Opaque Blockchain

The entire ledger is opaque, individual transactions are cryptographically protected, and the network uses forward-secrecy.

:arrow_up:

Since blockchain advocates highlight the public auditability of blockchain, how does MobileCoin’s principle of opaqueness align with the core blockchain principle of anyone can audit?

1 Like

Hi Asp!,

The MobileCoin Blockchain allows anyone to see that transactions are occurring without revealing the sender, receiver, or amount of the transaction. The sender or receiver can prove ownership of an individual transaction by revealing the transaction view key. A sender or receiver can prove ownership of all of their transactions by revealing their address view key. Without the transaction or address view key, the ledger is just a bunch of encrypted text.

Every block is signed by all members of the consensus quorum and any node can verify the authenticity of these block signatures.

Does that answer your question?

Cheers,
Joshua

4 Likes

Yes. Conceptually. I’m looking forward to seeing it with a block explorer to understand it even better.

1 Like

If the transaction amounts are hidden, how would someone go about double-checking that the amount of coins in circulation has not exceeded the original minting of 250 million coins?

Every transaction has a range proof on the inputs and outputs. All of the enclaves in the networks sign the transactions verifying that the range proofs were valid at the time of validation. The chain of signatures proves that no money has been created or destroyed.

As for how you prove there are 250M, the first block is unsigned and the keys to the first wallet are public so anyone can verify that only 250M coins were created.

2 Likes

Good to see this thread sparking discussion.

Agreed @asp

Here’s an explanation I stumbled on from MobileCoin Foundation on Twitter:

1/ Ultimately it’s the node operators. It would require them to run a new version of code and would likely also require a hard fork.

If the node operators change the code such that the constant for coin supply is no longer 250,000,000 then that would change the total supply.

2/ Because MobileCoin is a privacy-protecting ledger, we don’t know the balance of any transaction thus calculating the total number of coins in the ledger is tricky. We do, however, know that any set of transactions with bulletproofs balance…

3/ Ergo, if you are printing coins, that transaction wouldn’t balance and couldn’t be signed by the consensus system.

This is why the genesis block in MobileCoin is unsigned (and we will be releasing the private keys publicly for the first MobileCoin transaction)…

4/ Using the genesis private keys you can verify that 250,000,000 coins were created, then using only publicly available data in the ledger you can verify that no coins were created or destroyed from that point.

To print new coins would require another unsigned transaction.