Privacy-preserving auditable token payments in a permissioned blockchain system

Token payment systems were the first application of blockchain technology and are still the most widely used one. Early implementations of such systems, like Bitcoin or Ethereum, provide virtually no privacy beyond basic pseudonymity: all transactions are written in plain to the blockchain, which makes them linkable and traceable. Several more recent blockchain systems, such as Monero or Zerocash, implement improved levels of privacy. Most of these systems target the permissionless setting, and as such are not suited for enterprise networks. These require token systems to be permissioned and to bind tokens to user identities instead of pseudonymous addresses. They also require auditing functionalities in order to satisfy regulations such as AML/KYC. We present a privacy-preserving token management system for permissioned blockchains that also supports fine-grained auditing. The scheme is secure under computational assumptions in bilinear groups, in the random-oracle model. We provide performance measurements for our prototype built on top of Hyperledger Fabric.

[1]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[2]  Jens Groth,et al.  Efficient Fully Structure-Preserving Signatures for Large Messages , 2015, IACR Cryptol. ePrint Arch..

[3]  Mihir Bellare,et al.  Key-Privacy in Public-Key Encryption , 2001, ASIACRYPT.

[4]  Matthew Green,et al.  Accountable Privacy for Decentralized Anonymous Payments , 2016, Financial Cryptography.

[5]  David Pointcheval,et al.  Short Randomizable Signatures , 2016, CT-RSA.

[6]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[7]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[8]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[9]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[10]  Jan Camenisch,et al.  Multi-Protocol UC and its Use for Building Modular and Efficient Protocols , 2019, IACR Cryptol. ePrint Arch..

[11]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[12]  Taher El Gamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, IEEE Trans. Inf. Theory.

[13]  Jan Camenisch,et al.  Efficient group signature schemes for large groups , 1997 .

[14]  Jan Camenisch,et al.  Balancing Accountability and Privacy Using E-Cash (Extended Abstract) , 2006, SCN.

[15]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[16]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Dan Boneh,et al.  Zether: Towards Privacy in a Smart Contract World , 2020, IACR Cryptol. ePrint Arch..

[18]  Jan Camenisch,et al.  Composable and Modular Anonymous Credentials: Definitions and Practical Constructions , 2015, ASIACRYPT.

[19]  Pieter Wuille,et al.  Confidential Assets , 2018, Financial Cryptography Workshops.

[20]  David Pointcheval,et al.  Reassessing Security of Randomizable Signatures , 2018, IACR Cryptol. ePrint Arch..

[21]  Man Ho Au,et al.  PGC: Decentralized Confidential Payment System with Auditability , 2020, ESORICS.

[22]  Hugo Krawczyk,et al.  Universally Composable Notions of Key Exchange and Secure Channels , 2002, EUROCRYPT.

[23]  George Danezis,et al.  Coconut: Threshold Issuance Selective Disclosure Credentials with Applications to Distributed Ledgers , 2018, NDSS.

[24]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[25]  Ralf Küsters,et al.  Universal Composition with Responsive Environments , 2016, ASIACRYPT.

[26]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[27]  Neha Narula,et al.  zkLedger: Privacy-Preserving Auditing for Distributed Ledgers , 2018, IACR Cryptol. ePrint Arch..

[28]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[29]  Amit Sahai,et al.  Efficient Non-interactive Proof Systems for Bilinear Groups , 2008, EUROCRYPT.

[30]  Fan Zhang,et al.  Solidus: Confidential Distributed Ledger Transactions via PVORM , 2017, CCS.

[31]  Sarah Meiklejohn,et al.  QuisQuis: A New Design for Anonymous Cryptocurrencies , 2019, IACR Cryptol. ePrint Arch..

[32]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[33]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[34]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[35]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, EUROCRYPT.

[36]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[37]  Amnon Ta-Shma,et al.  Auditable, anonymous electronic cash , 1999 .

[38]  Torben P. Pedersen Non-Interactive and Information-Theoretic Secure Verifiable Secret Sharing , 1991, CRYPTO.

[39]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.