CryptoNote Explained

What problem CryptoNote solves

Bitcoin and most early cryptocurrencies are transparent by design. Every transaction is publicly visible — the sender's address, the receiver's address, and the amount. This is useful for verification but terrible for privacy. Anyone can analyze the chain and reconstruct who paid whom, when, and how much.

CryptoNote, specified in 2013, is the answer to that. It introduces cryptographic primitives that hide the sender, hide the receiver, and (with later refinements) hide the amount. The result is a chain where transactions are verifiable but not traceable.

The three core ideas

Ring signatures. Instead of signing a transaction with your private key alone, you sign with a "ring" of public keys — yours plus a set of decoys taken from other recent transaction outputs. A verifier can confirm that exactly one of the ring members signed, but not which one. To an outside observer, your transaction's sender is one of many possible candidates. The larger the ring, the larger the anonymity set.

Stealth addresses. Each transaction is sent to a one-time address derived from the receiver's public key plus a random nonce. Only the receiver (using their private view key) can recognize that this transaction is for them. To anyone else, the destination looks unrelated to the receiver's known address. Receivers' addresses do not appear as a static identifier on the chain.

The UTXO model. Each transaction consumes prior outputs and produces new outputs. There is no concept of "an account with a balance." This makes it harder to link transactions over time — there is no persistent account identity to track.

Together, these mean: you cannot tell who sent a transaction (ring obscures sender), who received it (stealth address obscures receiver), and how the various outputs relate to each other.

What CryptoNote did NOT originally hide

The original CryptoNote specification (2013) hid sender and receiver but left transaction amounts visible. Later refinements added amount hiding through Pedersen commitments and range proofs.

Monero added "RingCT" in 2017, hiding amounts. Zano uses Bulletproofs+ (a more efficient range proof construction) for the same purpose. Modern CryptoNote-derived chains hide all three: sender, receiver, amount.

What CryptoNote does NOT hide

Even with all three hidden, CryptoNote does not protect against everything:

• Network-level analysis (your IP). When your wallet broadcasts a transaction, the network sees your IP unless you use Tor or VPN.
• Timing analysis. If you make a payment and the receiver's known address shows activity shortly after, timing correlation can leak information.
• Endpoint compromise. If your wallet device is compromised, the keys can be extracted regardless of chain-level privacy.
• External linkage. If you receive ZANO from a KYC'd exchange and immediately send it to an address you publicly own, the KYC linkage flows through.

CryptoNote provides chain-level transaction privacy. Operational privacy requires layering — Tor / VPN, careful key handling, attention to KYC trails.

Why this matters for Zano

Zano descends from CryptoNote and adds protocol extensions: Confidential Assets (extending privacy to tokens), Zarcanum (hiding staked amounts), aliases (human-readable identifiers). The base layer of privacy is CryptoNote-derived; the extensions are Zano-specific.

If you understand CryptoNote, you understand most of what makes Zano private.

Related

• What is Zano
• About the Zano blockchain
• Is Bitcoin traceable?
• Features