Cryptology ePrint Archive: Report 2020/312

Triptych-2: efficient proofs for confidential transactions

Sarang Noether

Abstract: Confidential transactions are used in distributed digital assets to demonstrate the balance of values hidden in commitments, while retaining signer ambiguity. Previous work describes a signer-ambiguous proof of knowledge of the opening of commitments to zero at the same index across multiple public commitment sets and the evaluation of a verifiable random function used as a linking tag, and uses this to build a linkable ring signature called Triptych that can be used as a building block for a confidential transaction model. In this work, we extend Triptych to build Triptych-2, a proving system that proves knowledge of openings of multiple commitments to zero within a single set, correct construction of a verifiable random function evaluated at each opening, and value balance across a separate list of commitments within a single proof. While soundness depends on a novel dual discrete-logarithm hardness assumption, we use data from the Monero blockchain to show that Triptych-2 can be used in a confidential transaction model to provide faster total batch verification time than other state-of-the-art constructions without a trusted setup.

Category / Keywords: applications / digital signatures

Date: received 12 Mar 2020

Contact author: sarang noether at protonmail com

Available format(s): PDF | BibTeX Citation

Version: 20200315:162105 (All versions of this report)

Short URL: ia.cr/2020/312


[ Cryptology ePrint archive ]