Catallaxy is delighted to announce the integration of the Monero blockchain (XMR) into our cryptocurrency audit practice. We have both onboarded Monero’s software and successfully completed our assessment of risks to financial statements. With our own synchronized copy of the ledger (or “node”), we can provide auditors with assurance regarding the assertions of existence, ownership and valuation in Monero.
The challenge in auditing a privacy coin like Monero comes from the deeply technical mathematics supporting the cryptography. In this case, Confidential Transactions (which we will talk about in a future blog post) and Dual-Key Stealth Addresses are at issue. The latter are one-time use payment addresses that are constructed in such a way that only the sender and the receiver know who is being paid.
At Catallaxy, we work closely with these privacy techniques, so that we may appropriately account for hidden assets. Ultimately, our job is to develop the safest way for our clients to unveil their balance sheet without compromising the quality of our audit reports. This, of course, means that we never ask for the client’s private key while, at the same time, ensuring that no assets are spoofed. Stealth Addresses complicate this promise by using two distinct private keys. One which can view incoming transactions and another which can spend them.
Interestingly, Monero’s one-time use Stealth Addresses make it easy to know all incoming transactions, but more difficult to know what was spent. A naïve strategy would be to have clients move all their funds in one transaction and for us to track the receipt. This would provide assurance regarding existence, but such a request proves often infeasible in practice.
Indeed, this type of transaction is risky, messy, expensive and may even trigger fiscal events. The far more elegant solution is to ask clients to perform a tailored set of private calculations on each of their Stealth Addresses. The auditor can then use those calculations to scan the blockchain so that he can rebuild the balance from the entire history of the blockchain.
In this way, there is no risk of accidentally or fraudulently accounting for more assets than there really are. Furthermore, we can seek additional assurance by matching individual transactions to the client’s records, an otherwise impossible reconciliation in the naïve case.
Stealth Addresses are not unique to Monero. In fact, they were originally developed for a variety of Bitcoin wallets and can be layered over many blockchains.