Cryptology ePrint Archive: Report 2020/1289

Sword: An Opaque Blockchain Protocol

Farid Elwailly

Abstract: I describe a blockchain design that hides the transaction graph from Blockchain Analyzers. The design is based on the realization that today the miner creating a block needs enough information to verify the validity of transactions, which makes details about the transactions public and thus allows blockchain analysis. Some protocols, such as Mimblewimble, obscure the transaction amounts but not the source of the funds which is enough to allow for analysis. The insight in this technical note is that the block creator can be restricted to the task of ensuring no double spends. The task of actually verifying transaction balances really belongs to the receiver. The receiver is the one motivated to verify that she is receiving a valid transaction output since she has to convince the next receiver that the balances are valid, otherwise no one will accept her spending transaction. The bulk of the transaction can thus be encrypted in such a manner that only the receiver can decrypt and examine it. Opening this transaction allows the receiver to also open previous transactions to allow her to work her way backward in a chain until she arrives at the coin generation blocks and completely verify the validity of the transaction. Since transactions are encrypted on the blockchain a blockchain analyzer cannot create a transaction graph until he is the receiver of a transaction that allows backward tracing through to some target transaction.

Category / Keywords: applications / cryptocurrency, Bitcoin, confidential transaction, blockchain analyzer, stealth address, privacy, Mimblewimble, Sword

Date: received 15 Oct 2020

Contact author: sword at elwailly com

Available format(s): PDF | BibTeX Citation

Note: Original version written September 26, 2020. This version updated October 3, 2020 to fix the calculation of transaction fingerprints.

Version: 20201016:064939 (All versions of this report)

Short URL: ia.cr/2020/1289


[ Cryptology ePrint archive ]