In-band secret distribution of UTXOs

The sender of a UTXO must be able to transmit the sensitive information (i.e. the UTXO tuple) to the receiver. After all, these are required so that receivers of UTXOs can successfully spend them. Thus, a private communication channel is needed through which the sensitive UTXO tuples can be transmitted.

For this purpose, Zcash Orchard - like all existing privacy coins in the crypto space - uses the underlying blockchain itself: Each UTXO tuple is encrypted and its ciphertext uploaded to the blockchain where it can be fetched and decrypted by the receiver. For the ZEOS Orchard Shielded Protocol a global data structure called Transmitted UTXO Ciphertext List is maintained by the ZEOS smart contract in which UTXO ciphertexts can be added.

The use of this communication channel is optional. It is important to keep in mind that all encrypted UTXOs added to that list become part of the underlying EOSIO/Antelope blockchain history which never forgets. At some point in the future the currently used encryption scheme might become unsafe and thus privately transmitted UTXO ciphertexts using this on chain communication channel might become traceable. This is a general problem all privacy cryptocurrencies in existence today suffer from.

The exact encryption scheme based on Incoming, Outgoing and Full Viewing Key is described in section 4.19 of the Zcash Protocol Specification and is adopted exactly the same way for the ZEOS Orchard Shielded Protocol.