How Monero Made Transactions 97% Cheaper (and Maintained Privacy)

A huge upgrade to Monero, the 10th largest cryptocurrency network, just made transactions 97% cheaper while maintaining its privacy features. Monero, which is best-known for its anonymous transfers, now uses technology called “Bullet Proofs” to scale up. Armin Davis explains further.

Another six months have gone by, and as such, Monero has performed its bi-yearly network upgrade hard fork. Specifically, the hard fork took place on the 18th of October, at block height 1685555. 

Of the numerous changes made over this upgrade, a few stand out:

  • “Bullet Proofs” greatly reduce transaction size (and therefore transaction fees)
  • Monero’s upgrade further discourages specialist mining tools like ASICs.
  • To maintain privacy, the ring size for all transactions on the Monero network has been fixed to 11.
Monero infographic
Credit: Reddit u/cryptoKL

Explaining Monero’s New “Bullet Proofs”

Prior to this upgrade, Monero used a version of what is called a “range proof”, or zero-knowledge proof”. 

A zero-knowledge proof means that something can be proven true without knowing the actual data. For example, I can prove that it is less than 0°c outside without knowing the actual temperature data. All that I need to do is place some water outside and see if it freezes.

For Monero, range proofs allow outside observers, like other Monero nodes, to confirm that a transaction took place using cryptocurrency that already existed. Rather than currency created out of thin air, or currency already spent elsewhere.

The Downside of the Previous Monero System

The downside of these range proofs is that they are large, each transaction takes up somewhere around 13 kilobytes, which is significantly larger than Bitcoin’s ~ 300-byte transactions. 

With large transactions comes large fees, as the fee you pay is (mostly) based on the size of your transaction in the block. And, while not an issue for Monero, larger transactions can cause network congestion on blockchains with small, fixed size blocks.

bullet proofs

Enter Bullet Proofs: A great improvement on the previous range proofs, reducing transaction size by as much as 80% while maintaining the same level of privacy and ensuring that no foul play occurs. 

As discussed above, the size of your transaction is what determines your fee (mostly). By reducing the transaction size, transaction fees are also greatly reduced (as much as 97%)

A Two-Stage Monero Upgrade

The upgrade to Bullet Proof based transactions will happen in two stages. Starting at height 1685555, the Monero network will be upgraded to v8. On v8, transactions using both the old range proof and the new Bullet Proof system will be accepted on the network. 

Shortly after, at height 1686275, a second hard fork will occur that upgrades Monero to v9. This will cause the Monero network to reject any non-Bullet-Proof based transactions and implements a number of patches to Bullet Proofs.

Crucial Monero Audit Halts Threat of 51% Attack

On the 22nd of October, an embargo was lifted on some major bugs found during an audit of the code around Bullet Proofs. 

Of the few bugs found, the most major involves a method to perform a 51% attack on the Monero network. Due to the magnitude of this bug, information around it was embargoed until a patch was live. As is standard practice for most major bugs. 

The flaw was discovered by OSTIF (The Open Source Technology Improvement Fund) during its audit of Monero’s Bullet Proofs.

A 51% attack involves gaining the lion’s share of mining power on a given blockchain. Once you have the most mining power, you can begin to rewrite history, and otherwise change the blockchain. This is because most blockchain nodes follow the longest chain. If you have the lion’s share of mining power, you control the longest chain.

51% attack explained

There are various methods one can use to gain 51% mining power on a given network. In Monero’s case, a vulnerability was discovered that would allow malicious actors to crash other nodes remotely.

By crashing nodes other than yours, you can begin to chip away at the mining power that is not yours. Once you have removed enough rival mining power, you gain two things; most of the mining profits on the blockchain, and the ability to perform a 51% attack.

Monero Continues to Deter Mining Hardware (ASICs)

Monero developers purposely try to deter giant mining companies (like Bitmain) from monopolizing, and therefore centralizing, the network.

Earlier this year, specifically just before the previous hard fork, Monero’s network “difficulty” (a measure of how difficult it is to mine a block) began to rise uncharacteristically quickly.

It was discovered that the cause of this was that Bitmain had developed a working mining device (ASIC) for the CryptoNight algorithm – the backbone of Monero’s network. 

At the time, a small change to the algorithm was made as a hotfix to make the ASICs unusable on Monero. Said change was referred to as CryptoNight v7.

Monero blocks ASIC miners

Fast forward to this month, and the Beryllium Bullet network upgrade, Monero’s algorithm has once again been changed. Now called CryptoNight v8, it is intended to make producing an ASIC for Monero even more difficult.

How Does CryptoNight Prevent ASIC Miners?

CryptoNight v8 continues the work done by v7, in that it further increases the amount of memory bandwidth used by the algorithm. Specifically, the increase is by a factor of four. 

Unfortunately along with this comes with a slight performance hit to regular CPUs of around 5-20%. The Monero developers and community feel that the performance drop is worth the gained protection from ASICs. And the performance may be gained back through optimizations of mining software.

This change works on the basis that it is prohibitively expensive to add large amounts of fast and high-speed memory to ASICs. A regular desktop CPU usually has somewhere between 4-64MB of cache, of which 2MB will be used per CryptoNight mining thread. 

So for an ASIC looking to run a large number of threads, a large amount of high-speed, cache-like memory will be required. And further still, v8 now requires a 64-byte wide memory access. Which, for a desktop CPU is easy as it should already have the required hardware.

Keeping Monero Private With Fixed Ring Size

Beryllium Bullet changes two things about how Monero users can structure their transactions.

Fixed Ring Size: First off, Monero users can no longer select the ring size of their transactions. Ring size is the number of decoy transactions added to every Monero transaction in order to hide which transfer is the real one in the transaction.

monero-ring-signature
Credit: BitcoinKeskus

This change, while controversial, is intended to help keep all users on the network private. Specifically, keeping transactions private while also keeping some transaction sizes down.

Ring Size Increased to 11: Secondly, the minimum (and now fixed) ring size has been set to 11. This is greater than the previous minimum of 5.

The rationale behind locking the ring size to 11 is that by making all transactions look exactly the same, it’s harder still to trace a given transaction across the network. You want to look the same as everyone else, rather than making a transaction with a massive ring size, which will stand out. While it is true that a larger ring size makes the transaction more private, it also makes the transaction as a whole a lot easier to spot.

Conclusion

Together, these upgrades combine to make Monero transactions 97% cheaper, while deterring mining centralization and maintaining its core privacy features. The upgrades make Monero truly bulletproof.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Armin Davis

Armin is a cryptocurrency mining and computer security enthusiast. Writing is fun too.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.