Next lesson →

Where the Math Diverges: Transparent vs Private

What a transparent transaction reveals, why pseudonymity isn't privacy, the three things a private chain must hide, and the two schools that solve it.

We've assembled the shared toolkit: finite fields, elliptic curves, hashes and signatures. Now comes the fork in the road. Using identical mathematics, two chains can produce opposite outcomes — a fully public ledger or a fully private one. This lesson pins down exactly what a transparent chain reveals, why that revelation is mathematically baked in, and what specific things a private chain has to hide to undo it. It's the bridge between "how all crypto works" and "how Monero works."

What a Transparent Transaction Publishes

On Bitcoin or Ethereum, a transaction is an open record. Anyone with a copy of the chain can read three things directly off it:

  • The sender — the input references a previous output whose public key (or address derived from it) is right there. The signature names that key.
  • The receiver — the output specifies the destination address in the clear.
  • The amount — the value moved is a plain integer in the transaction.

None of this is a leak or a bug. It is the design: a transparent ledger is auditable precisely because everyone can recompute the balances. The math we covered makes it so — an ECDSA signature must be checked against a named key, and a transparent amount must be visible for nodes to verify that inputs equal outputs.

Pseudonymity Is Not Privacy

Bitcoiners often counter that addresses are "just random-looking strings," not names. True — but the ledger is a permanent, public graph of who-paid-whom-how-much. Chain-analysis firms cluster addresses by common-input heuristics, link them to exchanges' KYC records, and de-anonymize users at scale. Because every amount is visible, even the sizes of payments are fingerprints. Pseudonymity buys you a thin disguise that statistical analysis peels off. The transparency is structural, so no amount of address-rotation fully fixes it.

The Three Things Privacy Must Hide

So a private chain's job is precise. To break the public transaction graph it must conceal exactly the three facts a transparent chain reveals:

  • Who sent — hide which prior output is being spent.
  • Who received — hide which address the funds landed on.
  • How much — hide the amount, while still proving no coins were created from thin air.

And it must do all three without a trusted referee, because a blockchain has none. Every node must be able to verify the transaction is valid — balanced, properly authorized, not a double-spend — using only public data and zero knowledge of the hidden facts. That tension, "verify everything while revealing nothing," is the entire technical challenge of private money.

Two Schools of Solution

The industry split into two broad approaches, and the difference is instructive:

  • Zero-knowledge proofs (Zcash). Wrap the whole transaction in a zk-SNARK that proves "this spend is valid" while revealing nothing. Powerful and compact, but historically required a trusted setup ceremony (toxic waste that, if leaked, allows undetectable counterfeiting) and rests on heavier cryptographic assumptions like pairings. It's also opt-in, so much of Zcash's volume stays transparent.
  • Composed classical primitives (Monero). Don't invent one giant proof — instead stitch together ring signatures (hide sender), stealth addresses (hide receiver), and Pedersen commitments with range proofs (hide amount), each built from the ordinary discrete-log math we already covered. No trusted setup, conservative assumptions, and privacy is mandatory for every transaction, which keeps the anonymity set healthy.

Why "Private by Default" Is a Math Decision Too

An underrated point: privacy isn't just about the per-transaction math, it's about who participates. If only a few users hide, they stand out — a small anonymity set is weak no matter how strong the cryptography. Monero makes every transaction private, so every output is a plausible decoy for every other, and the crowd you hide in is the entire user base. Zcash's optional shielding means its effective anonymity set is only the shielded subset. The same cryptography is far stronger when the protocol forces everyone to use it. Privacy is partly a network-effect property, not only an equation.

Where We Go Next

We now have the map. The next two lessons walk the three hiding problems one at a time, showing the exact arithmetic Monero uses: first hiding the sender and receiver with stealth addresses and ring signatures, then hiding the amount with commitments and range proofs. Watch how each one is just the shared toolkit, re-aimed from "reveal" to "conceal."

Comments

Log in or create a free account to comment.

No comments yet — be the first.

🎓 Graduate from Monero Academy

Create a free account, ace every quiz across all courses, and earn your place on the Graduates wall — with your own Monero address for donations. An account also tracks your progress through the courses, and graduating is the prize for finishing.