With cryptocurrency, money exists in a publicly verified record as 'Unspent Transaction Outputs,' each with a unique serial number, and hard-to-counterfeit cryptographic properties. All transaction verifications happen in real-time within seconds. Exactly how does MobileCoin enable this to happen so quickly between two smartphones? The principles are simple, even if the tech is wildly complex. Let's dive in.
Imagine you are setting up your own lemonade stand with your younger brother. You ask your parents to provide the lemons and cups, and you make the lemonade, with only a little help from your sibling. Next you set up your stand on the sidewalk in front of your house. You make a sign: "One Cup of Lemonade for 50 cents." Your first customer appears. Alice walks by your lemonade stand and says she would like to purchase a cup of lemonade. You tell her the price is 50 cents. To your surprise, Alice hands you a bag of 50 pennies. As you count each penny quietly in your head, your younger brother watches and counts each penny loudly, to show everyone that he can count too. You lose your count, so you call your parents over to confirm the amount is correct. Alice waits patiently while both you and your parents count all 50 pennies, and you hand Alice a cup of fresh ice cold lemonade. The verification that the pennies were indeed a U.S. currency had to occur ahead of time before Alice could spend her pennies at your lemonade stand. Once the pennies are in the jar, you can no longer tell which pennies were from Alice, and which pennies were from other customers. You remember how many pennies you received, but you can't go back and count them again.
MobileCoin is electronic cash, so instead of pennies or dollar bills, the transaction requires payment from someone using a "wallet" app on their smartphone. Let's say Bob wants to buy concert tickets from Alice for $20. He opens the Signal messaging app on his phone, now with a built-in MobileCoin wallet. Bob goes to "Settings" to find "Signal Payments" where he can check his balance. Bob has enough money in his MobileCoin wallet, so he finds Alice in his list of contacts, and sends $20 to Alice. Only instead of sending U.S. Dollars (USD), Bob sends Alice the equivalent of $20 in MobileCoin (MOB). Alice gets a notification on her phone, "Bob sent you $20 worth of MOB." Alice hands Bob the concert tickets (or sends them via email). Alice and Bob are the only two people who are able to see that this transaction was completed.
Behind the scenes, this payment is broadcast from Bob's phone over the internet to the validator nodes on the MobileCoin blockchain network. Validator nodes are servers on the internet run by independent organizations. Every validator node in the network agrees on the details of the transaction, and the valid transaction is recorded with other transactions in a "block." The block is signed and sealed, with all the validators agreeing to store the block, forever. Inside this block is the transaction that proves Alice received the $20 of MOB from Bob. The block is added to the blockchain, and all the validators have a copy of all the blocks. The blocks cannot be altered by one validator, at least not without the other validators knowing. Bob's Signal wallet is checking the blockchain to see that the payment went through, and as soon as it does, his phone updates with a message "Payment successful." Bob's Signal wallet also sent a digital receipt to Alice with the proof that it was him that paid her. Alice's balance also updates on her phone, and she sees the notification on her phone. And all of this took mere seconds.
The life of a MOB transaction on a smartphone in a messaging app.
You already use payment apps like Venmo, PayPal or Cash App, and there are many apps that let you buy, sell, and send cryptocurrency. There are so many cryptocurrencies, and they all have fees to send money. Why would someone consider using a cryptocurrency for payments? Here are our top three reasons you should consider using MobileCoin.
The first reason? Payment apps, like Venmo and PayPal, have access to your payment habits, which they sell to advertisers who want to better target you with marketing campaigns. If you don't switch to private mode on Venmo, your Venmo payments are visible to everyone - and their mother. You might switch to private mode if you are donating money to religious or political organizations, buying medical prescriptions, on a date, or buying drinks at casinos. Even in private mode, Venmo has access to your financial information and can use it for offers, advertising, search results, or anything else covered in their terms & conditions.
The second reason? You can take advantage of the best feature of cryptocurrency -- you can actually have self-custody of your money. Self-custody means you can buy, sell, store, or lend crypto-currency -- with MobileCoin's digital wallets. Payment apps like Venmo previously don't allow you to self-custody your wallet. You don't actually have access to the private keys to your money.
The third reason? MobileCoin's digital wallet on messaging apps makes it easy to use cryptocurrency, while ensuring your MOB is secure. With cryptocurrency exchanges becoming ubiquitous around the world, including FTX, Binance, and BitFinex, you are able to buy MOB and transfer it to your digital wallet. And your crypto is safe, even if you lose your phone or change your phone number. For example, Signal requires a PIN to regain access to your transactions where a QR Code is generated for each account. In addition, a 24-word recovery phrase, unique to you, enables you to unlock your data.
With MobileCoin's digital wallet, your transactions are completely private and secure. Using cryptography, your transaction payment history is kept private from the operators of MobileCoin and the messaging apps, like Signal, as well as any third-party organizations. A record exists that something occurred on the blockchain, but all of the participant information in the transaction and the amounts are encrypted. Only you and the person with whom you transacted knows what occurred. When you look at other cryptocurrencies, the addresses and amounts of all transactions are publically available on their blockchain ledgers. This means once someone knows your address, all your transactions -- past and future -- are fully available for them to see. MobileCoin is a different kind of cryptocurrency than others because of its end-to-end encryption features. With MOB, all senders, receivers, and amounts are private, and the user is empowered to own their own data.
Bob already has the Signal app, a cross-platform centralized encrypted instant messaging service that lets him share text, voice messages, photos, videos, gifs, and files. Bob can send and receive payments in the Signal app. What if Alice doesn't have Signal installed on her phone? She can just download the app and activate Payments in Signal.
When Alice creates her digital wallet, the cryptography behind the scenes creates a pair of private keys that she can use to view and spend her funds. These keys are her private credentials for interacting with her balance and they never leave her wallet and never appear on the blockchain. When she wants to receive MOB from Bob or someone else, her public address is generated from her private keys. This functionality occurs behind the scenes, which makes sending and receiving MOB so easy.
For Bob to send MOB, he needs to have already added cryptocurrency to his digital wallet. To add funds, Bob can send MOB to his wallet's public address from an Exchange. Bob must have an account set up on an Exchange that supports MobileCoin, then he can scan the QR code or copy his public wallet address and follow the Exchange's instructions to send money to his digital wallet.
We added a layer of security and privacy at this point in the life of a transaction called one-time addresses. This RingCT technology, which is an application layer protocol that combines ring signatures and Pedersen Commitments, allows Bob to generate a one-time address from Alice's public address. This is the value that will appear as the address of the output on the blockchain and reveals nothing about Alice's public or private credentials. Again, this happens behind the scenes.
Another layer of security we added is Ring Signatures, which maintain the sender's (Bob's) privacy. About 11 different outputs are pulled from the ledger as decoys. They are all grouped together in a ring that Bob signs, which means he owns one of the outputs. Because we had to avoid double spending the same coin, we added a key image, or a unique tag, to the ring. If that key image has never appeared in the ledger before, then the real source of a ring signature transaction has never been spent before.
To conceal the amounts, we added a level of security called confidential amounts, or Pederson Commitments, which are a confidential way of representing a value. This confidentiality ensures the amount of the MOB is not listed on the blockchain. However, Alice can see the amount sent to her by applying her own private credentials. She can see that this particular coin is addressed to her and that the amount is $20 worth of MOB.
Arrows allow the user to switch between the cryptocurrency value of MOB and the related amount of U.S. dollars.
Once a transaction has been completed, the digital wallet displays the amount transacted, as well as notes on the transaction. Although the transaction just took under five seconds, layers of digital security occurred behind the scenes. The next section explains the cryptography included in the transaction, as well as the hardware levels of security that take place for the life of a transaction.
At the core of a MobileCoin transaction is cryptography, from elliptic curves underpinning various means of encryption, to the hashing algorithms at the heart of the merkle tree data structure that provides the "chain" aspect of the blockchain. In the ELI5 series, we previously covered the MobileCoin blockchain and MobileCoin Fog, which are the technologies we developed to reduce security risks and improve speed of transactions. In this article, we focus on cryptography, or more specifically, Elliptic Curve Cryptography (ECC), which generates security by using the mathematics of elliptic curves, as well as the benefits of secure enclave hardware for minimizing security leakage.
Similar to the Rivest-Shamir-Adleman (RSA) algorithm, ECC, a type of mathematics that underpins a whole class of asymmetric algorithms, uses public and private keys that are mathematically linked to encrypt and decrypt information. This elliptic curve is a set of points that are defined by a math function, a starting point, multiple connections, and a fixed range. We implemented ECC because it generates smaller key sizes with the same advanced ability as RSA to maintain security, while using less "computing power," giving us an efficient option for mobile phones. For example, when RSA generates a key the size of 7680 bits, ECC generates a key the size of 384 bits, almost one-fifth the size.
Starting with the unspent transaction output (UTXO) model of cryptocurrency, we added additional layers to the transactions (as described earlier to the first-year college student) to build better privacy than other cryptocurrency models. Transactions in most other cryptocurrencies reveal the owners of inputs and outputs, as well as amounts. MobileCoin has privatized this information by including:
Ring Signature: Hides the input transactions in a group. The decoy transactions are all equally likely to be part of the transaction, so the sender is concealed.
RingCT One-Time Address: Hides the recipient.
RingCT Confidential Amount: Hides the amount.
To ensure the transactions are processed with the most privacy and security possible, we added another layer of security above and beyond the inputs and outputs. We moved the transaction process inside Intel's Software Guard eXtension (SGX) secure enclaves. Secure enclaves ensure confidence that the machine is running the correct code, through remote attestation, and security because the piece of code runs in a "black box" where even the operating system is unable to decipher what the code is doing.
When Bob submits his transaction to the network, he submits it as an encrypted message into an SGX enclave within a node on the network. Only the SGX enclave can see the full contents of the transaction. And this is where the enclave validation occurs:
The enclave first verifies that all of the inputs used in the ring signatures exist in the ledger by applying membership proofs, or Merkle Proofs, to prove that the inputs were spent and exist in the ledger.
The enclave proves that the amount of the value going in is the amount going out, even though the code cannot see the actual value. Bulletproofs, or range proofs, ensure that all amounts denote valid amounts of MobileCoin.
The enclave checks a Ring Confidential Transaction signature, which serves to show that everything being spent was actually owned by the signer and that the value of the inputs equals the value of the outputs.
That's not all. We realized at MobileCoin that since the inputs, the proofs and the signatures were verified within the enclave, the additional information did not need to be saved. The enclave could remove the extraneous information, retaining only the key images, which uniquely identify the inputs, and the outputs, or coins, that were created by the transaction. The fee is also converted into a coin. At this point, the enclave emits a signed block, indicating it performed the checks correctly. In addition, by redacting the inputs in the rings that created the outputs, leakage is avoided, diminishing Chain analysis attacks.
Because modern mobile phones cannot store an entire blockchain ledger locally, MobileCoin figured out a way to offload the balance checks to the MobileCoin Fog, as discussed previously.
And that is the life of a transaction from one smartphone to another.
If you want to experience the life of a transaction for yourself, now is the time to try it out -- easily and painlessly. For more information, check out our guide on how to use MobileCoin within the Signal app.