Making Monero Hard-to-Trace and More Efficient

Most cryptocurrencies have successfully provided anonymity in a permissionless environment. However, the pattern of transfers is open to publicity. To face this issue, Monero was proposed to provide untraceability from ring signatures by introducing mixins to obfuscate addresses. By temporal analysis, however, the transfer pattern can still be partially revealed in a stochastic approach due to inappropriate selections of mixins. Thereby, each flow of coins can be traced with high probability which disobeys the untraceability principle of Monero. In this work, we propose a hard-to-trace protocol based on Monero where each transaction output is assembled into a fixed ring set. In this way, inappropriate mixins are forbidden, and thereby the temporal analysis is resisted. Apart from the traceability issue, Monero is also challenged due to its growing difficulty of block assembly. To guarantee the privacy, "key images" with a considerable size have to be stored by each miner to verify transactions and assemble blocks. As blockchain grows, the number of key images increases and a significant burden has already been caused, making the block assembly of Monero inefficient to most miners. Aimed at a more practical block assembly, our protocol allows key image truncations to facilitate transaction verifications.