Blockchain Semantics Insights

Business Case |  Deep Tech |  Announcements |  Blockchain Glossary | 
Blockchain Semantics Blog How Monero Uses Ring Signature?

How Monero Uses Ring Signature?

By Abhishek Singh | July 16, 2018, 2 p.m. GMT

Before we begin to understand this, we need to find out more about ring signatures. A ring signature is a digital signature that deals with sending an anonymous message. In a ring signature, there is a group of singers and a message transferred from that group can be signed by any member of the group. The advantage of the ring signature is that anonymity cannot be revoked and any members can be used to form a group, without any overhead. It was invented by Ron Rivest, Adi Shamir, and Yael Taumen.

Monero uses ring signatures to hide the sender’s details, using a set of key, private and public. So, if Alice wants to send some Monero to Bob, so she will ask Bob for his public key. However, like other Blockchains, Alice won’t use Bob’s public key to send funds; she would generate a one-time public key for Bob and will send funds to that public key. This is how Bob’s identity is protected. Now, coming to Alice’s identity. Alice will generate a one-time private key from the output transaction which was sent to the one-time public key of Alice.


How does Alice generate the one-time private key?

This is how smart contracts self-execute transactions without knowing a user’s private key. Alice requires 3 things to generate a one-time private key:

  1. A - Extra(1)
  2. B- TxOutNumber(2)
  3. C- Alice’s private key(3)
  4. Put together, these three will generate a one-time private key for Alice(4)
  5. Now, Alice can generate a one-time public key for Bob(9)


  1. A- The transaction public key (6) generated using a random number generator (5)
  2. B–TxOutNumber(7)
  3. C- Bob’s private key(8)
  4. If the ring signature size is 5, using a triangular distribution method, 4 different output transaction will be used as inputs for this transaction, including Alice’s transaction.
  5. After selection, the one-time public key of the transaction is taken out(10).
  6. Using the one-time private key Alice will generate a key image (11).
  7. The usage of the key image will be discussed later.
  8. Now, all 5 one-time public keys(13), Alice’s one-time private key of Alice(12), and the key image(14) will be sent for a ring signature and will be stored in transaction suffix(15).

Now what has happened here is, for a third party, a user won’t know which input is used for transacting. This can create an issue because if nobody knows which input transaction is used, then one can double-spend by reusing it. To prevent this, a key image is used. This key image is derived from the one-time private key. Since every one-time private key is unique, the key image is also unique and a list of key images is stored in the miners’ system. If a key image appears more than once, the transaction won’t be accepted.

If you liked the post, give it a   0
Apply for Blockchain Jobs

Course 1

Introduction to
Blockchain and Bitcoin

Course 2

Developing Decentralized
Applications on Ethereum
Using Solidity

Course 3

Investing In Bitcoin
and Cryptocurrencies


Be the first to comment.