Incognito v2 is a full stack solution to privacy
Incognito is a stand-alone blockchain-agnostic sidechain for private transactions and apps. Founded in 2018 by CEO, Duy Huynh, who is also the founder of Constant. Huynh did not want to disclose employee salaries when he was paying with Ethereum-based stablecoins.
“No one wants to show their bank statements to the entire world,” — CEO Duy Huynh
Incognito is a privacy ecosystem.
It’s not a single privacy coin, it’s a place you can go to use any of your favorite cryptocurrencies privately.
It’s not a mixer, it’s a layer of privacy that protects you while you’re in it.
Simply shielding and then unshielding your crypto right away does not benefit your privacy. Incognito provides privacy for your crypto while you use it on-chain. When you unshield, you’re sending your crypto to a public blockchain and removing it from the safety of Incognito’s privacy.
But what is that privacy, exactly?
Let’s take a look at just how you’re private with Incognito, and in what ways we’re going to increase our level of privacy in the near future.
Privacy levels
Here’s how we’ll be assigning levels of privacy to things in this topic:
Public — Bitcoin-level privacy. Nothing is tied to your actual identity, and Incognito does not use KYC or identity verification. However, your pseudonymous addresses are visible and so are the coin type and amounts.
Semi-private — Parts of the function are completely anonymous, and more so than with, say, Bitcoin, but some data are still visible.
Completely private — Total anonymity. Nothing links to your pseudonymous addresses, let alone your actual identity.
For visible data, check the network explorer .
To access the open-source code, visit the GitHub .
Transaction types
Before we look at privacy, we need to understand the transactions that take place on the network. There are three kinds, and every Incognito function relies on some combination of them:
1. Mint
A command that creates a new coin on the Incognito blockchain. Since the coins are native to the privacy network, we’ll call them privacy coins (pCoins) from now on.
Minting a pCoin is a public transaction. Coins must be minted to an address, and that address is visible, as is the number and type of coins. As you’ll see later, however, there are ways to privately use mint transactions.
2. Burn
A command that destroys a pCoin. Burning a pCoin is a public transaction. The amount and type of coin are visible.
3. Transfer (send<>receive)
A single transaction that is responsible for both sending and receiving. pCoins leave one address and appear in another.
In a transfer, the sender’s address is not visible, and neither is the amount of currency being transferred. The type of currency and the receiver’s payment address are visible for the time being.
Your receiving address is made up of 64 bytes, the first 32 of which are your public key, the last 32 of which are your public view key.
Privacy protocols
The above three kinds of transactions are the foundational functions of many blockchains. They are how chain data is created, so by necessity they cannot be private on their own.
To create privacy, there are a number of techniques that can be used together. Below is a look at some of the techniques Incognito uses.
Stealth addresses — Generates proxies to act as forwarding addresses, hiding the true sender.
Ring signature — Uses decoys and randomness to obscure the true spender of a transaction.
Confidential transactions/Pedersen commitments — Uses randomness to hide transaction amounts.
Homomorphic commitment — input commitments of a transaction are grouped, as are output commitments. Signers validate a zero-sum between them rather than actual amounts.
Bulletproofs/Zero-knowledge range proofs — Proves that transaction amounts are positive without revealing the amounts.
You can find a more detailed look at these protocols in Sending Cryptocurrencies Confidentially .
Relevant GitHub links:
pBFT (consensus)
Random Number Generation (in BTC package)
RingCT
Confidential Assets
Zero Knowledge
Coming privacy upgrades
Privacy can always be improved and expanded. We’re developing multiple new features that will increase the scope of privacy.
One-time addresses (OTA) — Creates single-use receiving addresses to hide the receiver in a transaction.
Confidential assets (CA) — Hides the type of cryptocurrency in the transaction by using randomness to categorize assets with blinded asset tags instead of unique identifiers.
Viewing key — enables user-controlled distributed access to encrypted balances.
Hardware wallet integration — Takes the Incognito wallet offline.
You can find our detailed plans in the 2021 Privacy Roadmap .
Privacy level of app features
Now that we understand the types of transactions and the techniques for ensuring privacy, let’s look at each of the Incognito app’s features and see how private they are.
Shield
Semi-private
”(Your non-Incognito address) sent (bridge custodial address) 1 BTC.”
” 1 pBTC was minted to (temporary proxy address).”
” Someone sent some pBTC to (your receiving address).”
Transaction types used: Transfer, Mint
When you shield crypto by sending it to your Incognito address, the blockchain you’re leaving records all kinds of data, including the sending and receiving addresses.
The temporary address receives the shielded crypto, mints privacy versions of the same coins, and sends them to you.
Thanks to the use of the temporary address, the crypto is not minted directly to your address, enabling a semi-private transaction.
The third-party blockchain doesn’t know your true Incognito address, but your receiving address is still visible on the Incognito blockchain until OTA and CA are implemented.
Unshield
Public
”(Someone) sent some pBTC to (bridge custodial address)“
”(Bridge custodial address) burned 1 pBTC.”
”(Bridge custodial address) sent (your non-Incognito address) 1 BTC.”
Transaction types used: Transfer, Burn
When you send your coins out of the Incognito network, they are no longer private. Just like with shielding, the other blockchain will record the sender and receiver.
The custodial address receives your pBTC, burns them, and releases an equal amount of standard BTC to the non-Incognito receiving address.
Incognito provides privacy for actions taken from within the network. It is not meant to be used as a mixer, and simply shielding and unshielding your crypto won’t do much for your privacy.
Send<>Receive
Completely private, semi-private
”Someone sent (the receiving address) some amount of BTC.”
Transaction types used: Transfer
Send
When you send crypto between two Incognito addresses, the sender is completely anonymous.
No data is recorded about the sender’s address or identity. The amount of crypto sent/received is also unknowable.
Receive
The receiver’s address, consisting of public key and public view key, and the asset type (PRV, BTC, ETH, etc) are recorded.
Your receiving address is like your house address. No one can enter your home without a way to unlock the door (your private key).
Once OTA and CA are implemented, an onlooker can only see that “someone sent something to someone else“.
Trade
Completely private
”Someone sent some PRV to (intermediary address).”
”(Intermediary address) burned 0.05 PRV.”
”(Intermediary address) minted 1 pUSDT.”
”Someone sent some pUSDT to (your receiving address).”
Transaction types used: Burn, Mint, Transfer
When you sell on the pDEX, the pCoins you sell are burned, and a record of the type and amount are kept on the blockchain. That record is called a “liquidity pool”.
Then, when someone buys the same type of pCoins you sold, new pCoins are minted, and the total of the liquidity pool is adjusted accordingly.
This is the same process for providing/withdrawing liquidity. However, since Mint and Burn transactions are public, an intermediary step was introduced to ensure your privacy.
When you sell your pCoins, they are sent to an Incognito address for that liquidity pool. You as the sender remain anonymous. Then they are burned from that address. The pCoins you purchased in that trade are then minted to the intermediary address, and transferred to you.
As a result, all anyone can see is that you received some amount of a pCoin. From whom is unknowable, and it’s not linked to a trade in any way. And yet simultaneously, all relevant market/trading data can be recorded without linking to you at all.
Once OTA and CA are introduced, even the fact that you received some amount of pUSDT will be unknowable.
Mint
Public
”1000000 ExampleCoin were minted to (your address).”
Provide/Withdraw
Completely private, semi-private
”Someone sent some PRV to (intermediary address).”
”(Intermediary address) burned 5000 PRV”
”(Intermediary address) minted 1000 PRV.”
“(Your receiving address) received some PRV.”
Transaction types used: Burn, Mint, Transfer
Using the “Provide” feature and providing liquidity to the pDEX manually both follow the same process as trading, and have the same level of privacy.
When you deposit, you as the sender are anonymous.
The actions of the intermediary address burning and minting are not related to your transfers.
When you withdraw, it functions like a receive transaction, so your receiving address is visible. This will change with OTA and CA.
Power (Nodes)
Public
”(Node address) burned 1750 PRV.”
”1750 PRV was minted to (node address).”
”9.9 PRV was minted to (node’s receiving address).”
Transaction types used: Mint, Burn
When you stake a node, you are burning 1750 PRV and it is recorded (so you can unstake later). Unstaking your node mints 1750 PRV to your node’s address.
Withdrawing your node’s block rewards is also a mint transaction, however, once OTA is introduced, a forwarding address will be used to transfer block rewards to you, and as the receiver you will be anonymous.
Quest
Semi-private
”(Your receiving address) received some QUEST/Prize.”
Transaction types used: Transfer
When you receive QUEST tokens or a prize from the prize wheel, it’s just like receiving any other cryptoasset in a send<>receive transaction, because all prizes are currently held in master wallets so they don’t need to be minted.
As the receiver, your address will be visible, as well as the fact that you’ve received a prize or QUEST.
Keychain
Completely private
*static noises *
Transaction types used: None
This is a local function of the app. Any actions you take in viewing, managing, and backing up your keys do not interact with the blockchain at all, and are restricted to the device you’re using to access the app.
Note: This is why it’s important to back up your private keys.
While the Keychain tab is a local and therefore private feature, your keys themselves have varying levels of privacy:
Private key: Private. Do not share with anyone.
Public key: The first half of your receiving address, which is visible until a future update.
Public view key: The second half of your receiving address, which is visible until a future update.
Readonly key (private view key): Private. Grants access to the details of your trades and transactions. Share only with people you want to give that information to.
Validator key: Used to assign an account to a Node, share only with someone you trust to set up/manage a Node for you. If you manage your own, do not share.
For more details on keys, see different keys explained .
Browser, Community, and Explorer
Completely private, variable
*silence *
*browser cookie noises *
Transaction types used: None
The pApp browser is the engine used to access the Privacy Quest, the Community tab, and the Explorer tab. It’s a search engine, and can be used to visit websites.
It’s completely anonymous with regard to your Incognito app and addresses.
Websites do use cookies and various forms of logging, so be aware that your device may be logged by the websites you visit as if you were using a regular browsing app.
Settings
Completely private
*Invisibility noises *
Transaction types used: None
Just like the Keychain tab, this is a local function of the app that has no interaction with the blockchain.
Building total privacy across the board
You can already enjoy total anonymity when doing just about anything with Incognito.
Incognito’s semi-private features are still much safer than transacting on a public blockchain, because there’s less data visible, and what is visible doesn’t link to your identity (no KYC, no ID verification).
But, we’re not stopping at anything short of total privacy and security across the board (and we won’t even stop then).
[Ongoing] Privacy Version 2
Objective:
Launch privacy v2
Length:
3 months
Key results:
- Ship one-time address
- Ship Multilayered Linkable Spontaneous Anonymous Group (MLSAG) Ring Signature
- Ship Confidential Assets
- Decrease transaction size by 20%-50%
- Increase transaction throughout by 10%-20%
Detail Schedule:
June:
- Continue to integrate with pDEX (1–7 Jun)
- Refactor and Optimized source code to decrease transaction size and increase transaction throughput (7–14 Jun)
- Integrate with Portal (15–30 Jun)
July:
- Deploy Privacy ver 2 (without Confidential Asset) to Testnet (1–30 July)
- Implement Confidential Asset (1–30 July)
August:
- Deploy Confidential Asset to Devnet (1–15 August)
- Deploy Privacy ver 2 (with Confidential Asset) to Testnet (15- 30 August)
Note:
- Github: https://github.com/incognitochain/incognito-chain/tree/dev/privacy-v2-ota
- MLSAG: https://web.getmonero.org/resources/research-lab/pubs/MRL-0005.pdf
- Confidential Asset:https://tlu.tarilabs.com/digital-assets/confidential-assets/MainReport.html , https://blockstream.com/bitcoin17-final41.pdf
Look for more privacy upgrades in the near future, and let us know what features you want to see next!
Donate coffee Incognito address: 12RqQEjWofkEMeMdUUhEzGzX6zbxbSJdNMGMxUzREzFbgw1DDF7rstMRBcJisUjuzpEZVkSQCqshyQutanoJR7uNaV6LMEHmWdRppj5
