PTLCs: The Standard(?)

One major advantage of PTLCs over HTLCs for atomic swaps is that there is no direct on-chain linkage of paired PTLCs. However, as with anything related to privacy, heuristics and correlation of metadata such as timing can link txs with high degree of confidence. The privacy of a single PTLC thus depends on the existence of other PTLCs; the greater the anonymity set the better.

Here are some ideas, used together, to get full advantage of PTLCs.
(For the sake of this discussion, we will assume that the increased plasma requirements are not a problem.)

  1. Externally, only use standard sends when the desired outcome is a public payment between two known addresses. Internally, only use standard sends for organizing funds between accounts that are already correlated.

  2. If seeking to create a new on-chain identity, when sending funds to a new address, always use a PTLC. This is only effective when other metadata is not correlated. Need to have wallet features to disable auto-receiving, and to help the user collect rewards at different times. Random pillar delegation selection. With a big enough anonymity set, this is much better than say sending to a Cex and withdrawing.

  3. When sending funds to other users, send PTLCs to each other. This is similar to Bitcoin’s concept of coinjoins. If you want to send a user 5 ZNN, instead create a PTLC sending them 10 ZNN, and they will create a PTLC sending you 5. These are actually more private than coinjoins because all ptlcs contribute to the anon set of all other ptlcs within a certain timespan.

  4. Add randomness by default to timing parameters to prevent correlation.

  5. Prefer disposable BIP340 point types even for ZTS-ZTS swaps, to increase the anonyminity set of cross chain swaps with btc.

  6. I might refactor the PTLC embedded to have an account model where PTLCs can be created and unlocked within the embedded contract without needing to withdraw to a zenon address. This can enable high plasma accounts to better take advantage of the proxy unlock feature and greatly increase the number of PTLCs for greater anonymity set.


how do you withdrawal / access the funds from the embedded if they stay there?

just add a deposit/withdrawal method


@georgezgeorgez can you explain the PTLCs over here? Thank you!

In terms of understanding the work.
A single PTLC is relatively straightforward and I’ve the design and relevant decisions here.

Once that is understood, we can dive into ecc.


I’m ready to dive into ECC theory now.


watch these first