Incognito - Reading Assignment

1. Shielding and un-shielding processes work on Incognito via a decentralised group of “trustless custodians”. Existing custodian solutions like Bitgo and Coinbase Custody are centralised, expensive, and in addition, the very nature of centralised custody necessitates the sharing of a user’s private information to third parties. Incognito takes a decentralised approach to custodianship; there are multiple custodians instead of one centralised authority, and anyone can become a custodian by simply supplying a bond. This is accomplished by a smart contract on Ethereum that controls the bonds and runs exactly as programmed. Not only is the Bond smart contract trustless, it also provides real-time processing, as opposed to the multi-day manual process adopted by centralised custodian companies. A fixed custodian fee structure was initially implemented for simplicity’s sake, but this could be further improved by implementing a market-driven custodian fee structure.
2. The privacy technology that Incognito uses for shielded transactions firstly includes a linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. Secondly, they presented a solution to scale out a privacy-focused cryptonetwork by implementing sharding on privacy transactions and a new consensus based on proof-of-stake, the algorithm known as Practical Byzantine Fault Tolerance (pBFT), and Boneh–Lynn–Shacham digital signatures (BLS). Furthermore, transaction throughput scales out linearly with the number of shards. Currently, with 8 shards active, Incognito can handle 100 TPS, and with a full deployment of 64 shards, Incognito can handle 800 TPS. A significantly higher number than that of other privacy blockchains, which usually can only handle less than 10 TPS.
3. If Alice shields BTC with Incognito, then the ‘receiver’ of her Bitcoin transaction is a bonded smart contract member of the decentalised trustless custodian network.
4. Supposing that Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. We find that Bob’s anonymity set is based on the number of shielded and then un-shielded transactions for the same amount of BTC which occurred on the network at that time.

1. Shielding is a process similar to minting; it allows a user to make cryptos private through a decentralized group of trustless custodians.
2. Linkable Ring-signatures, commitment-schemes and ZKRPs (zero-knowledge range proofs or zk-range-proofs).
3. The aforementioned decentralized group of trustless custodians.
4. The anonymity set is equal to the number of shielding TXNs made with the same denomination.

It takes any ERC20 tokens and convert it to a Incognito smart contract.

Incognito employed the linkable ring signature scheme , homomorphic commitment scheme , and zero-knowledge range proofs .

A DEX.

Its anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1. How does “shielding” work on Incognito?

Shielding is the process of turning cryptocurrencies on other cryptonetworks (or “public coins”) into privacy coins.

2. What privacy technology does Incognito use for shielded transactions?

It uses linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

A decentralized group of trustless custodians.

4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)

The anonymity set is equal to the number of all the shielding transactions which were performed for the same amount of that same coin.

1.) shielding and unshielding are carried out via decentralized group of trustless custodians
2.) linkable ring signature scheme, homomorphic commitment scheme, zero-knowledge range proofs
3.) A decentralized group of trustless custodians
4.) The amount of transactions (shielded) for the same amount

1. Shielding on Incognito is essentially a trade of one token for another privacy version of the same token.
2. Ring signatures, stealth addresses, and pederson commitments.
3. One member of a decentralized group of trustless custodians
4. All members of the ring signature are possible senders for the anonymity set, since the transaction amount is hidden in pederson commitments.

1. How does “shielding” work on Incognito?

Shielding and unshielding processes are carried out via a decentralized group of trustless custodians. This is done through the linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

2. What privacy technology does Incognito use for shielded transactions?

It uses the linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

The receiver address will belong to a decentralized group of trustless custodians.

4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)

The anonymity set would be the number of addresses receiving the same amount of BTC that was sent.

1. A group of trustless custodians made possible by the following tech: zero knowledge range proofs, ring signature scheme, homomorphic commitment scheme. with scalable implementations of proof of work, sharding, etc.
2. By using linkable ring signature scheme, homomorphic commitment scheme, and zero knowledge range proofs
3. The decentralized group of trustless custodians
4. The anonymity set is the number of other tx with the same amount of the same coin

1. shielding works by sending your funds to a decentralized group of trust less custodians.

2. linkable ring signature scheme , homomorphic commitment scheme , and zero-knowledge range proofs .

3. a decentralized group of trust less custodians.

4. bobs anonimity set is based on the number of people using the shielding process for the same coin.

1. The shielding mechanism operates via a general bridge design that connects Incognito to any number of cryptonetworks, allowing for secure bi-directional transfers of cryptocurrencies whenever privacy is needed.

2. To provide privacy, Incognito employed the linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. Second, they presented a solution to scale out a privacy-focused cryptonetwork by implementing sharding on privacy transactions and a new consensus based on proof-of-stake, pBFT, and BLS.

3. A decentralized group of trustless custodians.

4. Bob’s anonymity set is the number of shielded transactions performed for the same amount and coin sent before Bob unshielded it.

1. Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians. Once shielded, transactions are confidential and untraceable.

2. Privacy technology used from Incognito for shielded transactions are linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

3. If Alice shields BTC with Incognito, the ‘receiver’ of her Bitcoin transaction is a decentralized group of trustless custodians.

4. When Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount we find Bob’s anonymity set given Incognito uses ring signatures as the number of all decoys used for a given denomination.

1. To obtain privacy coins, the user:

1. Submits a shielding request to the Bond smart contract with information about which public coins they want to shield and the amount.
2. The Bond smart contract selects trustless custodians for the public coins and provides the user the custodians’ deposit addresses.
3. Once the deposit is confirmed on the cryptonetwork of the public coins, the user initiates a shielding transaction on Incognito along with the deposit proof. A deposit proof on a cryptonetwork is often a Merkle branch linking the deposit transaction to the block it is time-stamped in, proving that the deposit transaction has been accepted by that cryptonetwork.

2. linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

3. Trustless custodians

4. Bob uses his private view key to recognize the UTXO being sent to him by scanning all incoming transactions. Once the UTXO is found, Bob is able to compute the one-time private key that corresponds to the one-time public key. Bob can spend the UTXO with his private spend key.
   The transaction data is on the Incognito public ledger. Anyone can see that a new transaction has occurred, but cannot link the one-time public key in the transaction to Bob. If Bob were a merchant, for example, no one would be able to determine that he and Alice are doing business together.

1. Shielding is carried out via a decentralized group of trustless custodians.

2. Linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs.

3. The ‘receiver’ of the BTC public coins is the trustless custodian. The ‘receiver’ of the BTC privacy coins is the actual recipient whom Alice intended to send to. This recipient could compute the one-time private key that corresponds to the one-time public key.

4. By looking up the the transaction data on the Incognito public ledger, it shows input transactions by all the ring signers, where indicate the number of people Bob could have received BTC from.

1.) “Shielding” on incognito works through a decentralized group of trustless custodians and a privacy focused crypto network that implements sharding.
2.) The privacy technology that Incognito uses for shielded transactions is linkable ring signature schemes, a homomorphic commitment scheme, and zero-knowledge range proofs.
3.) If Alice shields BTC with Incognito, the “receiver” of her Bitcoin transaction would be a decentralized and trustless custodian, who will hold the crypto anonymously.
4.) We would find Bob’s anonymity set by looking at the number of possible custodians in the decentralized group, which then transferred the total amount to Bob in the same type of cryptocurrency.

How does “shielding” work on Incognito?

Incognito is effectively a layer-2 privacy solution for multiple popular cryptocurrencies, and achieves this by running a proof of stake network atop these popular blockchains.
This is achieved through a group of decentralized custodians employing, which is validated by over 1,000 validators across 8 shards.

What privacy technology does Incognito use for shielded transactions?

To provide privacy, Incognito uses:

• linkable ring signature scheme,
• homomorphic commitment scheme, and
• zero-knowledge range proofs.

Then to assist with scaling, Incognito implemented:

• sharding on privacy transactions and a new consensus based on proof-of-stake,
• pBFT, and
• BLS.

By implementing these, transaction throughput scales linearly with the number of shards.

If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?

When moving to Incognito, the decentralised group of trustless custodians are the receiver of her Bitcoin transaction.

Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)

The anonymity set in this transaction is equal to the number of people that have interacted with the Incognito protocol.
If Bob were to withdraw the exact amount Alice put into the network, then the anonymity set could be speculated to reduce down to the amount of people who have interacted with the Incognito address for the same amount that Bob pulled out of Incognito. However, if there is a discrepancy here, then the anonymity set is far wider.

1. How does “shielding” work on Incognito? :
   Incognito as a privacy hub. It is interoperable with other cryptonetworks via shielding and unshielding processes , which allow cryptocurrencies like BTC and ETH to go incognito and back.

2. What privacy technology does Incognito use for shielded transactions? : linkable ring signature scheme, homomorphic commitment scheme, and zero-knowledge range proofs. Along with implementing sharding on privacy transactions and a new consensus based on proof-of-stake, pBFT, and BLS.

3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction? : Both shielding and unshielding processes are carried out via a decentralized group of trustless custodians .

4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC) : The anonymity set is between the shielded and unshielded address ; Only One person can receive BTC.

1. On Incognito, “shielding” refers to the process of converting a publicly visible cryptocurrency, such as Bitcoin, into a private, untraceable token that can be used on the Incognito network.

2. This is done using the Incognito Bridge, which allows users to send their publicly visible cryptocurrency to a special address on the Incognito blockchain in exchange for the equivalent amount of private tokens.

3. If Alice shields BTC with Incognito, the receiver of her Bitcoin transaction is the Incognito Bridge.

4. If Bob un-shields the same amount of BTC that Alice originally shielded, his anonymity set would include all other users who have un-shielded the same amount of BTC on the Incognito network. This could potentially be a large number of users, depending on the amount of BTC being un-shielded and the overall usage of the Incognito network.

1- Incognito implements a ‘general’, multicurrency support bridge, so that users can submit a shielding request to a ‘bond smart contract’ informing the coin and amount they want to shield, and using ‘trustless’ custodians for the user to deposit to, and once confirmed, can make shilded transactions inside Inconito network along with the deposit proof (they take Satoshi’s mentioned Simplified Payment Verification model) and a p(coindesired) is minted on a 1:1 ratio.
2- Incognito makes use of [Ring Signature, Homomorphic Commitment, and Zero-Knowledge Range Proofs, mainly.
3- The receiver of Alice’s original BTC is a custodian address (see 1).
4-Bob could have received BTC from any of Incognito’s network participants (addresses), specially the ones that interacted with pBTC. If an observer can check for all transactinos of that type, or in a time range and there isn’t much network acitivity…well, that gets more vulnerable to linkability and other privacy-risks.

1. How does “shielding” work on Incognito?
   Incognito is designed so users don’t have to choose between their favorite cryptocurrencies and privacy coins. They can have both. They can hold any cryptocurrency and still be able to use it confidentially whenever they want. Once shielded, transactions are confidential and untraceable.

2. What privacy technology does Incognito use for shielded transactions?
   To provide privacy Incognito employed the linkable ring signature scheme, homomorphic commitment scheme , and zero-knowledge range proofs .

   Second, they presented a solution to scale out a privacy-focused cryptonetwork by implementing sharding and a new consensus based on proof-of-stake , pBFT , and BLS . Transaction throughput scales out linearly with the number of shards.

3. If Alice shields BTC with Incognito, who is the ‘receiver’ of her Bitcoin transaction?
   A decentralized group of trustless custodians.

4. Suppose Alice shields BTC, sends it to Bob on Incognito, and then Bob un-shields the same amount. How do we find Bob’s anonymity set? (How many people he could have received BTC from?)
   Bob’s anonymity set is related to the number of shielded transactions performed for the same TX amount for the same coin which was sent prior to Bob unshielded it.