found some weakness on address reuse we need to get rid of that
Hi @bingo, thanks for your feedback.
We are also aware of this weakness. We have planned to improve the shielding flow: the user can shield tokens into Incognito completely privately and securely.
Not only using the one-time shielding address for each shielding request but also hiding the user’s Incognito address. It makes sure the shielding requests are unlinkable. It means, no one can know who is shielding as how much total amount of token which someone has shielded.
The technical details and timelines for the improvements will be presented later. The main idea is using the one-time seed instead of the fixed payment address for generating the one-time shielding address, and the payment address will not be revealed in the shielding request.
Thank you again for your interest in our project. We are always trying to make Incognito more and more private.