Paper 2020/676

An airdrop that preserves recipient privacy

Riad S. Wahby, Dan Boneh, Christopher Jeffrey, and Joseph Poon

Abstract

A common approach to bootstrapping a new cryptocurrency is an airdrop, an arrangement in which existing users give away currency to entice new users to join. But current airdrops offer no recipient privacy: they leak which recipients have claimed the funds, and this information is easily linked to off-chain identities. In this work, we address this issue by defining a private airdrop and describing concrete schemes for widely-used user credentials, such as those based on ECDSA and RSA. Our private airdrop for RSA builds upon a new zero-knowledge argument of knowledge of the factorization of a committed secret integer, which may be of independent interest. We also design a private genesis airdrop that efficiently sends private airdrops to millions of users at once. Finally, we implement and evaluate. Our fastest implementation takes 40--180 ms to generate and 3.7--10 ms to verify an RSA private airdrop signature. Signatures are 1.8--3.3 kiB depending on the security parameter.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Major revision. FC20
Keywords
cryptocurrencyairdropuser privacyzero knowledgeproof of knowledge of factorization
Contact author(s)
rsw @ cs stanford edu
History
2020-06-08: received
Short URL
https://ia.cr/2020/676
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/676,
      author = {Riad S.  Wahby and Dan Boneh and Christopher Jeffrey and Joseph Poon},
      title = {An airdrop that preserves recipient privacy},
      howpublished = {Cryptology ePrint Archive, Paper 2020/676},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/676}},
      url = {https://eprint.iacr.org/2020/676}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.