Monero-3

In March 2020 astronomers reported the detection of a black hole in the star system HR 6819 which was quite remarkable because that star system is visible to the naked eye. With a distance of slightly over 1,000 light-years this became the closest known black hole, more or less in our backyard, given that our galaxy is over 100,000 light-years across.

In the following years many more black holes were detected, nearer and nearer to the Sun. Scientists developed novel methods to find them, and sophisticated satellites were deployed to aid the search. When a new kind of "mini black holes" turned up that seemed to be very numerous throughout the whole galaxy, the hunt for them turned into a veritable scientific frenzy.

When everything was over the nearest known black hole was so close to our solar system that with current technology a probe would be able to reach it in about 500 years. As cosmic travels go this was incredibly quick, but astrophysicist had to discover that the broad public did not share their enthusiasm: A return of investment in 500 years interested almost nobody.

They went on to investigate them from afar nevertheless. After all there were a number of important questions still unsolved, among them the so-called "information paradox": It looked as if black holes destroyed information (in a very broad sense of the word) by swallowing matter and making it completely inaccessible for all eternity from then on, whereas a lot of other results in physics gave the impression that information, like energy, is indestructible.


The Monero cryptocurrency went through turbulent times: It had caught the eyes of the world's billionaires. The price made huge jumps up and down as they started to buy and sell XMR to the tunes of many millions of USD. And as a surprising side-effect Monero vanity addresses became all the rage as those people tried to outdo each other by controlling the most extraordinary such address.

If you create a fresh Monero wallet it normally gives you an address (something like an account number for your coins) that consists of 95 random and meaningless letters and digits taken from a set of 58 characters, like so: 44nwNLkR1HZcnnreVnW5mdSowoXDgd8AUQ8p89nzQs9Mb5tm4khMmDrKoUYg6CahnWdMA3vzgENbTH5sSPTJ8Mhg2Hesp3P.

A vanity address on the other hand is one that contains some easily recognizable and "nice" parts, e.g. a row of identical digits after the initial 4 (fixed and required for technical reasons), like 47777777W5mdSo..., or words.

It's impossible to simply calculate your desired vanity address in some direct way. You have to generate addresses completely at random and check each of them whether by pure chance is has the property you desire.

Take for the example an address starting with seven sevens: How many addresses would you have to generate on average to stumble over one that starts this way? For a rough estimate consider that there are 58 possible digits for every position, and 58 multiplied 7 times by itself is over 2,000,000,000,000, 2 trillions.

It gets worse: That's not 2 trillion simple additions or multiplications. Each time you start with 256 random bits making up the so-called spend secret key that gives you control over your coins, hash that to a second secret key, go with both keys through a complex mathematical operation called "elliptic-curve scalar multiplication" to get public keys, and finally encode the concatenated public keys in that special Base58 system.

Monero addresses with long recognizable strings in them are incredibly costly to find, which makes them special and thus a good vehicle for rich people to impress others.

I myself as a Monero developer got sucked into this when Gruner, a billionaire from the country I live, asked me for help: He had already hardware for thousands of dollars running doing nothing else than generating Monero addresses, and still the "nice section" of the best vanity address found so far was one digit in length behind the current #1 address of his arch-enemy Fischer in Germany, a fact that bothered Gruner immensely. Alright, I said to myself, that's quite an interesting challenge, and took on the job.


There is a fascinating phenomenon in physics called "quantum entanglement". There are ways to create a pair of elementary particles like photons or electrons that result in some sort of bond between the two that holds over an arbitrary distance, even over light-years, although it's of course not yet possible to test over such distances with an actual experiment.

An explanation of the phenomenon that takes some liberties and inaccuracies in order to be short and simple:

Some elementary particles have a property called "spin". You can imagine them as a spinning top that can either spin clockwise or anticlockwise. In the full weirdness of the quantum world a particle does not have a clearly defined spin until you measure how it spins, at which moment it seems to decide on the fly which way round it wants to be seen to spin.

If you have two entangled particles and measure one of them, thus forcing it into a decision for the direction of its spin so to say, it looks like its partner somehow knows how that decision went, and if you measure the second, the result will always be in some accordance with the first. And if that's not yet crazy enough, the two particles seem to share that knowledge instantly. Have one particle on Alpha Centauri over 4 light-years away, measure it, and its partner left back here on Earth will "know" instantly how its remote partner decided about its spin!

Although the exact nature of the bond between entangled particles is still unknown physicist are sure that you can't use it to build a communication system that works faster than light: In essence, if you force a spin upon a particle you inevitably break entanglement. It only works if you let the particle do its seemingly random decision, and thus you cannot communicate this way.

But then, in the wake of all that black hole frenzy, Konya, a young and still unknown scientist from Hungary, burst on the scene with a prediction of the existence of a second form of quantum entanglement, somewhat jokingly christened "entanglement 2.0", that did allow instant communication even over distances of light-years.

And it got even better: He claimed that black holes do not only bend the 3 spatial dimensions in extraordinary ways thanks to their enormous gravitation, but also the fourth dimension of time, an effect that could be used together with entanglement 2.0 to communicate into the past, up to the point in time immediately after the entanglement was established: If you entangle 2 particles that way, make one spin as you wish years later and throw it into a black hole using "the right angle", you can take its left-back partner to read out the spin already minutes after entanglement.

He recognized that this would in a way break the famous "information paradox" by offering a way to get at least some information out of a black hole again, and he joked that maybe this was Mother Nature's way to seek absolution: "I know that locking up so many things inside black holes is mean, but here, have a nice way to send information into the past in exchange."


Although Gruner owned more XMR than I ever had a realistic chance to hold myself he did not yet understand much about the technical working of the coin, which made explaining my idea a little difficult:

"Finding a block for the Monero blockchain and earning the block reward is very difficult. If you mine on your own you typically have to wait months or even years before you are lucky and manage to find a block before everybody else. So people join so-called pools where they kind of work together, and whenever somebody out of a group of miners finds a block, every member gets their small share."

Gruner was new to cryptocurrencies, but intelligent, and understood immediately. "So you trade big but very irregular and infrequent rewards for small but much more predictable rewards, right?" I nodded. "But where is the analogy regarding vanity addresses?" he asked.

"Well, it goes like that. Now you are alone searching for vanity addresses. To be successful and find a more beautiful address than your competitor you need the help of as many other people as you can get, thousands of them. But if you just offer a high bounty for somebody who finds an address for you, people that participate are in the same situation as solo-miners: Possibly large reward, but who knows if and when. If you offer something like vanity address mining, with a much more predictable flow of small rewards, it will be more attractive."

"I see." He thought about it for half a minute and then remarked: "It won't work with a single bounty for the one super vanity address I am after. That would not generate any rewards for a long time to distribute among the address miners, and the whole scheme would not get off the ground. I will have to offer smaller bounties for less attractive, but still exceptional addresses."

"Yes. And we must be careful how we organize the search. If the complete address generation from random private spend key to final Monero address all happens on a single computer, the handover of the address to you is problematic for the trivial reason that the finder knows the private key and can steal all the coins you ever transfer to that address."

I had an idea. "Maybe we have to split the work: One miner generates random spend secret keys, hashes them to view secret keys, and sends them in batches of 1000 over to a second miner who goes from secret keys to public keys. Those public keys go again in batches to a third miner who encodes them as final Base58 Monero addresses. This separates knowledge. Now we only must find a way to enable the pool server to bring all info together if something extraordinary turns up."

The whole thing turned out to be more complicated than first expected, but after a few weeks of programming and setting up I had three types of miners plus pool server working together, and "G-VAMP", the (G)runer (v)anity (a)ddress (m)ining (p)ool, went online.

It became a success, and another few weeks later it found an address that finally brought Gruner ahead in the race.

Literally on the party to celebrate this victory news arrived that Fischer had leapfrogged us with an even better vanity address. Somewhat later we learned how he had accomplished that feat: With renting supercomputers and thousands of cloud servers for the search. Compared with my innovative address mining pool this almost felt like cheating, but it should have been clear to me from the beginning that just buying the necessary computing capacity outright is the much simpler strategy if you are a billionaire and money is no problem ...

Gruner and I were of the same opinion: We had to find something better than just renting cloud servers ourselves to fight back. Where would the fun be in this otherwise? So back to the drawing board!


When Starship, that new and enormous reusable rocket from Space-X, went into service, its maiden flight absorbed so much attention that almost nobody cared about the first Falcon Heavy launch after a long time on the very same day. The secret customer behind that launch had profited from a deep discount for the rocket that now was not interesting anymore for Space-X and its regular customers.

So nobody was there either to wonder why the 3 first stages did not return to Earth for re-use but fully burned out to bring the payload to maximum speed, and even stranger, not lifting it simply to orbit, but carrying it straight out into deep space with escape velocity, a speed sufficient to leave the Solar System.

After a while 4 large identical probes separated from the rocket and brought some distance between them by maneuvering but otherwise continued to fly in formation. Good nobody knew about the big atomic batteries on board that were able to deliver electricity for a very long time to come, even far away from the Sun where solar cells usually powering such devices were useless for lack of light: No way that launch would have gotten a regular permit, because of the risk of releasing the radioactive material inside the batteries into the atmosphere if something went wrong during start and ascent.

Afterwards it was all a very quiet affair: No signal from Earth reached the probes, and they sent nothing back to Earth. In fact they didn't even have the necessary large antenna and strong sender/receiver for doing so.

Somebody checking the flight path would probably first think that the probes just head out to a random point in interstellar space but sooner or later notice that it was exactly the direction of the closest known mini black hole.


Again what had happened in regular Monero mining a while ago showed a good way for Gruner and me to go: What we needed were ASICs.

An ASIC is a computing device that can do exactly one type of calculation, and nothing else. Its only reason of existence is performing a particular well-defined calculation as fast as possible, and most preferably substantially faster than anything else on the market.

When mining Bitcoins turned from an endeavor of enthusiasts and hobbyists into a serious business and companies developed the first ASICs for it, those machines soon were about 100,000 times faster at the job than the regular CPUs used by the former people so far.

Building an ASIC for Monero vanity address generation is not very complicated, with a number of companies on the market able to do it, and so already about 3 months later we had large racks with hundreds of those machines generating addresses about 50 times faster than any regular PC. The whole project was not cheap at all, but the large speedup factor finally brought us ahead in the race with Fischer.

Well, until about a year later, when our "enemy" proudly showed the public to be in control of a vanity address that was so extraordinary and beyond anything we had at that moment, it looked like it had come down to Earth from another star. Little did we know then that basically it was exactly thus.


One of the 4 interstellar probes, Monero-4, had stopped to function quite early on, somewhere beyond the orbit of Pluto. The other 3 flew together for about 450 years without any serious incident. The large number of Monero address generation ASICs on board calculated away tirelessly, powered by those reliable atomic batteries, and over time found vanity addresses that were better and better. After all those years nobody cared anymore that the ASICs had been the result of intellectual property theft at the company designing them for Gruner, with everybody involved long dead anyway. In fact, at that time the 3 probes were humanity's oldest still running machines in space.

Then Monero-1 finally did have a problem with the batteries and died. A few years later Monero-2 had the incredibly bad luck to hit the only larger particle floating around in interstellar space for distances of light-minutes, which at the speed it was traveling turned out to be its end.

So finally only one probe, Monero-3, reached the black hole in working condition. But that had been the idea anyway from the start: Back then the technology simply had not been there to build a machine with a guaranteed lifetime of half a millennium, so redundancy was the order of the day. Luckily the probes could exchange their results with each other periodically over short-range radio, so the single surviving probe carried the results of over 1300 years of ASIC run time.

At the end it took the 256 bits of the spend secret key for very best vanity address found, wrote them into the spins of the roughly 700 still entangled particles on board (out of originally 1000), and made sure to hit the black hole's event horizon in the right angle to influence the partner particles left back on Earth to transmit the spins and thus the bits, and to transmit them far into the past, as the Hungarian physicist Konya had shown as possible so many years ago, from the viewpoint of the probe.