The problem of traceability and linkability
Privacy is the most important aspect of Incognito. Two properties which a privacy chain must satisfy are as follows:
-
Untraceability: for each incoming transaction all possible senders are equiprobable.
-
Unlinkability: for any two outgoing transactions it is impossible to prove they were sent to the same person.
Currently, Incognito only satisfies the untraceability property. The payment address is used directly to receive assets in each transaction. Therefore, anyone can monitor all incoming transactions belonging to a person.
One-time Address
To satisfy unlinkability property, the payment address must never be used directly. Instead, a unique one-time payment address (OTA) is used for each transaction output to be sent to a person.
Let’s consider a simple transaction payment from Alice to Carol.
- Alice wants to send a payment to Carol and Alice knows Carol’s payment address.
- Based on the payment address, Alice generates a unique one-time address for this transaction (a Diffie-Hellman-like exchange is applied to generate).
- Alice creates and sends a payment to this OTA.
- Carol checks every passing transaction with his private key and confirms which transaction send to him.
- Only Carol can recover the one-time private key to use this payment later.
Because the OTA is unique for each transaction, the unlinkability is satisfied for every private transaction in Incognito Chain.
Privacy for pDEX
Currently, to guarantee the privacy for pDEX transactions, temp addresses are introduced to hide the real identity of senders. This solution suffers two issues: 1) must use centralized accounts controlled by Incognito wallet; 2) take a longer time to finish the transaction.
OTA will solve these issues as follows: