When the users use their wallets to send money, basically what they’re doing is using their keys to sign a message and sent it to a node so it can broadcast it to the miners, and the one that finds the block gets to write that new transaction into the list.
That sounds all perfect, but there’s a problem. Nodes need to write down three things so a transaction makes sense: who is sending, how much is sending, and who is receiving.
We already have an idea to hide the receiver using disposable addresses. Can we use the same trick to hide the senser? Nope. It’s one thing to use a anonymous dropbox where I can put stuff in and I don’t care who comes later with a key to open and empty it. And we could decide that we don’t care to know who’s sending when we’re sending, as long as they’re sending something. It means that we don’t need to write down the address of the user sending, but we do need to write down which virtual bills are being sent. The things is, we need a way to hide which specific bills we’re sending so no one can guess who’s the owner of such bill, based on who received it in the first place.
This is a very tricky and sticky problem. The way we can solve this in Monero (at least for now) is to write down the real bill in the transaction, but also write other bills as a decoy. It’s not an absolutely bulletproof solution, but it gives users plausible deniability.
We can use ring-signatures.