Nik Bougalis, a cryptographer, software engineer and lead of the C++ team at Ripple, has published a proposed method for enhancing the privacy of transactions on the XRP ledger.
In his Github post on March 30, Bougalis focused on the destination tags that are assigned to transactions made between wallets provided by exchanges or third-party providers — also known as hosted wallets.
Bougalis argued that these destination tags present a potential privacy risk for users, which could be overcome through his proposed system of “blinded tags.”
Blinded Tags
Any transaction made between hosted wallets on the XRP ledger involves two types of tag: a source tag, which indicates to which user has initiated the transaction, and a destination tag, which indicates to whom the transacted funds are to be sent.
On a cryptocurrency exchange, the source tag (i.e. wallet address) can remain constant or variable (depending on users’ individual choice), but the exchange generates a unique destination tag for each transaction.
Destination tags, in their current form, are unsigned 32-bit integers — meaning that there exists over 4 billion possible unique combinations that can be used to create each tag. At present, these 4+ billion combinations are sufficient to enable exchanges to generate a unique destination tag for each user — and perhaps for the foreseeable future, Bougalis says.
Yet the issue is not the finitude of possible combinations, but rather the privacy challenges that destination tags pose, as an attacker could feasibly correlate transactions by isolating the “{ address, tag } pair as a unique address corresponding to a single customer.”
One way to surmount this problem would be to use a system of so-called “blinded tags” — tags that are, in Bougalis’ outline, “mutated in such a way that it is meaningful only to the sender and the recipient of a transaction, but appears random to everyone else.”
The method proposed by Bougalis is intended, he says, to be “secure, minimal, and performant”:
“Ideally, it should be possible to implement tag blinding as a single function call that does not noticeably increase the time necessary to assemble a transaction. Similarly, using a blinded tag should not make it significantly harder for the intended recipient to process a transaction.”
Privacy-oriented developments
Last spring, Ripple’s Xpring joined the firm behind privacy-focused altcoin Zcash (ZEC) to invest in Bolt Labs — a crypto payments startup aiming to develop a more anonymous second-layer protocol that could be added to existing cryptocurrency networks.
This March, Cointelegraph reported on the potential of using trustless privacy technology in combination with zero-knowledge proofs (Zk-SNARKs) to bolster anonymity even further.