Same Tools, Different Trade-offs
Bitcoin, Ethereum, Zcash and Monero side by side: the shared foundation, the Zcash-vs-Monero assumption trade-off, why mandatory privacy matters, and the FCMP++ roadmap.
35 lessons with this tag.
Bitcoin, Ethereum, Zcash and Monero side by side: the shared foundation, the Zcash-vs-Monero assumption trade-off, why mandatory privacy matters, and the FCMP++ roadmap.
Pedersen commitments C = xG + aH, the homomorphic balance check, the overflow loophole, and how Bulletproofs+ prove amounts in range with no trusted setup.
Stealth addresses via ECDH (P = Hs(rA)G + B), ring signatures that hide which key signed, and key images I = x·Hp(P) that stop double-spends without naming the output.
What a transparent transaction reveals, why pseudonymity isn't privacy, the three things a private chain must hide, and the two schools that solve it.
How all blockchain signatures descend from Schnorr, why ECDSA names the spender, and how Monero generalizes one signature into a privacy-preserving ring.
Why Bitcoin and Ethereum use secp256k1, Monero uses Ed25519, and Zcash adds pairing curves — and how the curve choice follows from each chain's goals.
SHA-256 vs Keccak across Bitcoin, Ethereum and Monero, the hash-to-scalar and hash-to-point maps Monero adds, and how hashing becomes commitment.
The four ideas every cryptocurrency is built from — finite fields, groups and the discrete-log problem, one-way hashes, and signatures — and why Monero invents almost no new math.
Capstone: assemble a BTCPay-style payment processor, an instant-swap exchange, and a Cake-style mobile wallet from the building blocks you've learned.
Run it safely in production: hot/cold key separation, confirmations and reorgs, idempotency, monitoring, key management, and testing on stagenet first.
How Cake Wallet and MyMonero work: embedded wallet2 vs a light-wallet server, view-key scanning and view tags, and the security trade-offs of each.
Build the payout side: transfer, transfer_split and sweep_all, fees and priority, locked vs unlocked balance, change outputs, and hot/cold wallet design.
The payment-processor pattern: a fresh subaddress per invoice plus a watch-only (view-key) wallet to detect payments securely, with confirmations and the 10-block lock.
monero-wallet-rpc as a service: accounts and subaddresses, get_balance, create_address, get_transfers, transfer and sweep_all — the engine behind most server integrations.
The daemon's JSON-RPC and legacy endpoints — get_info, get_fee_estimate, get_outs, send_raw_transaction — the read-and-broadcast layer of the chain.
Run your own node for an integration: restricted vs unrestricted daemon RPC, ZMQ push notifications, pruning, auth and Tor, and why you must not trust a remote node.
monerod, monero-wallet-rpc, wallet2 and light-wallet servers — the components every Monero integration is built from, and the three main integration patterns.
Where the protocol is heading: full-chain membership proofs via curve trees that replace ring signatures, the Seraphis transaction protocol, and the Jamtis addressing scheme.
M-of-N key aggregation and its rounds, plus two subtle failure modes every contributor must know — the Janus subaddress-linking attack and the burning bug — and their mitigations.
Generators, the Fiat-Shamir transcript, the weighted inner-product that shrinks the proof, batch verification, and the transaction-weight clawback.
The aggregation coefficients, the domain-separated challenge hashes, and how one ring proves both key ownership and commitment opening — with the round-robin written out.
Why decoys must mimic the real spend-age distribution (a gamma fit), how the selection algorithm works, and the deanonymization that a naive selector causes.
Ed25519 has cofactor 8, so points can carry a torsion component. Why key images must be checked for the prime-order subgroup, the hash-to-point map, and the bugs that ignoring this caused.
The PoW VM that keeps mining on CPUs, plus the dynamic block-weight penalty and the fee formula that derive Monero's adaptive, low fees.
A byte-level tour: inputs with key images, outputs with one-time keys and view tags, ecdhInfo, the range proof, tx_extra, fees and the balance proof.
Hiding amounts with commitments C = aH + xG, the balance equation, and how Bulletproofs+ prove a value is in range without revealing it.
How Monero proves you own one ring member without revealing which — LSAG → MLSAG → CLSAG — and how the key image I = x·Hp(P) stops double spends.
One-time output keys via ECDH: R = rG, P = Hs(rA)G + B, how the receiver recovers the one-time private key, subaddresses, and view tags.
The twisted-Edwards group Monero is built on, scalars mod ℓ, points, and how spend/view keypairs and addresses are actually derived.
The most private way to swap: a peer-to-peer XMR↔BTC trade where no service ever holds your coins or can log you — how it works and its trade-offs.
A practical build: the parts you need, why an SSD matters, and setting up a low-power always-on Monero node yourself.
How blockchain pruning works, what it keeps and drops, when to prune, and how to run a pruned node that still fully validates.
Read the Monero network live — current transaction fees, block reward, difficulty and the total circulating supply — straight from your node or a block explorer.
Open your node to the world: configure monerod as a public RPC node, serve it over Tor and clearnet, and help the community without risking your own privacy.
Advanced: run your own self-hosted BTCPay Server to accept Monero payments directly — no processor, no middleman, full self-custody.
🎓 Graduate from Monero Academy
Create a free account, ace every quiz across all courses, and earn your place on the Graduates wall — with your own Monero address for donations. An account also tracks your progress through the courses, and graduating is the prize for finishing.