Paper 2022/1104
Cash: Transparent Anonymous Transactions
Abstract
Zero Knowledge Set Membership Proofs (zkSMPs) allow efficiently, i.e. sublinearly in the size of the set, proving membership of a value in a set in zero knowledge with respect to the value. They have been used to construct anonymous cryptocurrencies such as ZCash, which uses a zero knowledge Merkle proof to show that the inputs of a transaction belong to the Transaction Output (TXO) set. Using a Merkle tree instantiated with a pair of Pedersen hash functions between an amicable cycle of elliptic curves, similarly to Curve Trees, and the Weil Elliptic Curve Inner Product (ECIPs) proofs, I design a set membership protocol with substantially smaller witness sizes than other Merkle zkSMPs. This protocol uses a pair of communicating Bulletproofs, one over each curve, whose total proof size I am able to reduce by proving portions of each verifier inside the other proof. Using these techniques, along with an adaptation of the Bulletproofs++ confidential transaction protocol, I design an anonymous transaction protocol for a decentralized cryptocurrency, whose security argument is reducible to the discrete log problem over a pair of elliptic curves and that does not require a trusted setup. Over a
Metadata
- Available format(s)
-
PDF
- Category
- Cryptographic protocols
- Publication info
- Preprint.
- Keywords
- Zero Knowledge Proofs Cryptocurrency Anonymity Privacy
- Contact author(s)
- liameagen @ protonmail com
- History
- 2022-08-29: approved
- 2022-08-26: received
- See all versions
- Short URL
- https://ia.cr/2022/1104
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2022/1104, author = {Liam Eagen}, title = {$\mu$Cash: Transparent Anonymous Transactions}, howpublished = {Cryptology {ePrint} Archive, Paper 2022/1104}, year = {2022}, url = {https://eprint.iacr.org/2022/1104} }