Homomorphic Encryption: Math on Locked Boxes
🔒
The Innovation: Do math on encrypted balances without ever decrypting them. Your balance stays private. Forever. Even the blockchain never sees it.
What Problem Does It Solve?
The Challenge:
Blockchain needs to:
✓ Verify transactions (amounts valid)
✓ Update balances (addition/subtraction)
✓ Ensure no double-spending
But WITHOUT revealing:
✗ Account balances
✗ Transaction amounts
✗ Any private informationThe Solution: Homomorphic Encryption
- ✅ Math happens on encrypted data
- ✅ No decryption ever required
- ✅ Privacy never broken
- ✅ Blockchain can verify without seeing amounts
The Simple Analogy
Locked Safe (Regular Encryption)
You have $500 in a locked safe
Someone sends you $100
Normal way:
1. Open safe (decrypt) → See $500
2. Add $100 → Now $600
3. Lock safe again (encrypt)
Problem: When safe is open, anyone can see $500
Privacy: ❌ BrokenFor DERO:
- Balance is always encrypted (safe always locked)
- Math happens on the encrypted number
- Safe never opens
- Blockchain never sees actual balance
How It Works
The Encryption Flow
The Setup:
Private key: x (your secret)
Public key: P = x × G (everyone can see this)
Generator: G (elliptic curve point - public constant)Encrypting an Amount
From Source Code (cryptography/crypto/algebra_elgamal.go):
// Encrypt 100 DERO:
// 1. Pick random number 'r'
// 2. Calculate Left: L = 100×G + r×P
// 3. Calculate Right: R = r×G
// 4. Ciphertext: E(100) = (L, R)
// Result: Looks like random elliptic curve points
// Network cannot determine the amount| Step | What Happens | What Network Sees |
|---|---|---|
| 1. Pick random 'r' | Generate random number | Nothing |
| 2. Calculate L | L = 100×G + r×P | Random elliptic curve point |
| 3. Calculate R | R = r×G | Random elliptic curve point |
| 4. Result | E(100) = (L, R) | Random points (no amount visible) |
The Magic: Homomorphic Operations
Addition & Subtraction on Encrypted Data:
The Math:
E(a) = (L₁, R₁)
E(b) = (L₂, R₂)
Addition:
E(a) + E(b) = (L₁ + L₂, R₁ + R₂) = E(a + b)
Subtraction:
E(a) - E(b) = (L₁ - L₂, R₁ - R₂) = E(a - b)
The encrypted result is STILL encrypted!
No decryption needed at any step!🔐
Mathematical Guarantee: Based on elliptic curve discrete logarithm problem - same security assumption as Bitcoin. 256-bit security level.
Transaction Flow: Alice → Bob
Alice sends 100 DERO to Bob:
What Happens at Each Step
Initial State
Alice's balance: E(500) = (L_a, R_a)
Bob's balance: E(200) = (L_b, R_b)
Transfer amount: 100 DEROComparison: Traditional vs DERO
Balance Storage
| Aspect | Traditional Blockchain | DERO Blockchain |
|---|---|---|
| Account | alice.eth | dero1qy... |
| Balance shown | 500 ETH 👁️ Public | E(???) 🔒 Encrypted |
| Everyone sees | Exact amount | Random bytes (66 bytes) |
| Only owner sees | Same as everyone | Actual balance (with private key) |
| Privacy | ❌ Zero | ✅ Complete |
| Balance lookup | Instant (public) | Instant (encrypted) |
The Difference:
- Bitcoin/Ethereum: Your balance is like your bank statement posted on a billboard
- DERO: Your balance is permanently locked in a safe only you can open
Blockchain Architecture Comparison
| Feature | Bitcoin/UTXO | Ethereum (Account) | DERO (Account + Encrypted) |
|---|---|---|---|
| Model | Outputs | Accounts | Accounts |
| Privacy | Ring sigs | ❌ None | ✅ Encrypted |
| Smart Contracts | ❌ Limited | ✅ Yes, public | ✅ Yes, private |
| Confirmations | Slower | Fast | Fast |
| Balance Lookup | Scan chain | Instant | Instant + private |
DERO = Ethereum's simplicity + Privacy coin encryption 🎯
Real-World Applications
1. Instant Balance Queries
Traditional Privacy Coin:
1. Download entire blockchain
2. Scan all transactions
3. Calculate balance from history
4. Wait minutes to hours
Result: Slow, requires full syncDERO:
1. Query encrypted balance from node (66 bytes)
2. Decrypt with your private key
3. See balance instantly
Result: Instant, no chain scanning needed2. Private Token Systems
How It Works:
Key Points:
From Source Code (dvm/dvm_functions.go:80):
// Issue tokens to user
Function IssueAsset() Uint64
10 SEND_ASSET_TO_ADDRESS(SIGNER(), amount, SCID())
// Sends without knowing user's current balance - homomorphic!
End Function
// Result in user's wallet:
User's token balance: E(1000) ← Encrypted, only user can decrypt
User's DERO balance: E(500) ← Also encryptedTraditional tokens (ERC-20): Balances public in contract
DERO tokens: Balances encrypted in user wallets, transferable peer-to-peer
3. Private DeFi Operations
Swap Example:
Swap 100 DERO for 500 tokens:
Your DERO: E(balance_dero) - E(100)
Your tokens: E(balance_tokens) + E(500)
Public sees:
✓ Swap contract called
✗ How much swapped
✗ Who swapped
✗ Resulting balancesTechnical Implementation
The C and D Commitments
Every DERO transaction contains encrypted commitments:
C Commitment (Pedersen Commitment):
C = amount×G + blinding×H
Where:
amount = Transfer amount (hidden)
G, H = Generator points (public)
blinding = Random factor (secret)
Properties:
• Binding: Cannot change amount after creating C
• Hiding: Cannot determine amount from C
• Homomorphic: C₁ + C₂ = C(amount₁ + amount₂)D Commitment (Randomness):
D = r×G
Purpose:
• Provides randomness for ElGamal encryption
• Prevents amount correlation attacks
• Enables decryption for intended recipientTogether they enable:
- ✅ Encrypted amounts in transactions
- ✅ Verifiable without revealing amounts
- ✅ Homomorphic balance updates
Source: cryptography/crypto/algebra_elgamal.go - ElGamal encryption implementation
Technical Specifications
| Aspect | Details |
|---|---|
| Encryption Scheme | ElGamal (additive homomorphism) |
| Curve | bn256 (Barreto-Naehrig) 256-bit |
| Security | Discrete logarithm problem |
| Commitment Size | 66 bytes (33 left + 33 right) |
| Performance | ~10ms per operation |
| Trusted Setup | ❌ None required |
Key Takeaways
What Homomorphic Encryption Provides
| Feature | Benefit | Impact |
|---|---|---|
| 🔒 Encrypted Balances | Always encrypted | Perfect privacy |
| ➕ Math on Encrypted | Operations without decryption | Privacy never broken |
| ⚡ Instant Queries | No chain scanning | Fast balance checks |
| 🔐 Private Tokens | Encrypted token balances | Complete privacy |
| ✅ Verifiable | Network can verify | Security maintained |
| 🚫 No Trusted Setup | Pure cryptography | Decentralized |
What It Enables
- ✅ Private Smart Contracts - Impossible on other chains
- ✅ Instant Balance Lookup - No blockchain scanning
- ✅ Encrypted Token Systems - Private token transfers
- ✅ Private DeFi - Encrypted swap operations
- ✅ Account-Based Privacy - First blockchain to achieve this
🎯
Architectural Breakthrough: Account-based blockchains were thought incompatible with strong privacy. DERO proved this assumption wrong through homomorphic encryption, enabling private smart contracts with encrypted balances.
Related Pages
Privacy Suite:
- Ring Signatures - Transaction anonymity
- Bulletproofs - Zero-knowledge range proofs
- Transaction Privacy - Complete privacy flow
- Payload Proofs - Prove transfers cryptographically
Technical Implementation:
- DERO Tokens - How tokens use homomorphic encryption
- Private Smart Contracts - Contract encrypted balances
Build with Privacy:
- Token Contract - Private token example
- Wallet RPC API - Send private transactions