MobileCoin vs Other privacy coins

Hi All,

I’ve recently stumbled onto MobileCoin and trying to understand the vision a bit better. I wasn’t able to find a whitepaper or detailed road map on the website. What will mobile coin do different from Monero, zCash or Ghost?

Eager to understand more.


I was wondering similar things.

The main difference I’ve noticed is that things are done via payment requests rather than wallet addresses, which seems like an improvement.

I had these questions, but they were answered in the whitepaper here:

(Is this the right whitepaper link?)

Is there mining (proof of work) like Monero, or a different consensus mechanism?
It uses the Stellar consensus protocol.

Are there block rewards, or what is the distribution strategy? Is there an ICO planned?
Is there going to be a fixed MOB supply, or is there a mechanism to stabilize the price?
No rewards, ICO for tokens, fixed global supply of 250 million MOB

Hi @Teekay and @christian_oudard,

This is a modified version of the original mobilecoin whitepaper not hosted by us so there are some material changes to the content I can’t comment on. We will be releasing a new whitepaper shortly.

I will differentiate mobilecoin from other cryptonote coins first and then I’ll compare it to Zerocash style coins.

Cryptonote coins fundamentally use ring signatures to conceal the sender and recipient relationships. A ring signature is a proof that a transaction that is being spent is one of a member of a set (IE 1/10 or 1/100). This is a strong privacy obfuscation but is potentially not computationally indistinguishable given enough graph analysis (note that no one has successfully attacked a cryptonote style system in practice that had a minimum ring size greater than 3; that is not to say it’s impossible, only that it hasn’t been done).

MobileCoin improves on bare cryptonote systems in two ways: 1) confidential transactions, which conceal the amount of a transaction, and 2) Secure Enclave transaction validation. We’ll focus on the enclave validation and why this is valuable.

In MobileCoin when a user creates a ring signature, again a 1 out of 10 or larger membership proof, they send this proof to our consensus network over a secure channel to a ring of secure enclaves. The owners of these nodes and users can verify that these enclaves are running the right software right now, but they can’t observe the actual validation at runtime. Once this group of enclaves validates the transactions, they can emit them with the actual ring signature omitted.

This is extremely powerful because it effectively means that there is no origin transaction output stored in the ledger, which means that every transaction is computationally indistinguishable from any other transaction. This is the highest guarantee possible in cryptography.

Note that if SGX is broken for a period of time, the transactions that are validated fall back to cryptonote level security, which is still very good AND no attack has ever been mounted against a partial transaction graph in a cryptonote system. Once SGX is repaired, future transactions have the same comptuational indistinguishability, which is a process known as restoring forward secrecy in cryptography.

ZCash is actually two different protocols depending on whether you want to have an unshielded or shielded transaction. Unshielded transactions are like bitcoin, IE low privacy. Shielded transactions are computationally indistinguishable from one another. If there are not bugs in the shielded transaction code, these transactions are cryptographically secure. The main difference between MobileCoin and Zcash is two-fold: 100% of MobileCoin transactions are computationally indistinguishable whereas only shielded transactions in Zcash are computationally indistinguishable. The second difference is that MobileCoin achieves transaction computational indistinguishability using hardware encryption whereas ZCash’s cryptography is entirely software-based.

Operationally, MobileCoin is differentiated from all cryptocurrencies in that we designed the system to be mobile-first. There are a lot of things that have to happen to have a killer mobile experience, mainly speed, simple UX, and the ability to access the ledger without compromising user privacy (this last piece is super tricky and I think we’re the only people who have solved it).

In short, MobileCoin has some privacy tricks other cryptocurrencies don’t have AND transactions always clear in under 1 second.

Does that answer your question?



Hi Joshua,

Thanks for the detailed response. Looks like a very interesting project. I’ll see if I can get a watcher node running to contribute to the testnet.