Incognito - Reading Assignment

Read this explainer on Incognito, one of the first projects to use a ‘side-chain’ approach to privacy. You might click on some links to get more detail as needed. Answer the questions and post your answers below:

  1. How does “shielding” work on Incognito?
  2. What privacy technology does Incognito use for shielded transactions?
  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
  1. Shielding on Incognito is a process that allows to take cryptos and make them private through a decentralized group of trustless custodians which employ a number of techniques (linkable ring signatures, commitment schemes and zk-range proofs) to allow untraceability and confidentiality.
  2. As mentioned above, it uses linkable ring signatures, commitment schemes and zk-range proofs, which are all privacy-oriented technologies.
  3. A decentralized group of trustless custodians.
  4. Its anonymity set is equal to the number of all the shielding transactions which were perfomed for the same amount of that same coin.

1.The shielding mechanism operates via a general bridge design that connects Incognito to any number of cryptonetworks, allowing for secure bi-directional transfers of cryptocurrencies whenever privacy is needed. This means any coin can now be a privacy coin. This approach is especially helpful for creating interoperability with cryptonetworks that do not support smart contracts. It provides privacy by use of linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. To scale out network performance, its implemented sharding, pBFT, and proof-of-stake.

2.linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. To scale out network performance, its implemented sharding, pBFT, and proof-of-stake.

3.A decentralized group of trustless custodians.

  1. To provide [privacy ] Incognito use linkable ring signature scheme , homomorphic commitment scheme , and zero-knowledge range proofs . So its anonymity set is equal to the number of all the shielding transactions which were perfomed for the same amount of that same coin.
1 Like
  1. How does “shielding” work on Incognito?

    Carried out via a decentralized group of trustless custodians. Once shielded, transactions are confidential and untraceable. To provide privacy, they employed the linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

  2. What privacy technology does Incognito use for shielded transactions?

    The linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs

  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

    A decentralized group of trustless custodians.

  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)

    Its anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

2 Likes
  1. Incognito as a privacy hub. It is interoperable with other cryptonetworks via, which allow cryptocurrencies like BTC and ETH to go incognito and back.
  2. Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians . Once shielded, transactions are confidential and untraceable. To provide privacy Incognito employes the linkable ring signature scheme , homomorphic commitment scheme , and zero-knowledge range proofs .
  3. A decentralised group of trustless custodians.
  4. It is the numbr of the persons that transferred the same amount of the same coin
1 Like
  1. This is carried out via a decentralized group of trustless custodians. Once shielded, transactions are confidential and untraceable. To provide privacy, they employ the linkable ring signature scheme, homomorphic commitment scheme and zero-knowledge range proofs.
  2. See point 1 : commitment schemes, zero-knowledge range proofs and linkable ring signatures.
  3. The « receiver » will be a decentralised group of trustless custodians.
  4. Its anonymity set is equal to the number of all the shielded transactions which were performed for the same amount of that same coin.
1 Like
  1. The “shielding” works in 3 steps. 1st you “shield” your ‘AnyCoin’ with a Incognito ‘Trustless Custodians’ that will mint the same amount of ‘pAnyCoin’ to you 1:1 assuring Fungibility,
    then at 2nd step you can use/transact/invest/trade/stake “as a privacy-coin” your shielded ‘pAnyCoin’, and “as a privacy-coin” Incognito means it ‘shields’ the values and both the sender and the receiver with proven privacy technology. Then 3rd step you can “unshield” your ‘change’ amount of ‘pAnyCoin’ burning them and receiving back your remaining amount of ‘AnyCoin’ from the Incognito ‘Trustless Custodians’ .
  2. Ring Signatures: Shielding Sending Addresses
    Stealth Addresses: Shielding Receiving Addresses
    Confidential Transactions: Shielding Transacted Amounts, Bulletproofs are short non-interactive zero-knowledge proofs designed to enable efficient confidential transactions, with no trusted setup required.
  3. some ‘Trustless Custodian’
  4. all people having bigger or equal amouts of ‘BTC’ at the BTC network ,
    or perhaps a lower “anonymity set” of
    all people having bigger or equal amout of ‘pBTC’ at Incognito network
1 Like
  1. It is beeing done thanks a decentralized group of trustless custodians. Once shielded, transactions are confidential and untraceable. To provide privacy, they employ the linkable ring signature scheme, homomorphic commitment scheme and zero-knowledge range proofs.
  2. The linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.
  3. A decentralized group of trustless custodians.
  4. Its anonymity set is equal to the number of all the shielded transactions which were performed for the same amount of that same coin.
1 Like
  1. How does “shielding” work on Incognito?
    Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians .

  2. What privacy technology does Incognito use for shielded transactions?
    To provide privacy, they employed the linkable ring signature scheme , homomorphic commitment scheme, and zero-knowledge range proofs.

  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
    The receiver address belongs to a decentralized group of trestles custodians.

  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
    The anonymity set is the set of people who shielded the same amount of BTC before Bob unshielded the transaction.

1 Like

1- Shielding is a process that allows cryptocurrencies like BTC and ETH to go incognito and back.
First, they proposed a solution to shield any cryptocurrency such as BTC, ETH, and USDT. In effect, any cryptocurrency can now be a privacy coin. Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians. Once shielded, transactions are confidential and untraceable.

2- Linkable ring signature scheme, homomorphic commitment scheme and zero-knowledge range proofs. Second, we presented a solution to scale out a privacy-focused cryptonetwork by implementing sharding on privacy transactions and a new consensus based on proof-of-stake, pBFT, and BLS. Transaction throughput scales out linearly with the number of shards.

3- Decentralized group of trustless custodians.

4- Its anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1 Like
  1. How does “shielding” work on Incognito?

    • By wrapping an external coin within a “bond” smart contract. These are then pegged 1 to 1. So with shielding and unshielding you mint and burn a coin that represents your locked up external coin on the incognito network.
  2. What privacy technology does Incognito use for shielded transactions?

    • Ring Signatures (shielding sender)
    • Stealth Addresses (shielding receiver)
    • Confidential Transactions (shielding amount)
  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

    • A trustless custodian
  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)

    • The amount of addresses receiving the same amount of that coin that was sent.
1 Like
How does “shielding” work on Incognito?
  1. Shielding request submitted with token type, amount
  2. Tokens get deposited in trustless custodians on the native token chain
  3. Shielding transaction initiated in Inconito with the deposit proof
  4. Deposit Proof is verfied by Incognito validators
  5. New privacy coin versions of the token are minted 1:1
What privacy technology does Incognito use for shielded transactions?
  • Ring signatures using historical UTXOs as decoys to obscure the real input
  • Stealth addresses to shield outputs
  • Confidential Transactions (Pederson Commitments with Bullet Proofs) to shield amounts
If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

A “Custodian” assigned by the Bonding Contract that exists in the BTC network. This is another user who has bonded collateral to register as a Custodian service provider in exchange for receiving shielding and un-shielding transaction fees.

Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
  • Because everything, including amounts, is shielded inside Incognito the only info that is known is what is recorded in the BTC blockchain
  • Since everything is visible in BTC all the addresses and amounts sent to Incognito are known, and so are the amounts and addresses withdrawn to
  • This implies the anonymity set of a BTC withdraw transaction with Incognito is all the deposit transactions of the same value that happened at blocks before the withdraw. This could be narrowed down slightly by eliminating deposits that happened far enough in the past.
1 Like
  • How does “shielding” work on Incognito?
    Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians.

  • What privacy technology does Incognito use for shielded transactions?
    linkable ring signature scheme , homomorphic commitment scheme , and zero-knowledge range proofs .

  • If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
    A decentralized group of trustless custodians.

  • Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
    The anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1 Like

1. How does “shielding” work on Incognito?
On Incognito, “shielding” works by collateralizing your cryptocurrency in exchange for a private version of the same crypto within Incognito’s network. The exchange is possible by the use of custodians who also collateralize crypto for the opportunity to be a custodian (at 150%).

2. What privacy technology does Incognito use for shielded transactions?
Incognito uses the privacy tech of zkp, homomorphic commitments, and ring signatures for shielded transactions.

3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
The ‘receiver’ of Alice’s Bitcoin transaction within the shielding process is a group of trustless custodians.

4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
In order to find Bob’s anonymity set, we’d have to calculate the number of all shielded transactions during that same time span. We can’t calculate the denominations as Incognito uses Confidential Transactions.

1 Like

1, you create a decentralised group of trustless custodians which use techniques like ring signatures and zk range proofs
2.ring signaures, zk range proofs and commitement schemes
3.a decentralised group of trustless custodians
4.the anonymity set the number of transactions for the same coin and the same transaction

1 Like
  1. How does “shielding” work on Incognito?
    Submitting the “real” (unshielded) crypto asset to a trustless custodian, and obtaining the shielded version of the asset.

  2. What privacy technology does Incognito use for shielded transactions?
    Ring signatures, stealth addresses and ZK range proofs.

  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
    A custodian.

  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
    Analyzing the deposits made on the public BTC custodial address (trying to filter by time and TX amount).

1 Like

Q1: Shielding on incognito lets you take cryptocurrencies and make them private by a decentralized group of trust less organizations that use techniques like linkable ring sigs, commitment schemes and zk proofs.

Q2: linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. To scale out network performance, its implemented sharding, pBFT, and proof-of-stake

Q3: Decentralized group pf trustless custodians

Q4: Anonymity set is the total number of all shielding TXs performed at the same amount of that same coin

1 Like
  1. Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians .

2.To provide privacy , we employed the linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

  1. A decentralized group of trustless custodians.

  2. Its anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1 Like
  1. How does “shielding” work on Incognito?
    Shielding is a process that allows cryptocurrencies like BTC and ETH to go incognito and back.

  2. What privacy technology does Incognito use for shielded transactions?
    Linkable ring signature scheme, homomorphic commitment scheme and zero-knowledge range proofs. Second, we presented a solution to scale out a privacy-focused cryptonetwork by implementing sharding on privacy transactions and a new consensus based on proof-of-stake, pBFT, and BLS. Transaction throughput scales out linearly with the number of shards.

  3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
    Decentralized group of trustless custodians.

  4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
    Its anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1 Like
  1. One sends a shielding request to a smart contract. The contract chooses decentralized trustless custodians and it provides their deposit address. One sends public coins (BTC, ETH, BNB, etc) to the deposit address and, once confirmed, receives a deposit proof. With the deposit proof one can initiate a shielding transaction. The deposit proof verifies that the coins exist on the network (BTC, ETH, BNB, etc) and one is issued private coins on a 1:1 ratio with ones deposit.

  2. (a) linkable ring signatures

    (b) homomorphic commitment scheme

    © zero-knowledge range proofs

  3. The “receiver” of the shielded BTC is a bonded trustless custodian.

  4. If it is known that Bob is receiving previously shielded BTC, Bob could have received BTC from all people having at least that amount of pBTC at the time he received it.

1 Like