This repository has been archived by the owner on Mar 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathringct.sbv
245 lines (164 loc) · 6.31 KB
/
ringct.sbv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
0:00:01.120,0:00:05.640
Monero is secure, untraceable, electronic cash.
0:00:05.640,0:00:09.560
It is open-source, decentralized, and freely accessible to all.
0:00:09.560,0:00:10.460
In this video,
0:00:10.460,0:00:13.520
we will focus on Ring Confidential Transactions,
0:00:13.520,0:00:16.140
commonly known as RingCT.
0:00:16.140,0:00:17.240
In our last video,
0:00:17.240,0:00:20.680
we illustrated how Monero ring signatures protect senders' privacy
0:00:20.680,0:00:24.820
by preventing transaction inputs from being distinguishable from one another.
0:00:24.820,0:00:27.740
This is accomplished by the use of digital signatures,
0:00:27.740,0:00:30.800
where there is an actual signer hidden among multiple ring members
0:00:30.800,0:00:32.820
to authorize a transaction.
0:00:32.820,0:00:37.260
Additionally, we learned that key images are used to prevent Monero inputs
0:00:37.260,0:00:39.380
from being spent more than once.
0:00:39.380,0:00:42.120
Ring signatures ensure privacy of the sender,
0:00:42.120,0:00:44.280
since inputs are untraceable.
0:00:44.280,0:00:47.200
To increase the privacy of both parties in a transaction,
0:00:47.200,0:00:50.320
RingCT was implemented to hide transaction amounts.
0:00:50.320,0:00:52.640
Prior to the implementation of RingCT,
0:00:52.640,0:00:57.160
Monero required transaction amounts to be split into specific denominations.
0:00:57.160,0:00:58.180
For example,
0:00:58.180,0:01:02.320
an output of 12.5 Monero would be broken up into three separate rings
0:01:02.320,0:01:05.740
in the amounts of 10, 2, and 0.5.
0:01:05.740,0:01:08.800
This technique ensured that there would be ample ring members,
0:01:08.800,0:01:12.880
since a ring signature could only ring together outputs of the same value.
0:01:12.880,0:01:15.180
However, a downside to this process
0:01:15.180,0:01:19.040
is that an outside observer was able to see the amounts transacted.
0:01:19.040,0:01:24.440
To address this shortcoming, Monero activated RingCT in January 2017.
0:01:24.440,0:01:29.000
RingCT prevents privacy leaks by hiding transaction amounts in the blockchain.
0:01:29.000,0:01:31.200
A month after RingCT was activated,
0:01:31.200,0:01:35.840
approximately 98% of new transactions were using the RingCT protocol.
0:01:35.840,0:01:41.940
After September 2017, the use of RingCT will be mandatory for all Monero transactions.
0:01:41.940,0:01:43.620
Today with RingCT,
0:01:43.620,0:01:48.220
newly created Monero firstly resides in outputs that have visible amounts.
0:01:48.220,0:01:50.700
When new Monero is transferred for the first time,
0:01:50.700,0:01:53.960
RingCT outputs with masked amounts are generated.
0:01:53.960,0:01:58.720
As a result, transactions no longer need to be broken down into different denominations.
0:01:58.720,0:02:03.100
This means that a wallet is free to pick ring members from any RingCT outputs,
0:02:03.100,0:02:05.180
which significantly improves privacy.
0:02:05.180,0:02:09.740
It should be noted that Monero ring signatures can't include both pre-RingCT outputs
0:02:09.740,0:02:12.660
and masked RingCT outputs in a single ring,
0:02:12.660,0:02:15.360
so - like newly created Monero -
0:02:15.360,0:02:19.620
a pre-RingCT output must first be converted to a RingCT output
0:02:19.620,0:02:23.860
before it can be included in a ring signature with other RingCT outputs.
0:02:23.860,0:02:25.280
Let's walk through an example,
0:02:25.280,0:02:29.200
and then take a deep dive to see how RingCT works.
0:02:29.200,0:02:31.840
Alice has an output of 12.56
0:02:31.840,0:02:34.700
and would like to send Bob 2.5 Monero.
0:02:34.700,0:02:36.860
Since outputs can't be spent twice,
0:02:36.860,0:02:41.320
Alice needs to spend the output in its entirety and return the change to herself.
0:02:41.320,0:02:45.540
So, Alice's transaction would have one input of 12.56 Monero
0:02:45.540,0:02:47.240
and 2 outputs -
0:02:47.240,0:02:50.200
one that is 2.5 Monero designated for Bob
0:02:50.200,0:02:52.840
and another that is 10.06 Monero,
0:02:52.840,0:02:57.180
which is sent back to her wallet as "change" of the transaction.
0:02:57.180,0:03:00.960
To prove that Monero has not been fraudulently fabricated in a transaction,
0:03:00.960,0:03:05.560
the sum of a transaction's inputs must equal the sum of its outputs.
0:03:05.560,0:03:08.200
Due to cryptographic properties of RingCT,
0:03:08.200,0:03:11.160
Alice is required to "commit" to the amount of an output,
0:03:11.160,0:03:15.160
revealing just enough information for the network to confirm the transaction,
0:03:15.160,0:03:18.240
while not publicly disclosing the amount she is spending.
0:03:18.240,0:03:20.680
Although commitments look like random numbers,
0:03:20.680,0:03:24.620
miners are still able to confirm that the amount of Monero being sent to Bob
0:03:24.620,0:03:27.680
is the same as the amount of funds available.
0:03:27.680,0:03:31.900
Another important aspect of a RingCT transaction is the "range proof",
0:03:31.900,0:03:34.760
which prevents senders from committing to negative values
0:03:34.760,0:03:37.320
in order to secure the supply of Monero.
0:03:37.320,0:03:41.020
A range proof cyptographically proves the amounts used in a transaction
0:03:41.020,0:03:45.240
is greater than 0 and less than some arbitrary number.
0:03:45.240,0:03:49.980
While an outside observer is unable to see the actual amounts in outputs of a transaction,
0:03:49.980,0:03:53.000
they are able to confirm that the transaction is a legitimate one
0:03:53.000,0:03:55.140
that the network should accept.
0:03:55.140,0:03:58.040
As a result of Monero's baked-in privacy features,
0:03:58.040,0:04:01.120
users are able to transfer Monero to whomever they like;
0:04:01.120,0:04:03.120
and no one would know how much was sent
0:04:03.120,0:04:05.840
nor who the sender or recipient were.
0:04:05.840,0:04:09.800
These qualities make Monero a leading privacy-centric digital currency,
0:04:09.800,0:04:12.080
but the innovation doesn't stop there.
0:04:12.080,0:04:14.400
In our next video, we'll discuss Kovri:
0:04:14.400,0:04:16.880
a C++ I2P router
0:04:16.880,0:04:20.920
that will make Monero transactions more secure than ever before.
0:04:20.920,0:04:24.660
If you are interested in what makes Monero the leading privacy-centric cryptocurrency,
0:04:24.660,0:04:28.800
please check out the other videos or visit getmonero.org.