Monero’s Triptych Research Could Vastly Improve its Anonymity

The Monero Research Lab (MRL) releases Triptych on the 6th of January proposing trustless logarithmic-size ring signatures. As Monero’s core anonymity mechanism, research aimed at decreasing their size could improve the coin’s privacy significantly.

Monero (XMR) is a privacy coin that uses several distinct mechanisms to obfuscate parts of a transaction. The primary line of defense against transaction tracing comes from ring signatures. These work by aggregating a sender’s true coins with a set of decoys picked semi-randomly from other points in the blockchain. There are currently 10 decoys by default to any transaction. A certain amount has been fixed for all users since late 2018.

Monero Remote Nodes to Verify Transactions

Triptych’s primary innovation is making the byte size of ring signatures scale logarithmically with the number of decoys, instead of linearly. This would allow a dramatic increase in ring size without major performance issues. Despite being a major innovation, verification time for ring signatures remains linear. Increasing size too much could overwhelm Monero remote nodes that have to verify transactions.

According to a Reddit thread, MRL member Sarang Noether theorized that verification time would amount to about 45 ms for a standard Monero transaction with 511 decoys. According to preliminary tests, this is comparable to verification times currently implemented in Monero while increasing the number of decoys by an order of magnitude.

Nevertheless, Tryptych is a preprint paper that has yet to undergo peer review. When Cointelegraph asks about a possible time table of its live implementation, Noether replied:

He can’t reasonably speculate on the likelihood of projects implemented Tryptych, since it’s still early work that hasn’t undergone any formal review.

Noether has also teased an even better version of Triptych. It would allow for signing with multiple keys in the same proof while also directly including a balance test. As a result, it will lead to even smaller overall transactions. However, this new approach requires more research due to roadblocks posed by unspecified technical questions.

Ongoing Work to Increase Anonymity

Monero’s small ring sizes have often been a target of criticism by the community.  A report published in 2017 at Cointelegraph claims that some transactions can be fully de-anonymized. The practice of churning – sending transactions to oneself – within the Monero community recommends increased privacy.

Research efforts in this direction have produced solutions such as Omniring, Lelantus, and RingCT 3.0. Though Noether highlighted that all of these options feature different tradeoffs and security models, he emphasized the importance of this work:

Being able to increase the size of the input anonymity set in a big way would be a great step in the right direction.

What do you guys think about this? Do let us know!