Every time a new transaction is created, the wallet will take a look of all the bills received in the past by everybody, and pick 15 of them. Mix them with ours, and broadcast the transaction using a very special kind of cryptographic signature which says: “I can prove that one of these bills is the real one, but without telling you which one”.

That way, when you take a look at the transaction on the list, it looks like every transaction involves 16 bills that were received at some moment in the past by someone on a one-time address, so we’re pretty lost.

You can already see that this is not super perfect privacy but it’s pretty good. You could make guesses, and there are some ways in which this set of 16 can be narrowed down, but you’ll almost never be able to say with 100% certainty which one is the true bill being spent.

The trade-off is that we’re writing down 15 fake bills on every transaction, which takes more space on the list, and a bit of extra power to verify. That’s the reason we’re not using 100 or 10,000 bills in our ring signature. In the future, there are ideas to use a newer, different kind of math that could hide every bill in between all of the bills ever received. It’s still less battle tested, but that would be the final solution to this problem.

As a side note, we need to be clever in the way we choose which bills to use in the ring, otherwise it’d be very easy to spot the true one.

◄ Previous / Next ►