We’ve seen privacy protocol evolve over the last couple of years. Zcash helped anonymize ZCASH tokens but was restricted to anonymizing only the native tokens, narrowing its scope of functionality. This limitation imposed substantial opportunity costs on its users, who missed out on the potential gains from other crypto activities like staking, liquidity pooling, or lending.
Then we had Tornado Cash which expanded this scope by allowing the anonymization of Ethereum within its shielded pool but still faced constraints in terms of broader token utility. Protocols that aim to broaden this scope of utility with privacy such as Namada, Penumbra, and Panther are still in development but Nocturne just went live on mainnet. You can use it to transfer, swap, or stake as of now.
In the above diagram, I’ve mapped how a fresh user would get started with using Nocturne and complete a swap.
Users on Nocturne can use Stealth Addresses that create unique, one-time-use addresses to transfer. This uses a dual-key mechanism with a viewing key for transaction traceability and a spending key for both tracing and fund management. The viewing key can be derived from the spending key but not vice versa, creating one-time stealth addresses linked to the user’s account but appearing random to outsiders without the viewing key.
To maintain privacy, encrypted transaction data is stored in the form of Notes within Commitment Trees ensuring privacy while maintaining verifiability. These commitments are recorded in a Merkle Tree for cost-efficient and private proof of transaction inclusion. As with most other privacy protocols, Nocturne uses a variation of the UTXO model used by ZCash, the Multi-Asset UTXO model, to include a diverse set of Assets within its shielded pool. Notes are similar to UTXOs, whenever a Note is spent, a new Note is created, nullifying the previous Note.
The JoinSplit mechanism, on the other hand, combines or divides Notes to obscure information further, especially in cases where multiple inputs and outputs are required for a more complex swap or transaction.
I believe we’ll see privacy protocol evolve further, enabling more complex, atomic defi transactions such as transacting across different blockchains, flash loans, and leveraged trading while preserving user privacy.