Paper 2015/675

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts

Ahmed Kosba, Andrew Miller, Elaine Shi, Zikai Wen, and Charalampos Papamanthou

Abstract

Emerging smart contract systems over decentralized cryp- tocurrencies allow mutually distrustful parties to transact safely with each other without trusting a third-party inter- mediary. In the event of contractual breaches or aborts, the decentralized blockchain ensures that other honest parties obtain commesurate remuneration. Existing systems, how- ever, lack transactional privacy. All transactions, including flow of money between pseudonyms and amount trasacted, are exposed in the clear on the blockchain. We present Hawk, a decentralized smart contract system that does not store financial transactions in the clear on the blockchain, thus retaining transactional privacy from the public’s view. A Hawk programmer can write a private smart contract in an intuitive manner without having to implement cryptography, and our compiler automatically generates an efficient cryptographic protocol where contractual parties in- teract with the blockchain, using cryptographic primitives such as succint zero-knowledge proofs. To formally define and reason about the security of our protocols, we are the first to formalize the blockchain model of secure computation. The formal modeling is of indepen- dent interest. We advocate the community to adopt such a formal model when designing interesting applications atop decentralized blockchains.