Cryptology ePrint Archive: Report 2020/156

Phantom: An Efficient Privacy Protocol Using zk-SNARKs Based on Smart Contracts

Xing Li and Yi Zheng and Kunxian Xia and Tongcheng Sun and John Beyler

Abstract: Privacy is a critical issue for blockchains and decentralized applications. Currently, there are several blockchains featured for privacy. For example, Zcash uses zk-SNARKs to hide the transaction data, where addresses and amounts are not visible to the public. The zk-SNARK technology is secure and has been running stably in Zcash for several years. However, it cannot support smart contracts, which means people are not able to build decentralized applications on Zcash.

To solve this problem, two protocols, Quorum ZSL and Nightfall, have tried to implement zk-SNARKs through smart contracts. In this way, decentralized applications with privacy features are enabled by these protocols on the blockchain. However, experiments on the Ethereum Virtual Machine show that these protocols cost a lot of time and gas for running, meaning they are not suitable for everyday use.

In this paper, we propose an efficient privacy protocol using zk-SNARKs based on smart contracts. It helps to make several decentralized applications, like digital assets, stable coins, and payments, confidential. The protocol balances the trade-off between the gas cost of smart contracts and the computational complexity of zk-SNARK proof generation. Moreover, it uses the In-band Secret Distribution to store private information on the blockchain. The gas cost for a confidential transaction is only about 1M, and the transaction generation takes less than 6 seconds on a regular computer.

Category / Keywords: cryptographic protocols / Blockchain Privacy, zk-SNARKs, Smart Contracts

Date: received 11 Feb 2020, last revised 16 Feb 2020

Contact author: lixing at unita tech,zhengyi@qtum info,suntongcheng@pku edu cn

Available format(s): PDF | BibTeX Citation

Note: It is a solution for Confidential Assets.

Version: 20200216:150603 (All versions of this report)

Short URL: ia.cr/2020/156


[ Cryptology ePrint archive ]