Serhack asked me to work on Chapter 6 initially, and since I have absolultely no programming or cryptography experience, I was afraid to touch it with a ten foot pole. After combing through this, I am glad I did. For a layman like myself, this chapter is very painful to read. It is full of terms I have no understanding of and is lacking any explanation of them. I tried to note those terms with an & to flag them so you can expand upon them. I think it might benefit from the contributors taking a second look at it and determining what information could be deleted, in order to make room for some technical summaries of what I note at the bottom that seems to be missing (i.e. Ring CT, Stealth Addresses, Ring Signatures, Kovri, etc...)
I am glad I am able to contribute whatever I can to this book. I hope this helps...
Chapter 6
A Deep Dive into Monero & Cryptography
The cryptography behind Monero is what makes it more secure, private, and untraceable than all other cryptocurrencies. This chapter will take a deep dive into it's cryptography features. Due to the mathmetical nature of cryptography, this chapter is the most technical of this book. So, to start at the basics, we'll begin with cryptographic primitives.
A cryptographic primitive is an algorithm that serves as the building block for cryptographic protocols. Monero uses a wide variety of cryptographic primitives for various use cases, which will be discussed in depth throughout this chapter.
Comparing to Bitcoin, Monero uses much more primitives, and some of them are more advanced. Particularly those related to privacy and Proof of Work. Some choices are deliberately non-standard (for better or worse <-- explain why it's for better or worse, or else delete it) - oftentimes a legacy of the CryptoNote protocol (for more information about the CryptoNote protocol, see Chapter 9).
(moved down) Comparing to various altcoins, the multiple primitives of Monero cryptography is often considered more conservative, sound and robust. So let's take a look at what they are specifically.
In this part, we will talk about address generation, blockchain and privacy more in depth than in the first chapters. <-- Delete this sentence.
Monero Pseudorandom Number Generation (PRNG)
(Everything below seems choppy and unorganized. With such technical content, the least we can do is have it organized to help with the reader's comprehension. Once these edits have been made and some of the words in here are summarized/expanded upon, I will go through again and re-organize if need be.)
Monero uses PRNG based on the Keccak hashing function. (insert a sentence summarizing what hashing means) This hashing function basically makes whatever resulted as an output from the previous hashing round- now an input for the next hash. (edited and moved up from below -->)Keccak is the leading hashing function, designed by non-NSA designers (replace designers with developers, engineers, something else?). Keccak won National Institute of Standards and Technology (NIST) competition to become the official SHA3. It is used for transaction and block hashing.
&&From here forward, if there is a word that looks &like this, it means this word needs to be summarized or expanded on for the reader:&&
The &initial seed comes from &entropy sources provided by the user's operating system. On Linux and MacOS the seed comes from /dev/urandom. On Windows the WinAPI CryptGenRandom call is used for seeding. <-- are these two sentences necessary?
This concerns <--what concerns? the reference &C++ &implementation of Monero. Please note there are many alternative &implementations of private key generation, including JavaScript, Python, Android/Java. These should be researched case by case for correctness. <--is this a note to the reader, or the writers?
Hashing <---is this supposed to be here?
For generating addresses (especially public address), it's important to hash keys. (why is it important?)
Monero employs Keccak as a hashing function. <--- this is redundant. I think these sections need to be combined to make it easier to read. In most contexts specifically &Keccak-256 is used, providing 32-byte hashes.
This paragraph should be near the beginning of this section --> Choosing a good hashing algorithm is a must for creating addresses in a secure way: if it generates the same addresses, there will be a "collision", which means two people will have the same seed, so same private and public keys. Obviously this would be problematic for the use of blockchain transaction capabilities.
Keccak (delete)
Base58
Base58 is a group of binary-to-text encoding schemes used to represent large integers as alphanumeric text.
It is similar to another scheme called Base64 but has been modified to avoid both non-alphanumeric characters and letters which might look ambiguous when printed.
It is therefore designed for human users who manually enter the data, copying from some visual source, but also allows easy copy and paste because a double-click will usually select the whole string.
Base58 Alphabet used in Monero:
123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz
Note: Zero (0) along with the letters I (uppercase i), O (uppercase o), and l (lowercase L) are not present in this Base58 alphabet as they are the previously mentioned characters which might appear ambiguous.
The relationships between seeds, address and keys
Before we get into the Monero deep, we have to introduce the concept of address generation. <--- is this supposed to be here?
Elliptic curve
**&&&&&**A finite field Fp where p is a prime number, is the field formed by the set {0, 1, 2, ..., p−1}. with arithmetic operations (+, ·) calculated. <-- this needs a sentence or two to lead into the information. Explain why this information is relevant for the purpose of Monero use (something you should do throughout this chapter).
Typically, elliptic curves are defined as the set of points (x, y) satisfying an equation:
y^2 = x^3 + ax + b
However, the cryptocurrency Monero uses a special curve known to offer improved security over other commonly used NIST curves, as well as excellent performance of cryptographic primitives. The curve used belongs to the category of s.c. Twisted Edwards curves, which are commonly expressed as: ax^2 + y^2 = 1 + dx^2y^2
Ed25519 Function
The address generation <-- delete?
The Monero Blockchain
Monero has a unique kind of blockchain. If you recall, a blockchain is a distributed or decentralized public ledger where payments and transactions are recorded and verified. The blockchain cannot be modified due to its distributed nature. It is based on various cryptography protocols and algorithms in order to avoid any cheating. Monero uses a variety of these to ensure it is secure from prying eyes, and untraceable.
Lightning Memory Mapped Database
Monero uses the Lightning Memory Mapped Database (LMDB) databas**e** system to store its blockchain. LMDB is a software library that provides a high-performance embedded transactional database in the form of a key-value store. <--follow with a sentence in layman's terms
LMDB is written in &C(++?) with _&API** bindings_** for several programming languages and is developed by Symas Corporation. Here are a few LMDB features:
-
stores arbitrary key/data pairs as byte arrays, (meaning...)
-
has a range-based search capability, (allowing...)
-
supports multiple data items for a single key, (providing....)
-
has a special mode for appending records at the end of the database which gives a dramatic write performance increase over other similar stores.
LMDB is not a relational database but like Berkeley DB and other similar databases such as dbm is strictly a key-value store. <--- explain what this means or why it's important. otherwise, delete it.
Block structure
The block structure was defined by the third document of CryptoNote Standar**ds. It defines the way data is stored within blocks and the blockchain,** along with the corresponding data structures.
A block consists of three parts:
block header
base transaction body
list of transaction identifiers.
The list (<-- what list? explain this) starts with the number of transaction identifiers that it contains.
Block Header
Base Transaction
Fees
Privacy Transactions
Stealth Addresses
&&The examples below here need images/graphics to help explain this concept
Chapter 3 described a situation where Leo sent George some Monero and in doing so he used George's public keys to produce a one-time public key, also known as a stealth address, that is unlinkable to the (delete the) George's real keys. This section will go deeper to explain the cryptography behind that one-time public key.
Sending
The highly technical formula descibed in the CryptoNote whitepaper to produce this public output is P = Hs(rA|i)G + B. This means that when Leo wants to send Monero to George he generates a 256 bit pseudorandom scalar to be used as the transaction private key, r. Leo is the only person that will ever know this key, not even George. Leo then multiplies George's public view key, A, by his pseudorandom scalar and then &concatantes the output index, i, to resulting point. This data is then run through the Hash to Scalar function. This function takes the input data, hashes it using the Keccak-256 algorithm, then takes that resulting hash modulo the prime number 2^255 + 27742317777372353535851937790883648493. The &ed25519 basepoint, G, is then multiplied by the scalar that is output from that function. Finally, Leo adds this point with George's public spend key, B, to produce the final output, P.
Recieving
Now, as described in chapter 3, George must scan the blockchain for outputs that belong to him. To do this he must calculate P' = Hs(aR|i)G + B. The process is very similiar to what Leo had to do to send the Monero. George will get the public transaction key, R, used in the transaction from the blockchain and multiply it by his private view key, a. He then must concatenate the output index to the resulting point and that data through the Hash to Scalar function. He then multiplies the ed25519 basepoint, G, by the resulting scalar and finally adds his own public spend key, B, to the resulting point to produce the final point P'. If the output George generated independantly, P', matches the output from the blockchain, P, then George knows that he owns that output and can spend the associated Monero.
&this chapter seems to be missing the cryptographic/"deep dive" explanation or summaries behind Ring CT, Stealth Addresses, Ring Signatures, Kovri, etc...