Privacy Model
Mechanisms: session isolation, randomized settlement windows, probabilistic batching, and slicing.
Mechanisms
- Ephemeral session ids to decouple UI context from wallet addresses.
- Randomized settlement windows (uniform or truncated normal) to blur timing.
- Probabilistic batching with bin width to increase crowding.
- Intent slicing via Dirichlet weights within minSize constraints.
Profiles
- Fast: minimal jitter; near‑instant settlement.
- Balanced: moderate jitter and batching.
- Stealth: wide windows, slicing, optional mixouts.
Note: On‑chain settlement is public — goal is to reduce trivial correlation, not guarantee anonymity.
Mathematical Model
We minimize expected linkage score \(L\) for an intent given privacy parameters \(p=(w, b, s)\) where \(w\) is jitter window, \(b\) is batch bin width, and \(s\) is slicing factor:
L(p) = α·P(timing|w) + β·P(size|s) + γ·P(counterparty|b)
Coefficients \(α,β,γ\) are calibrated from historical inference attacks. The coordinator samples \(w\) from priors per profile and enforces \(b\) during inclusion; slicing uses a Dirichlet distribution with concentration parameter \(s\).
Parameter Ranges
| Profile | Jitter Window | Batch Bin | Slices |
|---|---|---|---|
| Fast | 0–2s | — | 1 |
| Balanced | 2–8s | 250–500ms | 2–3 |
| Stealth | 8–30s | 500–900ms | 3–6 |
Implementation Pseudocode
function samplePrivacy(profile):
if profile == 'fast': w = U(0,2); b = 0; k = 1
if profile == 'bal': w = U(2,8); b = U(250,500)ms; k = 2..3
if profile == 'stealth':
w = U(8,30); b = U(500,900)ms; k = 3..6
weights = Dirichlet(k, α = 1.0)
return { window:w, bin:b, slices:k, weights }