Lattice RingCT V2.0 with Multiple Input and Multiple Output Wallets

This paper presents the Lattice-based Ring Confidential Transactions “Lattice RingCT v2.0” protocol. Unlike the previous Lattice RingCT v1.0 (LRCT v1.0) protocol, the new protocol supports Multiple-Input and Multiple-Output (MIMO) wallets in transactions, and it is a fully functional protocol construction for cryptocurrency applications such as Hcash. Since the MIMO cryptocurrency setting introduces new balance security requirements (and in particular, security against out-of-range amount attacks), we give a refined balance security model to capture such attacks, as well as a refined anonymity model to capture amount privacy attacks. Our protocol extends a previously proposed ring signature scheme in the LRCT v1.0 protocol, to support the MIMO requirements while preserving the post-quantum security guarantees, and uses a lattice-based zero-knowledge range proof to achieve security against out-of-range attacks. Preliminary parameter estimates and signature sizes are proposed as a point of reference for future studies.

[1]  Ron Steinfeld,et al.  Lattice RingCT v2.0 with Multiple Input and Output Wallets , 2019, IACR Cryptol. ePrint Arch..

[2]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[3]  Adam Mackenzie,et al.  MRL-0004 Improving Obfuscation in the CryptoNote Protocol , 2015 .

[4]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[5]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[6]  Ivan Damgård,et al.  More Efficient Commitments from Structured Lattice Assumptions , 2018, SCN.

[7]  Gregory Neven,et al.  Practical Quantum-Safe Voting from Lattices , 2017, IACR Cryptol. ePrint Arch..

[8]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[9]  Adi Shamir,et al.  Quantitative Analysis of the Full Bitcoin Transaction Graph , 2013, Financial Cryptography.

[10]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[11]  Vadim Lyubashevsky,et al.  Short, Invertible Elements in Partially Splitting Cyclotomic Rings and Applications to Lattice-Based Zero-Knowledge Proofs , 2018, EUROCRYPT.

[12]  Huaxiong Wang,et al.  Lattice-Based Zero-Knowledge Arguments for Integer Relations , 2018, CRYPTO.

[13]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[15]  W. Marsden I and J , 2012 .

[16]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[17]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[18]  Jan Camenisch,et al.  Better Zero-Knowledge Proofs for Lattice Encryption and Their Application to Group Signatures , 2014, ASIACRYPT.

[19]  Mauro Conti,et al.  A Survey on Security and Privacy Issues of Bitcoin , 2017, IEEE Communications Surveys & Tutorials.

[20]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[21]  Daniel Smith-Tone,et al.  Report on Post-Quantum Cryptography , 2016 .

[22]  John B. Shoven,et al.  I , Edinburgh Medical and Surgical Journal.

[23]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[24]  Melissa Chase,et al.  On Signatures of Knowledge , 2006, CRYPTO.

[25]  Koutarou Suzuki,et al.  Traceable Ring Signature , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[26]  Shen Noether,et al.  Ring SIgnature Confidential Transactions for Monero , 2015, IACR Cryptol. ePrint Arch..

[27]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[28]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[29]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[30]  Mihir Bellare,et al.  Multi-signatures in the plain public-Key model and a general forking lemma , 2006, CCS '06.

[31]  Léo Ducas,et al.  Lattice Signatures and Bimodal Gaussians , 2013, IACR Cryptol. ePrint Arch..

[32]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[33]  Ron Steinfeld,et al.  Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain (Lattice RingCT v1.0) , 2018, IACR Cryptol. ePrint Arch..

[34]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.