How Monero Works — Privacy Tech Explained

Updated March 2026 · By arnoldnakamura · 683 trades, 454 partners, 100% feedback

TL;DR: Monero uses four privacy technologies working together: ring signatures hide who sent a transaction, stealth addresses hide who received it, RingCT hides the amount, and Dandelion++ hides your IP address. All four are mandatory for every transaction. A fifth layer, FCMP++, is coming in 2026 to replace ring signatures with full-chain membership proofs.

The Four Layers of Monero Privacy

Bitcoin is transparent. Every transaction shows sender, receiver, and amount on a public ledger. Monero takes the opposite approach: privacy is the default for every transaction.

This isn't a single trick. Monero combines four distinct cryptographic technologies, each hiding a different piece of information:

Ring Signatures
Hide sender
+
Stealth Addresses
Hide receiver
+
RingCT
Hide amount
+
Dandelion++
Hide IP
1

Ring Signatures — Hiding the Sender

Protects: Who sent the transaction

When you spend Monero, your wallet doesn't just broadcast "arnoldnakamura sent 1 XMR." Instead, it creates a ring signature that mixes your real transaction input with decoy inputs pulled from the blockchain.

Since August 2024, Monero uses a ring size of 16 — meaning 1 real input + 15 decoys. An observer sees 16 possible senders but cannot determine which one actually authorized the transaction.

Think of it like a sealed ballot box. 16 people put a ballot in, but only one wrote on theirs. You can see 16 ballots went in. You can't tell which one has the writing.

The decoys are selected using a sophisticated algorithm that mimics realistic spending patterns (the "gamma distribution"), so statistical analysis can't easily distinguish real inputs from decoys.

2

Stealth Addresses — Hiding the Receiver

Protects: Who received the transaction

You publish one Monero address, but every payment you receive goes to a unique one-time address on the blockchain. This stealth address is derived from the sender's random data + your public key using Diffie-Hellman key exchange.

Only you (with your private view key) can scan the blockchain and determine that a particular output belongs to you. No outside observer can link two payments to the same wallet.

Like having a PO box that generates a new, unlabeled slot for every letter. The mailman puts letters in different slots, and only you have the master key to open all of them.

This is why Monero wallets need to "sync" — they're scanning every new transaction to check if any stealth addresses match your keys.

3

RingCT — Hiding the Amount

Protects: How much was transacted

Ring Confidential Transactions (RingCT) hide the amount of every transaction using Pedersen commitments. The network can verify that inputs equal outputs (preventing inflation) without ever seeing the actual numbers.

The math relies on the homomorphic property of elliptic curve commitments: Commit(a) + Commit(b) = Commit(a + b). Miners verify the equation balances without knowing a or b.

Since 2022, Monero uses Bulletproofs+ — a zero-knowledge range proof that verifies amounts are positive (preventing someone from creating coins out of thin air) while keeping the proof compact (~0.7 KB per output).

Imagine a balance scale behind a curtain. You can see the scale is balanced (inputs = outputs), but you can't see the weights on either side.
4

Dandelion++ — Hiding Your IP

Protects: Which computer originated the transaction

Without Dandelion++, when you broadcast a transaction, your node sends it to all connected peers simultaneously. A surveillance node connected to many peers could correlate timing to identify the originating IP.

Dandelion++ splits propagation into two phases:

  1. Stem phase: Your transaction hops through 1-3 random nodes in a chain (one-to-one). Each node either forwards to the next stem or transitions to fluff.
  2. Fluff phase: Standard broadcast to all peers. By this point, the transaction appears to originate from a random node, not yours.
Like passing a note through a crowd. You hand it to one person, who hands it to another, who finally reads it aloud. The crowd hears the message but can't tell who wrote it.

For additional IP protection, you can run Monero over Tor or I2P. The Monero daemon has native support for both.

5

FCMP++ — The Future (Coming 2026)

Upgrade: Full-Chain Membership Proofs

FCMP++ (Full-Chain Membership Proofs) is the biggest privacy upgrade since RingCT. Instead of mixing your input with 15 decoys, FCMP++ proves your input belongs to the entire set of all Monero outputs — without revealing which one.

This eliminates the ring size limitation entirely. With ring size 16, a sophisticated attacker with auxiliary information might narrow down the real input. With FCMP++, the anonymity set is every output that has ever existed on the blockchain — currently 100+ million outputs.

The upgrade uses Curve Trees — a novel cryptographic construction that enables efficient membership proofs over the full UTXO set. Transaction sizes remain practical (~2.5 KB, slightly larger than current).

Impact: FCMP++ will make Monero's sender privacy equivalent to a zero-knowledge proof over the entire blockchain. This is the gold standard — no other cryptocurrency achieves this level of sender anonymity with mandatory privacy.

How a Monero Transaction Actually Works

When you send Monero, here's what happens step by step:

1. Wallet selects
real input + 15 decoys
2. Generates stealth
address for receiver
3. RingCT hides
the amount
4. Dandelion++ hides
your IP on broadcast

The result: a transaction where nobody — not miners, not blockchain analysts, not governments — can determine who sent what to whom.

Monero vs Bitcoin: Privacy Comparison

What's Hidden?BitcoinMonero
Sender identityVisible (address on chain)Hidden (ring signatures)
Receiver identityVisible (address on chain)Hidden (stealth addresses)
Transaction amountVisible (plain text)Hidden (RingCT)
IP addressExposed to peersObscured (Dandelion++)
BalanceVisible (sum UTXOs)Hidden (encrypted)
Transaction graphFully traceableAmbiguous (decoys)
Privacy opt-inOptional (rarely used)Mandatory (always on)

The Mining Algorithm: RandomX

Monero uses RandomX, a proof-of-work algorithm designed to be efficient on consumer CPUs and resist ASIC/GPU optimization. This keeps mining accessible to regular people and prevents hardware centralization.

RandomX executes random programs in a virtual machine, leveraging CPU features (branch prediction, cache, out-of-order execution) that are hard to replicate in custom hardware. The result: your laptop can meaningfully contribute to Monero mining, which isn't true for Bitcoin or Ethereum (pre-merge).

Key Technical Specs

PropertyValue
Block time~2 minutes
Ring size16 (1 real + 15 decoys)
EmissionTail emission: 0.6 XMR/block forever
Max supplyNo hard cap (tail emission creates ~0.86%/year inflation, decreasing)
Mining algorithmRandomX (CPU-optimized)
Transaction size~1.5 KB (with Bulletproofs+)
Average fee~$0.001 per transaction
Confirmation time~2 min (1 block), 20 min (10 blocks for exchanges)
ProtocolCryptoNote (heavily modified)
Dynamic block sizeAdjusts automatically based on demand

Why "Privacy by Default" Matters

Zcash has shielded transactions. Bitcoin has CoinJoin. So why does Monero's approach work better?

The anonymity set problem: If privacy is optional, most people don't use it. When only 5% of transactions are private (as with Zcash shielded), those 5% are automatically suspicious. With Monero, 100% of transactions look identical — there's no "private" vs "transparent" distinction. The anonymity set is every transaction on the blockchain.

This is why Monero is the only cryptocurrency widely accepted on privacy-sensitive platforms. Optional privacy is an oxymoron — the mere act of choosing privacy makes you stand out.

Common Misconceptions

"Monero was cracked by CipherTrace/Chainalysis"

No. These companies have probabilistic heuristics that can sometimes narrow down the real input in a ring (especially for transactions before ring size 16). They cannot decrypt stealth addresses, amounts, or break the cryptography. With FCMP++, even the ring heuristics become irrelevant. See: Can Monero Be Traced?

"Monero is only for criminals"

Privacy is a human right, recognized by GDPR, the UN Declaration of Human Rights (Article 12), and basic financial dignity. Cash is private. Monero extends the same property to digital payments. See: Monero vs Cash

"Monero's supply can't be audited"

Monero's supply IS auditable — through cryptographic verification. Every node independently verifies that RingCT proofs balance (inputs = outputs + fee). If someone created coins from nothing, the proof would fail and the network would reject the transaction. It's not visible to the human eye, but it's mathematically verifiable by every node.

Ready to Use Monero?

Now that you know how it works — set up a wallet, buy XMR without KYC, or trade with arnoldnakamura (Cash by Mail EU-wide, Face-to-Face SW Germany).

Telegram: @arnoldnakamura

Related Guides

What Is Monero? Monero Privacy Explained Monero FCMP++ Can Monero Be Traced? Is Monero Anonymous? Monero for Beginners Monero vs Bitcoin Monero vs Zcash How to Mine Monero Monero Wallet Setup Transaction Fees Tail Emission Run a Monero Node Monero Multisig Best Privacy Coin 2026 Monero vs Cash Privacy Coin Regulation Buy Monero Without KYC Monero Atomic Swaps Monero Roadmap Monero Ring Signatures Monero Cold Storage Monero vs Bitcoin Cash Monero Debit Card Monero vs Solana History of Monero Monero Seed Phrase Stealth Addresses Monero View Key Monero vs Cardano Confirmations Inflation Rate Subaddresses Explained Monero + Tor Guide Dandelion++ RingCT Explained Address Types Transaction Time RandomX Explained Monero on Tails Block Explorer Proof of Work Monero vs Firo