Incognitee: Privacy enhancements for Polkadot

The Dotsama ecosystem is highly transparent nowadays. The information, who is transacting with whom and how much, who you nominate, how you vote is publicly visible to anyone. While this does have its advantages when it comes to accountability, it is not a sound setup for everyday actions.

The inherent linkability of everything that happens on transparent blockchains prohibits a wide range of use cases — or would you really want to disclose personal identity attributes on i.e. KILT in order to gain access to a certain service, if you know that this information can be linked back to your original DOT presale participation and trading history? Or your votes on a controversial topic on any other parachain, linkable through XCM? Follow the money and you’ll be able to retrieve a lot of personal sensitive information way beyond token balances.

Because of transaction fees, you can’t just start with a new account out of nothing. You need a minimum amount of tokens in order to get active on Dotsama chains — and most blockchains in general. This means you have to send funds from an existing account to your new one. Thereby, you’re linking all future events back to that original account with very weak deniability. You can use centralized exchanges to make it harder to link both of your accounts by following the money. But the linkable information then resides on that exchanges’ servers and is subject to arbitrary access by their employees or, occasionally, hackers.

Main Value Proposition of Incognitee

Privacy is a concern for many existing or to-be users in web3, yet this requirement is critically underserved in Dotsama as of today. We believe that privacy of individuals should be protected by default.

With privacy protection comes the requirement of compliance - at least from the mainstream perspective. Incognitee aims to become the privacy-preserving platform for the masses and offer an alternative to big tech surveillance. Compliance will greatly increase our potential adoption. Moreover, TEEs have a freely programmable design space to define the rules of privacy and when to disclose what to whom, selectively. This is a USP of our technology that simply can’t be achieved with pure cryptography.

Scalability: Privacy tech too often comes at the cost of scalability. With our TEE-validated sidechains, we have developed very powerful execution layers that can scale horizontally. Our current estimates go beyond 1Mtps for simple transactions of crypto assets.

History of Incognitee

Status Quo

The technology is already developed and MVP-feature-complete and a public testnet has been launched on Rococo and has already produced > 600’000 blocks every second. Campaigns for public testing and bug bounties are imminent.

Future Plan

We propose a multi-staged approach to get from our feature-complete testnet to a production-ready deployment on Polkadot and Kusama that can serve the whole ecosystem.

2024

  • Stage 1: Battle-Test the Basics
  • Stage 2: Some Privacy (Kusama)
  • Stage 3: Better Privacy (Kusama)
  • Stage 4: More Assets (Kusama Asset Hub)
  • Stage 5: Better UX
  • Stage 6: Audit
  • Stage 7: Rollout (Polkadot)

2025

  • Stage 8: Compliance through governance of selective disclosure to law enforcement

Details

In the following, we will explain the proposed stages in more detail.

Stage 1: Battle-Test the Basics

The first incarnation will be a functional sidechain for transactions of KSM tokens on Kusama only. No privacy will be available at this stage. In order to foster trust in our technology, we will start with a transparent deployment that allows all users to query the inner workings of the sidechain. This also allows us to rescue funds based on balance snapshots if necessary.

Moreover, we will only allow to shield limited amounts. This is a precaution in the beta phase against both loss and legal issues. Limits are set high enough to endow accounts and be active, but low enough to hinder money laundering once we switch on privacy.

From a user perspective, we will only offer a command line client for power users at this stage.

Stage 2: Some Privacy

We will switch to a first privacy-enhancing mode. From now on you can only query your own account’s state along with some public information like sidechain block height.

Stage 3: Better Privacy

In order to protect privacy further, we will provide tooling to assist tuning k-anonymity to obscure the trail left by amounts and timing from shielding to unshielding.

Stage 4: More Assets

At this stage, we will open our sidechain to all fungible assets on Kusama Assethub. This means you will be able to transact stablecoins as well as all other tokens on Kusama parachains that are available on Assethub.

Stage 5: Better UX

Our sidechain API will be compatible with js/api json-rpc at this point and integrate well with established wallets. This may involve upstreaming our authentication procedure for queries, so we will be looking for collaborations with wallet teams to make private transactions as smooth as can be.

Stage 6: Audit

The solution should be audited by a professional team to make sure we can operate it without concerns on Polkadot to offer it to a wider audience.

Stage 7: Rollout

Finally we would also roll it out to Polkadot and its Assethub to make all assets available on our Privacy Sidechain.

Stage 8: Compliance through governance of selective disclosure to law enforcement

We shall allow law enforcement to request selective disclosure of certain data concerning certain accounts. A governance process needs to be specified that ensures due audit of such requests. We will seek community feedback as well as legal opinions on the requirements for compliance. After these questions are clarified, we may be able to lift amount limits for shielding transactions.

3 Likes