Can a G1 transaction be anonymous?

another question from the FAQ of the new english website build.

i hear that @tuxmain, is quite an expert in this field, and may be interested in answering this question in english, for us to utilise for the english g1 website.

we find the description from the french website to be lacking.
thanks

1 Like

Here is the link of the FAQ item spooncarver is talking about : Une transaction peut-elle être anonyme ?

I feel that we should add more references about how on-chain anonymity can be achieved and what is planned for v2 since it’s a thing we would like to make easier.

1 Like

I’m not an expert at all, just worked on it a bit! :innocent:

Both currently with Duniter V1 and soon with Duniter V2 (as well as in Bitcoin and most of the cryptocurrencies), transactions are all public: everyone knows which account sent which amount to which account. It makes it easy for the network to verify that the monetary protocol is respected, that is we can check whether the transaction’s funds are legitimately owned by the transaction’s issuer.

One can still use a few techniques to improve their anonymity:

  • Use single-use accounts, that are not publicly related to your identity. You can create as many non-member accounts as you want, and tell people to send transactions to these accounts. It may not be perfect and be impractical, but it makes it harder for an attacker to link these transactions to your identity.
  • Use paper “banknotes” or other material tokens, backed by an organization (that exchanges Ğ1 and tokens). Like with state-currency banknotes, the transactions are untraceable, except when exchanging it with real money. However you have to trust a third-party organization or your trade partners. (this technique is mainly used for markets or during short IRL events, mostly because it’s simpler and faster than using a smartphone for each transaction, rather than for the anonymity)
  • Use a “mixer”: a person who receives transactions from many people and give them back the amount they sent (minus a fee) but to anonymous single-use accounts. The big inconvenient is that the mixer knows all your secrets, can blackmail or scam you.

In the future, more robust techniques may be developed:

  • ĞMixer: presentation here. No need to change the blockchain protocol or to use complicated cryptographic stuff. I started the implementation but it has to be redesigned for Duniter V2. I plan to work on it when Duniter V2 is advanced enough.
  • Lightning networks: I don’t know much about it, but it would allow temporarily offline transactions which may enable more anonymity in certain cases.
  • Exchange with anonymous cryptocurrencies: this is technically possible using atomic swap (which is already implemented in Duniter V1), but to be practical it needs to be available on exchange platforms. Duniter V2 will make this easier because it uses a popular framework.
  • Homomorphic encryption: use complicated cryptographic stuff to allow checking whether the transaction is legitimate even if its amount is encrypted. (Grin/MimbleWimble is a cryptocurrency using this) However it may have a big impact on the protocol and add strong constraints. It would need lots of R&D. here is an basic introduction in French

I think I’ll choose the cryptography course at the university (and maybe the cryptography master next year).

4 Likes

this is great.
thanks @tuxmain
would you be ok if we use this, or the majority of this sharing in answer to this FAQ?

as you say, it’s in process… but nice for people to know what their options are.

we can have a look at this more @HugoTrentesaux during next meet up.

2 Likes