Cryptology ePrint Archive: Report 2019/595

DLSAG: Non-Interactive Refund Transactions For Interoperable Payment Channels in Monero

Pedro Moreno-Sanchez and Randomrun and Duc V. Le and Sarang Noether and Brandon Goodell and Aniket Kate

Abstract: Monero has emerged as one of the leading cryptocurrencies with privacy by design. However, this comes at the price of reduced expressiveness and interoperability as well as severe scalability issues. First, Monero is restricted to coin exchanges among individual addresses and no further functionality is supported. Second, transactions are authorized by linkable ring signatures, a digital signature scheme only available in Monero, hindering thereby the interoperability with the rest of cryptocurrencies. Third, Monero transactions require high on-chain footprint, which leads to a rapid ledger growth and thus scalability issues.

In this work, we extend Monero expressiveness and interoperability while mitigating its scalability issues. We present \emph{Dual Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (DLSAG)}, a novel linkable ring signature scheme that enables for the first time \emph{refund transactions} natively in Monero: DLSAG can seamlessly be implemented along with other cryptographic tools already available in Monero such as commitments and range proofs. We formally prove that DLSAG achieves the same security and privacy notions introduced in the original linkable ring signature~\cite{Liu2004} namely, unforgeability, signer ambiguity, and linkability. We have evaluated DLSAG and showed that it imposes even slightly lower computation and similar communication overhead than the current digital signature scheme in Monero, demonstrating its practicality. We further show how to leverage DLSAG to enable off-chain scalability solutions in Monero such as payment channels and payment-channel networks as well as atomic swaps and interoperable payments with virtually all cryptocurrencies available today. DLSAG is currently being discussed within the Monero community as an option for possible adoption as a key building block for expressiveness, interoperability, and scalability.

Category / Keywords: applications / Linkable Ring Signature, Payment Channel, Blockchain, Refund transactions, Atomic Swaps

Original Publication (with minor differences): Financial Cryptography and Data Security 2020

Date: received 29 May 2019, last revised 5 Oct 2020

Contact author: pedro sanchez at tuwien ac at, le52 at purdue edu, sarang at getmonero org, surae at getmonero org, aniket at purdue edu

Available format(s): PDF | BibTeX Citation

Note: Minor changes to protocols

Version: 20201005:172203 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]