How is ETH/ERC20 private if receiving address is always the same?

BPSPQR · 13 July 2021 17:54

For any incoming ETH or ERC20, the address is always the same. If you sending in any tx, how is that address not completely public because of the sending addresses?

Silvercap718 · 14 July 2021 23:57

Transactions inside the incognito environment are Anonymous. When shielding and unshielding the address is public knowledge.

BPSPQR · 20 July 2021 06:04

Right, but the depositing address is always the same for ETH/ERC20. Shouldn’t a new address be generated every time you attempt to shield? Why is ETH the only chain that does this with incognito?

Mike_Wagner · 20 July 2021 14:45

Tempestblack · 21 July 2021 02:55

Thanks, @Mike_Wagner for reposting that string…been a minute since I had read it…was good getting caught up about it and oh yes thank you to @duc and the dev team for the work they did on this matter…

BPSPQR · 22 July 2021 18:30

So if the ETH shielding address is always the same, couldn’t a 3rd party connect all the incoming and outgoing wallets/txs from that address? Or am I missing something?

Mike_Wagner · 22 July 2021 21:42

Transactions on a public blockchain are and always will be public. Nothing about Incognito – or any other privacy protocol – changes that.

Once funds have been received into the Incognito network, those transactions are private. Trades, transfers, mints/burns are all private. Addresses of senders and receivers is not public. You cannot determine the amount of any pToken an Incognito address holds.

As for the shielding address – the linked article notes the current implementation (aka “medium term”) is not permanent. One of the many initiatives the devs are working on will see the removal of these static addresses in favor of direct transfers from public blockchains. This is part of the extensive decentralization of the network. I believe it is expected this will also include the use of one-time addresses for shielding addresses.

For unshielding – when you shield 5 ETH to an Incognito shielding address, these funds then move to a vault address. When you unshield – even the “same” 5 ETH, in this example – the transaction will be sent from an address distinct from your shielding address and distinct from other unshield requests.

Were you to use a separate and distinct address for receiving transactions from Incognito, it would be hard, bordering on difficult to impossible, to prove the transaction(s) belong to you. If you then send those funds from that address to a known public/KYC address of yours, analysis would reveal the connection. But if the funds are never mingled on an address that has NEVER – now, in the past or in the future – received funds from a public/KYC address connected to you, those funds will remain relatively unknown on the public blockchain.

Another method someone could employ to connect transactions from either side of Incognito would be through transaction amounts. Watch the list of recent transactions on the incscan.io. You may see a lot of transactions of the same or nearly same amount - say 0.05 ETH or 1 LTC, etc. It is hard to distinguish between the inflow/outflow of those transactions. However a transaction of 1000 BTC – due to the large monetary value involved – or say 1.574326719 ETH – due to the statistically “unique” amount – would be easy to connect, when those amounts are used for both transactions.