Paper 2019/319

PGC: Pretty Good Confidential Transaction System with Accountability

Yu Chen and Xuecheng Ma and Cong Tang

Abstract

Due to the public visible nature of blockchain, the seminal cryptocurrencies such as Bitcoin and Ethereum do not provide sufficient level of privacy, i.e., the addresses of sender and receiver and the transfer amount are all stored in plaintexts on the blockchain. As the privacy concerns grow, several newly emerged cryptocurrencies such as Monero and Zcash provide strong privacy guarantees (including anonymity and confidentiality) by leveraging advanced cryptographic techniques. Despite strong privacy is appealing, it might be overkilled or even could be abused in some cases. In decentralized transaction systems, anonymity seems go against accountability, which is a crucial property for scenarios that require compliance, auditing or dispute resolution mechanism. In this work, we trade anonymity for accountability. We present a general framework of confidential transaction with accountability from integrated signature and encryption scheme and non-interactive zero-knowledge proof. We then instantiate our framework, yielding a simple and efficient cryptocurrency called PGC, without trusted setup. The core of PGC is a new public-key encryption scheme that we introduce, twisted ElGamal, which is not only as secure as standard exponential ElGamal, but also quite friendly to Sigma protocols and range proofs. This enables us to devise the accompanying zero-knowledge proofs for transaction well-formedness in a modular fashion. Moreover, the keypair of PGC inherited from twisted ElGamal is largely compatible with Bitcoin and Ethereum, thus PGC could be used as a drop-in to provide confidential enforcements with accountability for Bitcoin/Ethereum-like cryptocurrencies.

Note: Fix some bugs in design, add the experimental results.