Hey problem solvers, here’s a tricky one.
To improve the shielding user-experience, we’re researching whether it’s possible to deploy fixed deposit addresses, unique to each user payment address - without compromising privacy. This could mean no more shielding time-outs, no more duplicate-use headaches, etc.
As you can imagine, there are many things to consider and some issues to circumvent, so we’d love to have your input on the best way to do this.
Here’s some context.
The current flow (rotating shielding addresses):
-
There are currently multiple temporary rotating addresses used for every new batch of shielding requests.
-
There’s an amount of ETH reserved for gas fees in each wallet, which proceeds to call requests to the Incognito smart contract. We rotate these temp wallets among user requests to make sure gas fees are sufficient. There are 2 actions executed at this time –
-
Approve: to verify whether the token is ERC-20 or something else.
-
Deposit: to send users’ tokens from the temporary address to the Incognito smart contract, and keep it safe there.
This works well from a privacy standpoint, but suffers when it comes to real-life ease of use. Some users get nervous when addresses expire, and sometimes delays do happen - either due to gas fee volatility, issues with depositing from crypto exchanges, and so on. That’s why we started exploring ideas on how to implement fixed shielding addresses unique to each user (per payment address).
Possible new flow (fixed shielding addresses):
-
A new temporary shielding address will be generated for each payment address, fixed only for that payment address, and will never change.
-
ETH gas fee will only be provided to that temp address once our system verifies and confirms the receipt of users’ tokens. It might be a good deal higher than the current gas fee paid, as we would need to make sure that the request to our smart contract is processed successfully.
-
Instead of expiring after 2 hours, this new fixed temp address will expire in 24 hours. Once expired, users just need to retry it on their own, and will be able to do so easily in the app.
-
If a user makes a new shielding request, that same fixed address will be given, as it now belongs to that payment address.
Disadvantages of this idea:
-
Time to complete the transaction will be 5-10 mins slower than it is now, as our system needs to continually ensure a sufficient amount of ETH is provided to cover gas fees, in order for this to work well. If gas fee requirements suddenly increase due to congestion on Ethereum, transactions could be pending for a while.
-
This implementation has privacy drawbacks, and could impact decentralization. Since shielding transactions require funds transfer from external public chains, if a temp address is fixed to a certain payment address, someone else could theoretically figure out whose address it is, and could possibly track how much that user deposits to Incognito.
This is obviously not ideal, and we are unwilling to compromise user privacy, so…
What do you think?
Help us explore how to improve user experience without costing their privacy. Our team is actively researching in this area to find a solution that fulfills both usability and privacy requirements, but there’s probably something we haven’t thought of – so please do share your ideas!