MimbleWimble is a privacy-oriented blockchain protocol with mysterious origins. Much like other top privacy cryptocurrencies, MimbleWimble attempts to make transactions completely opaque, while still allowing for external verification. 

Additionally, MimbleWimble looks to keep its blockchain’s size on disk as small as possible while maintaining quick verification for all clients.

So far, two privacy cryptocurrencies have launched on top of MimbleWimble technology: Grin and BEAM. 

What is MimbleWimble?

The original MimbleWimble whitepaper was released on July 19, 2016, by an anonymous person that signed the whitepaper as “Tom Elvis Jedusor.”

Just a few months after the release of the original whitepaper, another anonymous person stated that they were working on an implementation of MimbleWimble, which would be known as Grin.

The name “MimbleWimble” and the signing name on the whitepaper are both references to JK Rowling’s Harry Potter novels. Where MimbleWimble is a spell that stops its target from being able to speak coherently. And the name  “Tom Elvis Jedusor” is an anagram for “Je suis Voldemort”, the name chosen by the antagonist in the French version of the novels.

MimbleWimble Goals

MimbleWimble has three goals that are outlined in its whitepaper:

Privacy

MimbleWimble is first and foremost a privacy blockchain protocol. Its designer had a very good understanding of the privacy technologies it is built upon. And using that understanding, MimbleWimble’s designer created a new and more secure strategy that increases transaction privacy to a whole new level. We’ll go into the technical details of this below.

Small Blockchain

Blockchain size on disk is a major issue for those looking to run full nodes for any cryptocurrency. Put simply, blockchains grow. This growth makes maintaining a large number of nodes more problematic over time.

MimbleWimble’s designer saw blockchain size as a major issue and pushed to make MimbleWimble blockchains as small as possible. The whitepaper states that the technique used could reduce the size of Bitcoin blockchains from a size of 80GB to a size of 30GB. An impressive change, especially given that MimbleWimble maintains user privacy through this size reduction.

Quick to Verify

The last goal MimbleWimble aims for is verification speed. Having a tiny blockchain is only good if the processing power required to verify it is equally tiny.

Cryptocurrency Grin launches on MimbleWimble technology

Cryptocurrency BEAM launches on MimbleWimble technology

How does MimbleWimble’s technology work?

MimbleWimble uses its own transaction and block schemes. They work together to hide transaction data as much as possible while still allowing verification to occur.

Put simply, both use zero-knowledge proofs, with blocks building on the math used in the transaction to further hide the information.

No Addresses

MimbleWimble has no concept of a blockchain address. Rather than tying all outputs to an address, outputs have no data regarding where they came from, and are spent via a private key.

This does mean that the wallets of the involved parties wallets have to talk to each other when making a transaction. But the method of communication and time taken is up to the user. One could, for example, negotiate a transaction using encrypted email.

Opaque Transactions

MimbleWimble’s transactions use zero-knowledge proofs (specifically a mixture of Confidential Transactions and CoinJoin) for security. Outside verifiers can independently prove that no cryptocurrency was created or destroyed over the transaction. This is somewhat similar to how Monero secures its transactions, but with added protection from CoinJoin and the total lack of addresses.

Putting together a MimbleWimble transaction requires communication between both parties as discussed above. The following steps are what happens during that communication:

1. The parties agree on the amount to be transferred.

2. The sender picks the inputs they want to use to create the amount to be transferred and adds together all the blinding factors for that transaction.

3. The sender sends the transaction data to the receiver. The receiver then picks the blinding factors for the outputs of the transactions, adds them together, and sends them back to the sender along with any additional required information.

Once the above steps are complete, the transaction can be sent to the network and confirmed.

In the above steps, I mention a blinding factor. The blinding factor makes up part of the zero-knowledge proof system used in Confidential Transactions. It is the ‘missing part’ or the private key for each input – if you know the blinding factor for a given output, you can spend it. By adding together all the blinding factors for every input in the transaction, you can prove you own all the inputs used in the transaction, but not share the private keys.

Reduced blockchain size and increased verification speed

MimbleWimble blocks are different from the blocks employed in other blockchains. Only unspent outputs and new currency generation are saved. The idea being that you don’t need to know about every transaction ever to verify a blockchain. All you need to know is where all the currency is now, and where it all came from.

Storing just that data increases fungibility, user privacy, and verification speed. Much like above, anyone looking to verify the blockchain simply needs to verify that the sum of the inputs subtracted from the sum of the outputs equal zero.

The downside of MimbleWimble

Unfortunately, with the security that MimbleWimble provides, you lose some of the tech Bitcoin has.

For example, in order for all transactions to be consolidated in blocks, they have to be very similar. And due to the requirement for said similarity, MimbleWimble does not have any sort of script system.

Otherwise, due to the consolidation of transactions, MimbleWimble has no transaction history. Meaning that an external auditor or similar would be unable to monitor transactions directly.

Conclusion

MimbleWimble is a fantastic step forward in privacy crypto. If the upcoming launch of its first implementation GRIN goes well, and no issues are found in the algorithm, MimbleWimble will be a serious competitor in the privacy coin market. My only concern is whether or not the inability for even the owners of the currency to audit where it came from using the blockchain itself will deter large scale users.

Sources and further reading:

Learned something new? Subscribe to the Block Explorer newsletter to get exclusive crypto insights before they appear on the site.

fortnite accepts cryptocurrency monero

Gamers can now buy Fortnite merchandise using cryptocurrency. The catch? It’s not bitcoin. The Fortnite store will exclusively accept Monero – a cryptocurrency best known for its privacy features. 

Fortnite is the biggest game on the planet with 200 million players. Its official merchandise store, Retail Row, launched on the 19th December and is named after an area on the Fortnite map. Gamers can buy t-shirts, hoodies, and onesies.

To facilitate the monero payments, Fortnite has partnered with GloBee, a cryptocurrency payment provider. GloBee allows settlements in bitcoin, monero or US dollars. 

Asked why Fortnite accepts monero but not bitcoin, Monero lead developer Riccardo Spagni suggested it was because of bitcoin’s lack of privacy.

Spagni went on to explain that Fortnite wants to offer a private alternative to traditional payment options. “They want to give users an alternative that is privacy preserving. They have no desire to provide an alternative that is the most tamper resistent, because that is not a concern.” [sic]

Fortnite is reportedly considering accepting bitcoin via the lightning network which offers slightly better privacy to bitcoin’s existing infrastructure.

For now, monero is the exclusive cryptocurrency payment option for Fortnite gamers.

Further reading: How Monero Made Transactions 97% Faster (And Maintained Privacy)

Monero cryptocurrency best privacy coin

Privacy is a topic that doesn’t come up as often as it should in the cryptocurrency world, which is funny, considering their cryptographic background. 

Cryptocurrencies like bitcoin have a reputation for anonymity, but they are not as private as you think. Most don’t offer any explicit or built-in privacy features. 

Take Bitcoin, for example. Every transaction is recorded in an open and public place – the blockchain. Due to this, a malicious actor can see every transaction ever made with a simple search. They can see every public address and potentially link it to a person’s true identity.

Your transactions can be traced in much the same way a bank can trace your transactions as they move through its system.

What Features Should a Privacy Cryptocurrency Have?

Now that we know why privacy is a good idea, let’s put together a wishlist of what we’d want in the perfect privacy cryptocurrency.

a. Opaque Transactions

Opaque transactions are those that do not show the sender’s address, the receiver’s address or the amount transferred. 

The rationale behind wanting opaque transactions is very simple, why should everyone be able to know who you are transacting with?

If a malicious actor knows who you are transacting with, they may be able to use that information to pressure you. Or, a malicious actor can figure out which addresses are worth attacking by looking at the amount being transferred in and out.

b. Provable Transactions

Opaque transactions are wonderful but sometimes you need to be able to prove to someone that the transaction was sent. For example, to prove that a donation took place, prove that you actually paid a vendor for goods or to prove a transfer to an escrow took place.

c. Default On Privacy

Having private transactions is great, but the next problem is getting people to use them. 

Only one privacy coin is automatically private right now. All others offer an option between a standard transfer and a private transfer.

If your privacy system requires extra steps to use, most users will end up taking the easier, less-private approach. 

Having some transactions be private and others not private simply draws attention to the ones made private. All transactions being the same makes the attacker’s job a lot harder, as there’s nothing drawing attention to itself.

default on privacy

d. Trustless

“Trustless” means not having a third-party store data or make the transaction. The current banking system, for example, is not trustless, because you must trust the bank to verify your funds and make the transaction on your behalf.

It’s a pretty standard request for any cryptocurrency, but more so for privacy cryptocurrencies due to the fact that any hole in the armor makes the entire cryptocurrency weakened at best. 

Any privacy cryptocurrency that requires a trusted setup should be considered very carefully.

e. Obfuscated IPs

One issue that doesn’t come up as often as it should, even some of the most private cryptocurrencies, is that your IP address is exposed to the network when you broadcast transactions. 

This means that someone listening very carefully can figure out where in the world a transaction came from, and potentially which transactions belong to you. From there they may or may not be able to find out further information about the addresses involved, and how much was transferred. In general, it’s a good idea to look as uninteresting as possible.

Keeping your IP to yourself, or using some sort of anonymization layer (like Tor, or I2P) is a good idea. For a privacy coin, having first-party support for such anonymization layers is definitely a plus.

Monero vs Zcash: Best Privacy-Oriented Cryptocurrencies

Now that we have some grounding in what it means for a cryptocurrency to be private and why privacy is a good thing. Let’s take a look at the two best-known privacy cryptocurrencies, Monero and Zcash, to see how they stack up against our wishlist.

Monero

Monero tends to be the flagship privacy cryptocurrency. It offers various features and covers our wishlist well.

Monero infographic

a. Does Monero Use Opaque Transactions? ✔

Monero’s transactions are opaque. They make use of a technology called Ring Signatures (and, more recently, Bullet Proofs) to hide the sender and amount transferred in a transaction. It does this by mixing various transactions together, creating “decoys” that are difficult, if not impossible, to trace back to a specific person

A one-time-use stealth address is also used for receivers so you can’t be linked to multiple transactions.

monero-ring-signature
Credit: BitcoinKeskus

b. Does Monero Offer Provable Transactions?  ✔

You can prove a transaction occurred on the Monero network by use of a view key, which can be created for both a single transaction and an address.

c. Is Monero Private by Default? ✔

Monero’s privacy model does not allow for non-private transactions to occur on the blockchain. No matter what, your transaction will be private, though you can share a key with others to allow them to look at your transactions in the same way your wallet does.

d. Is Monero Trustless? ✔

Monero’s entire network requires no external trust to use, assuming you are running your own node, anyway. Like with most cryptocurrencies using an external node for your transactions carries some risks around logging. Though even if your transactions are logged, they will remain private.

e. Does Monero Obfuscate IPs? ✘

Monero does not currently have any sort of built-in IP obfuscation. Meaning that your IP can be logged by other nodes when broadcasting transactions. 

Though there are some plans for this in Monero’s future, namely, a technology called Kovri which will route and encrypt transactions through I2P Invisible Internet Project nodes. 

For the moment, if it is required, IP obfuscation can be achieved via third-party anonymization tools like Tor and I2P.

Zcash

Zcash offers both private and transparent transactions. A few of the boxes in our wishlist are checked by Zcash, but unfortunately, some of the more major ones are not.

zcash transaction types

a. Does Zcash Use Opaque Transactions? ✔

ZCASH offers a completely private transaction, known as a “shielded” transaction. With a shielded transaction, neither the addresses or amounts involved are visible on the blockchain. To achieve this, Zcash uses a cryptographic technique called “zero-knowledge proofs.”

Monero also uses a version of zero-knowledge proofs, but Zcash’s system is different in that it requires a small level of trust in its setup. We discuss this in the fourth section below.

b. Does Zcash Offer Provable Transactions? ✔

When the private transaction type is used, those on the secure side can disclose information via an experimental system. It allows you to prove a transaction was made without revealing information about the sender. However, it’s not a simple process.

c. Is Zcash Private By Default? ✘

ZCASH’s privacy scheme is not on by default, meaning that some effort is required for its users to send private transactions. There are four different possible ways for a transaction to occur. Only one of which is completely private for both parties. The other three are sender private, receiver private, and completely public.

A private transaction takes longer and costs more in fees. However, a recent Zcash upgrade aims to reduce the friction and move Zcash to a privacy-by-default system.

d. Is Zcash Trustless? ✘

ZCASH’s zero-knowledge proofs, known as zk-SNARKs, do require trust of third parties. Specifically, some parameters need to be generated and the source material destroyed. The issue with this is that if the source material for the parameters is not destroyed, those that have it can use it to create verified transactions.

The risk is mitigated somewhat by making the source material distributed. That way any one person that helped generate the data can destroy their source material and render the rest useless. Though that does not make the fact that a trusted setup is required, which, in the world of cryptocurrency, is a bad idea.

e. Does Zcash Obfuscate IPs? ✘

Much like Monero, ZCASH does not currently support any built-in IP anonymization technologies. Though running a ZCASH node over Tor does work. So if you do need the additional privacy you have the option of using Tor.

Monero vs Zcash: Which is Better?

While Monero and Zcash have their merits, Monero takes the crown for privacy, checking all but one of the items off our list. But Zcash has more control over how your transactions are done, at the cost of always-on privacy. Zcash’s trusted setup is also questionable, but unlikely to cause an issue in all but the most extreme case.

Bottom line, It’s up to you as the user to decide what cryptocurrency to use. And to weigh pros and cons against your use case. If you want absolute privacy, Monero is your go to, there is nothing quite like it currently. Otherwise, if you want to be able to send both private and transparent transactions, consider Zcash.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

zcash-sapling upgrade

On Sunday October 28th, Zcash, a cryptocurrency network designed to enable private transactions, will deploy a system-wide upgrade called Sapling.

The upgrade will drastically improve the performance of its private, or “shielded,” transactions (reducing transaction construction time by as much as 90%).

Zcash currently allows users to choose between a lightweight “transparent” transaction or a heavier “shielded” transaction. The Sapling upgrade will make shielded transfers more efficient, moving Zcash further towards private transfers by default.

As one of the leading Zcash block explorers, we are fully prepared for the upgrade. Users needn’t worry – the block explorer will function just as it would normally.

To find out more, Block Explorer editor Ben Brown spoke to Brad Miller, head of ecosystem development at Zcash.

zcash sapling

Ben Brown: Can you briefly describe Zcash, its key features, and mission?

Brad Miller: Zcash is a privacy-protecting, digital currency built on strong science that is open source, censorship-resistant, and permissionless. 

We are creating a currency that empowers people from anywhere in the world to transact freely with whomever they choose giving them power over their money and their privacy. 

We implemented cutting-edge research in a field of cryptography known as zero-knowledge proofs performed by researchers at some of the most prestigious universities in the world to achieve these strong privacy features.

BB: From a user perspective, what will the Sapling upgrade achieve?

BM: The Sapling upgrade is our largest upgrade ever with significantly improved performance: a time reduction of 90% for constructing transactions, and a memory reduction of over 97%. 

Over time, as companies start implementing the massive efficiency improvements that Sapling enables, users will start to see shielded transactions become ubiquitous. 

The speed improvements that Sapling enables will even allow mobile phones to generate these shielded transactions, which up until this point required quite a bit of computational power only available to a laptop or desktop. 

We think this upgrade is the tipping point to move the Zcash ecosystem toward shielded transactions by default. 

zcash explained

BB: And from a technical perspective, what are you changing?

BM: This upgrade is a complete overhaul of our protocol to introduce these massive performance improvements. Instead of going into technical details I would really recommend those that are interested read our numerous blog posts on the innovations that we’ve introduced in Sapling.

BB: Do Zcash users need to do anything (e.g. migrate funds, upgrade software, change wallets etc.)?

BM: Most cryptocurrency users don’t run their own full node. My recommendations would be to confirm with your service providers for exchange services, wallets, and block explorers that they are ready for the upgrade. 

We have been working hard to make sure all service providers are prepared for the upgrade but I’m sure they would also like to hear the demand from their customers. 

If you do run a Zcash full node, upgrade your node to the latest release, v2.0.1. Users do not need to move their funds as they’re totally safe through this upgrade process.

BB: Will the upgrade result in a fork?

BM: This is a consensus change in the code so old versions of the software won’t be able to join the upgraded network. These upgrades are good for everyone in the ecosystem and there is no contention about the Sapling upgrade in general so we don’t anticipate a fork based on the older consensus rules to persist.

Further reading: What is Hard Fork in Cryptocurrency?

BB: You talk about Sapling moving you towards a “shielded ecosystem.” Can you explain what that means and why it’s so important?

BM: Zcash has two kinds of transactions. The first we call “transparent” transactions and they use an address that begins with a “t”. 

These transactions are almost identical to bitcoin in that they’re fast and efficient but they are totally public and don’t offer any privacy-preserving features. 

The second type of transaction, a “shielded” transaction, uses addresses that begin with a “z”. These shielded transactions provide strong privacy features. 

In order for the ecosystem to move away from using the transparent transactions, we had to upgrade Zcash with the kind of performance improvements that Sapling introduces. 

Now that shielded transactions will become more widespread, more individuals will have access to these private transactions therefore growing the overall private ecosystem. 

Our goal, in the long run, is for all transactions on the Zcash blockchain to be private.

BB: What is the Sapling turnstile and how does it help prevent counterfeiting?

BM: Part of the Sapling upgrade requires users to move any “shielded” funds they have from legacy Sprout addresses (the old system) to the new Sapling addresses if they wish to experience the performance improvements introduced in Sapling. 

We saw a great opportunity to audit the monetary supply of Zcash so we’ve implemented what we’re calling a turnstile in this process which prevents users from sending funds from an old Sprout address directly to a new Sapling address. 

Instead, they’ll have to move funds from a Sprout address to a transparent address, and then to a Sapling address. This process allows anyone to perform an audit of the blockchain which will make it easy to spot if any counterfeiting has been going on in the older Sprout shielded pool of funds. 

We obviously have some recommendations on how to do this to preserve privacy. Users should read more on our documentation website.

BB: Zcash was designed with scheduled breaking changes, is that correct? What type of updates did you have in mind when this was decided, and how does this compare to the upgrades made so far?

BM: We schedule older versions of our software to automatically shut down 16 weeks after release to motivate the node operators on the network to upgrade to the latest software version. 

This helps keep the node versions active on the network within a tight range and makes sure that the user experience across the network is consistent. 

Apart from that we also like to release new features regularly, we believe cryptocurrencies are still in their infancy and there are so many innovations yet to be introduced. 

We try to target a major release once every six months. This year, for instance, we released our Overwinter upgrade which made future upgrades much safer for the network and now Sapling is activating which represents the largest upgrade in our history. 

Moving technology forward and introducing improvements and features is extremely important for the growth of cryptocurrencies at this stage and we want to make sure we stay true to our core principles of quality and safety while also keeping pace with the latest cutting-edge research.

Sapling Upgrade is Fully Compatible With Block Explorer

The Sapling upgrade is due to go live on Sunday 29th October at block 419200.

Block Explorer is fully ready for the upgrade and you can continue to use the Zcash block explorer just as you would normally.

Learned something new in this article? Subscribe to the Block Explorer newsletter.

Monero logo

A huge upgrade to Monero, the 10th largest cryptocurrency network, just made transactions 97% cheaper while maintaining its privacy features. Monero, which is best-known for its anonymous transfers, now uses technology called “Bullet Proofs” to scale up. Armin Davis explains further.

Another six months have gone by, and as such, Monero has performed its bi-yearly network upgrade hard fork. Specifically, the hard fork took place on the 18th of October, at block height 1685555. 

Of the numerous changes made over this upgrade, a few stand out:

  • “Bullet Proofs” greatly reduce transaction size (and therefore transaction fees)
  • Monero’s upgrade further discourages specialist mining tools like ASICs.
  • To maintain privacy, the ring size for all transactions on the Monero network has been fixed to 11.
Monero infographic
Credit: Reddit u/cryptoKL

Explaining Monero’s New “Bullet Proofs”

Prior to this upgrade, Monero used a version of what is called a “range proof”, or zero-knowledge proof”. 

A zero-knowledge proof means that something can be proven true without knowing the actual data. For example, I can prove that it is less than 0°c outside without knowing the actual temperature data. All that I need to do is place some water outside and see if it freezes.

For Monero, range proofs allow outside observers, like other Monero nodes, to confirm that a transaction took place using cryptocurrency that already existed. Rather than currency created out of thin air, or currency already spent elsewhere.

The Downside of the Previous Monero System

The downside of these range proofs is that they are large, each transaction takes up somewhere around 13 kilobytes, which is significantly larger than Bitcoin’s ~ 300-byte transactions. 

With large transactions comes large fees, as the fee you pay is (mostly) based on the size of your transaction in the block. And, while not an issue for Monero, larger transactions can cause network congestion on blockchains with small, fixed size blocks.

bullet proofs

Enter Bullet Proofs: A great improvement on the previous range proofs, reducing transaction size by as much as 80% while maintaining the same level of privacy and ensuring that no foul play occurs. 

As discussed above, the size of your transaction is what determines your fee (mostly). By reducing the transaction size, transaction fees are also greatly reduced (as much as 97%)

A Two-Stage Monero Upgrade

The upgrade to Bullet Proof based transactions will happen in two stages. Starting at height 1685555, the Monero network will be upgraded to v8. On v8, transactions using both the old range proof and the new Bullet Proof system will be accepted on the network. 

Shortly after, at height 1686275, a second hard fork will occur that upgrades Monero to v9. This will cause the Monero network to reject any non-Bullet-Proof based transactions and implements a number of patches to Bullet Proofs.

Crucial Monero Audit Halts Threat of 51% Attack

On the 22nd of October, an embargo was lifted on some major bugs found during an audit of the code around Bullet Proofs. 

Of the few bugs found, the most major involves a method to perform a 51% attack on the Monero network. Due to the magnitude of this bug, information around it was embargoed until a patch was live. As is standard practice for most major bugs. 

The flaw was discovered by OSTIF (The Open Source Technology Improvement Fund) during its audit of Monero’s Bullet Proofs.

A 51% attack involves gaining the lion’s share of mining power on a given blockchain. Once you have the most mining power, you can begin to rewrite history, and otherwise change the blockchain. This is because most blockchain nodes follow the longest chain. If you have the lion’s share of mining power, you control the longest chain.

51% attack explained

There are various methods one can use to gain 51% mining power on a given network. In Monero’s case, a vulnerability was discovered that would allow malicious actors to crash other nodes remotely.

By crashing nodes other than yours, you can begin to chip away at the mining power that is not yours. Once you have removed enough rival mining power, you gain two things; most of the mining profits on the blockchain, and the ability to perform a 51% attack.

Monero Continues to Deter Mining Hardware (ASICs)

Monero developers purposely try to deter giant mining companies (like Bitmain) from monopolizing, and therefore centralizing, the network.

Earlier this year, specifically just before the previous hard fork, Monero’s network “difficulty” (a measure of how difficult it is to mine a block) began to rise uncharacteristically quickly.

It was discovered that the cause of this was that Bitmain had developed a working mining device (ASIC) for the CryptoNight algorithm – the backbone of Monero’s network. 

At the time, a small change to the algorithm was made as a hotfix to make the ASICs unusable on Monero. Said change was referred to as CryptoNight v7.

Monero blocks ASIC miners

Fast forward to this month, and the Beryllium Bullet network upgrade, Monero’s algorithm has once again been changed. Now called CryptoNight v8, it is intended to make producing an ASIC for Monero even more difficult.

How Does CryptoNight Prevent ASIC Miners?

CryptoNight v8 continues the work done by v7, in that it further increases the amount of memory bandwidth used by the algorithm. Specifically, the increase is by a factor of four. 

Unfortunately along with this comes with a slight performance hit to regular CPUs of around 5-20%. The Monero developers and community feel that the performance drop is worth the gained protection from ASICs. And the performance may be gained back through optimizations of mining software.

This change works on the basis that it is prohibitively expensive to add large amounts of fast and high-speed memory to ASICs. A regular desktop CPU usually has somewhere between 4-64MB of cache, of which 2MB will be used per CryptoNight mining thread. 

So for an ASIC looking to run a large number of threads, a large amount of high-speed, cache-like memory will be required. And further still, v8 now requires a 64-byte wide memory access. Which, for a desktop CPU is easy as it should already have the required hardware.

Keeping Monero Private With Fixed Ring Size

Beryllium Bullet changes two things about how Monero users can structure their transactions.

Fixed Ring Size: First off, Monero users can no longer select the ring size of their transactions. Ring size is the number of decoy transactions added to every Monero transaction in order to hide which transfer is the real one in the transaction.

monero-ring-signature
Credit: BitcoinKeskus

This change, while controversial, is intended to help keep all users on the network private. Specifically, keeping transactions private while also keeping some transaction sizes down.

Ring Size Increased to 11: Secondly, the minimum (and now fixed) ring size has been set to 11. This is greater than the previous minimum of 5.

The rationale behind locking the ring size to 11 is that by making all transactions look exactly the same, it’s harder still to trace a given transaction across the network. You want to look the same as everyone else, rather than making a transaction with a massive ring size, which will stand out. While it is true that a larger ring size makes the transaction more private, it also makes the transaction as a whole a lot easier to spot.

Conclusion

Together, these upgrades combine to make Monero transactions 97% cheaper, while deterring mining centralization and maintaining its core privacy features. The upgrades make Monero truly bulletproof.

Learned something new in this article? Subscribe to the Block Explorer newsletter.