Finished the course? Test what you learned. Take the quiz →

Same Tools, Different Trade-offs

Bitcoin, Ethereum, Zcash and Monero side by side: the shared foundation, the Zcash-vs-Monero assumption trade-off, why mandatory privacy matters, and the FCMP++ roadmap.

We started with a claim: every major cryptocurrency is built from the same mathematical skeleton, and Monero is a particular arrangement of those bones aimed at privacy. Now we make that explicit by laying Bitcoin, Ethereum, Zcash and Monero side by side — same toolkit, different choices — and weighing what each gains and gives up. This is the synthesis that turns a pile of equations into a worldview about how private money is engineered.

The Shared Foundation, One More Time

Strip each chain to its math and the overlap is enormous. All four rely on:

  • Finite-field arithmetic — every operation happens modulo a large prime.
  • The discrete-logarithm problem on an elliptic curve — the one-way trapdoor that makes a public key safe to publish.
  • Cryptographic hashing — for chaining blocks, deriving keys, and committing to data.
  • Schnorr-family signatures — the commit-challenge-respond proof of key ownership, made non-interactive by Fiat–Shamir.

If you understand those four, you understand the load-bearing math of the entire industry. The rest is configuration.

The Comparison Table

                Bitcoin        Ethereum       Zcash (shielded)     Monero
Curve           secp256k1      secp256k1      BLS12-381 + JubJub   Ed25519
Signature       ECDSA          ECDSA          (in zk-SNARK)        CLSAG ring sig
Hash            SHA-256        Keccak-256     BLAKE2 / Pedersen    Keccak
Sender          public         public         hidden (SNARK)       hidden (ring + key image)
Receiver        public addr    public addr    hidden (SNARK)       hidden (stealth addr)
Amount          public         public         hidden (SNARK)       hidden (Pedersen + BP+)
Privacy         pseudonymous   pseudonymous   optional             mandatory
Trusted setup   none           none           historically yes     none
Extra assumption  ECDLP        ECDLP          pairings + knowledge ECDLP

Read the columns as design statements. Bitcoin and Ethereum chose auditability. Zcash and Monero chose privacy, but reached it by different mathematical roads.

The Central Trade-off: Assumptions vs. Power

The sharpest contrast is Zcash versus Monero, because they want the same thing — hide sender, receiver and amount — yet bet differently:

  • Zcash uses zk-SNARKs: one succinct proof that the whole transaction is valid. Upside — tiny proofs, total flexibility. Downside — it leans on pairing-based cryptography and "knowledge" assumptions, and its early systems needed a trusted setup whose leaked secret would allow undetectable counterfeiting. Privacy is also opt-in, shrinking the real anonymity set.
  • Monero composes classical primitives: ring signatures, stealth addresses, Pedersen commitments, Bulletproofs+. Upside — only the plain discrete-log assumption, no trusted setup, and privacy is mandatory so everyone is a decoy for everyone else. Downside — larger transactions and a finite (though growing) anonymity set per ring.

"More powerful proof system" and "fewer things you must trust" pull in opposite directions. There's no free lunch — only an honest choice about which risks you'd rather carry.

Why Monero's Combination Is Distinctive

No single Monero primitive is unique — ring signatures, ECDH addresses and Pedersen commitments all predate it. What's distinctive is the insistence: combine all three, with conservative assumptions, with no trusted setup, and turn them on for every transaction by default. That last decision is as important as any equation. Privacy is a crowd phenomenon; a strong proof used by a handful of people gives weak anonymity, while a modest proof used by everyone gives strong anonymity. Monero optimizes for the crowd. It's a thesis as much as a protocol: get privacy from well-understood math, demand it of everyone, and trust no one's secret ceremony.

Where the Math Is Heading

None of this is frozen. Monero's research roadmap — Seraphis, Jamtis, and Full-Chain Membership Proofs (FCMP++) — aims to replace the fixed-size ring with a proof that your output is one of the entire set of chain outputs, making the anonymity set the whole blockchain instead of a handful of decoys. It does this with curve-tree (Merkle-like) commitments and modern proof systems, while still avoiding trusted setup. The toolkit keeps the same foundation — curves, hashes, commitments, the discrete log — but the arrangement keeps getting sharper. That's the throughline of this course: the math is shared and remarkably stable; the genius is in how you compose it.

What You Should Walk Away With

You can now look at any cryptocurrency and ask the right questions: which curve, which signature, which hash, and — the privacy question — which of sender, receiver and amount does it reveal, and by what math does it hide the rest? You've seen that Monero invents almost no new primitives and instead re-points the universal toolkit from "reveal and audit" to "prove and conceal." If you want the byte-level mechanics of these constructions, continue into Monero Internals: Cryptography & Protocol Deep Dive. You now have the mathematical map of the entire territory.

Comments

Log in or create a free account to comment.

No comments yet — be the first.

🎓 Graduate from Monero Academy

Create a free account, ace every quiz across all courses, and earn your place on the Graduates wall — with your own Monero address for donations. An account also tracks your progress through the courses, and graduating is the prize for finishing.