Paper 2018/990

Quisquis: A New Design for Anonymous Cryptocurrencies

Prastudy Fauzi, Sarah Meiklejohn, Rebekah Mercer, and Claudio Orlandi


Despite their usage of pseudonyms rather than persistent identifiers, most existing cryptocurrencies do not provide users with any meaningful levels of privacy. This has prompted the creation of privacy-enhanced cryptocurrencies such as Monero and Zcash, which are specifically designed to counteract the tracking analysis possible in currencies like Bitcoin. These cryptocurrencies, however, also suffer from some drawbacks: in both Monero and Zcash, the set of potential unspent coins is always growing, which means users cannot store a concise representation of the blockchain. Additionally, Zcash requires a common reference string and the fact that addresses are reused multiple times in Monero has led to attacks to its anonymity. In this paper we propose a new design for anonymous cryptocurrencies, Quisquis, that achieves provably secure notions of anonymity. Quisquis stores a relatively small amount of data, does not require trusted setup, and in Quisquis each address appears on the blockchain at most twice: once when it is generated as output of a transaction, and once when it is spent as input to a transaction. Our result is achieved by combining a DDH-based tool (that we call updatable keys) with efficient zero-knowledge arguments.

Note: Added a full proof of shuffle, and further explained how Quisquis differs from Mimblewimble and Monero.

Available format(s)
Cryptographic protocols
Publication info
A minor revision of an IACR publication in ASIACRYPT 2019
anonymitycryptocurrencieszero knowledge
Contact author(s)
prastudy fauzi @ gmail com
orlandi @ cs au dk
s meiklejohn @ ucl ac uk
rebekah @ o1labs org
2019-09-16: last of 2 revisions
2018-10-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Prastudy Fauzi and Sarah Meiklejohn and Rebekah Mercer and Claudio Orlandi},
      title = {Quisquis: A New Design for Anonymous Cryptocurrencies},
      howpublished = {Cryptology ePrint Archive, Paper 2018/990},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.