In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs).
First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment's origin, destination, and transferred amount. We provide formal definitions and proofs of the construction's security.
Second, we build Zerocash, a practical instantiation of our DAP scheme construction. In Zerocash, transactions are less than 1 kB and take under 6 ms to verify --- orders of magnitude more efficient than the less-anonymous Zerocoin and competitive with plain Bitcoin.Category / Keywords: cryptographic protocols / Bitcoin, decentralized electronic cash, zero-knowledge proofs Original Publication (with major differences): 2014 IEEE Symposium on Security and Privacy Date: received 19 May 2014 Contact author: alexch at mit edu Available format(s): PDF | BibTeX Citation Note: See http://zerocash-project.org/ for more information. Version: 20140519:163647 (All versions of this report) Short URL: ia.cr/2014/349 Discussion forum: Show discussion | Start new discussion