About Thalos / Philosophy

What is Thalos?

Thalos (TLS) is a streamlined cryptonote based, efficient, high secure and supreme discreet cryptocurrency utilizing Proof of Work. It is a transparent open source, global payment network that is fully decentralized and independent from any central authorities. Thalos uses ring signatures for a high level of privacy and security for it’s users. We want to help people all around the world to transfer value anonymously in an absolutely secure and easy way.
Simple to use, high level of security and maximum anonymity - that’s what Thalos stands for.

Over 3 years of development we are now ready to share our solution with the world. Our vision to give people all over the world access to global sharing of currency completely free of charge and in a high secure way is part of our drive.

Thalos Specifics

Everybody can participate in the operation of the network by providing the computing power of the own computer. This decentralized transaction process allows people to be a user or also a participant.

People are able to benefit in two ways: either they choose to be part of the network maintenance and get rewards for it, or buy TLS directly on exchanges, soon.


Compared with conventional fiat currency transactions, where the money is processed through e.g. banks or other financial institutions, transactions between Thalos users are carried out in the most secure and anonymous way over the internet which makes the transactions much more credible. In details it means the transaction privacy is protected by secure cryptographic proof-of-work algorithms whereby nobody can identify who the sender/receiver was and what amount of money was transferred.

Safety and Reliability

The reliability of Thalos is ensured by the total computational power of all the computers in the network that take part in the processing of transactions.

Moreover the money stored in your wallet is already protected during the whole transaction process and its safety does not depend on the network’s reliability. Your money is always safe.


Thalos are gradually getting more expensive over time based on the limitation of 21 Million TLS. The count of Thalos emitted each 120 seconds is slightly decreasing. As a consequence TLS gains value and the exchange rate increases.
While other currencies with heavily decreases of reward per block are exposed to intense declines in network power, Thalos emissions are decreasing slowly, which protects the currency from economic discrepancies.


In case of fiat currencies the emission is a closed process and an issuer is engaging in its own capabilities and can not benefit through the emission process. Thalos emission is an open process using the computing powers of all network members. Any user can join the Thalos network and take part in the emission process (thus, becoming a miner).

Mining in the network results in the creation of new Thalos currency, which serves as a reward for users who employ their computing power in order to process secure and anonymous transactions.

All transactions in the Thalos blockchain are carried out every 120 seconds. The miners ensure a fluently transaction process and provide cryptographic protection of transactions and personal data. Miners cannot access users' financial data precisely because the Thalos algorithm protects the identity of the sender and the receiver and conceals the transferred amount of money.

Ring signatures: Untraceable payments

Common digital signature verification processes need the public key of the signer in order to verify a valid signature.
It validates and proves that the the signer is in possession of the matching private key. But unfortunately it's not always sufficient and actually exposes a privacy flaw.

Default signature

Ring signatures are a smarter way of digitally signing and require multiple different public keys in order to verify a digital signature. Signers need only a single private key and verifiers cannot identify the exact individual who signed something but are still able to verify it's validity.

Given a signature with the public keys of Alice, Bob and Carol, you can verify that one of these individuals signe the message, but you will not be able to tell who it was.

Ring signature

It should be noted that foreign transactions do not restrict you from spending your own money. Your public key may appear in dozens of others' ring signatures but only as a muddling factor (even if you already used the corresponding secret key for signing your own transaction). Moreover, if two users create ring signatures with the same set of public keys, the signatures will be different (unless they use the same private key).

One-time keys: Unlinkable transactions

Usually anyone can check all incoming transactions linked to your public addresses. To avoid this you could creade hundreds of public addresses and send them to your payers privately, but this is a very uncomfortable way. It would be more conventient to have a single public address.

Linkable transactions

Thalos solves this dilemma by an automatic creation of multiple unique one-time keys, derived from the single public key, for each p2p payment. The solution lies in a clever modification of the Diffie-Hellman exchange protocol. Originally two parties can produce a common secret key based on their public keys. In Thalos approach the sender uses the receiver's public address and adds his own random data to generate a one-time key for this specific transaction.

The sender can only produce the public key for this transaction, whereas only the receiver can compute the matching private key; so only the receiver is able to release the funds after a commited transaction has been made. The receiver only needs to perform a single-formula check on each transactions to verify if it belongs to him. This process involves his private key, therefore no third party can perform this check and discover the link between the one-time key generated by the sender and the receiver's unique public address.

Unlinkable transactions

An important part of Thalos' protocol is the usage of random data on keys generated by the sender.

This procedure always results in a uniqie one-time key, even if sender and receiver are the same person.

Double-spending proof

Complete anonymous signatures would people allow spending the same funds many and many times which, of course, is not the way a payment system works.

Thalos' actually uses a modified version of the "Traceable ring signature", where traceability was changed to linkability which restricts the signer's anonymity:

If the signer creates more than one ring signature using the same private key, all those signatures will be linked together, indicating a double-spending attempt.

A key image is a special marker to support linkability in Thalos. The key image is a cryptographic hash of a users secret key.

Cryptographic key image generation

All users keep the list of used key images and automatically reject any ring signatures containing a duplicate key image.

Double spending check

Blockchain analysis resistance

There are many academic papers dedicated to the analysis of the Bitcoin's blockchain. Their authors trace the money flow, identify the owners of coins, determine wallet balances and so on. The ability to make such analysis is due to the fact that all the transfers between addresses are transparent: every input in a transaction refers to a unique output. Moreover, users often re-use their old addresses, receiving and sending coins from them many times, which simplifies the analyst's work. It happens unintentionally: if you have a public address (for example, for donations), you are sure to use this address in many inputs and transactions.

Thalos is designed to mitigate the risks associated with key re-usage and one-input-to-one-output tracing. Every address for a payment is a unique one-time key, derived from both the sender's and the recipient's data. It can appear twice with a probability of a 256-bit hash collision. As soon as you use a ring signature in your input, it entails the uncertainty: which output has just been spent?

Trying to draw a graph with addresses in the vertices and transactions on the edges, one will get a tree: a graph without any cycles (because no key/address was used twice). Moreover, there are billions of possible graphs, since every ring signature produces ambiguity. Thus, you can't be certain from which possible sender the transaction-edge comes to the address-vertice. Depending on the size of the ring you will guess from "one out of two" to "one out of a thousand". Every next transaction increases the entropy and creates additional obstacles for an analyst.

Blockchain analysis ambiguity

Standard transaction

A standard Thalos transaction is generated by the following sequence covered in the white paper

Bob decides to spend an output, which was sent to the one-time public key. He needs Extra (1), TxOutNumber (2), and his Account private key (3) to recover his one-time private key (4).

When sending a transaction to Carol, Bob generates its Extra value by random (5). He uses Extra (6), TxOutNumber (7)and Carol's Account public key (8) to get her Output public key (9).

In the input Bob hides the link to his output among the foreign keys (10). To prevent double-spending he also packs the Key image, derived from his One-time private key (11).

Finally, Bob signs the transaction, using his One-time private key (12), all the public keys (13) and Key Image (14). He appends the resulting Ring Signature to the end of the transaction (15).

A standard Thalos transaction (click to enlarge)

Adaptive limits

A decentralized payment system must not depend on a single person's decisions, even if this person is a core developer. Hard constants and magic numbers in the code deter the system's evolution and therefore should be eliminated (or at least be cut down to the minimum). Every crucial limit (like max block size or min fee amount) should be re-calculated based on the system's previous state. Therefore, it always changes adaptively and independently, allowing the network to develop on it's own.

Thalos has the following parameters which adjust automatically for each new block:

1) Difficulty. The general idea of our algorithm is to sum all the work that nodes have performed during the last 720 blocks and divide it by the time they have spent to accomplish it. The measure of the work is the corresponding difficulty value for each of the blocks. The time is calculated as follows: sort all the 720 timestamps and cut-off 20% of the outliers. The range of the rest 600 values is the time which was spent for 80% of the corresponding blocks.

2) Max block size. Let MN be the median value of the last N blocks sizes. Then the "hard-limit" for the size of accepting blocks is 2*MN. It averts blockchain bloating but still allows the limit to slowly grow with the time if necessary. Transaction size does not need to be limited explicitly. It is bounded by the size of the block.

Block reward

Egalitarian proof of work

The proof of work mechanism is actually a voting system. Users vote for the right order of the transactions, for enabling new features in the protocol and for the honest money supply distribution. Therefore, it is important that during the voting process all participant have equal voting rights. Thalos brings the equality with an egalitarian proof-of-work pricing function, which is perfectly suitable for ordinary PCs. It utilizes built-in CPU instructions, which are very hard and too expensive to implement in special purpose devices or fast memory-on-chip devices with low latency.

We propose a new memory-bound algorithm for the proof-of-work pricing function. It relies on random access to a slow memory and emphasizes latency dependence. As opposed to scrypt, every new block (64 bytes in length) depends on all the previous blocks. As a result a hypothetical "memory-saver" should increase his calculation speed exponentially.

Our algorithm requires about 2 Mb per instance for the following reasons:

  1. It fits in the L3 cache (per core) of modern processors, which should become mainstream in a few years;
  2. A megabyte of internal memory is an almost unacceptable size for a modern ASIC pipeline;
  3. GPUs may run hundreds of concurrent instances, but they are limited in other ways: GDDR5 memory is slower than the CPU L3 cache and remarkable for its bandwidth, not random access speed.
  4. Significant expansion of the scratchpad would require an increase in iterations, which in turn implies an overall time increase. "Heavy" calls in a trust-less p2p network may lead to serious vulnerabilities, because nodes are obliged to check every new block's proof-of-work. If a node spends a considerable amount of time on each hash evaluation, it can be easily DDoSed by a flood of fake objects with arbitrary work data (nonce values).

One of the proof-of-work algorithms that is in line with our propositions is CryptoNight, created by Bytecoin developers in a cooperation with our team. It is designed to make CPU and GPU mining roughly equally efficient and restrict ASIC mining.

Coin specifications

  • Difficulty target 100 seconds
  • Total coins: 18,446,744
  • 12 confirmations per transaction
  • Smooth emission (x21)
  • The default ports are 44441(P2P) and 55551(RPC)
  • No premine because equality is absolute important to us and our drive
  • Equal mining opportunity because of particular algorithm, where CPU and GPU performance are nearly on the same level. It utilizes built-in CPU instructions, which are very hard and too expensive to implement in special purpose devices or fast memory-on-chip devices with low latency.
  • ASIC resistant
  • Resources