Frequently Asked Questions

Overview

The wallet is available for download from our website or Github Releases page.

As with any other technology, Firo can be used for both good and evil. However, we are firm believers that the net good for Firo far outweighs the bad. We believe money should be a public utility. In an increasingly digital age that's moving away from digital cash, money has increasingly been surveilled and used as a tool of control of oppressive governments whereby they can choose what you can spend on or even cut you off from your savings.

Privacy is also an essential element if we believe in cryptocurrency being used as a medium of transfer. Without privacy, businesses would be revealing who their suppliers are, how much they're paying their employees or how much they're receiving. Even paying for a cup of coffee with a currency that has a transparent public ledger can potentially reveal your holdings or addresses that are connected to you. We expect privacy in our day to day financial transactions and no one wants our bank statements leaked out to the world to see without our permission. Privacy is not about hiding, it's about retaining the ability to give consent to our data.

Recent reports and studies have also shown that while privacy cryptocurrencies often make the headlines for use on the darknet or perceived illicit behaviour, these form a very small proportion of overall transactions. Privacy preserving cryptocurrencies also aren't necessarily at odds with existing KYC/AML practices.

Privacy is an essential element missing in cryptocurrencies today and Firo pushes the frontiers of privacy technology enabled by cryptography while retaining options for any user to disclose their details should they wish.

Firo believes in the importance of financial privacy in cryptocurrency as an essential element in maintaining the original goal of cryptocurrency: to be a public utility for money. We have seen how freedom of commerce or even access to our savings are things that are no longer things that can be taken for granted and authoritarian governments have increasingly used money as a tool of control. As fiat currencies go increasingly digital with some going as far as totally replacing physical cash, we lose control over our own money instead relying on intermediaries.

Bitcoin was originally created as an answer to this by ensuring you can be self sovereign over your money and to serve as uncensorable and unseizable money that isn't controlled by any one entity. Bitcoin's lack of privacy however has now made it much easier to seize or blacklist funds and due to ossification of the protocol, is unlikely to take serious steps to address this.

Firo has dedicated itself to being a privacy preserving cryptocurrency and have designed and built trustless privacy protocols such as Lelantus and Lelantus Spark that have inspired and shaped the designs of other privacy protocols (for e.g. Triptych, Seraphis, Lelantus-MW).

For it to be truly a public utility that isn't beholden to any one entity,

Firo strives to increase individual liberty. By guaranteeing financial privacy, Firo can help ensure freedom of commerce. People should be able to transact however they want, as long as it does not infringe on the well-being or individual liberty of others. We are also big believers that freedom of commerce also facilitates peace and prosperity across countries and cultures. By guaranteeing financial privacy, Firo can directly guarantee fungibility, an essential property for free commerce.

Although there are many privacy solutions out there for cryptocurrencies, it is our aim in providing the strongest level of privacy without sacrificing on trustlessness, ease of use and relying on time tested cryptographic building blocks.

Privacy

Blockchains without privacy like Bitcoin only offer pseudo-anonymity. In blockchains without complete privacy, it is the relationships and links between addresses that can reveal private information about you. Every single coin has an immutable history.

This is why freshly mined Bitcoins with no previous transaction history can command premiums of 20% or more as the holder does not have to worry whether it has been tainted.

Firo through the Lelantus protocol allows you to burn your coins to destroy them so that they stop existing and then redeem them later for coins that have no previous transaction history. The process of burning and redeeming breaks the links between addresses making transaction graph analysis very difficult.

The burning process destroys the coin so that they stop existing and therefore their transaction history stops there and cannot be traced.

The redemption process involves giving a zero-knowledge proof that you previously burnt coins, without having to show which were the coins you burnt. The freshly redeemed coins appear as new coins with no previous transaction history and hence have no linkage with the original coins that were burnt. In Lelantus, input and change amounts are also hidden.

Firo's upcoming privacy protocol Lelantus Spark takes this idea further with all amounts being hidden and removing the need to 'redeem'. Users can now pass these coins directly between each other without having to expose the output amount. It also adds Spark addresses that are public shareable but cannot be looked up on the blockchain.

Firo's privacy protocols Lelantus and Lelantus Spark combines very high anonymity sets (~65,000 and 32,000 respectively) while relying on well tested cryptographic building blocks that do not require trusted setup.

This compares very favorably to existing solutions like mixers or even ring signatures that typically have limited anonymity sets per transaction (for e.g. Monero has a ring size of 11). Models that rely on decoys also have weaknesses where deanonymization becomes easier when paying repeatedly to the same entity. Decoy selection algorithms have to be also carefully selected to avoid reducing the effective anonymity set and if ring sizes are not large enough, can be subject to Sybil attacks. Similarly, Mimblewimble based coins rely highly on high transaction volumes in a block and also have limited resistance towards Sybil attacks. Firo's use of large anonymity pools and sliding windows greatly alleviate these problems.

Solutions relying on zkSNARKs such as the Zerocash protocol used in Zcash offer almost global anonymity sets but rely on complicated new cryptography and more exotic assumptions. They also require a trusted setup which for some represents an unacceptable compromise.

Firo aims to achieve a balance of high anonymity combined with well-established cryptographic building blocks that don't require trust. Lelantus Spark also is designed to be modular that would allow parts to be switched out in an easier fashion as cryptographic advancements come along giving very good flexibility. Spark addresses are also very flexible allowing for a variety of view keys for selective transparency and also efficient multisig/threshold signatures. They also do not require interactivity and can be openly posted since they cannot be searched on the blockchain giving enhanced receiver privacy.

Also as Firo uses the sliding window approach to privacy instead of decoys, existing chain analysis methods such as used for ring signatures or coin mixers would not work.

You can view a more detailed comparison and analysis on our privacy comparison guide.

The short answer is that our earlier privacy protocols made this difficult but we are moving towards it especially with the deployment of Lelantus Spark! All our official wallets already anonymize or prompt you to do so using Lelantus by default but Lelantus Spark with its new private Spark address system makes it much easier to fully transition to privacy by default.

When the project first launched in 2016, it used the Zerocoin privacy protocol, originally a proposal for Bitcoin which used regular transparent addresses and therefore did not hide amounts. With zero knowledge proof technology in its infancy, back then we felt it was prudent to balance privacy with supply auditability to ensure we could detect inflation should there be a flaw in the technology.

We then dedicated development to removing trusted setup from Zerocoin and did so with our Sigma privacy protocol but it retained the same limitations of Zerocoin with regards to hiding amounts. With the development of Lelantus, our current privacy protocol, input and change amounts are hidden but the output amount remains exposed. Additionally, the anonymization function in Lelantus requires the users private key and therefore required user input to anonymize.

With the development of Lelantus Spark, this new scheme retained all the benefits of our previous schemes namely high anonymity sets, small proof sizes, high efficiency, no trusted setup, well understood cryptographic building blocks and added Spark addresses which allows funds to be kept privately without revealing amounts and can be freely shared without compromising privacy. Users can send funds directly to Spark addresses and have them anonymized immediately without needing recipient interaction.

With the deployment of Lelantus Spark later this year (2023), all our official wallets will by default use Spark addresses and all mining rewards will mandatorily go to Spark addresses increasing the anonymity set. We will also approach exchanges to support withdrawals to Spark addresses. Some time after Spark deployment, Helsing (our private masternode staking) will then be launched allowing masternode collateral to be held in Spark addresses and for masternode rewards to go into Spark addresses directly. We are hopeful with these changes that the vast majority of transactions will become private.

During the interim, transparent addresses still have a role to play in enabling easier interoperability with other chains where those ecosystems already have implemented support for Bitcoin addresses for e.g. with cross-chain bridges. Eventually as the ecosystem catches up to using Spark addresses, transparent addresses can be phased out completely.

The way privacy works for cryptocurrency transactions is that you want to be hiding in a big crowd. The more people use private transactions the more it improves the privacy of other transcations. Anonymity loves company! However with the type of proofs we use, the bigger the crowd is, the more computationally intensive each transaction is. As such, the crowd cannot grow to infinite sizes. Spark finds a middle ground between robust privacy and scalability. Firo has picked 65,000 as the maximum size of the crowd though this may increase with improved optimizations or cryptographic advancements.

Think of each Spark transaction as a coin inside a large bucket with tons of other coins. These coins all have different values but they look the same. Whenever you spend, you're taking coins from the bucket but outsiders can't really tell which coins you're taking since they all look the same. When the bucket becomes full, the protocol opens a new bucket for people to start placing their coins in. However, we don't want to start with a totally empty bucket otherwise they would need to wait for other people to throw their coins into the bucket before they can pull coins out of it for good anonymity. As such, we take 8,000 coins from the previous bucket and dump it into the new bucket so that there's already a big 'crowd' in the new set. Hence each bucket has some overlapping coins and this is what we call sliding windows!

Seraphis was previously named ZCT and was a framework developed independently by Koe that did not have exact implementation details that would fit into it such as choice of proofs or addressing structures.

We shared our work on Lelantus Spark with Koe and our innovations with Spark addresses solved an open problem with ZCT's addressing system which then lead to Seraphis. This is why the addressing structures are quite similar. While similar to Spark, Seraphis is a framework rather than a protocol with full implementation details and does not yet have an academic style paper with full security proofs unlike Lelantus Spark.

Seraphis makes design choices for Monero by using it to scale ring sizes. Lelantus Spark on the other hand doesn't use decoy sampling and instead relies on large pools of anonymity combined with sliding windows between the pools. This offers much greater anonymity per transaction and avoids many of the problems with decoy selection algorithms at the cost of performance which can be mitigated with batching techniques.

In cryptography, a trusted setup is used to create a cryptographic system by generating certain initial parameters which will later be destroyed. An easy analogy is to imagine creating a lockbox with a key and then throwing the key away.

Why it is called trusted setup is that you must trust the person who created it, to actually destroy the parameters. Zero knowledge proof privacy systems such as the Zerocoin (as originally used in Firo and now deprecated) and Zerocash (as used in Zcash, PirateChain, Komodo and Horizen) protocol requires a trusted setup.

Firo’s privacy protocols Lelantus and our upcoming Lelantus Spark, do not require trusted setups.

Why it Matters

Having a trusted setup is generally undesirable and adds another point of failure. One of blockchain’s mottos is ‘Don’t trust. Verify’ and trusted setups are the antithesis of that philosophy.

A compromised trusted setup in zero-knowledge proofs allows someone to forge the proofs meaning that coins can be created out of thin air leading to hyperinflation. In privacy coins where amounts are obscured, such inflation can also remain undetected.

There are ways to mitigate the risks of a trusted setup such as using a multi-party ceremony that if in theory works, requires all parties in the ceremony to collude. If at least one party destroys their portion of the secret, then the system is secure.

However, even if the risk is mitigated, we still need to be sure parties do not collude or that the ceremony was set up correctly or was not backdoored which can be challenging.

For example, Zcash’s original Sprout MPC ceremony sparked controversy because of binaries that were not deterministically built and MPC transcripts that went missing (which turned out to be to prevent a flaw from being exploited until it was patched).

A zero-knowledge proof is a cryptographic method to prove that you know something without giving any other details about it, except that the fact that you know it. For example, zero-knowledge proofs could be used to show you have assets of more than a million dollars, without showing the exact amount you own or the transactions that make it up.

Zero-knowledge proofs are an ideal fit for providing privacy on blockchains. On a public blockchain, everyone has to be able to verify the authenticity of transactions and so every transaction is posted for everyone to see along with its entire history.

Zero-knowledge proofs allow others to verify that a valid transaction has happened without giving any other information thus providing privacy while retaining verifiability.

Firo's privacy protocols use a combination of different zero-knowledge proofs in its privacy mechanism to allow people to burn their coins and redeem them later for brand new ones with no previous transaction history without showing which coins were burnt.

To best understand how blockchain-tracking software works, it helps to view Bitcoin as a kind of financial social network. The same kinds of mechanisms used to break privacy in social networks, by analyzing social network topology, can be used to break privacy in the Bitcoin network. By taking a pre-existing social network like Facebook, we can use that information to generate heuristics about who is transacting with whom on Bitcoin.

There is a relevant research paper that attempted to identify Twitter users by using data from Flickr. They took the twitter data, and stripped away all identifying information about the user such as name or username. Then, by looking at the social network topology of the anonymized twitter data and comparing it to the flickr data, they found that they could identify one third of twitter users, even though the twitter data was anonymized.

This research also applies to Bitcoin. If we take an anonymous network such as Bitcoin, and use data from a social network from Facebook or Bitcointalk, we can use topological analysis to identify a lot of users. A comprehensive study on Bitcoin’s privacy also shows that even with best practices, a significant proportion of users can be identified from their behaviour.

The converse is also true where Bitcoin’s network can also deanonymize TOR users.

Firo was the first cryptocurrency to go live with Dandelion++ on mainnet. Most other cryptocurrencies use a gossip model whereby when they receive a transaction, they tell all other nodes connected to it about the transaction. As a result the transaction propagates quickly through the network. The downside is that an adversary who can monitor the network can see this chain reaction happening and can approximate with a high degree of accuracy which node the transaction originated from.

Dandelion++ obfuscates these type of analysis by changing the way the transactions are broadcasted by randomly choosing to tell one other node about the transaction or to switch to gossip mode. This makes it harder to associate a node with a particular transaction.

Firo also fully supports the use of the Tor network that can work alongside with Dandelion++.

Firo is intending to move to a mixnet model in the future.

Economics

You can see all the exchanges and/or swap services Firo is available here or on Coingecko

15% of Firo’s block reward goes towards a development fund to fund development work and other efforts in promoting Firo’s adoption.

The fund pays primarily for coders and cryptography researchers, community managers, audits, bug bounties, integration costs and infrastructure overheads.We regularly publish summaries of how these funds are being spent on our forums.

We are always actively looking for talent so please do reach out over email or our Discord.

A fixed emission of 6.25 FIRO/block until the cap of 21.4 million FIRO is hit and then a tail emission of 1 FIRO/block thereafter

The current block reward of 6.25 FIRO/block is divided as follows:

  • Miners (5%, 0.3125 FIRO)
  • Masternodes (70%, 4.375 FIRO )
  • Development Fund (15%, 0.9375 FIRO)
  • Community Fund (10%, 0.625 FIRO)

For more information about how we arrived at this new distribution and the development fund, please read this blog post.

Mining

Firo uses the FiroPoW algorithm targeted at GPUs that keeps mining accessible to everyone.

Firo has always been a strong believer in the power of Proof-of-Work (PoW). PoW enables community building, fair distribution and ties the value of Firo to the physical world with energy.

FiroPoW is a mining algorithm that is highly optimized for GPU mining and designed to be both FPGA and ASIC resistant to even the playing field and allow people to mine from their own consumer hardware. We have always been big fans of Proof of Work’s ability to tie the value of a virtual currency to the real world along with a way to distribute Firo’s supply in a fair and decentralized manner free from restrictions.

FiroPoW follows ProgPoW’s 0.9.4 spec with a small change to have the algorithm randomly change with every block. The starting DAG size will be slightly over 7GB and will increase by 8MB every 1300 blocks (~4.5 days). This DAG size has been chosen to support most modern graphics cards.

There is a visual explanation of the Merkle Tree Proof algorithm in Firo (formerly Zcoin) on Youtube

Do check out our Firo mining guide!

Technical

Our explorer can be found on https://explorer.firo.org and our testnet explorer can be found here: https://testexplorer.firo.org

Our target block time is 2.5 minutes.

The chances of not getting a block in blocktime * K is approximately e(-K).

This means that the chance of getting a ≥15-minute block (K=6) is ≈0.25%. So even though our target block time is 2.5 minutes, roughly 1 in 400 blocks can take more than at least 15 minutes to find.

Community

Yup! Visit here.

We have active communities on our Discord, Telegram and Forums! You can check out all our social links here.

Resources

We have two primary block explorers:

Official Firo explorer: explorer.firo.org
CryptoID Explorer: chainz.cryptoid.info/firo

Masternodes

Masternodes in Firo are incentivized nodes that host Firo’s infrastructure and provide additional services such as 51% mining attack protection via LLMQ chain locks and instant sends

To prevent Sybil attacks, each masternode requires a collateral of 1000 FIRO backing it to prove skin in the game and encourages honest behaviour.

In return for hosting Firo’s infrastructure and their added services, they earn 50% of the block reward. As incentivized infrastructure, masternode holders can invest in hardware that have higher specifications and are motivated to keep the node updated and running. This helps Firo’s blockchain scale and ensures a robust network of nodes.

In the event people want to pool together their funds to make a masternode, please take note that you have to trust the person holding the funds for everyone.

This is because the 1000 FIRO needs to be sent to a new address in one transaction and the custody is with one person. We ideally do not recommend such arrangements unless you really trust the person holding the funds on behalf of you. There is nothing to prevent the person holding the masternode funds from running away with your share.

This is not a problem if you have 1000 FIRO as you can still keep those funds in your own local wallet. A masternode hosting provider in such cases only requires your operator key and the transaction ID of your 1000 FIRO deposit.

Masternodes do not hold any funds. They merely hold a masternode private key (not the same as your actual private key) which allows you to start and stop the masternode. There is a marker in your masternode configuration that links the masternode to your 1000 FIRO deposit. In the event of a masternode being hacked, all that will happen is that your masternode will go offline and you will lose your position in the payment queue.

Your local Firo wallet still holds the 1000 FIRO so it is that wallet that will need to be secured. Ensure that your wallet is frequently backed up and encrypt your wallet.

If you go with a masternode provider, all he requires is your masternode private key and the transaction ID of your 1000 FIRO deposit. The masternode provider does not need your private key to the funds. You also do not need to send any funds to him.

Please refer to this masternode setup guide.

There will also be a number of masternode hosting providers who can simplify the process for you for a fee.

50% of the block reward is paid to masternodes.

Masternodes are selected for payment in each block (approximately every 2.5 minutes) from a deterministic masternode list, and moved to the back of the list after payment. As more masternodes are created, the duration between payments increases. If the collateral behind a masternode is spent, or if a masternode stops providing services to the network for more than one hour, it is removed from the list until normal service resumes. In this way, masternodes are given incentive to provide efficient and reliable services to the network.

The frequency of the block payout depend on how many active Masternodes there are. The more masternodes there are, the longer it takes to receive the masternode block reward.

A Firo masternode requires

  • 1000 FIRO (refundable at any time)
  • A fixed IP address
  • 1 GB of RAM
  • Enough disk space to store the blockchain (>10 gb is recommended for the moment)

Typically a VPS of this specification costs around USD5 to run a month per node and you can head on to Amazon AWS, Google Cloud, Microsoft Azure, Leaseweb, Vultr, Linode, or DigitalOcean to obtain a basic VPS when masternodes are launched. There will also be masternodes providers who can assist you to set this up and/or maintain it for a small fee.

Nodes are computers that host a full copy of Firo’s blockchain and help to verify the validity of transactions.

Masternodes are a special type of node that earn part of Firo’s block reward (currently at 50% of the block reward) in return for hosting a reliable and powerful node that helps to support the network along with providing additional services to the network. For example, masternodes form themselves into long living masternode quorums (LLMQs) that provide ChainLocks which secures the chain against 51% mining attacks with single block finality and InstantSend which allows transactions to be finalized within a few seconds even before block confirmation.

Masternodes require a refundable collateral of 1000 FIRO to ensure masternode holders have a stake in FIRO and are incentivized to keep it working honestly, updated often and have a high uptime. This collateral can be transferred out at any time without any penalty.

Anything else?

Binance-Pegged Firo also know as BEP20 Firo is a token issued by the Binance exchange on Binance Smart Chain (BSC). It is a custodial wrapped form of Firo whereby BEP20 Firo is backed by native Firo that is custodied by Binance. The core team has no control over this token. 

Being a BSC token, BEP20 Firo does not utilize the privacy technology of Firo but can instead interact with defi protocol, AMM DEXes and other smart contracts on the BSC network.

You can obtain BEP20 Firo either by withdrawing from Binance and selecting the BSC network instead of the Firo network or by swapping it on FiroDEX.

Please drop by our Discord or Telegram to ask any questions!