We need to come up with a system to pick which bills to use in every ring signature.

Picture a literal pool full of the bills that everybody has. Every bill has a fake name written on it, so if we look at them we don’t know who the owners are, unless it’s us (with our fake names), of course. Now we need to send our bill to someone in an envelope, but we’re worried that the mailman, will open the envelope, and see whose bill that is.

That’s why we’re hiding the bills we send in between other bills received by others, so we should come up with a logic to pick those bills from the total pool of bills. If that logic is predictable, it’s worthless. Anyone can discard the decoy bills with ease. The most obvious idea would be to pick them randomly. But real randomness is really hard. And worse, if we achieved perfect randomness, it would be worse. Why? Because real life is not totally random. You don’t wake up one day and the sky is neon green, or you grew an extra arm during the night, or people in the street are walking backwards. There’s a pattern to life overall, and there’s certainly patterns of how people use money. Therefore, if we make the selection of decoy bills too randomly, the real bill sticks out.

So how does normal use of money look like? well, it looks like a curve a bit leaning to the right. On the extreme left we have the oldest bill sent (created), and at the extreme right we have the newest. Most bills that are send again are somewhat new, but not super new.

Why’s that? Imagine someone that receives the bill as a salary for their work. If he or her hasn’t spent that bill in 4 years, is it more likely that spent it tomorrow, or save it for 1 more year? Same if payday was today. Is it more likely that that new bill is spent again in the next 5 minutes or in the next week? Those are the patterns of real life. So our algorithm should be random enough that the picks are not predictable, but weighted towards picking more often bills in the middle of the curve. We cannot discard the rest altogether, or we wouldn’t be protecting those long term savers or incontinent spenders, but they’re not the majority.

If we’re already protecting the sender and the receiver, there’s one more big thing we need to hide: the amount.

◄ Previous / Next ►