Technical Info
You don't need to understand how the internals work to use this tech. Most details on this page are for those seeking deeper knowledge. However, be sure to read the Fees section at the bottom.
Sending to a Private Address
When you send funds to your Private Address, they are securely transferred into the RAILGUN Relay Adapt contract. Behind the scenes, this contract functions as an encrypted private ledger structured as a Merkle Tree, which subdivides and isolates all zero-knowledge addresses, including yours, into their respective private balances. This ledger ensures that every token you deposit is individually accounted for using the UTXO (Unspent Transaction Output) model, preventing any commingling of tokens.
RAILGUN’s Merkle Tree is fully anonymised and implemented within the smart contract. For more details about RAILGUN and its contracts, please visit the RAILGUN Documentation.
Sending from a Private Address
Prerequisite Information: On EVM compatible networks like Polygon, Ethereum, and Arbitrum, every transaction incurs a fee known as a gas fee. This transaction fee is required for any change made to the blockchain and must be initiated by a wallet.
(To protect your anonymity during withdrawals, we use advanced cryptographic techniques. These techniques enable an external wallet, known as a broadcaster, to securely submit the transaction on your behalf without revealing your identity. For more details, see the Broadcaster section below.)
Behind the scenes, the first step in withdrawing funds from your private address is estimating the gas fee required to submit the transaction.
After the gas fee is estimated, we calculate the Broadcaster fee by adding a small premium to the estimated gas cost. This premium compensates the Broadcaster for the service of submitting the transaction anonymously on your behalf.
Broadcasters play a crucial role by initiating transactions anonymously. They charge a small fee for their service, which is based on the gas cost plus the additional premium mentioned above.
After that, we utilise zero-knowledge proof technology, specifically the Groth16 Prover. This cryptographic technique generates a proof that verifies that the funds you are sending belong to you without exposing sensitive details to the blockchain for everyone to see. The proof is then embedded in an encrypted transaction for submission.
Finally, by utilising a Broadcaster for anonymity, the withdrawal initiator's address (your address) remains faceless. The previously encrypted transaction is now submitted.
Alternatively, you can use your own wallet to self-sign transactions for your private address without incurring Broadcaster fees. However, we only advise this method for users with already anonymised wallets and a history of good privacy practices. Using a non-anonymised wallet may compromise your privacy. Therefore, we strongly recommend using a Broadcaster to ensure utmost privacy.
How your private address is generated
Note:
There are 2 methods to derive a private address (A) uses a signature for a deterministic recovery (B) uses a random entropy; both methods create a mnemonic which then gets passed into "createRailgunWallet from @railgun-community/wallet", only the private address features of the RAILGUN wallet are used in this project.
Method (A):
The wallet entropy is derived deterministically from the raw signature produced by signing a project-specific message with the user’s private key.
Specifically, the signature bytes are hashed using keccak256, and the resulting hash is truncated to the desired entropy length (128 bits for 12-word mnemonics, 256 bits for 24-word mnemonics).
The truncated hash is converted to a Buffer and passed to entropyToMnemonic (BIP39), producing a mnemonic that fully determines the wallet.
Both the exact signed message and the resulting signature are required; altering either produces a completely different mnemonic and wallet.
Method (B):
We generate a random 128-bit entropy using randomBytes(16) from ethers.
This entropy is converted into a BIP39 mnemonic with Mnemonic.fromEntropy().
The resulting mnemonic is then fed into createRailgunWallet to deterministically create the wallet.
More about the Broadcasters
Broadcaster fees are set by individual Broadcasters, but they are generally around 10% of the total gas price. For example, if your gas fee is $2, your total fee would likely be $2.20 to withdraw. Thus, Broadcaster fees do not increase with transaction size.
The premium covers the operational costs incurred by the Broadcaster submitting the transaction. It ensures that Broadcasters are incentivised to provide their service of initiating transactions for you, maintaining the anonymity and efficiency of the transaction process.
Broadcasters use the Waku Network to broadcast their fees and accept transactions, ensuring user IP addresses remain private compared to using HTTP requests. Importantly, at no point do Broadcasters hold custody of users' funds or confirm transactions themselves. Their role is strictly to transmit encrypted data (derived from the zkSnark process mentioned earlier).
It's crucial to note that Broadcasters lack the capability to decrypt transaction details or modify transaction specifics. Any attempt to alter a private address's transaction information would result in an invalid hash (invalid proof of owning the tokens), indicating an unsuccessful attempt to tamper with the transaction, and resulting in no transaction made. This is because the proof generated earlier is combined with your withdrawal details, encrypted, and securely transmitted to the Broadcaster. Throughout this process, the Broadcaster never gains access to the decrypted proof of ownership.
Our solution utilises a wide range of available Broadcasters, ensuring a robust and decentralised transaction process. In fact, anyone can become a Broadcaster, including yourself. Only one Broadcaster needs to be available for you to withdraw your funds with one. However, in reality, there are many (and that number seems to be increasing) ready to submit your transactions around the clock. This level of decentralisation ensures our operations remain unstoppable and secure.
Last updated