Paper 2020/676

An airdrop that preserves recipient privacy

Riad S. Wahby, Dan Boneh, Christopher Jeffrey, and Joseph Poon

Abstract

A common approach to bootstrapping a new cryptocurrency is an airdrop, an arrangement in which existing users give away currency to entice new users to join. But current airdrops offer no recipient privacy: they leak which recipients have claimed the funds, and this information is easily linked to off-chain identities. In this work, we address this issue by defining a private airdrop and describing concrete schemes for widely-used user credentials, such as those based on ECDSA and RSA. Our private airdrop for RSA builds upon a new zero-knowledge argument of knowledge of the factorization of a committed secret integer, which may be of independent interest. We also design a private genesis airdrop that efficiently sends private airdrops to millions of users at once. Finally, we implement and evaluate. Our fastest implementation takes 40--180 ms to generate and 3.7--10 ms to verify an RSA private airdrop signature. Signatures are 1.8--3.3 kiB depending on the security parameter.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. MAJOR revision.FC20
Keywords
cryptocurrencyairdropuser privacyzero knowledgeproof of knowledge of factorization
Contact author(s)
rsw @ cs stanford edu
History
2020-06-08: received
Short URL
https://ia.cr/2020/676
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/676,
      author = {Riad S.  Wahby and Dan Boneh and Christopher Jeffrey and Joseph Poon},
      title = {An airdrop that preserves recipient privacy},
      howpublished = {Cryptology ePrint Archive, Paper 2020/676},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/676}},
      url = {https://eprint.iacr.org/2020/676}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.