Security and Privacy of Transactions

How to ensure your transactions stay private

At its core, Nightfall is a decentralised mixer. It relies a large number of indistinguishable transactions happening, making any particular transaction hard to trace.

This generally works very well, but there are a number of gotchas which you should avoid if you wish to maintain transactional privacy. These are discussed here.

Nevertheless, remember Nightfall is deliberately designed to be decentralised and private, but not anonymous. This is an appropriate approach for a B2B interaction, which is what Nightfall enables. If your goal is privacy and anonymity then this is not the application you are looking for.

Deposit and Withdraw transactions are not private

These interact with an ERC20,721 or 1155 contracts on the underlying public blockchain and thus are not private. Only transfers within Nightfall's Layer 2 are private.

This means that every Deposit or Withdraw risks leaking information about what you are doing. For example if you do the following transactions:

  1. Deposit 3.14159 coins

  2. Transfer privately in Layer 2 to your counterparty

  3. Counterparty withdraws 3.14159 coins

Then someone observing the blockchain could make a reasonable guess about who your counterparty is.

The best way not to leak information is to transaction only in Nightfall's Layer 2 as far as you possibly can. Deposit and Withdraw only infrequently and never with identical amounts.

The fewer the number of transactions, the more information is leaked

If only very few people are using Nightfall, then it becomes easier to guess who is interacting with whom. In the limit of two people, you could at least statistically analyse the average flow of funds between them by looking at their total deposits and withdraws. This quickly becomes much harder if the numbers using Nightfall increase. This is a good reason not to roll your own deployment with Nightfall - use an existing deployment and hide in the crowd.

ERC721 tokens aren't very private by their nature

If I deposit 10 coins and, sometime later, another person withdraws 5, and there have been a number of other transactions between those events, it's very difficult to know if that 5 came out of my 10, or from somewhere else. However NFTs are uniquely labelled and indivisible. Therefore if you deposit an NFT, then if it is ever withdraw, everyone will know the final owner, even if they don't know who any of the intermediate owners may have been while it was transferred around in Layer 2. Consider if you really need to withdraw it. Can it not spend its life in Layer 2?

If you send a transfer transaction directly to the blockchain you can be traced

It's possible to post a transfer transaction directly to the blockchain and have a Proposer pick it up from there, rather than send it directly to one or more Proposers. This is a bad idea for two reasons. Firstly, it costs a lot more gas (>100kGas more) and, secondly, you have to fund that transaction from an account that you own. The funds that you use can be traced on Layer 1 just like any other conventional blockchain transaction. This can allow someone to de-anonymise you in a way you hadn't intended.

It's also worth noting that the Proposer will normally know where the transaction they receive came from (IP address) if it is sent directly to them. They should also know your Ethereum address because they should do an allow-list check before they accept your transaction. This is by design intent. Whilst it's technically possible to anonymise your transaction from a Proposer, if they will accept an anonymous transaction, it's not Nightfall's default behaviour because of the desire to balance KYC with the anonymity.

Last updated