The Roadmap: Seraphis, Jamtis & FCMP++
Where the protocol is heading: full-chain membership proofs via curve trees that replace ring signatures, the Seraphis transaction protocol, and the Jamtis addressing scheme.
#advanced
18 lessons with this tag.
Multisig, the Janus Attack & the Burning Bug
M-of-N key aggregation and its rounds, plus two subtle failure modes every contributor must know — the Janus subaddress-linking attack and the burning bug — and their mitigations.
Bulletproofs+: The Weighted Inner-Product Argument
Generators, the Fiat-Shamir transcript, the weighted inner-product that shrinks the proof, batch verification, and the transaction-weight clawback.
CLSAG: Exact Construction & Domain Separation
The aggregation coefficients, the domain-separated challenge hashes, and how one ring proves both key ownership and commitment opening — with the round-robin written out.
Decoy Selection & the Output Distribution
Why decoys must mimic the real spend-age distribution (a gamma fit), how the selection algorithm works, and the deanonymization that a naive selector causes.
Cofactor 8 & Point Validation
Ed25519 has cofactor 8, so points can carry a torsion component. Why key images must be checked for the prime-order subgroup, the hash-to-point map, and the bugs that ignoring this caused.
RandomX, Block Weight & the Fee Algorithm
The PoW VM that keeps mining on CPUs, plus the dynamic block-weight penalty and the fee formula that derive Monero's adaptive, low fees.
Anatomy of a Monero Transaction
A byte-level tour: inputs with key images, outputs with one-time keys and view tags, ecdhInfo, the range proof, tx_extra, fees and the balance proof.
RingCT, Pedersen Commitments & Bulletproofs+
Hiding amounts with commitments C = aH + xG, the balance equation, and how Bulletproofs+ prove a value is in range without revealing it.
CLSAG Ring Signatures & Key Images
How Monero proves you own one ring member without revealing which — LSAG → MLSAG → CLSAG — and how the key image I = x·Hp(P) stops double spends.
Stealth Addresses: The Math
One-time output keys via ECDH: R = rG, P = Hs(rA)G + B, how the receiver recovers the one-time private key, subaddresses, and view tags.
The Curve: Ed25519 & Monero's Keys
The twisted-Edwards group Monero is built on, scalars mod ℓ, points, and how spend/view keypairs and addresses are actually derived.
Atomic Swaps: Trustless XMR↔BTC
The most private way to swap: a peer-to-peer XMR↔BTC trade where no service ever holds your coins or can log you — how it works and its trade-offs.
Build Your Own Node on a Raspberry Pi
A practical build: the parts you need, why an SSD matters, and setting up a low-power always-on Monero node yourself.
Node Pruning Explained
How blockchain pruning works, what it keeps and drops, when to prune, and how to run a pruned node that still fully validates.
Checking Network Stats: Fees & Supply
Read the Monero network live — current transaction fees, block reward, difficulty and the total circulating supply — straight from your node or a block explorer.
Running a Public Remote Node
Open your node to the world: configure monerod as a public RPC node, serve it over Tor and clearnet, and help the community without risking your own privacy.
Accepting Monero with BTCPay Server
Advanced: run your own self-hosted BTCPay Server to accept Monero payments directly — no processor, no middleman, full self-custody.