RAILGUN Privacy System

RAILGUN’s privacy system is a series of smart contracts that obscures blockchain interaction information from public view. For a cryptocurrency interaction to be private, four identifying details must be hidden:

  1. Sender of the interaction

  2. Recipient of the interaction

  3. Token that is sent

  4. Amount of the token that is sent

RAILGUN protects this information for interactions in the system by utilizing Private Balances, that is an anonymous set of tokens and users where interactions appear to originate from. These Private Balances are known as an anonymity set as to an outside observer; interactions can be sent by anyone who has contributed tokens to the pool.

How private are Private Balances?

The overall level of privacy from Private Balances is a function of:

  1. Total number of unique shield interactions and users.

  2. Total Value Locked in the RAILGUN smart contract.

  3. RAILGUN DeFi interaction and Private Send volume.

Generally, the more Shielded tokens, the higher the level of anonymity as links are less likely to be drawn between depositor and token, as there are a higher number of potential depositors to try and attach interactions to. Some consideration must also be given to token type. For example, shielding common stables like USDC or DAI will offer greater anonymity vs Shielding some unknown meme token with very few depositors.

However, RAILGUN has additional privacy boosting capabilities due to its support of complex smart contract interactions and Private Sends. Every interaction that takes place (such as a swap on Railway DEX), decreases the likelihood a depositor can be linked to a specific asset or deposit interaction, increasing the level of privacy for all users. As RAILGUN enables trading, you can Shield a small amount of crypto and theoretically trade up to a larger position privately, therefore the total size of the anonymity set is less of a factor in maintaining privacy in RAILGUN.

This means that privacy in RAILGUN's Private Balances is always greater than other privacy solutions with the same amount of TVL due to increased noise from interactions like Private Sends and swaps.

For more detail on privacy in RAILGUN and some tips to further bolster privacy, check out this article.

Broadcasters and UTXOs

Sitting atop the Private Balances are a network of Broadcasters, which are wallets that pass information to the blockchain and submit gas on a user’s behalf. Interactions sent by users appear to originate from Broadcasters and cannot be traced back to a public address.

RAILGUN’s transaction system uses Unspent Transaction Outputs (UTXOs), similar to Bitcoin and Zcash’s spending system. A UTXO represents the right or authorization to spend currency and is implemented in RAILGUN as a Merkle Tree (accumulator), an organized and encrypted data tree which allows the RAILGUN smart contract to trace ownership and balances through cryptographic proofs. The difference here is that RAILGUN’s Merkle Tree is completely anonymized and held in the smart contract.


At its core, RAILGUN is low-level infrastructure with a SDK (Software Development Kit) for protocol integrations of private smart contract interactions and a private wallet. Users have a public on-chain address, that is a 0x address and an obfuscated RAILGUN address which begins with a 0zk. Interactions sent from 0zk addresses are completely private and appear on blockchain scanners (like Etherscan) as originating from a Broadcaster address. Identifying details are hidden at all stages of the process by encryption using zk-SNARK proofs.

Last updated