This is the low-level detail of how Monero operates. For a higher level conceptual understanding, please read our article
How Monero's privacy works
. The raw academic papers with full details are linked to on our homepage.
Everyone has a public address, an example of which looks like this: 1EjqMGa5j6JNQDMNXkrRZq7WSmqLRzn9fU
You receive funds at your own public address, and anyone can see what those funds are.
When you want to send funds to someone, they tell you their public address, and you can see what funds they already have stored at that public address.
When you send funds, you announce to the entire Bitcoin network that the funds that you own now belong to the recipient’s public address.
Everyone can see, as a matter of public record that the ownership of funds has moved from your public address to their public address.
Everyone has a public address, an example of which looks like this: 43EH3omZSUYCmJYskCUx2tV5oB5tLVrp58AeMYLrFhcz2umUVQHiHu62nG5CS3mvcfgKHC3fPtq6DHkEbMjqvCAZJW5nw9E
The funds you own will not be associated with your public address, like they would with Bitcoin. This means if you tell someone your public address, they can’t see how rich you are.
When you send funds to someone’s public address, what happens is that you actually send the funds to a randomly created brand new one-time destination address. This means that the public record does not contain any mention that funds were received to the recipient’s public address.
For the same reason, the funds that you are sending were not associated with your own public address either in the public record. Therefore, when you send these funds, the public record will not show that the funds originated from your public address and will not show that the funds were sent to the recipient’s public address.
In Monero, your public address will never appear in the public record of transactions. Instead, a 'stealth address' is recorded in a way that only you, the receipient, can recognize the incoming funds. (see glossary
for more about stealth addresses).
When the recipient checks for funds, they need to scan the Monero blockchain (the public record of all transactions) to see if any transactions are destined for them. The recipient has a secret view key which is used to check each transaction to see if it was addressed to them. Because the recipient is the only one that knows the secret view key, only the recipient can see that funds have been sent to them.
This is why, if you launch your Monero wallet, you will see it ‘scanning’ the blockchain. This is done to check if any transactions have occurred that have you as the recipient. Note that you can give your ‘secret view key’ to others so that they can also see what funds you have received. They will only be able to view the transactions and not make any transactions on your behalf.
So far, we’ve discussed the concept of ‘unlinkability’. This means that received transactions are associated with a one-time address that is not linked to your public address. It also means that two transactions sent to your public address cannot be associated as having the same recipient.
We don't want the sender of a transaction to notice when the recipient of the transaction then spends the funds in a new transaction. Monero solves this problem through the use of ‘ring signatures’.
Ring signatures enable ‘transaction mixing’ to occur. Transaction mixing means that when funds are sent, the sender randomly chooses several other users’ funds to also appear in the transaction as a possible source of the funds being sent. The cryptographical nature of the ring signature means that no one can tell which of the funds were really the source of the transaction – not even the person that gave the funds to the sender in the first place. A system of ‘key images’ associated with each ring signature ensures that although no one can tell the true source of the funds, it can be easily detected if the sender attempts to anonymously send their funds twice.
The number of people that are added to the list of possible senders in a transaction is often referred to as the ‘mixin’ level. Because using a larger mixin level increases the size of the transaction for the Monero network to process, there is a slightly larger fee associated with your transaction if you increase the mixin level. Note that because you may be often included as a possible source of funds every time any transaction is made on the Monero network, no one can tell if you are or are not spending any funds that they sent you. It will look like you’re very busy continuously transacting with people everywhere at all hours of the day and night, even if you’re doing nothing at all!
In addition to providing that no one can tell whom they have received funds from, an extension to the system of ring transactions has been developed known as RingCT. RingCT (Ring Confidential Transactions) went live on 10th January 2017. It hides not only the source of funds being sent, but also hides the amounts of the funds being sent from being visible on the blockchain. This is achieved by applying a mathematical function to all funds such that public observers can see that the transactions are legitmate, but only the sender and receiver can know the actual amounts. This prevents theoretical attacks through blockchain analysis that could otherwise be possible if the real amounts of transactions taking place were a matter of public record.
Finally, project Kovri, which is currently in development, will hide your internet traffic so that passive network monitoring cannot reveal that you are using Monero at all. This is achieved by encrypting all of your Monero traffic and routing it through I2P (Invisible Internet Project) nodes. These nodes pass your messages along and have no visibility over what is in them. They do also not know whether the destination they’re sending your messages to is the final destination or just a waypoint which will further forward your message. Passive listeners can tell you are using I2P, but cannot tell what you are using it for or what destinations you are interacting with.
Monero can even withstand the attack scenario where every exchange is leaking details about
your identity and the funds that you own, and where every vendor has a severe security breach that exposes their wallet.
If you need the absolute highest levels of privacy and are dealing with exchanges that know your identity, you can perform a 'churn'
immediately after withdrawing Monero from an exchange and immediately prior to depositing your received Monero into an exchange.
A 'churn' means sending all of your funds to yourself 12 times over. Since Monero will automatically assign 5 possible sources of funds
for every transaction, your funds will be hidden within a theoretical 5^12 = 244 million other transaction funds, which at the time of writing is
more than 10x the number in existence. It will look like almost every customer of the
compromised exchange could have been transacting with each exposed vendor. This gives you extreme privacy on the blockchain.
In summary: Monero ensures no one can tell where funds came from. No one can tell when they are then spent or whether they have been spent at all. No one can see the amounts of the transactions of others, or even that others are using Monero at all. Everyone appears to be repeatedly transacting with almost everyone else almost all of the time.