CryptoNote

Origins

CryptoNote technology was first described in a whitepaper CryptoNote v 1.0. An updated version has been released under the name CryptoNote v 2.0 later. The Bytecoin cryptocurrency was the first one where the underlying cryptographic protocol has been implemented. CryptoNote was at first developed in Java for faster launch, and then re-written in C++ in 2013.

CryptoNote is based on many early works and protocols and takes into consideration several issues raised formerly. Below is a list of the most important papers and events that influenced CryptoNote:

Anonymous transactions and ring signatures

Like bitcoin, CryptoNote currencies use a public address consisting of pseudorandom numbers and letters that is derived from user's public keys. Addresses serve as public IDs of the users. However, unlike bitcoin, CryptoNote transactions hide the connection between the sender's and the receiver's addresses.

Sender privacy

To prevent sender identification, CryptoNote groups the sender's public key with several other keys (more precisely, it groups the sender's output with several other's outputs), making it impossible to tell who actually sent the transaction. If ring signatures are used, all possible senders referenced in the transaction are equiprobable and there is no way to determine the exact private key used while signing. This approach does not require dedicated master nodes for mixing coins and does not need other users to actively participate in transaction generation (see CoinJoin). It still assures the network that the original sender has the funds in his or her account to send the transaction like an ordinary signature scheme does. Instead of proving in zero knowledge manner the fact "I possess the private key which corresponds to this particular public key" the signer proves "I possess at least one of the private keys which correspond to this set of public keys".

Receiver privacy

On the receiver's end, the technology generates a new public key for each money transfer, even for the same sender and receiver. With sender's random data and receiver public address it is possible to create a pair of unique private and public keys via Diffie-Hellman protocol. Sender generates one-time ephemeral key for each transfer and only the receiver can recover the corresponding private key (to redeem the funds). No third party can determine if two different transactions were sent to the same recipient.

Double spending protection

Anonymous transactions have a potential problem. Bitcoin and similar currencies use a public ledger to verify that each person sending funds actually has such funds in their account and have not sent it to another user previously. Since CryptoNote currencies are anonymous, the network must confirm the validity of transactions in another way.

CryptoNote solved this problem by using more sophisticated scheme instead of usual ring signature: traceable ring signature. The algorithm originally proposed by Fujisaki and Suzuki in 2007 allows to trace the sender of two different messages if they contain the same tag and signed by the same private key.

CryptoNote authors slightly simplified the scheme, replacing tag with key image and discarding the traceability property. They called their algorithm one-time ring signature, "stressing the user’s capability to produce only one valid signature under his private key". Two different signatures under the same key (a double spend attempt) can be easily linked together, and only one will be stored in the blockchain.

The key idea is in using the image of the private key in signing/verification formulas. These are not actual images that would contribute greatly to blockchain bloat, but rather a number, which corresponds to each private key one-to-one (deterministically derived from it by the cryptographic hash function). The key image cannot be used to derive the private key and public address, but since every key image spent is stored in the blockchain, the network will block any duplicates. Likewise, any attempt to create a key image would not fit into the mathematical formula during a transaction verification and will be denied. The downside to this is that it would be impossible to identify anyone who attempts to perform a double spend with fraudulent intent or as a result of software or human error. The system, however, will block such attempts.

Egalitarian proof of work

The CryptoNote’s proof of work mechanism is actually a voting system where users vote for the right order of transactions, new features in the protocol and honest money supply distribution. It is important that during the voting process every participant have equal voting rights. Most CryptoNote coins use the CryptoNight algorithm to run their blockchain and secure their networks, the only exception being Boolberry. CryptoNight is a proof-of-work algorithm that mixes graphics processing unit (GPU) and central processing unit (CPU) mining to create a system resistant to both application-specific integrated circuits (ASICs) and fast memory-on-chip devices. This is designed to create a more uniform distribution of coins through the currency's life. However, there are some questions about its susceptibility to botnets.

The algorithm includes:

Adaptive network limits

There are no hard-coded constants in CryptoNote code. Each network limit such as maximum block size, or minimum fee amount is adjusted based on the historical data of the system. Moreover, the difficulty and the maximum block size are automatically adjusted with each new block.

Philosophy

CryptoNote philosophy is built on privacy as a fundamental human right, and egalitarianism. According to the whitepaper, the CryptoNight algorithm is intended to make the coin adhere to Satoshi Nakamoto's original vision of “one-CPU-one-vote” system. Thus the tremendous advantage GPUs have over CPUs in most cryptocurrencies is considerably decreased in CryptoNight. If it is a good thing, or not, is debatable.

Current CryptoNote currencies

The CryptoNote platform has been used in several cryptocurrencies. The CryptoNote Foundation encourages developers to clone the technology. Transaction confirmation time, total number of coins and proof-of-work logic are subject to be altered in forks. Several attempts has been performed to alter core protocol: Boolberry adds address aliases and DigitalNote introduced private messaging.

Bytecoin (BCN)

Bytecoin (BCN), not to be confused Bytecoin (BTE), was the first implementation of the CryptoNote protocol launched in July 2012. Since launching, several improvements have been introduced including multisignature transactions and several security updates. In 2013, the original CryptoNote Java implementation was rewritten using C++.

The Bytecoin blockchain contains some extra information not directly related to money transfers: several blocks include geographic coordinates of universities, educational facilities among other buildings. Blocks generated since August 11, 2012 contain quotes from Cyphernomicon, Neuromancer by William Gibson and other authors.

On March 31, 2015 Bytecoin developers announced their roadmap for several upcoming releases. The following improvements were mentioned among others:-

Monero (XMR)

Monero is currently the most well known of all the cryptonotes and has ongoing support from the community. Forked from Bytecoin in April 2014, it has a 2-minute block target and 50% slower emission speed. Monero has been praised by Bitcoin core developers Gregory Maxwell, Peter Todd, and Wladimir J. van der Laan.

Along with simplewallet Monero has numerous GUI wallet applications as well as MyMonero that was launched on November 24, 2014. Monero has also teamed up with academic cryptographers, implemented an extensive aliasing system, OpenAlias, partially funded Privacy Solution for integrating I2P in Monero, created an anonymous voting system, URS, and implemented Electrum's mnemonic seeds.

Aeon (AEON)

Aeon was launched on June 6, 2014 as a fork of Monero and with the same maximum supply of 18.4 million coins. It has a block time of 4 minutes and a smoothly varying reward using the formula (M−A) / (218) / (1012) where M = 2⁶⁴ − 1 and A = supply mined to date. Consequently, it has a similar emission curve to Monero albeit offset by about 6 weeks.

In October 2014 the original developers discontinued work on Aeon and the project was considered abandoned. However, in April 2015, after a display of community approval, all of Aeon's assets were handed over to a new core team of developers including notable developers concurrently working on the Monero project. The Aeon project was thereafter rebranded and a new roadmap announced.

Aeon has been subsequently developed with a continued emphasis on secure and scalable blockchain obfuscation in the interests of user privacy, with additional new faculties pertaining to mobile and low-fidelity operating hardware.

DigitalNote (XDN)

DigitalNote is a CryptoNote based cryptocurrency, does not follow slow block reward reduction approach of CryptoNote. It halves block reward every 11000 blocks (1 month) instead. This approach is similar to bitcoin's. About 80% of all DigitalNotes were mined in the very first year by community members and miners with the fair CPU-efficient proof-of-work. The idea is to provide main coin units amount for Crypto Economy needs in the very first year, avoiding future miners manipulation and making both network and coin units decentralized. After the first year XDN has a static block reward = 150 XDN and first blockchain banking deposits with interest rate.

DigitalNote was launched in May 2014 as duckNote. Later duckNote was renamed to darkNote and introduced encrypted transactions comments and encrypted messaging features. Messaging functionality provided by DigitalNote is popular in regions with high social tension and total surveillance. Following the duckNote to DarkNote rebranding, the XDN price rose by about 50%. In 2015 DarkNote has been renamed again to DigitalNote.

Later a pure JavaScript paper wallet generator has been developed for DigitalNote. The resulting private key can be used with DigitalNote GUI wallet.

Also with DigitalNote XDN developers made first ever cryptocurrency blockchain banking deposits with interest rate on proof-of-work system.

Boolberry (BBR)

Boolberry is a Bytecoin fork with several improvements and a very intensive development. At its launch, the following improvements had been implemented:

DarkNetCoin (DNC)

DarkNetCoin is a fork of BoolBerry launched on October 13, 2014. It is announced as a general currency for DarkNetSpace - a platform for anonymous applications such as P2P exchange, on-chain shop, Lotto, Gamble, and Bets. DarkNetCoin inherits all features from the BoolBerry main branch: WildKeccak hash, aliases and alerts. Development roadmap includes P2P exchange, smart contracts, on-chain shops and proof-of-stake implementation. DarkNetCoin team is financed by miners: a 10% development bonus is charged from every block starting from height 4550. 1% of development bonus goes to CryptoNote team.

Quazarcoin (QCN)

Quazarcoin has been created by bitcointalk member OracionSeis as an attempt to relaunch BitMonero with a slower emission curve: 50% of Quazarcoins will be emitted during 6 years. Few months after its launch, Quazarcoin has been refocused to distributed torrent-files storage providing users with censorship-free "tracker".

Fantomcoin (FCN)

Fantomcoin is a Bytecoin fork with merged mining support. Fantomcoin can share hashpower with any other CryptoNight-based coin. It has been released with GUI user-friendly miner and command line miner for cloud mining.

Moneta Verde (MCN)

Moneta Verde is a Bytecoin fork that implements infinite coin emission driven by its network's hashrate and merged mining support. Moneta Verde is claimed to be environment-friendly.

Dashcoin (DSH)

A 1:1 clone of Bytecoin that claims to have "self-mutating code". Dashcoin is automerged from Bytecoin source tree, which means that the Dashcoin codebase is always the same as Bytecoin's. Dashcoin team released scripts generating personalized coins based on Cryptonote technology.

RedWind (RD)

RedWind is another CryptoNote Starter fork created for only one mission – funding colonization of Mars. RedWind was launched in September 2014.

Breakoutcoin (BRO)

Breakoutcoin is a fork of CryptoNote repository announced by Breakout Gaming (BRO) as a coin intended for online gaming. BreakoutCoin offers several new features in CryptoNote: Proof-of-Bergstake and BotlessNight hashing algorithm. Initial coin offering was scheduled to October 14, 2014.

CryptoNoteCoin (CNC)

CryptoNoteCoin is the official reference coin launched for educational purposes only. Official site warns users from trying to use CryptoNoteCoin for commercial purposes because coin emission restarts every 2 months.

Pebblecoin (XPB)

Pebblecoin is a CryptoNote-based coin launched in January 2015. It uses a new proof-of-work algorithm called Boulderhash that requires 13 GB RAM. Developer claims that this algorithm is protected against botnets.

CryptoZ (XCZ)

CryptoZ is a CryptoNote-based coin launched in February 2017.

Daemon-wallet architecture

Unlike in Bitcoin, all CryptoNote currencies have functionality of network node and wallet split into two separate executables: daemon and simplewallet. Wladimir J. van der Laan writes:

"To name an example of it done right, IMO: Monero's 'simplewallet'. It is a command-line utility wallet that communicates with the node software, and remembers where it was in the chain, and processes changes to the chain state since its last invocation when it 'refreshes'. What is nice is that one can run an arbitrary number of simplewallets against one node daemon, and unlike bitcoind's wallet it doesn't need to run as always-on daemon itself. It can be invoked when the user wants to do something with the wallet, or see if there are new transactions." Bitcoin Development (17 September 2015).

Blockchain bloat and ring signature size

The kind of ring signature used in CryptoNote grows linearly with a number of public keys used in mixing. The exact formula is S = 64 n + 32 bytes, where n is the number of said keys (including the key of the sender). There were proposed another ring signature with a lesser size, for example Chandran signatures size is proportional to square root of n . When n is quite large, the difference becomes more significant: under particular conditions, Chandran signature is 4KB while the CryptoNote ring signature is 36KB. But as for 2015 none of the proposed algorithms are actually implemented in any cryptocurrency.

Developer of Boolberry, the CryptoNote-based coin, proposed another solution for this problem by going back and actually pruning the old signatures from the blockchain; however, said solution has not been implemented yet.[reference needed]

Nevertheless, an analogy to bitcoin's simple payment verification is still possible: a user can avoid running full node and keeping the whole blockchain by querying the network for the Merkle branch of a transaction.

Origins

The author of the white paper went by the name Nicolas van Saberhagen, although like Satoshi Nakamoto (the author of the bitcoin white paper) that name is likely a pseudonym. Saberhagen's true identity and location remains unknown. Some have claimed that the real creator is someone in the bitcoin community. Adam Back, Nick Szabo and even Satoshi Nakamoto himself have been floated as possible suspects, but there is little to no evidence actually supporting those claims.

Stanford Bitcoin Group’s possible involvement in creation of the CryptoNote protocol has also been discussed. Prior to CryptoNote cryptocurrency protocol, the domain cryptonote.org hosted an encrypted message application also named CryptoNote. This application was developed by the members of the Stanford Bitcoin Group but had not received wide recognition. This website currently hosts the CryptoNote technology.

Coin Mill conspiracy theory

Several CryptoNote-based coins launches are looking very similar: their announcement threads on bitcointalk.org forum were created by "newbie" accounts and looked alike stressing the slogans such as 'CPU-only mining' and being 'ASIC resistant'. Moreover, same file sharing service used for releases. It is supposed that the only purpose of such launches was to earn easy money and creators were not intended to support and develop these forks.

Faked versions of whitepaper

Community activists discovered altered versions of CryptoNote whitepapers with digital signatures not corresponding to Nicolas van Saberhagen PGP key and missing PGP watermarks. This incident has been attributed to documents' forgery. The possible goal of people behind this action was to refute claims about public availability of CryptoNote since 2012 in order to gain competitive advantage. Modified whitepaper included link to discussion thread started in May, 2013 on bitcointalk.org forum and have been generated using TeX Live software released in 2013 with XMP date property set to 2014.

Bytecoin and Cicada

Bytecoin Tor site included a hidden message with a reference to Cicada 3301. Users also noticed that Cicada-style pictures were used by Bytecoin developers or by somebody impersonating them. Bytecoin blockchain contains several riddles composed of multiple messages. One of these messages possibly refers to Cicada: "And it's the name of person you should give your key. To find it - follow little rabbit on land you've recently inhabit."