Paper 2019/373

Lelantus: A New Design for Anonymous and Confidential Cryptocurrencies

Aram Jivanyan

Abstract

For cryptocurrency payments to be truly private, transactions have to have two properties: confidentiality, i.e., hiding the transferred amounts, and anonymity, i.e. hiding the identities of the sender and/or receiver in a transaction. In this paper, we propose Lelantus, a new decentralized anonymous payment (DAP) protocol that ensures confidential and anonymous blockchain transactions with small transaction sizes, short verification times, and without requiring a trusted setup. It efficiently supports large anonymity sets of size hundred thousand and beyond by providing logarithmic proof sizes and efficient sub-linear verification time of the transactions. We implement Lelantus to measure its performance and show that it is very efficient to support scalable privacy cryptocurrencies. We also formally prove the security of the proposed protocol characterized by three security properties referred to as ledger indistinguishability, transaction non-malleability, and balance. Lelantus design concepts can be used in combination with the MimbleWimble and Confidential Transactions protocols, two other popular blockchain privacy schemes for confidential transactions. A hybrid scheme of Lelantus-MimbleWimble has been developed and implemented into a fully-fledged privacy cryptocurrency which enables confidential and unlinkable blockchain payments. As part of our protocol, we also introduce an extension of one-out-of-many proofs for generalized Pedersen commitments and provide formal security proofs for the proposed design, which can be of own interest.

Note: Discusses an extended protocol that supports direct anonymous payments and shielded addresses. Includes formal security proofs and updated performance and benchmarking data. Major changes in the narrative and paper structure.