RAILGUN Privacy System

RAILGUN’s privacy system is a series of smart contracts that obscures blockchain transaction information from public view. For a cryptocurrency transaction to be private, four identifying details must be hidden:

  1. Sender of the transaction

  2. Recipient of the transaction

  3. Asset that is sent

  4. Amount of the asset that is sent

RAILGUN protects this information for transactions in the system by utilizing Private Balances, that is an anonymous set of funds and users where transactions appear to originate from. These Private Balances is known as an anonymity set as to an outside observer; transactions can be sent by anyone who has contributed funds to the pool.

How private are Private Balances?

The overall level of privacy from Private Balances is a function of:

  1. Total number of unique shield transactions and users.

  2. Total Value Locked in the RAILGUN smart contract.

  3. RAILGUN DeFi transaction and Private Send volume.

Generally, the more Shielded funds, the higher the level of anonymity as links are less likely to be drawn between depositor and asset as there is a higher number of potential depositors to try and attach transactions to. Some consideration must also be paid to token type. For example, Shielding common stables like USDC or DAI will offer greater anonymity vs Shielding some unknown meme token with very few depositors.

However, RAILGUN has additional privacy boosting capabilities due to its support of complex smart contract transactions and Private Sends. Every transaction that takes place (such as a swap on Railway DEX), decreases the likelihood a depositor can be linked to a specific asset or deposit transaction, increasing the level of privacy for all users. As RAILGUN enables trading, you can Shield a small amount of crypto and theoretically trade up to a larger position privately, so the total size of the anonymity set is less of a factor in maintaining privacy in RAILGUN.

This means that privacy in RAILGUN's Private Balances is always greater than other privacy solutions with the same amount of TVL due to increased noise from transactions like Private Sends and swaps.

For more detail on privacy in RAILGUN and some tips to further bolster privacy, check out this article.

Broadcasters and UTXOs

Sitting atop the Private Balances are a network of Broadcasters, which are wallets that pass information to the blockchain and pay gas fees on a user’s behalf. Transactions sent by users appear to originate from Broadcasters and cannot be traced back to a public address.

RAILGUN’s transaction system uses Unspent Transaction Outputs (UTXOs), similar to Bitcoin and Zcash’s spending system. A UTXO represents the right or authorization to spend currency and is implemented in RAILGUN as a Merkle Tree, an organized and encrypted data tree which allows the RAILGUN smart contract to trace ownership and balances through cryptographic proofs. The difference here is that RAILGUN’s Merkle Tree is completely anonymized and held in the smart contract.


At its core, RAILGUN is low-level infrastructure with a SDK (Software Development Kit) for protocol integrations of private smart contract transactions and a private wallet. Users have a public on-chain address, that is a 0x address and an obfuscated RAILGUN address which begins with a 0zk. Transactions sent from 0zk addresses are completely private and appear on blockchain scanners (like Etherscan) as originating from a Broadcaster address. Identifying details are hidden at all stages of the process by encryption through zk-SNARK proofs.

Last updated