Paper 2019/595

DLSAG: Non-Interactive Refund Transactions For Interoperable Payment Channels in Monero

Pedro Moreno-Sanchez, Arthur Blue, Duc V. Le, Sarang Noether, Brandon Goodell, and Aniket Kate

Abstract

Monero has emerged as one of the leading cryptocurrencies with privacy by design. However, this comes at the price of reduced expressiveness and interoperability as well as severe scalability issues. First, Monero is restricted to coin exchanges among individual addresses and no further functionality is supported. Second, transactions are authorized by linkable ring signatures, a digital signature scheme only available in Monero, hindering thereby the interoperability with the rest of cryptocurrencies. Third, Monero transactions require high on-chain footprint, which leads to a rapid ledger growth and thus scalability issues. In this work, we extend Monero expressiveness and interoperability while mitigating its scalability issues. We present \emph{Dual Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (DLSAG)}, a novel linkable ring signature scheme that enables for the first time \emph{refund transactions} natively in Monero: DLSAG can seamlessly be implemented along with other cryptographic tools already available in Monero such as commitments and range proofs. We formally prove that DLSAG achieves the same security and privacy notions introduced in the original linkable ring signature~\cite{Liu2004} namely, unforgeability, signer ambiguity, and linkability. We have evaluated DLSAG and showed that it imposes even slightly lower computation and similar communication overhead than the current digital signature scheme in Monero, demonstrating its practicality. We further show how to leverage DLSAG to enable off-chain scalability solutions in Monero such as payment channels and payment-channel networks as well as atomic swaps and interoperable payments with virtually all cryptocurrencies available today. DLSAG is currently being discussed within the Monero community as an option for possible adoption as a key building block for expressiveness, interoperability, and scalability.

Note: Minor changes to protocols

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Published elsewhere. Minor revision.Financial Cryptography and Data Security 2020
DOI
10.1007/978-3-030-51280-4_18
Keywords
Linkable Ring SignaturePayment ChannelBlockchainRefund transactionsAtomic Swaps
Contact author(s)
pedro sanchez @ tuwien ac at
le52 @ purdue edu
sarang @ getmonero org
surae @ getmonero org
aniket @ purdue edu
History
2020-10-05: revised
2019-06-02: received
See all versions
Short URL
https://ia.cr/2019/595
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2019/595,
      author = {Pedro Moreno-Sanchez and Arthur Blue and Duc V.  Le and Sarang Noether and Brandon Goodell and Aniket Kate},
      title = {DLSAG: Non-Interactive Refund Transactions For Interoperable Payment Channels in Monero},
      howpublished = {Cryptology ePrint Archive, Paper 2019/595},
      year = {2019},
      doi = {10.1007/978-3-030-51280-4_18},
      note = {\url{https://eprint.iacr.org/2019/595}},
      url = {https://eprint.iacr.org/2019/595}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.