DittoBox

📝 Project Description

😎 Idea

• I've always been fascinated by the concept of anonymity in blockchains, with various methods available to achieve it.
• Privacy-focused blockchains like Monero and widely-used networks like Tornado Cash, which is based on anonymity sets or zero-knowledge proof solutions, provide near-perfect privacy for both parties in a transaction.
• However, they require specialized tools or come at a higher cost than direct transfers, leaving a gap between expensive, complex solutions and non-private transfers.
• Recently, Vitalik published an article titled "An Incomplete Guide to Stealth Addresses," which provided missing pieces of a simple yet effective solution for anonymous transactions, at least for the receiving party.
• Inspired by this idea we decided to create a user-friendly tool utilizing stealth addresses. We chosen Optimism, Base, Mode and Zora as the initial network for its implementation due to its fast and affordable transactions.

📺 Background & Context

• The problem that DittoBox is tackling is the lack of privacy in blockchain transactions. While blockchain technology offers transparency and immutability, it also exposes transaction details, including sender and receiver addresses. This lack of privacy poses risks for individuals and businesses, as their financial activities can be tracked and potentially linked to their real-world identities.

• Privacy is a fundamental aspect of financial transactions. Without privacy, users are susceptible to various risks, including:

  • Identity exposure: When transactions are conducted openly on a blockchain, it becomes possible for observers to connect transactions with specific individuals or businesses. This can lead to the loss of financial privacy and potential targeting or surveillance.

  • Financial profiling: Analyzing blockchain transactions can enable third parties to build detailed profiles of individuals and businesses, including their spending habits, income, and financial relationships. This information can be used for targeted advertising, discrimination, or even extortion.

  • Security vulnerabilities: Repeatedly using the same address for receiving funds on a transparent blockchain can make users vulnerable to hacking or phishing attacks. Attackers can analyze transaction history to identify patterns, monitor account balances, and exploit weaknesses in security.

  • Business competition: Companies conducting transparent transactions may inadvertently reveal sensitive financial information, such as sales volume, supply chain relationships, or partnerships. Competitors could exploit this information for their advantage, compromising the competitiveness of businesses.

  • Compliance concerns: Certain industries, such as healthcare or finance, require strict privacy regulations. Transparent blockchain transactions may conflict with these regulations, leading to legal issues or non-compliance penalties.

• The importance of tackling this problem lies in the preservation of financial privacy and the protection of individuals' and businesses' sensitive information. By offering a user-friendly solution for anonymous transactions through stealth addresses, DittoBox aims to empower users with greater control over their financial privacy and mitigate the risks associated with identity exposure.

✒ What it does

• DittoBox uses an elliptic curve key pair, with its public part serving as a DittoBox ID (base58-encoded) a meta-address not tied to any actual blockchain address.
• Users can generate multiple DittoBox IDs, storing the key for future use. They can then receive funds by sharing only their DittoBox ID, without any additional blockchain-related information. The sender calculates a stealth address using the recipient's DittoBox ID, creating a new, unpredictable stealth address for each transfer. This address is derived from the receiver's public key (their DittoBox ID) and an ephemeral private key generated by the sender.
• The sender then sends a transaction to the Registry contract with their ephemeral public key, transferring funds to the precalculated stealth address simultaneously. The receiver monitors new keys published to the Registry contract, attempting to construct a private key (and corresponding stealth address) using their DittoBox ID's private part. If the resulting address contains funds, it's the stealth address where the funds were sent.
• The receiver can then obtain the stealth address's private key and use it in any wallet software or transfer funds directly from the website to another party, exchange, or cold wallet. If the receiver doesn't withdraw funds to their personal address, the connection between them and the sender remains hidden.
• Stealth addresses could even function like Bitcoin UTXOs, potentially leading to wallets that utilize them in this manner.

☄️ Value Proposition

• Enhanced Privacy: DittoBox utilizes stealth addresses, allowing users to receive funds without revealing their real addresses. This provides a significant level of privacy for individuals and businesses, ensuring that their financial activities are shielded from prying eyes.

• User-Friendly Solution: DittoBox aims to be accessible and user-friendly for both power users and non-power users. The generation and usage of Ditto IDs and stealth addresses are designed to be simple and intuitive, enabling a wide range of users to adopt and utilize the solution without technical complexity.

• Affordability and Speed: DittoBox is built on the Optimism, Base, Zora and Mode Blockchain, chosen for its fast and affordable transactions. By leveraging this blockchain, DittoBox offers users the benefits of privacy without sacrificing transaction speed or incurring high fees commonly associated with other privacy-focused solutions.

• Bridge the Gap: DittoBox fills the gap between expensive and complex privacy solutions, such as Monero, and non-private transfers on transparent blockchains. It provides an intermediate solution that offers a significant level of privacy without the need for specialized tools or high costs.

• Wide Applicability: DittoBox's privacy solution can be applied to various use cases. It can benefit individuals who want to keep their financial transactions private, businesses that need to protect their financial information, and anyone concerned about the risks associated with revealing their identity during transactions.

• Market Differentiation: DittoBox stands out in the market by offering a unique approach to privacy in blockchain transactions. While other solutions rely on heavy computations or complex methodologies, DittoBox simplifies the process with stealth addresses and Ditto IDs, making it more accessible and user-friendly.

👥 Intended Users

• The intended users of DittoBox would be anyone who values privacy in their transactions and wants to keep their identity hidden. This could include individuals who want to keep their financial transactions private, businesses that want to protect their financial information, or anyone who wants to avoid the risks associated with revealing their identity in a transaction.
• DittoBox is designed to be user-friendly for both power and non-power users, making it accessible to a wide range of people.

⚔ Challenges

• The main challenge was designing the best possible user experience, which we believe the current implementation achieves.
• Another challenge was signing and sending withdrawal transactions without using the connected user wallet. We resolved this by creating a custom-built transaction broadcasted via public RPC URLs, which works effectively.

☄️ What's next?

• Currently, DittoBox only supports native coin transfers (FIL). However, adding support for tokens and NFTs would greatly enhance its utility. We are considering implementing relayer nodes to mint and sell notes as tokens (or NFTs) in exchange for covering user fees on transfers.
• This approach allows users to maintain their anonymity while using note tokens to request relayers to cover fees and pay for transactions. Competition between relayers could help keep transfer fees reasonable.
• Expanding DittoBox to other EVM chains is relatively simple, thanks to FVM's compatibility. I'll also explore cross-chain transactions, potentially using a third-party bridge. Additionally, gas optimization in the Registry contract and its interaction with the receiving side can be improved.
• Obtaining a legal opinion on DittoBox's regulatory compliance would be beneficial. However, since the Registry is on the blockchain and the code is available on GitHub, funds will remain accessible even if the website is shut down.
• Future UX improvements include notifications for funds received on new controlled stealth addresses and a mobile app (although the website is mobile-friendly). The possibilities are endless!

💻 Implementation

• We have started with a standard Hardhat project and added essential methods to the Registry contract. To enhance credibility, we intentionally avoided making the contract upgradeable, as there's no on-chain governance currently. If an upgrade is needed, we'll deploy a new version and provide client-side support.
• Next, we developed the UI/UX using React and TypeScript, focusing on a simple yet elegant design for both power and non-power users.
• Initially, we used ether.js for blockchain interactions, but later discovered the wagmi library, which streamlined the process.
• The elliptic library handled the complex math involved with elliptic curves, and both libraries featured TypeScript typings, making them a joy to work with.
• Tools Used: Solidity, Hardhat, Optimism, Base, Mode and Zora Blockchain, React, Typescript, Wagmi and Metamask.