Corda - Confidential Identities vs anonymise function

Question

What is the difference between using the confidential identities workflows in Corda, to calling anonymise() on a well known party?

Answer 1

The anonymise() method converts a regular Party to an AnonymousParty, which is a class that only contains the PublicKey, not the X500 name of the party. However, this key is not really a confidential identity, since that relationship (X500 name/public key) is shared in the network through the network map. So, if even the result of anonymise() is shared with another party, that party will most likely be able to infer what's the X500 name corresponding to that key.

On the other hand, the confidential identities workflows generate new keypairs and the public keys are shared only on a need-to-know basis (e.g. between nodes transacting with each other), instead of being shared with the whole network. As a result, other nodes not involved in this exchange will not be able to infer to which party this key belongs, unless that node explicitly reveals this information.

Answer 2

Calling anonymise() on a well-known party will simply strip down its X.500 distinguished name, leaving only the public key. You can still retrieve the full identity by doing a lookup on the network map based on that public key.

Using confidential identities, a node generates a new single-use identity (with a signing key) which generally only gets shared with its direct counterparties to a transaction. It won't be advertised on the network map.

The CI workflows pass around Party objects for verification purposes, but only AnonymousParty (containing the signing key only) gets placed on a transaction. anonymise() is meant to be a helper method to do the conversion.