the server was compromised or under subpoena it could be force to keep logs. If this were to happen although you haven't gained any privacy you haven't lost any either."

The CoinJoin-inspired Darkcoin performs mixing with selected "masternodes" since it still uses ordinary signatures that can be mapped one-to-one. The motivation is that a randomly selected node is less likely than a single service to exhibit bad faith (such as keeping logs) . In practice, a few VPS companies host the vast majority of nodes and this approach relies on the integrity and good behavior of these nodes. XMR's more fundamental cryptographic approach doesn't have these vulnerabilities and the quality of anonymity is much higher.

XMR's ring signatures are also far more secure and convenient than CoinJoin because they mix outputs not transactions. This means a transaction doesn't involve waiting around for other senders to mix with. Nor is a user restricted to mixing only if others are sending the same amount. Arbitrary amounts can be sent at any time without anyone else's participation. This feature makes a timing analysis of the blockchain useless.

Overview of a transaction
Bob decides to spend an output, which was sent to the one-time public key. He needs Extra (1), TxOutNumber (2), and his Account private key (3) to recover his one-time private key (4).

When sending a transaction to Carol, Bob generates its Extra value by random (5). He uses Extra (6), TxOutNumber (7) and Carol's Account public key (8) to get her Output public key (9).

In the input Bob hides the link to his output among the foreign keys (10). To prevent double-spending he also packs the Key image, derived from his One-time private key (11).

Finally, Bob signs the transaction, using his One-time private key (12), all the public keys (13) and Key Image (14). He appends the resulting Ring Signature to the end of the transaction (15).


中文 (QQ Group: 272729907)





Make the world a better place with decentralized blockchain!

Besuchen Sie uns:

und auf Facebook:
FB-Gruppe - Alles über Kryptowährungen und Blockchain - Crypto Coach

Falls dir meine Tipps weiterhelfen konnten, kannst du mir gerne eine Donation schicken an folgende BTC-Adresse:

zuletzt bearbeitet 07.05.2017 15:46 | nach oben springen

0 Mitglieder und 4 Gäste sind Online

Wir begrüßen unser neuestes Mitglied: YouSeen
Forum Statistiken
Das Forum hat 2841 Themen und 3036 Beiträge.

Xobor Forum Software von Xobor.de
Einfach ein Forum erstellen