Topic: how does cryptonote work? (Read 979 times)
Basically CryptoNote allows for increased privacy in cryptocurrency transactions. It uses ring signatures that restrict the double-spending attempt by linking the transactions with the same private key. The protocol uses the key image, derived from a private key through a one-way function. All the users keep the list of all the used key images, which are checked against a new transaction. Every address of the payment is a unique one-time key, which is created from both the sender's and the receiver's data, and the usage of ring signature hides the exact outputs that have been spent for the input. Therefore, each next transaction increases the number of possible senders and hides the actual connection even more.
UNTRACEABLE PAYMENTS
The ordinary digital signature (e.g. (EC)DSA, Schnorr, etc...) verification process involves the public key of the signer. It is a necessary condition, because the signature actually proves that the author possesses the corresponding secret key. But it is not always a sufficient condition
Ring signature is a more sophisticated scheme, which in fact may demand several different public keys for verification. In the case of ring signature, we have a group of individuals, each with their own secret and public key. The statement proved by ring signatures is that the signer of a given message is a member of the group. The main distinction with the ordinary digital signature schemes is that the signer needs a single secret key, but a verifier cannot establish the exact identity of the signer. Therefore, if you encounter a ring signature with the public keys of Alice, Bob and Carol, you can only claim that one of these individuals was the signer but you will not be able to pinpoint him or her.
This concept can be used to make digital transactions sent to the network untreaceable by using the public keys of other members in the ring signature one will apply to the transaction. This approach proves that the creator of the transaction is eligible to spend the amount specified in the transaction but his identity will be indistinguishable from the users whose public keys he used in his ring signatures.
Untraceable transactions
It should be noted that foreign transactions do not restrict you from spending your own money. Your public key may appear in dozens of others' ring signatures but only as a muddling factor (even if you already used the corresponding secret key for signing your own transaction). Moreover, if two users create ring signatures with the same set of public keys, the signatures will be different (unless they use the same private key).
UNLINKABLE TRANSACTIONS
Normally, when you post your public address, anyone can check all your incoming transactions even if they are hidden behind a ring signature. To avoid linking you can create hundreds of keys and send them to your payers privately, but that deprives you of the convenience of having a single public address.
CryptoNote solves this dilemma by an automatic creation of multiple unique one-time keys, derived from the single public key, for each p2p payment. The solution lies in a clever modification of the Diffie-Hellman exchange protocol. Originally it allows two parties to produce a common secret key derived from their public keys. In our version the sender uses the receiver's public address and his own random data to compute a one-time key for the payment.
The sender can produce only the public part of the key, whereas only the receiver can compute the private part; hence the receiver is the only one who can release the funds after the transaction is committed. He only needs to perform a single-formula check on each transactions to establish if it belongs to him. This process involves his private key, therefore no third party can perform this check and discover the link between the one-time key generated by the sender and the receiver's unique public address.
An important part of our protocol is usage of random data by the sender. It always results in a different one-time key even if the sender and the receiver both remain the same for all transactions (that is why the key is called "one-time"). Moreover, even if they are both the same person, all the one-time keys will also be absolutely unique.
More at http://bytecoin.org/about
The ordinary digital signature (e.g. (EC)DSA, Schnorr, etc...) verification process involves the public key of the signer. It is a necessary condition, because the signature actually proves that the author possesses the corresponding secret key. But it is not always a sufficient condition
Ring signature is a more sophisticated scheme, which in fact may demand several different public keys for verification. In the case of ring signature, we have a group of individuals, each with their own secret and public key. The statement proved by ring signatures is that the signer of a given message is a member of the group. The main distinction with the ordinary digital signature schemes is that the signer needs a single secret key, but a verifier cannot establish the exact identity of the signer. Therefore, if you encounter a ring signature with the public keys of Alice, Bob and Carol, you can only claim that one of these individuals was the signer but you will not be able to pinpoint him or her.
This concept can be used to make digital transactions sent to the network untreaceable by using the public keys of other members in the ring signature one will apply to the transaction. This approach proves that the creator of the transaction is eligible to spend the amount specified in the transaction but his identity will be indistinguishable from the users whose public keys he used in his ring signatures.
Untraceable transactions
It should be noted that foreign transactions do not restrict you from spending your own money. Your public key may appear in dozens of others' ring signatures but only as a muddling factor (even if you already used the corresponding secret key for signing your own transaction). Moreover, if two users create ring signatures with the same set of public keys, the signatures will be different (unless they use the same private key).
UNLINKABLE TRANSACTIONS
Normally, when you post your public address, anyone can check all your incoming transactions even if they are hidden behind a ring signature. To avoid linking you can create hundreds of keys and send them to your payers privately, but that deprives you of the convenience of having a single public address.
CryptoNote solves this dilemma by an automatic creation of multiple unique one-time keys, derived from the single public key, for each p2p payment. The solution lies in a clever modification of the Diffie-Hellman exchange protocol. Originally it allows two parties to produce a common secret key derived from their public keys. In our version the sender uses the receiver's public address and his own random data to compute a one-time key for the payment.
The sender can produce only the public part of the key, whereas only the receiver can compute the private part; hence the receiver is the only one who can release the funds after the transaction is committed. He only needs to perform a single-formula check on each transactions to establish if it belongs to him. This process involves his private key, therefore no third party can perform this check and discover the link between the one-time key generated by the sender and the receiver's unique public address.
An important part of our protocol is usage of random data by the sender. It always results in a different one-time key even if the sender and the receiver both remain the same for all transactions (that is why the key is called "one-time"). Moreover, even if they are both the same person, all the one-time keys will also be absolutely unique.
More at http://bytecoin.org/about
Quote
I suggest you read the whitepapers
https://cryptonote.org/whitepaper.pdf
http://monero.cc/downloads/whitepaper_review.pdf
https://cryptonote.org/whitepaper.pdf
http://monero.cc/downloads/whitepaper_review.pdf
This is not helpful in this context. Sure, everyone could read the whitepapers and invest a couple of hours in learning about how CN works - this isn't what the OP is asking though. He's looking for a 2-3 pager cheat sheet or something like this:
https://www.youtube.com/watch?v=l9jOJk30eQs
I don't think I've seen anything like this as of yet - it would be helpful for explaining the differences between CryptoNote and the reference Bitcoin transactions.
Good questions. /me also interested.
Forgive me. I don't have a computer science background. I am more of networks admin kind of guy.
I'm just curious and excited to understand the flow of information in cryptonote.
I read about Bitcoin and I understood the following:
* sender begins transaction
* sender signs transaction with his private key
* bitcoin network verifies that he is the sender by decrypting with sender's public key. If it matches, then he is the sender.
* bitcoin network knows about how much balance sender has from blockchain
* bitcoin network marks this transaction
* when receiver updates blockchain and checks balance, he finds that he has received money
I tried reading about cryptonote but I am confused. I don't understand a lot of things.
Some key points I understand:
* Sender signs with his private key
* Verifiers also sign with their private keys
* Now no one can tell who initially signed the transaction and hence the anonymity.
Also,
* Sender doesn't send money to receiver's actual wallet address.
* He instead randomizes it with his own info.
* Only receiver is capable of finding out that it was meant for him. (I don't know how.)
* So he has to be there for this transaction to happen. Workaround for this:
* Receiver gives some part of his *private* key to the network. This is called "tracking key".
* With this tracking key, the network can assert the transaction but still can't find the actual wallet address of the receiver.
How correct is this?
Is the digital signature part correct?
In cryptonote, how does the network ever make an entry into the blockchain without knowing which actual wallet address money was sent to?
I'm just curious and excited to understand the flow of information in cryptonote.
I read about Bitcoin and I understood the following:
* sender begins transaction
* sender signs transaction with his private key
* bitcoin network verifies that he is the sender by decrypting with sender's public key. If it matches, then he is the sender.
* bitcoin network knows about how much balance sender has from blockchain
* bitcoin network marks this transaction
* when receiver updates blockchain and checks balance, he finds that he has received money
I tried reading about cryptonote but I am confused. I don't understand a lot of things.
Some key points I understand:
* Sender signs with his private key
* Verifiers also sign with their private keys
* Now no one can tell who initially signed the transaction and hence the anonymity.
Also,
* Sender doesn't send money to receiver's actual wallet address.
* He instead randomizes it with his own info.
* Only receiver is capable of finding out that it was meant for him. (I don't know how.)
* So he has to be there for this transaction to happen. Workaround for this:
* Receiver gives some part of his *private* key to the network. This is called "tracking key".
* With this tracking key, the network can assert the transaction but still can't find the actual wallet address of the receiver.
How correct is this?
Is the digital signature part correct?
In cryptonote, how does the network ever make an entry into the blockchain without knowing which actual wallet address money was sent to?
Jump to: