Ok, there's layer 1: the Xnode protocol
- nodes communicate with one another using an end-to-end encrypted protocol, so that anyone who intercepts their messages can't decipher them.
- nodes communicate directly; they don't use any trusted third parties or central servers. Therefore there's no one point of failure or attack.
Layer 2: an ad hoc meshnet
- when you make a private payment, the first thing that happens is that your app sets up a network with a bunch of other nodes that are making payments at the same time as you.
- this network exists only for the duration of the transaction, and thus has no permanent infrastructure that can be attacked.
- since this network is a mesh, it does not encounter problems if nodes drop out of the network during the transaction. Thus it's robust against DOS attacks (i.e when a node refuses to sign, which breaks other technologies, like CoinJoin).
Layer 3: trustless mixing
- when you make a private payment, a transaction is built up between all the nodes in a meshnet.
- they pass the transaction around in a very clever way (analogous to Coinshuffle) in order to send coins to their intended destinations on behalf of other nodes.
- once the transaction is ready, each node checks that its own coins are going to the right destination, and if all is in order, the node signs the transaction.
- the signing is done in a very clever way so that no node knows which other node's coins they're forwarding.
- the coins are forwarded to their destination from a different address to the one that a forwarding node receives them on, so that there's no link on the blockchain between sender and receiver.
- if there's a problem then a node will refuse to sign. This makes the whole transaction unable to be processed, and thus no node can steal the coins that it's forwarding on behalf of another node.
- when this occurs, the nodes are able to reverse the passing-around procedure and discover which node caused the trouble. This node gets kicked off the mesh, and the transaction proceeds as per usual.
Layer 4: multipath
- when you make a private payment, the coins aren't sent in one go, but in fragments, making it impossible for anyone to tell how much you actually sent.
The ways in which all this is private:
- multipath conceals the amount you send or receive.
- mixing conceals the sender and the receiver.
- the trustless nature of the mixing ensures that nodes can't steal coins and that they can't know whose coins they're forwarding.
- the Xnode protocol ensures that nobody can decipher any of these messages in the first place.
- in addition, using the XC TOR Stick conceals your IP address.
- and, finally, when we add stealth addresses to XC, then when someone pays you, not even they will discover the address you receive the payment on, and so you don't have to trust them to keep private the address that your coins are on.
Basically, there's nothing else to make private after all this. The entire thing is concealed; none of your personal information is given away. So it's 100% privacy.
Awesome explanation, thanks!