Incognito mode for Ethereum

Incognito is a privacy blockchain. This post presents the fully decentralized Incognito-Ethereum bridge that allows anyone to send, receive and store ETH/ERC20 tokens with complete privacy. Our team would love to get everyone’s feedback on the bridge design and implementation.

READ THE FULL PAPER HERE.

Our team will be at Devcon next week to if you want to connect and chat in person.

Thanks!

ec4181f%20(1)

4 Likes

Is this just a two-way atomic swap system, with the Incognito blockchain itself supporting ZK transfers internally?

3 Likes


re: atomic swap system

it’s actually a two-way relay bridge that lets you transfer assets from ethereum to incognito and vice versa. when someone converts ETH to pETH (private ETH), they aren’t swapping their asset with someone else’s. instead, ETH is locked in a smart contract and new pETH is minted on incognito. When the pETH are burned (to maintain a 1:1 ratio), the locking contract on ethereum will verify the validity and unlock it upon submission of burn proof.

for example, you can convert 1000 “public” DAI (on ethereum) to 1000 “private DAI” pDAI (on incognito) via ethereum -> incognito relay. once you have 1000 pDAI, on the incognito chain, you can send 500 pDAI to alice privately, send 300 pDAI to bob privately, and then convert the remaining 200 pDAI back to “public” DAI whenever you want via incognito -> ethereum relay.


re: support ZK transfers internally

yes, but not just that, incognito makes private transactions run fast too.

on the client side, incognito implements ZK proof generation for android and ios (so users can generate ZK proof under 15s right on their phone).

on the blockchain side, incognito implements a full-sharded architecture (based on to omniledger). currently on the testnet, incognito is running with 1 beacon chain and 8 shards (32 nodes per shard). we hope to scale it to 64 shards (with 100 nodes per shard) in november.

READ THE BRIDGE DESIGN

READ THE BRIDGE CODE

READ THE ZKP FOR MOBILE CODE

let us know what you think!

6 Likes

The most interesting/challenging part of sidechains is always the part of brining assets back to Ethereum.

Effectively ETH/tokens here are held in a “m/n” multisig. What is your strategy to find the right validators? Will there be any form of “slashing” of validators for malicious behaviour?

The proof is only considered valid when more than ⅔ of the current number of validators have signed it. On the Ethereum side, the list of validators is stored and continually updated to mirror Incognito’s.

Have you explored schemes where the correctness of state transitions of the side-chain is validated on Ethereum?

In any case - cool project! Everything that helps to bring privacy to Ethereum is very welcome and much needed!

2 Likes

What is your strategy to find the right validators?

On Incognito, validators are chosen using PoS (the stake is in the native coin ‘PRV’). Validators are randomly shuffled every epoch (approx every few hours) to prevent collusion. These validators are authorized to sign a proof to bring the asset back to Ethereum when an equivalent amount has been burned on Incognito.

Will there be any form of “slashing” of validators for malicious behaviour?

Once a validator produces a burn proof, that proof will be included in a block and verified by the other validators in a committee. If a burn proof is rejected by the committee and deemed malicious, it will not be included in a finalized block. We’re currently considering a reasonable slashing mechanism in the event of malicious behavior, to be implemented probably in the next milestone.

Have you explored schemes where the correctness of state transitions of the side-chain is validated on Ethereum?

This is pretty similar to the “unlocking” scheme mentioned above. Once a new list of validators is proposed, validators in the current committee will sign on a “SwapConfirm” proof (this process happens periodically). The signed proof will be submitted to and verified by the Ethereum smart contract. The contract always holds a list of the last committee’s public keys, so it’s easy to validate the correctness of state transitions and make sure its committee is up to date with Incognito’s.

Our team is at Devcon. Happy to chat more about the bridge as well as use cases of privacy tokens.

3 Likes

If Ethereum will be supporting “incognito mode” (e.g., aztec, zk rollup), it is less valuable to have a zk-enabled side chain, as it is less secure, carries less assets, and thus offers a lower degree of privacy.

I agree with your comment, but what about the network speed. Will the zkp implementation for ethereum slow down the network?

Martel tree like Bitcoin?

Hi, @stvenyin haven’t got to which comment do you argue?)

Hi Everyone!
I would like just highlight that trust-less bridge to Ethereum is live and you send ETH and ERC20 assets privately.

Please try it out and share your feedback!

on iOS
on Android

Hi, Can you explain how an Ethereum contract can do this properly?

1 Like

hi @hadv! here is the smart contract that handles committee updates. let me know if you have any questions. happy to jump on a video call or telegram chat to discuss in depth about the implementation too (not sure if ethresear.ch is the best place to discuss about implementation). my email is duy@incognito.org and my telegram is t.me/duy_incognito

1 Like

So we need to call contract frequency to update the latest committees, right?

1 Like

hey @hadv. yes, the current committees on incognito sign & send the list of new committees to the smart contract every incognito epoch, which is about 400 blocks or ~4.5 hours.

the incognito-ethereum bridge v1 has been live since november 2019. it has shielded over $2M worth of ETH and ERC20 tokens. i would say it’s pretty solid and battle-tested at this point. we’re working on incognito-ethereum bridge v2.

1 Like

Hey guys !

FYI: The bridge was upgraded and migrated to a new smart-contract

Hey guys! Happy to share our latest achievements :raised_hands:

Yesterday we released Incognito mode for Kyber Network (on mainnet) Thanks @duy & @loiluu for support :pray:

kyber

Privacy for smart-contracts

Earlier this spring we’ve shared research about how privacy for smart-contracts works.

Find how to trade anonymously on Kyber →


Hey guys! Haven’t shared updates for a while, one more Dapp went Incognito. For this integration we also utilized pEthereum Implementation.

Announce

Tutorial

Looking forward for your feedback.

1 Like