RingCT 3.0 for Blockchain Confidential Transaction: Shorter Size and Stronger Security

In this paper, we propose the most efficient blockchain ring confidential transaction protocol (RingCT3.0) for protecting the privacy of the sender’s identity, the recipient’s identity and the confidentiality of the transaction amount. For a typical 2-input transaction with a ring size of 1024, the ring signature size of our RingCT3.0 protocol is 98% less than the ring signature size of the original RingCT1.0 protocol used in Monero. Taking the advantage of our compact RingCT3.0 transcript size, privacy-preserving cryptocurrencies can enjoy a much lower transaction fee which will have a significant impact on the crypto-economy.

[1]  Amit Sahai,et al.  Ring Signatures of Sub-linear Size Without Random Oracles , 2007, ICALP.

[2]  Aggelos Kiayias,et al.  Anonymous Identification in Ad Hoc Groups , 2004, EUROCRYPT.

[3]  Sarah Meiklejohn,et al.  Möbius: Trustless Tumbling for Transaction Privacy , 2018, IACR Cryptol. ePrint Arch..

[4]  Jens Groth,et al.  Short Accountable Ring Signatures Based on DDH , 2015, ESORICS.

[5]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[6]  Eli Ben-Sasson,et al.  Scalable, transparent, and post-quantum secure computational integrity , 2018, IACR Cryptol. ePrint Arch..

[7]  Ninghui Li,et al.  Universal Accumulators with Efficient Nonmembership Proofs , 2007, ACNS.

[8]  Dongxi Liu,et al.  Lattice-based Zero-Knowledge Proofs: New Techniques for Shorter and Faster Constructions and Applications , 2019, IACR Cryptol. ePrint Arch..

[9]  Christian Hanser,et al.  Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives , 2015, IACR Cryptol. ePrint Arch..

[10]  Dongxi Liu,et al.  Monero Ring Attack: Recreating Zero Mixin Transaction Effect , 2018, 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).

[11]  Ron Steinfeld,et al.  Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain (Lattice RingCT v1.0) , 2018, IACR Cryptol. ePrint Arch..

[12]  Matthew Green,et al.  Zerocoin: Anonymous Distributed E-Cash from Bitcoin , 2013, 2013 IEEE Symposium on Security and Privacy.

[13]  Yael Tauman Kalai,et al.  How to Leak a Secret: Theory and Applications of Ring Signatures , 2001, Essays in Memory of Shimon Even.

[14]  Jens Groth,et al.  Zero-Knowledge Argument for Polynomial Evaluation with Application to Blacklists , 2013, EUROCRYPT.

[15]  Joseph K. Liu,et al.  Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (Extended Abstract) , 2004, ACISP.

[16]  Eli Ben-Sasson,et al.  Zerocash: Decentralized Anonymous Payments from Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[17]  Prateek Saxena,et al.  A Traceability Analysis of Monero's Blockchain , 2017, ESORICS.

[18]  Yi Mu,et al.  Dynamic Universal Accumulators for DDH Groups and Their Application to Attribute-Based Anonymous Credential Systems , 2009, CT-RSA.

[19]  Lan Nguyen,et al.  Accumulators from Bilinear Pairings and Applications , 2005, CT-RSA.

[20]  Ethan Heilman,et al.  An Empirical Analysis of Traceability in the Monero Blockchain , 2017, Proc. Priv. Enhancing Technol..

[21]  Dongxi Liu,et al.  Short Lattice-based One-out-of-Many Proofs and Applications to Ring Signatures , 2019, IACR Cryptol. ePrint Arch..

[22]  Jens Groth,et al.  Efficient Batch Zero-Knowledge Arguments for Low Degree Polynomials , 2018, IACR Cryptol. ePrint Arch..

[23]  Jan Camenisch,et al.  Accumulators with Applications to Anonymity-Preserving Revocation , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[24]  Man Ho Au,et al.  Anonymous Post-Quantum Cryptocash , 2018, IACR Cryptol. ePrint Arch..

[25]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[26]  Ron Steinfeld,et al.  Lattice RingCT V2.0 with Multiple Input and Multiple Output Wallets , 2019, ACISP.

[27]  Markulf Kohlweiss,et al.  One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin , 2015, EUROCRYPT.

[28]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[29]  Tim Ruffing,et al.  Omniring: Scaling Up Private Payments Without Trusted Setup - Formal Foundations and Constructions of Ring Confidential Transactions with Log-size Proofs , 2019, IACR Cryptol. ePrint Arch..

[30]  Tsz Hon Yuen,et al.  RingCT 2.0: A Compact Accumulator-Based (Linkable Ring Signature) Protocol for Blockchain Cryptocurrency Monero , 2017, ESORICS.

[31]  Marcos A. Kiwi,et al.  Strong accumulators from collision-resistant hashing , 2008, International Journal of Information Security.

[32]  Tim Ruffing,et al.  Omniring: Scaling Private Payments Without Trusted Setup , 2019, CCS.

[33]  Abhi Shelat,et al.  Efficient Protocols for Set Membership and Range Proofs , 2008, ASIACRYPT.

[34]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[35]  Helger Lipmaa,et al.  On Diophantine Complexity and Statistical Zero-Knowledge Arguments , 2003, ASIACRYPT.

[36]  Huaxiong Wang,et al.  Zero-Knowledge Arguments for Lattice-Based Accumulators: Logarithmic-Size Ring Signatures and Group Signatures Without Trapdoors , 2016, Journal of Cryptology.

[37]  Ivan Damgård,et al.  Supporting Non-membership Proofs with Bilinear-map Accumulators , 2008, IACR Cryptol. ePrint Arch..

[38]  Dan Boneh,et al.  Bivariate Polynomials Modulo Composites and their Applications , 2014, IACR Cryptol. ePrint Arch..

[39]  Shen Noether,et al.  Ring SIgnature Confidential Transactions for Monero , 2015, IACR Cryptol. ePrint Arch..

[40]  Dongxi Liu,et al.  MatRiCT: Efficient, Scalable and Post-Quantum Blockchain Confidential Transactions Protocol , 2019, CCS.