Remark: This work will continue in the new proposal Privacy Version 2
What privacy problem are you solving?
There are 2 main problems that privacy version 2 strives to solve: privacy and performance.
Currently, every Incognito user has a unique public address which they may distribute to other users, who can then send assets (PRV or pToken) to that address via transaction output. This can lead to several security risks as it could enable someone to track your incoming transactions, which goes against what Incognito Chain is trying to do.
In addition, Incognito is a UTXO based ledger. As Incognito does not currently use one-time-addresses, it is possible to decipher addresses based on the number of outputs.
Incognito uses the sigma protocol to ensure transactions cannot be forged. This is complicated and not very efficient.
The implementation of bulletproofs has some limitations. It can be hard to apply optimization techniques to improve performance.
What is the solution?
To address the first problem, the public address is never directly used . Instead, a Diffie-Helman exchange key is applied to create a unique one-time-address for each transaction output. In this way, validators who know all users’ public addresses will not be able to identify which user received any given transaction output. Only the receiver, who can recover the private key with respect to the one-time-address, is able to spend the received output.
One-time-address technique helps to solve the second problem. As no one can identify which user received any given transaction output, a transaction with more than one input will not reveal the real sender.
To boost performance, we aim to integrate Multilayered Linkable Spontaneous Anonymous Group (MLSAG) Ring Signature with the one-time-address technique. The MLSAG Ring Signature will help to boost the performance of the whole anonymization process.
The new implementation of Bulletproofs will also be optimized to significantly improve performance.
Looking at current performance, verification time should improve. We also we hope that transaction size will decrease significantly.
What are the key results?
Deploy on main-net with improvements:
- Decrease a transaction size by 20-50%
- Increase transaction throughput by 10-20%
Who are you?
@hieutran is a cryptography researcher. His research topics are applied cryptography, privacy preservation for outsourced data, and privacy blockchains.
@anpham is a cryptography engineer. He is currently completing his degree at the University of Science, Ho Chi Minh City. His research topics are applied cryptography and searchable encrypted data. He also has experience as a Software Engineer.
Why do you care?
As stated above, the current version is not perfect in terms of security, privacy, and performance. We, as idealist cryptographers, will continue to refine our products till they reach the highest standards.
What’s your plan? What’s your schedule?
The project duration will be 4 months from March 01, 2020, to the end of June 2020. Details are as follows:
|Mar 30||Core cryptographic functions||Done||Local|
|Apr 30||Support all transaction version 2||Doing||Devnet|
|May 30||Backward compatible with all transactions version 1||Doing||Devnet|
|Jun 30||Deploy Testnet||Testnet|
|Jul 30||Deploy Mainnet||Mainnet|
What’s your budget?
|Cryptography engineer||1,000 PRV||2||2,000 PRV|
|TOTAL (x 4 months)||8,000 PRV|
Is there an existing conversation around this idea?
Is there anything else you would like the community to know?
Let us know what you think!