Paper 2019/569

Lattice RingCT v2.0 with Multiple Input and Output Wallets

Wilson Alberto Torres, Veronika Kuchta, Ron Steinfeld, Amin Sakzad, Joseph K. Liu, and Jacob Cheng


This paper presents the Lattice-based Ring Confidential Transactions (Lattice RingCT v2.0) protocol. Unlike the previous Lattice RingCT v1.0 (LRCT v1.0) protocol, the new protocol supports Multiple-Input and Multiple-Output (MIMO) wallets in transactions, and it is a fully functional protocol construction for cryptocurrency applications such as Hcash. Since the MIMO cryptocurrency setting introduces new balance security requirements (and in particular, security against (out-of-range) amount attacks), we give a refined balance security model to capture such attacks, as well as a refined anonymity model to capture amount privacy attacks. Our protocol extends a previously proposed ring signature scheme in the LRCT v1.0 protocol, to support the MIMO requirements while preserving the post-quantum security guarantees, and uses a lattice-based zero-knowledge range proof to achieve security against (out-of-range) attacks. Preliminary parameter estimates and signature sizes are proposed as a point of reference for future studies.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Major revision.ACISP2019
CryptocurrenciesLattice-Based CryptographyPost-Quantum CryptographyRingCT
Contact author(s)
wil_alberto @ hotmail com
2020-09-16: revised
2019-05-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Wilson Alberto Torres and Veronika Kuchta and Ron Steinfeld and Amin Sakzad and Joseph K.  Liu and Jacob Cheng},
      title = {Lattice RingCT v2.0 with Multiple Input and Output Wallets},
      howpublished = {Cryptology ePrint Archive, Paper 2019/569},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.