Cryptology ePrint Archive: Report 2020/676

An airdrop that preserves recipient privacy

Riad S. Wahby and Dan Boneh and Christopher Jeffrey and Joseph Poon

Abstract: A common approach to bootstrapping a new cryptocurrency is an airdrop, an arrangement in which existing users give away currency to entice new users to join. But current airdrops offer no recipient privacy: they leak which recipients have claimed the funds, and this information is easily linked to off-chain identities.

In this work, we address this issue by defining a private airdrop and describing concrete schemes for widely-used user credentials, such as those based on ECDSA and RSA. Our private airdrop for RSA builds upon a new zero-knowledge argument of knowledge of the factorization of a committed secret integer, which may be of independent interest. We also design a private genesis airdrop that efficiently sends private airdrops to millions of users at once. Finally, we implement and evaluate. Our fastest implementation takes 40--180 ms to generate and 3.7--10 ms to verify an RSA private airdrop signature. Signatures are 1.8--3.3 kiB depending on the security parameter.

Category / Keywords: cryptographic protocols / cryptocurrency, airdrop, user privacy, zero knowledge, proof of knowledge of factorization

Original Publication (with major differences): FC20

Date: received 5 Jun 2020

Contact author: rsw at cs stanford edu

Available format(s): PDF | BibTeX Citation

Version: 20200608:022800 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]