Paper 2018/1039
Aggregate Cash Systems: A Cryptographic Investigation of Mimblewimble
Georg Fuchsbauer, Michele Orrù, and Yannick Seurin
Abstract
Mimblewimble is an electronic cash system proposed by an anonymous author in 2016. It combines several privacy-enhancing techniques initially envisioned for Bitcoin, such as Confidential Transactions (Maxwell, 2015), non-interactive merging of transactions (Saxena, Misra, Dhar, 2014), and cut-through of transaction inputs and outputs (Maxwell, 2013). As a remarkable consequence, coins can be deleted once they have been spent while maintaining public verifiability of the ledger, which is not possible in Bitcoin. This results in tremendous space savings for the ledger and efficiency gains for new users, who must verify their view of the system. In this paper, we provide a provable-security analysis for Mimblewimble. We give a precise syntax and formal security definitions for an abstraction of Mimblewimble that we call an aggregate cash system. We then formally prove the security of Mimblewimble in this definitional framework. Our results imply in particular that two natural instantiations (with Pedersen commitments and Schnorr or BLS signatures) are provably secure against inflation and coin theft under standard assumptions.
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint. MINOR revision.
- Keywords
- MimblewimbleBitcoincommitmentsaggregate signatures
- Contact author(s)
- yannick seurin @ m4x org
- History
- 2018-10-30: received
- Short URL
- https://ia.cr/2018/1039
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1039,
author = {Georg Fuchsbauer and Michele Orrù and Yannick Seurin},
title = {Aggregate Cash Systems: A Cryptographic Investigation of Mimblewimble},
howpublished = {Cryptology ePrint Archive, Paper 2018/1039},
year = {2018},
note = {\url{https://eprint.iacr.org/2018/1039}},
url = {https://eprint.iacr.org/2018/1039}
}
