Paper 2021/631

SwapCT: Swap Confidential Transactions for Privacy-Preserving Multi-Token Exchanges

Felix Engelmann, Lukas Müller, Andreas Peter, Frank Kargl, and Christoph Bösch


Decentralized token exchanges allow for secure trading of tokens without a trusted third party. However, decentralization is mostly achieved at the expense of transaction privacy. For a fair exchange, transactions must remain private to hide the participants and volumes while maintaining the possibility for non-interactive execution of trades. In this paper we present a swap confidential transaction system (SwapCT) which is related to ring confidential transactions (e.g. used in Monero) but supports multiple token types to trade among and enables secure, partial transactions for non-interactive swaps. We prove that SwapCT is secure in a strict, formal model and present its efficient performance in a prototype implementation with logarithmic signature sizes for large anonymity sets. For our construction we design an aggregatable signature scheme which might be of independent interest. Our SwapCT system thereby enables a secure and private exchange for tokens without a trusted third party.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. PETS 2021
atomic swapzero-knowledgeaggregationtyped tokens
Contact author(s)
fe-research @ nlogn org
2021-05-17: received
Short URL
Creative Commons Attribution


      author = {Felix Engelmann and Lukas Müller and Andreas Peter and Frank Kargl and Christoph Bösch},
      title = {SwapCT: Swap Confidential Transactions for Privacy-Preserving Multi-Token Exchanges},
      howpublished = {Cryptology ePrint Archive, Paper 2021/631},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.