Account hygiene: a practical guide using Incognitee

With the launch of Incognitee for Asset Hub Polkadot, DOT holders now have new ways to enhance their privacy and overall account hygiene. This post serves as a practical guide for a common scenario:

Let’s assume Edward has previously invested in DOT and holds 100,000 DOT in his HODL account. He also plans to put 10 DOT on a new account with an on-chain identity set to his Matrix handle and email.

Edward wants to keep his 100,000 DOT holdings private due to concerns for his physical safety. Therefore, he cannot simply send 10 DOT from his HODL account to his new account, as this transaction would be publicly visible forever.

Before Incognitee, Edward’s only option was to fund his identity account via a centralized exchange withdrawal. However, this approach is problematic because it requires trusting the CEX with his KYC information and temporary custody of his funds. This information may be exposed by hackers in the future, along with a list of used withdrawal accounts.

Thanks to Incognitee, a better solution is now available for Polkadot without relying on trusted intermediaries.

Recipie

Edward takes the following steps:

1. Teleport 112 DOT to Asset Hub Polkadot.
2. Shield 111 DOT to Incognitee L2 sidechain.
3. Wait until acceptable k-anonymity is reached. Monitor the vault account activity on L1!
4. Unshield 10 DOT to his new account.
5. Set on-chain identity or web3name for the new account.

Discussion

Why shield 111 DOT?

During the beta phase, this is the maximum allowed shielding limit. The more individuals who shield the maximum amount, the better the k-anonymity for everyone. It’s essential not to compromise your actions with linkable amounts (for example, shielding 33.753 DOT followed by unshielding everything would likely result in weak anonymity - even if it may still provide plausible deniability).

Why wait before unshielding? How long can this take?

Even if you use popular amounts for shielding and unshielding, you can still leak information through timing. An unshielding event on L1 that occurs immediately after a shielding event with very little action from other users can plausibly link the two accounts.

Incognitee plans to provide k-anonymity indicators and auto-randomization features to help users reach their desired k-anonymity level. The more individuals who unshield the same amounts around the same time, the larger their anonymity set will be.

Why unshield exactly 10 DOT?

Following the same reasoning, it’s in everyone’s interest to use equal amounts, as this increases the anonymity set for all users. It’s best to observe what others do and follow common practices; multiple clusters of amounts (e.g., 10 and 100 DOT) may emerge over time.

Bootstrapping k-anonymity

Whoever wants to help bringing up k-anonymity initially shall follow this recipie:

1. Withdraw 113 DOT from your favorite centralized exchange to a fresh wallet
2. teleport exactly 111.5 DOT to same wallet on Asset Hub
3. shield exactly 111 DOT to Incognitee
4. leave them there
5. do this every now and then
6. convince more people to do so

Also smaller amounts are valuable for overall k-anonymity, i.e. withdraw 13 DOT - teleport 11.5 DOT - shield 11 DOT

Not using a CEX in the process is fine too. Still: the less traces on the input, the better

Even Better Privacy

If you’re serious about maintaining your privacy, consider not unshielding back to L1 at all and instead perform your everyday actions on Incognitee (L2). Staying on L2 guarantees much stronger privacy than just k-anonymity; sender, receiver and amounts remain opaque to everyone except those directly involved in transactions.

What can you do privately on L2?

• Payments: Pay someone faster on L2 with strong privacy guarantees instead of using L1; you can even add private notes like invoice or order numbers.
  • Stablecoins are planned for future development.
  • Vouchers to onboard your friends
• Messaging: Incognitee already allows sending private messages between Polkadot wallet addresses.
• Swapping: This feature is currently under development.
• OpenGov: Delegate your stake to Incognitee and cast your vote privately on L2 (planned feature).

How does it work?

Incognitee is a sidechain based on Integritee’s SDK and leverages trusted execution environments for the integrity of the sidechain and the confidentiality of its state and state-transitions.

announcement: Incognitee — the start of full privacy for DOT | by Integritee Network | Integritee Network | Jan, 2025 | Medium

We welcome your feedback!

This basically means, I need to wait until enough other users have shielded some funds?

Awesome work! I played around a bit with it and it works like a charm. Will do my part and shield more DOT to add to the k-anonymity!

Yeah, it’s about unshielding. Only if enough other people have shielded DOT, your unshielding is hidden under k-anonymity.

I think a treasury proposal would be cool that gives a small incentive to people to shield their DOT, kickstarting the anonymity pool. It’s not perfect, because we can’t enforce that people don’t unshield right after getting the incentive, reducing the pool again, but might still be worthwhile.

“waiting” is not precise. You can observe the shielding and unshielding action in any indexer. Every shielding event is a transfer to this account, every unshielding is a transfer from this account elsewhere:

I’ll add this to the OP

Any plan with wallet integration? That’s the only way to get users. Treasury incentives wouldn’t work.

Absolutely. For now, you can use Incognitee with Nova’s or Subwallet’s dApp browser or on a desktop using any Polkadot signer extension.

We are reaching out to wallet builders for tighter integration and will provide integration guides for the Incognitee API very soon.