https://moneroresearch.info/generalMoneroResearch.infoWIKINDX server for Monero2024-02-27T13:42:20+00:00Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Journal Article: Concise RingCT Protocol Based on Linkable Threshold Ring Signature2024-02-27T13:42:20+00:002024-02-27T13:40:47+00:00https://moneroresearch.info/resource/213Jack<p>Duan, J., Zheng, S., Wang, W., Wang, L., Hu, X., & Gu, L. (2024). <b>Concise ringct protocol based on linkable threshold ring signature</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, (1), 1–15.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a typical privacy-preserving protocol for blockchain, which is used for the most popular anonymous cryptocurrency Monero in recent years. RingCT provides the user's identity anonymity based on the linkable ring signature. At the cost of that, the transaction size is increased linearly to the involved users. In this article, we aim to overcome this inefficient aspect of RingCT by introducing the linkable threshold ring signature (LTRS). We first propose a construction of threshold ring signatures for homomorphic cryptosystems, and present an efficient instantiation based on the intractability assumption of the discrete logarithm problem. Based on this framework, an efficient LTRS scheme and a novel construction of the RingCT protocol are presented. Our proposed RingCT protocol enables multiple payers to co-construct an anonymous transaction without revealing their secret account keys, and it is more concise under multiple input accounts. For a transaction with a ring size of 100 and the input accounts number of 64, the communication overhead is about 4% of the original RingCT protocol.</p>Proceedings Article: Opening Pandora's Box2024-01-10T16:59:58+00:002024-01-06T18:21:02+00:00https://moneroresearch.info/resource/212Rucknium<p>Scheid, E. J., Küng, S., Franco, M., & Stiller, B. 2023, <em><b>Opening pandora's box: </b><b>An analysis of the usage of the data field in blockchains</b></em>. Paper presented at 2023 Fifth International Conference on Blockchain Computing and Applications (BCCA).</p>
<p><strong>Abstract</strong></p>
<p>Since the proposal of Bitcoin in 2009 and with the inclusion of the first transaction in its genesis block, Blockchains (BC) have been used to store arbitrary data, including texts, images, and documents. However, such data is often not easily discoverable in BCs and is embedded within their binary data structures. Thus, this paper presents the design and implementation of a solution to analyze BC transactions searching for “media” content. This solution, called blockchain-parser, is capable of detecting ASCII strings and files (e.g., PDF, GIF, and SVG) embedded in BC's transactions. To evaluate such a solution, Bitcoin, Monero, and Ethereum cryptocurrencies were examined to find commonalities and differences between different BCs regarding their arbitrary data storage usage. Conclusions from such an evaluation indicate that Ethereum has been the most used BC for media data storage compared to Bitcoin and Monero.</p>Proceedings Article: Opening Pandora's Box2024-01-10T16:59:58+00:002024-01-06T18:21:02+00:00https://moneroresearch.info/resource/212Rucknium<p>Scheid, E. J., Küng, S., Franco, M., & Stiller, B. 2023, <em><b>Opening pandora's box: </b><b>An analysis of the usage of the data field in blockchains</b></em>. Paper presented at 2023 Fifth International Conference on Blockchain Computing and Applications (BCCA).</p>
<p><strong>Abstract</strong></p>
<p>Since the proposal of Bitcoin in 2009 and with the inclusion of the first transaction in its genesis block, Blockchains (BC) have been used to store arbitrary data, including texts, images, and documents. However, such data is often not easily discoverable in BCs and is embedded within their binary data structures. Thus, this paper presents the design and implementation of a solution to analyze BC transactions searching for “media” content. This solution, called blockchain-parser, is capable of detecting ASCII strings and files (e.g., PDF, GIF, and SVG) embedded in BC's transactions. To evaluate such a solution, Bitcoin, Monero, and Ethereum cryptocurrencies were examined to find commonalities and differences between different BCs regarding their arbitrary data storage usage. Conclusions from such an evaluation indicate that Ethereum has been the most used BC for media data storage compared to Bitcoin and Monero.</p>Proceedings Article: Opening Pandora's Box2024-01-10T16:59:58+00:002024-01-06T18:21:02+00:00https://moneroresearch.info/resource/212Rucknium<p>Scheid, E. J., Küng, S., Franco, M., & Stiller, B. 2023, <em><b>Opening pandora's box: </b><b>An analysis of the usage of the data field in blockchains</b></em>. Paper presented at 2023 Fifth International Conference on Blockchain Computing and Applications (BCCA).</p>
<p><strong>Abstract</strong></p>
<p>Since the proposal of Bitcoin in 2009 and with the inclusion of the first transaction in its genesis block, Blockchains (BC) have been used to store arbitrary data, including texts, images, and documents. However, such data is often not easily discoverable in BCs and is embedded within their binary data structures. Thus, this paper presents the design and implementation of a solution to analyze BC transactions searching for “media” content. This solution, called blockchain-parser, is capable of detecting ASCII strings and files (e.g., PDF, GIF, and SVG) embedded in BC's transactions. To evaluate such a solution, Bitcoin, Monero, and Ethereum cryptocurrencies were examined to find commonalities and differences between different BCs regarding their arbitrary data storage usage. Conclusions from such an evaluation indicate that Ethereum has been the most used BC for media data storage compared to Bitcoin and Monero.</p>Proceedings Article: Opening Pandora's Box2024-01-10T16:59:58+00:002024-01-06T18:21:02+00:00https://moneroresearch.info/resource/212Rucknium<p>Scheid, E. J., Küng, S., Franco, M., & Stiller, B. 2023, <em><b>Opening pandora's box: </b><b>An analysis of the usage of the data field in blockchains</b></em>. Paper presented at 2023 Fifth International Conference on Blockchain Computing and Applications (BCCA).</p>
<p><strong>Abstract</strong></p>
<p>Since the proposal of Bitcoin in 2009 and with the inclusion of the first transaction in its genesis block, Blockchains (BC) have been used to store arbitrary data, including texts, images, and documents. However, such data is often not easily discoverable in BCs and is embedded within their binary data structures. Thus, this paper presents the design and implementation of a solution to analyze BC transactions searching for “media” content. This solution, called blockchain-parser, is capable of detecting ASCII strings and files (e.g., PDF, GIF, and SVG) embedded in BC's transactions. To evaluate such a solution, Bitcoin, Monero, and Ethereum cryptocurrencies were examined to find commonalities and differences between different BCs regarding their arbitrary data storage usage. Conclusions from such an evaluation indicate that Ethereum has been the most used BC for media data storage compared to Bitcoin and Monero.</p>Proceedings Article: Survey of security, performance, and profitability of Monero2024-01-06T17:58:46+00:002024-01-06T17:58:46+00:00https://moneroresearch.info/resource/211Rucknium<p>Pitu, F., & Gaitan, N. C. 2023, July <em><b>Survey of security, performance, and profitability of monero: </b><b>A browser-based cryptocurrency</b></em>. Paper presented at 2023 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).</p>
<p><strong>Abstract</strong></p>
<p>Information is the key to success in every domain; this statement also applies to cryptocurrencies and blockchain domains. Beginning with Bitcoin back in 2009, which the anonymous Japanese Satoshi Nakamoto launched, blockchain technology emerged. This technology has revolutionized and continues to do so in digital transactions. In addition, this technology led to the further development of other cryptocurrencies that are active at these moments on the market. One class of cryptocurrencies obtained differently from classical bitcoin is those obtained due to web-based mining. The most known coins of this type are Monero, Dash, or Electroneum. This paper aims to analyze the web-based mining process of Monero and the whole process’s security. In addition, we want to explore the performance of the mining processes used in the user’s web browser. Moreover, finally, we aim to research the profitability of coins obtained due to web-browser mining, having as an object of study the cryptocurrency Monero.</p>Proceedings Article: Survey of security, performance, and profitability of Monero2024-01-06T17:58:46+00:002024-01-06T17:58:46+00:00https://moneroresearch.info/resource/211Rucknium<p>Pitu, F., & Gaitan, N. C. 2023, July <em><b>Survey of security, performance, and profitability of monero: </b><b>A browser-based cryptocurrency</b></em>. Paper presented at 2023 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME).</p>
<p><strong>Abstract</strong></p>
<p>Information is the key to success in every domain; this statement also applies to cryptocurrencies and blockchain domains. Beginning with Bitcoin back in 2009, which the anonymous Japanese Satoshi Nakamoto launched, blockchain technology emerged. This technology has revolutionized and continues to do so in digital transactions. In addition, this technology led to the further development of other cryptocurrencies that are active at these moments on the market. One class of cryptocurrencies obtained differently from classical bitcoin is those obtained due to web-based mining. The most known coins of this type are Monero, Dash, or Electroneum. This paper aims to analyze the web-based mining process of Monero and the whole process’s security. In addition, we want to explore the performance of the mining processes used in the user’s web browser. Moreover, finally, we aim to research the profitability of coins obtained due to web-browser mining, having as an object of study the cryptocurrency Monero.</p>Proceedings Article: “Act natural!”2024-01-06T17:53:15+00:002024-01-06T17:53:15+00:00https://moneroresearch.info/resource/210Rucknium<p>Tiemann, T., Berndt, S., Eisenbarth, T., & Liśkiewicz, M. 2023, July <em><b>“act natural!”: </b><b>Exchanging private messages on public blockchains</b></em>. Paper presented at 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).</p>
<p><strong>Abstract</strong></p>
<p>Messengers have become an essential means of interpersonal interaction. Yet untraceable private communication remains an elusive goal, as most messengers hide content, but not communication patterns. The knowledge of communication patterns can by itself reveal too much, as happened, e. g., in the context of the Arab Spring. Subliminal channels in cryptographic systems enable untraceable private communication in plain sight. In this context, bulletin boards in the form of blockchains are a natural object for subliminal communication: accessing them is innocuous, as they rely on distributed access for verification and extension. At the same time, blockchain users generate hundreds of thousands of transactions per day that are individually signed and placed on the blockchain. Thus blockchains may serve as innocuous repository for publicly accessible cryptographic transactions where subliminal channels can be placed. In this paper, we propose a public-key subliminal channel using secret-recoverable splittable signature schemes on blockchains and prove that our construction is undetectable in the random oracle model under common cryptographic assumptions. Our approach is applicable to any secret-recoverable splittable signature scheme and introduces a constant overhead of a single signature per message. Such schemes are used by 98 of the top 100 cryptocurrencies. We also analyze the applicability of our approach to the Bitcoin, Monero, and RippleNet networks and present proof of concept implementations for Bitcoin and RippleNet.</p>Proceedings Article: “Act natural!”2024-01-06T17:53:15+00:002024-01-06T17:53:15+00:00https://moneroresearch.info/resource/210Rucknium<p>Tiemann, T., Berndt, S., Eisenbarth, T., & Liśkiewicz, M. 2023, July <em><b>“act natural!”: </b><b>Exchanging private messages on public blockchains</b></em>. Paper presented at 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).</p>
<p><strong>Abstract</strong></p>
<p>Messengers have become an essential means of interpersonal interaction. Yet untraceable private communication remains an elusive goal, as most messengers hide content, but not communication patterns. The knowledge of communication patterns can by itself reveal too much, as happened, e. g., in the context of the Arab Spring. Subliminal channels in cryptographic systems enable untraceable private communication in plain sight. In this context, bulletin boards in the form of blockchains are a natural object for subliminal communication: accessing them is innocuous, as they rely on distributed access for verification and extension. At the same time, blockchain users generate hundreds of thousands of transactions per day that are individually signed and placed on the blockchain. Thus blockchains may serve as innocuous repository for publicly accessible cryptographic transactions where subliminal channels can be placed. In this paper, we propose a public-key subliminal channel using secret-recoverable splittable signature schemes on blockchains and prove that our construction is undetectable in the random oracle model under common cryptographic assumptions. Our approach is applicable to any secret-recoverable splittable signature scheme and introduces a constant overhead of a single signature per message. Such schemes are used by 98 of the top 100 cryptocurrencies. We also analyze the applicability of our approach to the Bitcoin, Monero, and RippleNet networks and present proof of concept implementations for Bitcoin and RippleNet.</p>Proceedings Article: “Act natural!”2024-01-06T17:53:15+00:002024-01-06T17:53:15+00:00https://moneroresearch.info/resource/210Rucknium<p>Tiemann, T., Berndt, S., Eisenbarth, T., & Liśkiewicz, M. 2023, July <em><b>“act natural!”: </b><b>Exchanging private messages on public blockchains</b></em>. Paper presented at 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).</p>
<p><strong>Abstract</strong></p>
<p>Messengers have become an essential means of interpersonal interaction. Yet untraceable private communication remains an elusive goal, as most messengers hide content, but not communication patterns. The knowledge of communication patterns can by itself reveal too much, as happened, e. g., in the context of the Arab Spring. Subliminal channels in cryptographic systems enable untraceable private communication in plain sight. In this context, bulletin boards in the form of blockchains are a natural object for subliminal communication: accessing them is innocuous, as they rely on distributed access for verification and extension. At the same time, blockchain users generate hundreds of thousands of transactions per day that are individually signed and placed on the blockchain. Thus blockchains may serve as innocuous repository for publicly accessible cryptographic transactions where subliminal channels can be placed. In this paper, we propose a public-key subliminal channel using secret-recoverable splittable signature schemes on blockchains and prove that our construction is undetectable in the random oracle model under common cryptographic assumptions. Our approach is applicable to any secret-recoverable splittable signature scheme and introduces a constant overhead of a single signature per message. Such schemes are used by 98 of the top 100 cryptocurrencies. We also analyze the applicability of our approach to the Bitcoin, Monero, and RippleNet networks and present proof of concept implementations for Bitcoin and RippleNet.</p>Proceedings Article: “Act natural!”2024-01-06T17:53:15+00:002024-01-06T17:53:15+00:00https://moneroresearch.info/resource/210Rucknium<p>Tiemann, T., Berndt, S., Eisenbarth, T., & Liśkiewicz, M. 2023, July <em><b>“act natural!”: </b><b>Exchanging private messages on public blockchains</b></em>. Paper presented at 2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P).</p>
<p><strong>Abstract</strong></p>
<p>Messengers have become an essential means of interpersonal interaction. Yet untraceable private communication remains an elusive goal, as most messengers hide content, but not communication patterns. The knowledge of communication patterns can by itself reveal too much, as happened, e. g., in the context of the Arab Spring. Subliminal channels in cryptographic systems enable untraceable private communication in plain sight. In this context, bulletin boards in the form of blockchains are a natural object for subliminal communication: accessing them is innocuous, as they rely on distributed access for verification and extension. At the same time, blockchain users generate hundreds of thousands of transactions per day that are individually signed and placed on the blockchain. Thus blockchains may serve as innocuous repository for publicly accessible cryptographic transactions where subliminal channels can be placed. In this paper, we propose a public-key subliminal channel using secret-recoverable splittable signature schemes on blockchains and prove that our construction is undetectable in the random oracle model under common cryptographic assumptions. Our approach is applicable to any secret-recoverable splittable signature scheme and introduces a constant overhead of a single signature per message. Such schemes are used by 98 of the top 100 cryptocurrencies. We also analyze the applicability of our approach to the Bitcoin, Monero, and RippleNet networks and present proof of concept implementations for Bitcoin and RippleNet.</p>Journal Article: Privacy Evaluation of Blockchain Based Privacy Cryptocurrencies2024-01-06T17:50:57+00:002024-01-06T17:50:57+00:00https://moneroresearch.info/resource/209Rucknium<p>Zhang, T. (2023). <b>Privacy evaluation of blockchain based privacy cryptocurrencies: </b><b>A comparative analysis of dash, monero, verge, zcash, and grin</b>. <em>IEEE Transactions on Sustainable Computing</em>, <em>8</em>(4), 574–582.</p>
<p><strong>Abstract</strong></p>
<p>Privacy is important to financial industry, so as to blockchain based cryptocurrencies. Bitcoin can provide only weak identity privacy. To overcome privacy challenges of Bitcoin, some privacy focused cryptocurrencies are proposed, such as Dash, Monero, Zcash, Grin and Verge. Private address, confidential transaction, and network anonymization service are adopted to improve privacy in these privacy focused cryptocurrencies. We propose four privacy metrics for blockchain based cryptocurrencies as identity anonymity, transaction confidentiality, transaction unlinkability, and network anonymity. Then make a comparative analysis on privacy of Bitcoin, Dash, Monero, Verge, Zcash, and Grin from these privacy metrics. Finally, open challenges and future directions on blockchain based privacy cryptocurrencies are discussed. In the future, multi-level privacy enhancement schemes can be combined in privacy cryptocurrencies to improve privacy, performance and scalability.</p>Journal Article: RATS2024-01-06T17:44:39+00:002024-01-06T17:44:39+00:00https://moneroresearch.info/resource/208Rucknium<p>Luo, M., Zhou, J., & Yang, P. (2023). <b>Rats: </b><b>A regulatory anonymous transaction system based on blockchain</b>. <em>Journal of Parallel and Distributed Computing</em>, <em>182</em>, 104751.</p>
<p><strong>Abstract</strong></p>
<p>With the rapid development of digital currency such as Bitcoin, the digital currency transaction system with blockchain as the key underlying technology is booming, but the traditional transaction system has the risk of revealing sensitive information such as transaction content and identity. In order to enhance the security, many transactions system with privacy preserving have been proposed, such as Zerocoin, Monero, etc. As there are a decentralized credit entity and strong anonymity in these transaction systems, the authorities can effectively audit and control the participants and transactions in the digital currency system, thus making digital currency a tool for illegal transactions. Recognizing the importance of privacy preserving and regulatory, in this paper, we propose a new regulatory anonymous transaction system based on blockchain—RATS, which can not only protect the privacy of transactions on the blockchain, but also regulate illegal transactions. Firstly, we introduce regulators into the system, and at the same time, we propose a regulatory mechanism that the regulator is allowed to trace the identity of the user without affecting the transaction operation of the system when suspicious transactions are found. In particularly, during the normal transaction, we protect the privacy of users' transaction contents and addresses without affecting the anonymity of the original system. We formalize the system model and security model of RATS. Moreover, the security of the proposed scheme is strictly proved and analyzed.</p>Journal Article: RATS2024-01-06T17:44:39+00:002024-01-06T17:44:39+00:00https://moneroresearch.info/resource/208Rucknium<p>Luo, M., Zhou, J., & Yang, P. (2023). <b>Rats: </b><b>A regulatory anonymous transaction system based on blockchain</b>. <em>Journal of Parallel and Distributed Computing</em>, <em>182</em>, 104751.</p>
<p><strong>Abstract</strong></p>
<p>With the rapid development of digital currency such as Bitcoin, the digital currency transaction system with blockchain as the key underlying technology is booming, but the traditional transaction system has the risk of revealing sensitive information such as transaction content and identity. In order to enhance the security, many transactions system with privacy preserving have been proposed, such as Zerocoin, Monero, etc. As there are a decentralized credit entity and strong anonymity in these transaction systems, the authorities can effectively audit and control the participants and transactions in the digital currency system, thus making digital currency a tool for illegal transactions. Recognizing the importance of privacy preserving and regulatory, in this paper, we propose a new regulatory anonymous transaction system based on blockchain—RATS, which can not only protect the privacy of transactions on the blockchain, but also regulate illegal transactions. Firstly, we introduce regulators into the system, and at the same time, we propose a regulatory mechanism that the regulator is allowed to trace the identity of the user without affecting the transaction operation of the system when suspicious transactions are found. In particularly, during the normal transaction, we protect the privacy of users' transaction contents and addresses without affecting the anonymity of the original system. We formalize the system model and security model of RATS. Moreover, the security of the proposed scheme is strictly proved and analyzed.</p>Journal Article: RATS2024-01-06T17:44:39+00:002024-01-06T17:44:39+00:00https://moneroresearch.info/resource/208Rucknium<p>Luo, M., Zhou, J., & Yang, P. (2023). <b>Rats: </b><b>A regulatory anonymous transaction system based on blockchain</b>. <em>Journal of Parallel and Distributed Computing</em>, <em>182</em>, 104751.</p>
<p><strong>Abstract</strong></p>
<p>With the rapid development of digital currency such as Bitcoin, the digital currency transaction system with blockchain as the key underlying technology is booming, but the traditional transaction system has the risk of revealing sensitive information such as transaction content and identity. In order to enhance the security, many transactions system with privacy preserving have been proposed, such as Zerocoin, Monero, etc. As there are a decentralized credit entity and strong anonymity in these transaction systems, the authorities can effectively audit and control the participants and transactions in the digital currency system, thus making digital currency a tool for illegal transactions. Recognizing the importance of privacy preserving and regulatory, in this paper, we propose a new regulatory anonymous transaction system based on blockchain—RATS, which can not only protect the privacy of transactions on the blockchain, but also regulate illegal transactions. Firstly, we introduce regulators into the system, and at the same time, we propose a regulatory mechanism that the regulator is allowed to trace the identity of the user without affecting the transaction operation of the system when suspicious transactions are found. In particularly, during the normal transaction, we protect the privacy of users' transaction contents and addresses without affecting the anonymity of the original system. We formalize the system model and security model of RATS. Moreover, the security of the proposed scheme is strictly proved and analyzed.</p>Proceedings Article: A Review of Privacy-Preserving Cryptographic Techniques Used in Blockchain Platforms2024-01-06T17:36:33+00:002024-01-06T17:36:33+00:00https://moneroresearch.info/resource/207Rucknium<p>Barj, S., Ouaddah, A., & Mezrioui, A. 2023, <em><b>A review of privacy-preserving cryptographic techniques used in blockchain platforms</b></em>. Paper presented at Digital Technologies and Applications.</p>
<p><strong>Abstract</strong></p>
<p>Due to its reliance on cryptographic techniques to ensure a high level of security, Blockchain technologies are witnessing widespread adoption in many domains ranging from decentralized Finance (DeFi), contract management, e-health, and cyber defense, to IoT among many others. However, quantum computing makes some cryptographic techniques used in the known blockchain platforms vulnerable and breakable. In this direction, this paper compares, classifies, and analyzes the cryptographic techniques used by well-known blockchain platforms, which are: Zerocash, Hyperledger Fabric, Monero, Ethereum, Bitcoin, and Hyperledger Indy. The forecited analysis is against three criteria: crypto-technique category, quantum resistance, and anonymity type. Finally, the discussion highlights the pros and cons of the studied techniques as well as presents some recommendations to improve privacy-preserving, quantum-safety, and security properties for each one.</p>Proceedings Article: A Review of Privacy-Preserving Cryptographic Techniques Used in Blockchain Platforms2024-01-06T17:36:33+00:002024-01-06T17:36:33+00:00https://moneroresearch.info/resource/207Rucknium<p>Barj, S., Ouaddah, A., & Mezrioui, A. 2023, <em><b>A review of privacy-preserving cryptographic techniques used in blockchain platforms</b></em>. Paper presented at Digital Technologies and Applications.</p>
<p><strong>Abstract</strong></p>
<p>Due to its reliance on cryptographic techniques to ensure a high level of security, Blockchain technologies are witnessing widespread adoption in many domains ranging from decentralized Finance (DeFi), contract management, e-health, and cyber defense, to IoT among many others. However, quantum computing makes some cryptographic techniques used in the known blockchain platforms vulnerable and breakable. In this direction, this paper compares, classifies, and analyzes the cryptographic techniques used by well-known blockchain platforms, which are: Zerocash, Hyperledger Fabric, Monero, Ethereum, Bitcoin, and Hyperledger Indy. The forecited analysis is against three criteria: crypto-technique category, quantum resistance, and anonymity type. Finally, the discussion highlights the pros and cons of the studied techniques as well as presents some recommendations to improve privacy-preserving, quantum-safety, and security properties for each one.</p>Proceedings Article: A Review of Privacy-Preserving Cryptographic Techniques Used in Blockchain Platforms2024-01-06T17:36:33+00:002024-01-06T17:36:33+00:00https://moneroresearch.info/resource/207Rucknium<p>Barj, S., Ouaddah, A., & Mezrioui, A. 2023, <em><b>A review of privacy-preserving cryptographic techniques used in blockchain platforms</b></em>. Paper presented at Digital Technologies and Applications.</p>
<p><strong>Abstract</strong></p>
<p>Due to its reliance on cryptographic techniques to ensure a high level of security, Blockchain technologies are witnessing widespread adoption in many domains ranging from decentralized Finance (DeFi), contract management, e-health, and cyber defense, to IoT among many others. However, quantum computing makes some cryptographic techniques used in the known blockchain platforms vulnerable and breakable. In this direction, this paper compares, classifies, and analyzes the cryptographic techniques used by well-known blockchain platforms, which are: Zerocash, Hyperledger Fabric, Monero, Ethereum, Bitcoin, and Hyperledger Indy. The forecited analysis is against three criteria: crypto-technique category, quantum resistance, and anonymity type. Finally, the discussion highlights the pros and cons of the studied techniques as well as presents some recommendations to improve privacy-preserving, quantum-safety, and security properties for each one.</p>Proceedings Article: A Review of Privacy-Preserving Cryptographic Techniques Used in Blockchain Platforms2024-01-06T17:36:33+00:002024-01-06T17:36:33+00:00https://moneroresearch.info/resource/207Rucknium<p>Barj, S., Ouaddah, A., & Mezrioui, A. 2023, <em><b>A review of privacy-preserving cryptographic techniques used in blockchain platforms</b></em>. Paper presented at Digital Technologies and Applications.</p>
<p><strong>Abstract</strong></p>
<p>Due to its reliance on cryptographic techniques to ensure a high level of security, Blockchain technologies are witnessing widespread adoption in many domains ranging from decentralized Finance (DeFi), contract management, e-health, and cyber defense, to IoT among many others. However, quantum computing makes some cryptographic techniques used in the known blockchain platforms vulnerable and breakable. In this direction, this paper compares, classifies, and analyzes the cryptographic techniques used by well-known blockchain platforms, which are: Zerocash, Hyperledger Fabric, Monero, Ethereum, Bitcoin, and Hyperledger Indy. The forecited analysis is against three criteria: crypto-technique category, quantum resistance, and anonymity type. Finally, the discussion highlights the pros and cons of the studied techniques as well as presents some recommendations to improve privacy-preserving, quantum-safety, and security properties for each one.</p>Proceedings Article: A Review of Privacy-Preserving Cryptographic Techniques Used in Blockchain Platforms2024-01-06T17:36:33+00:002024-01-06T17:36:33+00:00https://moneroresearch.info/resource/207Rucknium<p>Barj, S., Ouaddah, A., & Mezrioui, A. 2023, <em><b>A review of privacy-preserving cryptographic techniques used in blockchain platforms</b></em>. Paper presented at Digital Technologies and Applications.</p>
<p><strong>Abstract</strong></p>
<p>Due to its reliance on cryptographic techniques to ensure a high level of security, Blockchain technologies are witnessing widespread adoption in many domains ranging from decentralized Finance (DeFi), contract management, e-health, and cyber defense, to IoT among many others. However, quantum computing makes some cryptographic techniques used in the known blockchain platforms vulnerable and breakable. In this direction, this paper compares, classifies, and analyzes the cryptographic techniques used by well-known blockchain platforms, which are: Zerocash, Hyperledger Fabric, Monero, Ethereum, Bitcoin, and Hyperledger Indy. The forecited analysis is against three criteria: crypto-technique category, quantum resistance, and anonymity type. Finally, the discussion highlights the pros and cons of the studied techniques as well as presents some recommendations to improve privacy-preserving, quantum-safety, and security properties for each one.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Journal Article: A regulated anonymous cryptocurrency with batch linkability2024-01-06T17:26:58+00:002024-01-06T17:26:58+00:00https://moneroresearch.info/resource/206Rucknium<p>Yu, Q., Liao, S., Wang, L., Yu, Y., Zhang, L., & Zhao, Y. (2024). <b>A regulated anonymous cryptocurrency with batch linkability</b>. <em>Computer Standards & Interfaces</em>, <em>87</em>, 103770.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin use blockchain to conduct peer-to-peer value transmission. Nevertheless, the publicly nature of on-chain data might violate the privacy of the users. Subsequently, several anonymous cryptocurrencies, such as Zerocash and Monero, were proposed to enhance the privacy of cryptocurrencies. However, the strong privacy makes these cryptocurrencies perfect tools for illegal gains such as money laundering, extortion, and terrorist financing. As a result, regulation becomes a necessity for cryptocurrencies. In order to balance the contradiction between privacy and regulation in cryptocurrencies, in this paper, we propose a new regulated anonymous cryptocurrency protocol that can protect the privacy of honest payers while enabling a tracing authority to find out all the correlations among a batch of dubious transactions by a single query, and even trace malicious payers’ real identity if necessary. We formalize its system model and security model, including anonymity, sort-blindness, non-frameability and linkability. We also demonstrate that the proposed protocol achieves these desirable security properties with detailed security analysis. Finally, we show the validity and feasibility of this protocol by implementing a prototype system.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Proceedings Article: Security Model for Privacy-Preserving Blockchain-Based Cryptocurrency Systems2024-01-06T17:22:44+00:002024-01-06T17:22:44+00:00https://moneroresearch.info/resource/205Rucknium<p>Raikwar, M., Wu, S., & Gjosteen, K. 2023, <em><b>Security model for privacy-preserving blockchain-based cryptocurrency systems</b></em>. Paper presented at Network and System Security.</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving blockchain-based cryptocurrency systems have become quite popular as a way to provide confidential payments. These cryptocurrency systems differ in their designs, underlying cryptography, and confidentiality level. Some of these systems provide confidentiality for their users or transactions or both. There has been a thriving interest in constructing different privacy-preserving cryptocurrency systems with improved security and additional features. Nevertheless, many of these available systems lack security models which makes it hard to prove the security properties of these systems.</p>Miscellaneous: A Transaction-Level Model for Blockchain Privacy2024-01-06T17:04:36+00:002024-01-06T17:03:01+00:00https://moneroresearch.info/resource/204Rucknium<p>Wicht, F.-X., Wang, Z., Le, D. V., & Cachin, C. 2023. <em><b>A transaction-level model for blockchain privacy</b></em>. [Cryptology ePrint Archive, Paper 2023/1902].</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability and unlinkability. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains -- Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Miscellaneous: A Transaction-Level Model for Blockchain Privacy2024-01-06T17:04:36+00:002024-01-06T17:03:01+00:00https://moneroresearch.info/resource/204Rucknium<p>Wicht, F.-X., Wang, Z., Le, D. V., & Cachin, C. 2023. <em><b>A transaction-level model for blockchain privacy</b></em>. [Cryptology ePrint Archive, Paper 2023/1902].</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability and unlinkability. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains -- Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Miscellaneous: A Transaction-Level Model for Blockchain Privacy2024-01-06T17:04:36+00:002024-01-06T17:03:01+00:00https://moneroresearch.info/resource/204Rucknium<p>Wicht, F.-X., Wang, Z., Le, D. V., & Cachin, C. 2023. <em><b>A transaction-level model for blockchain privacy</b></em>. [Cryptology ePrint Archive, Paper 2023/1902].</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability and unlinkability. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains -- Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Miscellaneous: A Transaction-Level Model for Blockchain Privacy2024-01-06T17:04:36+00:002024-01-06T17:03:01+00:00https://moneroresearch.info/resource/204Rucknium<p>Wicht, F.-X., Wang, Z., Le, D. V., & Cachin, C. 2023. <em><b>A transaction-level model for blockchain privacy</b></em>. [Cryptology ePrint Archive, Paper 2023/1902].</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability and unlinkability. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains -- Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Journal Article: Anonymity-Enhancing Multi-Hop Locks for Monero-Enabled Payment Channel Networks2024-01-06T16:59:40+00:002024-01-06T16:59:40+00:00https://moneroresearch.info/resource/203Rucknium<p>Wang, X., Lin, C., Huang, X., & He, D. (2023). <b>Anonymity-enhancing multi-hop locks for monero-enabled payment channel networks</b>. <em>IEEE Transactions on Information Forensics and Security</em>, 1–1.</p>
<p><strong>Abstract</strong></p>
<p>Payment Channel Networks (PCNs) are innovative second-layer scaling technologies that aim to improve transaction rates, reduce on-chain storage costs, and enable efficient atomic swaps for blockchain-based cryptocurrencies. Despite offering features like relationship anonymity, scriptless script, and cross-chain fairness, current PCNs encounter challenges in achieving identity anonymity and maintaining the fungibility of cryptocurrency units. PayMo, proposed in ESORICS’22, addresses payment anonymity but is limited to Monero, posing difficulties in extending it to a PCN framework. In response, this paper presents a novel Anonymity-Enhancing Multi-Hop Locks (AEMHL) mechanism for Monero-enabled PCNs. The AEMHL mechanism leverages our generic Linkable Ring Adaptor Signature (LRAS) construction and a minimalist PCN framework called anonymous multi-hop locks. This approach effectively combines privacy protection and simplicity while ensuring Monero’s fungibility without the need for specialized scripting support. Security properties, including atomicity, consistency, and anonymity-enhancement, are demonstrated using a universal composability model. Additionally, two optimized LRAS-based schemes are proposed to accommodate multi-hop locks construction in diverse scenarios. Through rigorous security analysis and performance evaluation, we confirm that AEMHL meets essential security objectives and provides efficient and practical solutions for privacy-conscious users within PCNs.</p>Journal Article: Anonymity-Enhancing Multi-Hop Locks for Monero-Enabled Payment Channel Networks2024-01-06T16:59:40+00:002024-01-06T16:59:40+00:00https://moneroresearch.info/resource/203Rucknium<p>Wang, X., Lin, C., Huang, X., & He, D. (2023). <b>Anonymity-enhancing multi-hop locks for monero-enabled payment channel networks</b>. <em>IEEE Transactions on Information Forensics and Security</em>, 1–1.</p>
<p><strong>Abstract</strong></p>
<p>Payment Channel Networks (PCNs) are innovative second-layer scaling technologies that aim to improve transaction rates, reduce on-chain storage costs, and enable efficient atomic swaps for blockchain-based cryptocurrencies. Despite offering features like relationship anonymity, scriptless script, and cross-chain fairness, current PCNs encounter challenges in achieving identity anonymity and maintaining the fungibility of cryptocurrency units. PayMo, proposed in ESORICS’22, addresses payment anonymity but is limited to Monero, posing difficulties in extending it to a PCN framework. In response, this paper presents a novel Anonymity-Enhancing Multi-Hop Locks (AEMHL) mechanism for Monero-enabled PCNs. The AEMHL mechanism leverages our generic Linkable Ring Adaptor Signature (LRAS) construction and a minimalist PCN framework called anonymous multi-hop locks. This approach effectively combines privacy protection and simplicity while ensuring Monero’s fungibility without the need for specialized scripting support. Security properties, including atomicity, consistency, and anonymity-enhancement, are demonstrated using a universal composability model. Additionally, two optimized LRAS-based schemes are proposed to accommodate multi-hop locks construction in diverse scenarios. Through rigorous security analysis and performance evaluation, we confirm that AEMHL meets essential security objectives and provides efficient and practical solutions for privacy-conscious users within PCNs.</p>Journal Article: Anonymity-Enhancing Multi-Hop Locks for Monero-Enabled Payment Channel Networks2024-01-06T16:59:40+00:002024-01-06T16:59:40+00:00https://moneroresearch.info/resource/203Rucknium<p>Wang, X., Lin, C., Huang, X., & He, D. (2023). <b>Anonymity-enhancing multi-hop locks for monero-enabled payment channel networks</b>. <em>IEEE Transactions on Information Forensics and Security</em>, 1–1.</p>
<p><strong>Abstract</strong></p>
<p>Payment Channel Networks (PCNs) are innovative second-layer scaling technologies that aim to improve transaction rates, reduce on-chain storage costs, and enable efficient atomic swaps for blockchain-based cryptocurrencies. Despite offering features like relationship anonymity, scriptless script, and cross-chain fairness, current PCNs encounter challenges in achieving identity anonymity and maintaining the fungibility of cryptocurrency units. PayMo, proposed in ESORICS’22, addresses payment anonymity but is limited to Monero, posing difficulties in extending it to a PCN framework. In response, this paper presents a novel Anonymity-Enhancing Multi-Hop Locks (AEMHL) mechanism for Monero-enabled PCNs. The AEMHL mechanism leverages our generic Linkable Ring Adaptor Signature (LRAS) construction and a minimalist PCN framework called anonymous multi-hop locks. This approach effectively combines privacy protection and simplicity while ensuring Monero’s fungibility without the need for specialized scripting support. Security properties, including atomicity, consistency, and anonymity-enhancement, are demonstrated using a universal composability model. Additionally, two optimized LRAS-based schemes are proposed to accommodate multi-hop locks construction in diverse scenarios. Through rigorous security analysis and performance evaluation, we confirm that AEMHL meets essential security objectives and provides efficient and practical solutions for privacy-conscious users within PCNs.</p>Journal Article: Anonymity-Enhancing Multi-Hop Locks for Monero-Enabled Payment Channel Networks2024-01-06T16:59:40+00:002024-01-06T16:59:40+00:00https://moneroresearch.info/resource/203Rucknium<p>Wang, X., Lin, C., Huang, X., & He, D. (2023). <b>Anonymity-enhancing multi-hop locks for monero-enabled payment channel networks</b>. <em>IEEE Transactions on Information Forensics and Security</em>, 1–1.</p>
<p><strong>Abstract</strong></p>
<p>Payment Channel Networks (PCNs) are innovative second-layer scaling technologies that aim to improve transaction rates, reduce on-chain storage costs, and enable efficient atomic swaps for blockchain-based cryptocurrencies. Despite offering features like relationship anonymity, scriptless script, and cross-chain fairness, current PCNs encounter challenges in achieving identity anonymity and maintaining the fungibility of cryptocurrency units. PayMo, proposed in ESORICS’22, addresses payment anonymity but is limited to Monero, posing difficulties in extending it to a PCN framework. In response, this paper presents a novel Anonymity-Enhancing Multi-Hop Locks (AEMHL) mechanism for Monero-enabled PCNs. The AEMHL mechanism leverages our generic Linkable Ring Adaptor Signature (LRAS) construction and a minimalist PCN framework called anonymous multi-hop locks. This approach effectively combines privacy protection and simplicity while ensuring Monero’s fungibility without the need for specialized scripting support. Security properties, including atomicity, consistency, and anonymity-enhancement, are demonstrated using a universal composability model. Additionally, two optimized LRAS-based schemes are proposed to accommodate multi-hop locks construction in diverse scenarios. Through rigorous security analysis and performance evaluation, we confirm that AEMHL meets essential security objectives and provides efficient and practical solutions for privacy-conscious users within PCNs.</p>Proceedings Article: Springproofs2024-01-06T16:50:52+00:002024-01-06T16:50:52+00:00https://moneroresearch.info/resource/202Rucknium<p>Zhang, J., Su, M., Liu, X., & Wang, G. 2024, May <em><b>Springproofs: </b><b>Efficient inner product arguments for vectors of arbitrary length</b></em>. Paper presented at 2024 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>Inner product arguments (IPA) are arguments of knowledge that two committed vectors satisfy an inner product relation. With the recursive proof technique by Bootle et al. 2016, the size of IPA proofs only grows logarithmically in the length of the vectors, without a trusted setup. The succinct proof makes IPAs well suited for blockchain applications. However, current IPA can only handle a vector with length a power of 2, which limits the application of the argument. One direct solution is to pad the vectors with zeros, which incurs additional overhead. We propose Springproofs, a new framework deriving IPAs from many existing IPA schemes. Springproofs are natively compatible with vectors of arbitrary length. With a novel recursive compression structure, Springproofs achieve the same proof size as the original IPA but with more efficient computation. In particular, we instantiate Springproofs with Bulletproofs and find the optimal recursive structure for the IPA. First, we experimentally show that Springproofs are almost twice as fast as Bulletproofs for range proof, when the vector length is slightly larger than a power of 2. Afterwards, we incorporate the Springproofs into Monero, a popular cryptocurrency supporting privacy in transactions, revealing that the Springproofs based Monero outperforms Bulletproofs based Monero both in generating and verifying transactions. Moreover, we apply the Springproofs to the general arithmetic circuit, including SHA256, Merkle tree, and typical statistics, the performances on which are better than the performances by using Bulletproofs. Interestingly, Springproofs increase the range of parameters on which the performance of Bulletproofs exceeds that of Groth16, meanwhile naturally inherit the advantages of Bulletproofs, e.g., without initial trusted setup, aggregation, and batch verification. As a result, Springproofs have many promising applications, including confidential transactions in cryptocurrency and privacy computing for specific arithmetic circuits in smart contracts.</p>Proceedings Article: Springproofs2024-01-06T16:50:52+00:002024-01-06T16:50:52+00:00https://moneroresearch.info/resource/202Rucknium<p>Zhang, J., Su, M., Liu, X., & Wang, G. 2024, May <em><b>Springproofs: </b><b>Efficient inner product arguments for vectors of arbitrary length</b></em>. Paper presented at 2024 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>Inner product arguments (IPA) are arguments of knowledge that two committed vectors satisfy an inner product relation. With the recursive proof technique by Bootle et al. 2016, the size of IPA proofs only grows logarithmically in the length of the vectors, without a trusted setup. The succinct proof makes IPAs well suited for blockchain applications. However, current IPA can only handle a vector with length a power of 2, which limits the application of the argument. One direct solution is to pad the vectors with zeros, which incurs additional overhead. We propose Springproofs, a new framework deriving IPAs from many existing IPA schemes. Springproofs are natively compatible with vectors of arbitrary length. With a novel recursive compression structure, Springproofs achieve the same proof size as the original IPA but with more efficient computation. In particular, we instantiate Springproofs with Bulletproofs and find the optimal recursive structure for the IPA. First, we experimentally show that Springproofs are almost twice as fast as Bulletproofs for range proof, when the vector length is slightly larger than a power of 2. Afterwards, we incorporate the Springproofs into Monero, a popular cryptocurrency supporting privacy in transactions, revealing that the Springproofs based Monero outperforms Bulletproofs based Monero both in generating and verifying transactions. Moreover, we apply the Springproofs to the general arithmetic circuit, including SHA256, Merkle tree, and typical statistics, the performances on which are better than the performances by using Bulletproofs. Interestingly, Springproofs increase the range of parameters on which the performance of Bulletproofs exceeds that of Groth16, meanwhile naturally inherit the advantages of Bulletproofs, e.g., without initial trusted setup, aggregation, and batch verification. As a result, Springproofs have many promising applications, including confidential transactions in cryptocurrency and privacy computing for specific arithmetic circuits in smart contracts.</p>Proceedings Article: Springproofs2024-01-06T16:50:52+00:002024-01-06T16:50:52+00:00https://moneroresearch.info/resource/202Rucknium<p>Zhang, J., Su, M., Liu, X., & Wang, G. 2024, May <em><b>Springproofs: </b><b>Efficient inner product arguments for vectors of arbitrary length</b></em>. Paper presented at 2024 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>Inner product arguments (IPA) are arguments of knowledge that two committed vectors satisfy an inner product relation. With the recursive proof technique by Bootle et al. 2016, the size of IPA proofs only grows logarithmically in the length of the vectors, without a trusted setup. The succinct proof makes IPAs well suited for blockchain applications. However, current IPA can only handle a vector with length a power of 2, which limits the application of the argument. One direct solution is to pad the vectors with zeros, which incurs additional overhead. We propose Springproofs, a new framework deriving IPAs from many existing IPA schemes. Springproofs are natively compatible with vectors of arbitrary length. With a novel recursive compression structure, Springproofs achieve the same proof size as the original IPA but with more efficient computation. In particular, we instantiate Springproofs with Bulletproofs and find the optimal recursive structure for the IPA. First, we experimentally show that Springproofs are almost twice as fast as Bulletproofs for range proof, when the vector length is slightly larger than a power of 2. Afterwards, we incorporate the Springproofs into Monero, a popular cryptocurrency supporting privacy in transactions, revealing that the Springproofs based Monero outperforms Bulletproofs based Monero both in generating and verifying transactions. Moreover, we apply the Springproofs to the general arithmetic circuit, including SHA256, Merkle tree, and typical statistics, the performances on which are better than the performances by using Bulletproofs. Interestingly, Springproofs increase the range of parameters on which the performance of Bulletproofs exceeds that of Groth16, meanwhile naturally inherit the advantages of Bulletproofs, e.g., without initial trusted setup, aggregation, and batch verification. As a result, Springproofs have many promising applications, including confidential transactions in cryptocurrency and privacy computing for specific arithmetic circuits in smart contracts.</p>Proceedings Article: Springproofs2024-01-06T16:50:52+00:002024-01-06T16:50:52+00:00https://moneroresearch.info/resource/202Rucknium<p>Zhang, J., Su, M., Liu, X., & Wang, G. 2024, May <em><b>Springproofs: </b><b>Efficient inner product arguments for vectors of arbitrary length</b></em>. Paper presented at 2024 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>Inner product arguments (IPA) are arguments of knowledge that two committed vectors satisfy an inner product relation. With the recursive proof technique by Bootle et al. 2016, the size of IPA proofs only grows logarithmically in the length of the vectors, without a trusted setup. The succinct proof makes IPAs well suited for blockchain applications. However, current IPA can only handle a vector with length a power of 2, which limits the application of the argument. One direct solution is to pad the vectors with zeros, which incurs additional overhead. We propose Springproofs, a new framework deriving IPAs from many existing IPA schemes. Springproofs are natively compatible with vectors of arbitrary length. With a novel recursive compression structure, Springproofs achieve the same proof size as the original IPA but with more efficient computation. In particular, we instantiate Springproofs with Bulletproofs and find the optimal recursive structure for the IPA. First, we experimentally show that Springproofs are almost twice as fast as Bulletproofs for range proof, when the vector length is slightly larger than a power of 2. Afterwards, we incorporate the Springproofs into Monero, a popular cryptocurrency supporting privacy in transactions, revealing that the Springproofs based Monero outperforms Bulletproofs based Monero both in generating and verifying transactions. Moreover, we apply the Springproofs to the general arithmetic circuit, including SHA256, Merkle tree, and typical statistics, the performances on which are better than the performances by using Bulletproofs. Interestingly, Springproofs increase the range of parameters on which the performance of Bulletproofs exceeds that of Groth16, meanwhile naturally inherit the advantages of Bulletproofs, e.g., without initial trusted setup, aggregation, and batch verification. As a result, Springproofs have many promising applications, including confidential transactions in cryptocurrency and privacy computing for specific arithmetic circuits in smart contracts.</p>Miscellaneous: Fine-Grained Accountable Privacy via Unlinkable Policy-Compliant Signatures2024-01-05T22:08:36+00:002024-01-05T22:07:21+00:00https://moneroresearch.info/resource/201Rucknium<p>Badertscher, C., Sedaghat, M., & Waldner, H. 2023. <em><b>Fine-grained accountable privacy via unlinkable policy-compliant signatures</b></em>. [Cryptology ePrint Archive, Paper 2023/1070].</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving payment systems face the difficult task of balancing privacy and accountability: on one hand, users should be able to transact privately and anonymously, on the other hand, no illegal activities should be tolerated. The challenging question of finding the right balance lies at the core of the research on accountable privacy that stipulates the use of cryptographic techniques for policy enforcement, but still allows an authority to revoke the anonymity of transactions whenever such an automatic enforcement is technically not supported. Current state-of-the-art systems are only able to enforce rather limited policies, such as spending or transaction limits, or assertions about participants, but are unable to enforce more complex policies that for example jointly evaluate both, the private credentials of sender and recipient-let alone to do this without an auditor in the loop during payment. This limits the cases where privacy revocation can be avoided as the method to fulfill regulations, which is unsatisfactory from a data-protection viewpoint and shows the need for cryptographic solutions that are able to elevate accountable privacy to a more fine-grained level.<br /><br />In this work, we present such a solution. We show how to enforce complex policies while offering strong privacy and anonymity guarantees by enhancing the notion of policy-compliant signatures (PCS) introduced by Badertscher, Matt and Waldner (TCC'21). In more detail, we first define the notion of unlinkable PCS (ul-PCS) and show how this cryptographic primitive can be generically integrated with a wide range of systems including UTxO-based ledgers, privacy-preserving protocols like Monero or Zcash, and central-bank digital currencies. We give a generic construction for ul-PCS for any policy, and optimized constructions tailored for special policy classes, such as role-based policies and separable policies. <br /><br />To bridge the gap between theory and practice, we provide prototype implementations for all our schemes. We give the first benchmarks for policy-compliant signatures in general, and demonstrate their feasibility for reasonably sized attribute sets for the special cases.</p>Miscellaneous: Fine-Grained Accountable Privacy via Unlinkable Policy-Compliant Signatures2024-01-05T22:08:36+00:002024-01-05T22:07:21+00:00https://moneroresearch.info/resource/201Rucknium<p>Badertscher, C., Sedaghat, M., & Waldner, H. 2023. <em><b>Fine-grained accountable privacy via unlinkable policy-compliant signatures</b></em>. [Cryptology ePrint Archive, Paper 2023/1070].</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving payment systems face the difficult task of balancing privacy and accountability: on one hand, users should be able to transact privately and anonymously, on the other hand, no illegal activities should be tolerated. The challenging question of finding the right balance lies at the core of the research on accountable privacy that stipulates the use of cryptographic techniques for policy enforcement, but still allows an authority to revoke the anonymity of transactions whenever such an automatic enforcement is technically not supported. Current state-of-the-art systems are only able to enforce rather limited policies, such as spending or transaction limits, or assertions about participants, but are unable to enforce more complex policies that for example jointly evaluate both, the private credentials of sender and recipient-let alone to do this without an auditor in the loop during payment. This limits the cases where privacy revocation can be avoided as the method to fulfill regulations, which is unsatisfactory from a data-protection viewpoint and shows the need for cryptographic solutions that are able to elevate accountable privacy to a more fine-grained level.<br /><br />In this work, we present such a solution. We show how to enforce complex policies while offering strong privacy and anonymity guarantees by enhancing the notion of policy-compliant signatures (PCS) introduced by Badertscher, Matt and Waldner (TCC'21). In more detail, we first define the notion of unlinkable PCS (ul-PCS) and show how this cryptographic primitive can be generically integrated with a wide range of systems including UTxO-based ledgers, privacy-preserving protocols like Monero or Zcash, and central-bank digital currencies. We give a generic construction for ul-PCS for any policy, and optimized constructions tailored for special policy classes, such as role-based policies and separable policies. <br /><br />To bridge the gap between theory and practice, we provide prototype implementations for all our schemes. We give the first benchmarks for policy-compliant signatures in general, and demonstrate their feasibility for reasonably sized attribute sets for the special cases.</p>Miscellaneous: Fine-Grained Accountable Privacy via Unlinkable Policy-Compliant Signatures2024-01-05T22:08:36+00:002024-01-05T22:07:21+00:00https://moneroresearch.info/resource/201Rucknium<p>Badertscher, C., Sedaghat, M., & Waldner, H. 2023. <em><b>Fine-grained accountable privacy via unlinkable policy-compliant signatures</b></em>. [Cryptology ePrint Archive, Paper 2023/1070].</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving payment systems face the difficult task of balancing privacy and accountability: on one hand, users should be able to transact privately and anonymously, on the other hand, no illegal activities should be tolerated. The challenging question of finding the right balance lies at the core of the research on accountable privacy that stipulates the use of cryptographic techniques for policy enforcement, but still allows an authority to revoke the anonymity of transactions whenever such an automatic enforcement is technically not supported. Current state-of-the-art systems are only able to enforce rather limited policies, such as spending or transaction limits, or assertions about participants, but are unable to enforce more complex policies that for example jointly evaluate both, the private credentials of sender and recipient-let alone to do this without an auditor in the loop during payment. This limits the cases where privacy revocation can be avoided as the method to fulfill regulations, which is unsatisfactory from a data-protection viewpoint and shows the need for cryptographic solutions that are able to elevate accountable privacy to a more fine-grained level.<br /><br />In this work, we present such a solution. We show how to enforce complex policies while offering strong privacy and anonymity guarantees by enhancing the notion of policy-compliant signatures (PCS) introduced by Badertscher, Matt and Waldner (TCC'21). In more detail, we first define the notion of unlinkable PCS (ul-PCS) and show how this cryptographic primitive can be generically integrated with a wide range of systems including UTxO-based ledgers, privacy-preserving protocols like Monero or Zcash, and central-bank digital currencies. We give a generic construction for ul-PCS for any policy, and optimized constructions tailored for special policy classes, such as role-based policies and separable policies. <br /><br />To bridge the gap between theory and practice, we provide prototype implementations for all our schemes. We give the first benchmarks for policy-compliant signatures in general, and demonstrate their feasibility for reasonably sized attribute sets for the special cases.</p>Thesis/Dissertation: Privacy preserving blockchains and quantum safety2024-01-05T22:01:05+00:002024-01-05T21:58:27+00:00https://moneroresearch.info/resource/200Rucknium<p>Szalaty, Z. E. (2023). <em><b>Privacy preserving blockchains and quantum safety</b></em>. Unpublished Master's Thesis , Universitat Oberta de Catalunya.</p>
<p><strong>Abstract</strong></p>
<p>The protection of one's privacy has become a necessity for every user. Currently, it is possible to maintain privacy in any application, but especially in the ever-evolving world of Blockchain technology. However, these solutions are in jeopardy because quantum computers are imminent. The emergence of quantum adversaries could be countered with measures such as modifying the type of cryptography.</p>Thesis/Dissertation: Privacy preserving blockchains and quantum safety2024-01-05T22:01:05+00:002024-01-05T21:58:27+00:00https://moneroresearch.info/resource/200Rucknium<p>Szalaty, Z. E. (2023). <em><b>Privacy preserving blockchains and quantum safety</b></em>. Unpublished Master's Thesis , Universitat Oberta de Catalunya.</p>
<p><strong>Abstract</strong></p>
<p>The protection of one's privacy has become a necessity for every user. Currently, it is possible to maintain privacy in any application, but especially in the ever-evolving world of Blockchain technology. However, these solutions are in jeopardy because quantum computers are imminent. The emergence of quantum adversaries could be countered with measures such as modifying the type of cryptography.</p>Conference Paper: A Traffic-Analysis Proof Solution to Allow K-Anonymous Payments in Pseudonymous Blockchains2024-01-05T20:51:53+00:002024-01-05T20:51:53+00:00https://moneroresearch.info/resource/199Rucknium<p>Buccafurri, F., De Angelis, V., & Lazzaro, S. 2023, May 25–26 <em><b>A traffic-analysis proof solution to allow k-anonymous payments in pseudonymous blockchains</b></em>. Unpublished paper presented at 5th Distributed Ledger Technology Workshop.</p>
<p><strong>Abstract</strong></p>
<p>Pseudonimity in blockchain often misses the goal of effectively hiding the actual identity of users. Also anonymous blockchains such as Monero and ZCash can be de-anonymized through network traffic analysis. In this work, we present a solution to achieve 𝑘-anonymity guarantees (resisting traffic analysis attacks) in pseudonymous blockchains. The idea underlying our solution is to organize users in rings of cover transactions, through which users indistinguishably exchange actual data or random noise and the initiator is hidden within the ring. Importantly, this mechanism does not require off-chain communication.</p>Conference Paper: A Traffic-Analysis Proof Solution to Allow K-Anonymous Payments in Pseudonymous Blockchains2024-01-05T20:51:53+00:002024-01-05T20:51:53+00:00https://moneroresearch.info/resource/199Rucknium<p>Buccafurri, F., De Angelis, V., & Lazzaro, S. 2023, May 25–26 <em><b>A traffic-analysis proof solution to allow k-anonymous payments in pseudonymous blockchains</b></em>. Unpublished paper presented at 5th Distributed Ledger Technology Workshop.</p>
<p><strong>Abstract</strong></p>
<p>Pseudonimity in blockchain often misses the goal of effectively hiding the actual identity of users. Also anonymous blockchains such as Monero and ZCash can be de-anonymized through network traffic analysis. In this work, we present a solution to achieve 𝑘-anonymity guarantees (resisting traffic analysis attacks) in pseudonymous blockchains. The idea underlying our solution is to organize users in rings of cover transactions, through which users indistinguishably exchange actual data or random noise and the initiator is hidden within the ring. Importantly, this mechanism does not require off-chain communication.</p>Conference Paper: A Traffic-Analysis Proof Solution to Allow K-Anonymous Payments in Pseudonymous Blockchains2024-01-05T20:51:53+00:002024-01-05T20:51:53+00:00https://moneroresearch.info/resource/199Rucknium<p>Buccafurri, F., De Angelis, V., & Lazzaro, S. 2023, May 25–26 <em><b>A traffic-analysis proof solution to allow k-anonymous payments in pseudonymous blockchains</b></em>. Unpublished paper presented at 5th Distributed Ledger Technology Workshop.</p>
<p><strong>Abstract</strong></p>
<p>Pseudonimity in blockchain often misses the goal of effectively hiding the actual identity of users. Also anonymous blockchains such as Monero and ZCash can be de-anonymized through network traffic analysis. In this work, we present a solution to achieve 𝑘-anonymity guarantees (resisting traffic analysis attacks) in pseudonymous blockchains. The idea underlying our solution is to organize users in rings of cover transactions, through which users indistinguishably exchange actual data or random noise and the initiator is hidden within the ring. Importantly, this mechanism does not require off-chain communication.</p>Manuscript: Proof of concept for a Ethereum Virtual Machine on Cryptonote2024-01-05T20:32:15+00:002024-01-05T20:32:15+00:00https://moneroresearch.info/resource/198Rucknium<p>Dijk, A., & Schröder, D. (2023). <em><b>Proof of concept for a ethereum virtual machine on cryptonote</b></em>. Unpublished manuscript.</p>
<p><strong>Abstract</strong></p>
<p>The focus of this paper is to present a proof of concept that investigates the feasibility of integrating the code of a program directly into the blockchain, using the Beldex blockchain — a Monero fork that prioritizes privacy in blockchain applications. The focus of this work is to present a proof of concept that investigates the feasibility of integrating the code of a program directly into the blockchain. The results show that it is possible to achieve this goal and that it has the potential to enhance the security and efficiency of smart contracts. In addition, future work will concentrate on exploring the privacy implications of integrating smart contracts into the Beldex blockchain.</p>Manuscript: Proof of concept for a Ethereum Virtual Machine on Cryptonote2024-01-05T20:32:15+00:002024-01-05T20:32:15+00:00https://moneroresearch.info/resource/198Rucknium<p>Dijk, A., & Schröder, D. (2023). <em><b>Proof of concept for a ethereum virtual machine on cryptonote</b></em>. Unpublished manuscript.</p>
<p><strong>Abstract</strong></p>
<p>The focus of this paper is to present a proof of concept that investigates the feasibility of integrating the code of a program directly into the blockchain, using the Beldex blockchain — a Monero fork that prioritizes privacy in blockchain applications. The focus of this work is to present a proof of concept that investigates the feasibility of integrating the code of a program directly into the blockchain. The results show that it is possible to achieve this goal and that it has the potential to enhance the security and efficiency of smart contracts. In addition, future work will concentrate on exploring the privacy implications of integrating smart contracts into the Beldex blockchain.</p>Journal Article: The Advance of Ring Confidential Transactions2024-01-05T19:46:20+00:002024-01-05T19:45:42+00:00https://moneroresearch.info/resource/197Rucknium<p>Jin, R. (2023). <b>The advance of ring confidential transactions</b>. <em>Highlights in Science, Engineering and Technology</em>, <em>39</em>, 1104–1110.</p>
<p><strong>Abstract</strong></p>
<p>Ring Confidential Transactions (RingCT) is a protocol associated with the privacy-focused cryptocurrency Monero and is used to hide the transaction amount from the third party while still providing the confidentiality of the hide transaction. With the Pederson commitment scheme, ring signature, and other cryptographic constructions, RingCT plays a major role in making the transactions of Monero private. As a privacy coin, Monero has the unique property of fungibility in the cryptocurrency market from the protocols implemented. These protocols provided opportunities and challenges for its future. In this paper, the version of the protocol implemented in Monero is first inspected, including the commitment to zero and the range proof. Then, two critical cryptographic constructions used by RingCT 2.0, the accumulator and the signature of knowledge, are introduced. Finally, the influence of RingCT and other privacy features and the current situation of privacy coin is discussed.</p>Journal Article: Covert channels in blockchain and blockchain based covert communication2024-01-05T19:23:49+00:002024-01-05T19:23:49+00:00https://moneroresearch.info/resource/196Rucknium<p>Zhang, T., Li, B., Zhu, Y., Han, T., & Wu, Q. (2023). <b>Covert channels in blockchain and blockchain based covert communication: </b><b>Overview, state-of-the-art, and future directions</b>. <em>Computer Communications</em>, <em>205</em>, 136–146.</p>
<p><strong>Abstract</strong></p>
<p>Traditional network covert channels have become insecure due to the continuous improvement of traffic analysis techniques. As an emerging technology combined with cryptographic techniques, consensus algorithms, P2P network, blockchain has features like decentralization, traceability, immutability, anonymity, transparency, and security, which makes blockchain an ideal platform for covert channel and covert communication. Benefits of blockchain for covert communication include wide access, high capacity covert channels, identity anonymity and information concealment, and robust communication channel. In the paper, we conduct a systematic analysis on covert channels in blockchain from the layer architecture of blockchain. Covert channels are present in data layer, network layer, incentive layer and contract layer, as block structure, transaction structure, cryptographic schemes, P2P network, transaction fee, and smart contract. There are also various covert channels in different layers of blockchain applications. We make a literature review on covert channels in blockchain applications and blockchain based covert communication schemes. Current researches on blockchain based covert communication mainly focus on blockchain based cryptocurrencies, including Bitcoin, Ethereum, Zcash and Monero. There are also some explorations which combine blockchain with images to achieve higher channel capacity for covert communication. Finally, open challenges and future directions on blockchain based covert communication are discussed.</p>Journal Article: Covert channels in blockchain and blockchain based covert communication2024-01-05T19:23:49+00:002024-01-05T19:23:49+00:00https://moneroresearch.info/resource/196Rucknium<p>Zhang, T., Li, B., Zhu, Y., Han, T., & Wu, Q. (2023). <b>Covert channels in blockchain and blockchain based covert communication: </b><b>Overview, state-of-the-art, and future directions</b>. <em>Computer Communications</em>, <em>205</em>, 136–146.</p>
<p><strong>Abstract</strong></p>
<p>Traditional network covert channels have become insecure due to the continuous improvement of traffic analysis techniques. As an emerging technology combined with cryptographic techniques, consensus algorithms, P2P network, blockchain has features like decentralization, traceability, immutability, anonymity, transparency, and security, which makes blockchain an ideal platform for covert channel and covert communication. Benefits of blockchain for covert communication include wide access, high capacity covert channels, identity anonymity and information concealment, and robust communication channel. In the paper, we conduct a systematic analysis on covert channels in blockchain from the layer architecture of blockchain. Covert channels are present in data layer, network layer, incentive layer and contract layer, as block structure, transaction structure, cryptographic schemes, P2P network, transaction fee, and smart contract. There are also various covert channels in different layers of blockchain applications. We make a literature review on covert channels in blockchain applications and blockchain based covert communication schemes. Current researches on blockchain based covert communication mainly focus on blockchain based cryptocurrencies, including Bitcoin, Ethereum, Zcash and Monero. There are also some explorations which combine blockchain with images to achieve higher channel capacity for covert communication. Finally, open challenges and future directions on blockchain based covert communication are discussed.</p>Journal Article: Covert channels in blockchain and blockchain based covert communication2024-01-05T19:23:49+00:002024-01-05T19:23:49+00:00https://moneroresearch.info/resource/196Rucknium<p>Zhang, T., Li, B., Zhu, Y., Han, T., & Wu, Q. (2023). <b>Covert channels in blockchain and blockchain based covert communication: </b><b>Overview, state-of-the-art, and future directions</b>. <em>Computer Communications</em>, <em>205</em>, 136–146.</p>
<p><strong>Abstract</strong></p>
<p>Traditional network covert channels have become insecure due to the continuous improvement of traffic analysis techniques. As an emerging technology combined with cryptographic techniques, consensus algorithms, P2P network, blockchain has features like decentralization, traceability, immutability, anonymity, transparency, and security, which makes blockchain an ideal platform for covert channel and covert communication. Benefits of blockchain for covert communication include wide access, high capacity covert channels, identity anonymity and information concealment, and robust communication channel. In the paper, we conduct a systematic analysis on covert channels in blockchain from the layer architecture of blockchain. Covert channels are present in data layer, network layer, incentive layer and contract layer, as block structure, transaction structure, cryptographic schemes, P2P network, transaction fee, and smart contract. There are also various covert channels in different layers of blockchain applications. We make a literature review on covert channels in blockchain applications and blockchain based covert communication schemes. Current researches on blockchain based covert communication mainly focus on blockchain based cryptocurrencies, including Bitcoin, Ethereum, Zcash and Monero. There are also some explorations which combine blockchain with images to achieve higher channel capacity for covert communication. Finally, open challenges and future directions on blockchain based covert communication are discussed.</p>Journal Article: Covert channels in blockchain and blockchain based covert communication2024-01-05T19:23:49+00:002024-01-05T19:23:49+00:00https://moneroresearch.info/resource/196Rucknium<p>Zhang, T., Li, B., Zhu, Y., Han, T., & Wu, Q. (2023). <b>Covert channels in blockchain and blockchain based covert communication: </b><b>Overview, state-of-the-art, and future directions</b>. <em>Computer Communications</em>, <em>205</em>, 136–146.</p>
<p><strong>Abstract</strong></p>
<p>Traditional network covert channels have become insecure due to the continuous improvement of traffic analysis techniques. As an emerging technology combined with cryptographic techniques, consensus algorithms, P2P network, blockchain has features like decentralization, traceability, immutability, anonymity, transparency, and security, which makes blockchain an ideal platform for covert channel and covert communication. Benefits of blockchain for covert communication include wide access, high capacity covert channels, identity anonymity and information concealment, and robust communication channel. In the paper, we conduct a systematic analysis on covert channels in blockchain from the layer architecture of blockchain. Covert channels are present in data layer, network layer, incentive layer and contract layer, as block structure, transaction structure, cryptographic schemes, P2P network, transaction fee, and smart contract. There are also various covert channels in different layers of blockchain applications. We make a literature review on covert channels in blockchain applications and blockchain based covert communication schemes. Current researches on blockchain based covert communication mainly focus on blockchain based cryptocurrencies, including Bitcoin, Ethereum, Zcash and Monero. There are also some explorations which combine blockchain with images to achieve higher channel capacity for covert communication. Finally, open challenges and future directions on blockchain based covert communication are discussed.</p>Journal Article: Covert channels in blockchain and blockchain based covert communication2024-01-05T19:23:49+00:002024-01-05T19:23:49+00:00https://moneroresearch.info/resource/196Rucknium<p>Zhang, T., Li, B., Zhu, Y., Han, T., & Wu, Q. (2023). <b>Covert channels in blockchain and blockchain based covert communication: </b><b>Overview, state-of-the-art, and future directions</b>. <em>Computer Communications</em>, <em>205</em>, 136–146.</p>
<p><strong>Abstract</strong></p>
<p>Traditional network covert channels have become insecure due to the continuous improvement of traffic analysis techniques. As an emerging technology combined with cryptographic techniques, consensus algorithms, P2P network, blockchain has features like decentralization, traceability, immutability, anonymity, transparency, and security, which makes blockchain an ideal platform for covert channel and covert communication. Benefits of blockchain for covert communication include wide access, high capacity covert channels, identity anonymity and information concealment, and robust communication channel. In the paper, we conduct a systematic analysis on covert channels in blockchain from the layer architecture of blockchain. Covert channels are present in data layer, network layer, incentive layer and contract layer, as block structure, transaction structure, cryptographic schemes, P2P network, transaction fee, and smart contract. There are also various covert channels in different layers of blockchain applications. We make a literature review on covert channels in blockchain applications and blockchain based covert communication schemes. Current researches on blockchain based covert communication mainly focus on blockchain based cryptocurrencies, including Bitcoin, Ethereum, Zcash and Monero. There are also some explorations which combine blockchain with images to achieve higher channel capacity for covert communication. Finally, open challenges and future directions on blockchain based covert communication are discussed.</p>Journal Article: Monero with Multi-Grained Redaction2024-01-05T19:16:05+00:002024-01-05T18:50:37+00:00https://moneroresearch.info/resource/193Rucknium<p>Huang, K., Mu, Y., Rezaeibagha, F., Zhang, X., & Li, X. (2023). <b>Monero with multi-grained redaction</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, 1–13.</p>
<p><strong>Abstract</strong></p>
<p>Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions with multiple input and output addresses. Current research on Monero mainly focuses on identifying design vulnerabilities or optimizing towards stronger privacy, security, etc. For example, improving the design of ring confidential transaction (RingCT) protocol proposed by Noether et al. As revealed by Ali et al. in USENIX 2016, new blockchains have inadequate nodes and network computing resources to resist powerful attack (e.g. 51% attack). Obviously, Monero blockchain is not an exception. Ateniese et al. proposed the notion of redactable blockchain in EuroS&P 2017, which begins the trend of formalizing blockchain with extra cryptographic primitives. The motivation is to turn an immutable blockchain into a mutable ledger by adapting the blockchain design and integrating with new cryptographic schemes. In such a setting, users could use their private keys to perform the secure multi-party computation to reverse blockchain history. The idea of redactable blockchain has attracted many researchers to pursuit this topic. However, few works have considered the privacy-preserving setting. Even fewer have practised their designs in an actual cryptocurrency. In this paper, we seek to adapt the RingCT protocol with several building blocks. Our proposal achieves most of the desired properties for blockchain redaction. It allows multiple tracing authorities to collaboratively trace users' identities, and a system manager to perform multi-grained (including block-level, transaction-level, accumulator-level and commitment-level) redaction on block contents. Our proposal can be seen as an extension of RingCT protocol. We give rigorous security requirements and comprehensive analysis of our scheme. The performance evaluation suggested that our scheme suffers from some unscalabilities in large-scale implementations. A more elegant design to achieve stronger security and ideal scalability is deemed as a challenging and interesting future work.</p>Journal Article: Monero with Multi-Grained Redaction2024-01-05T19:16:05+00:002024-01-05T18:50:37+00:00https://moneroresearch.info/resource/193Rucknium<p>Huang, K., Mu, Y., Rezaeibagha, F., Zhang, X., & Li, X. (2023). <b>Monero with multi-grained redaction</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, 1–13.</p>
<p><strong>Abstract</strong></p>
<p>Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions with multiple input and output addresses. Current research on Monero mainly focuses on identifying design vulnerabilities or optimizing towards stronger privacy, security, etc. For example, improving the design of ring confidential transaction (RingCT) protocol proposed by Noether et al. As revealed by Ali et al. in USENIX 2016, new blockchains have inadequate nodes and network computing resources to resist powerful attack (e.g. 51% attack). Obviously, Monero blockchain is not an exception. Ateniese et al. proposed the notion of redactable blockchain in EuroS&P 2017, which begins the trend of formalizing blockchain with extra cryptographic primitives. The motivation is to turn an immutable blockchain into a mutable ledger by adapting the blockchain design and integrating with new cryptographic schemes. In such a setting, users could use their private keys to perform the secure multi-party computation to reverse blockchain history. The idea of redactable blockchain has attracted many researchers to pursuit this topic. However, few works have considered the privacy-preserving setting. Even fewer have practised their designs in an actual cryptocurrency. In this paper, we seek to adapt the RingCT protocol with several building blocks. Our proposal achieves most of the desired properties for blockchain redaction. It allows multiple tracing authorities to collaboratively trace users' identities, and a system manager to perform multi-grained (including block-level, transaction-level, accumulator-level and commitment-level) redaction on block contents. Our proposal can be seen as an extension of RingCT protocol. We give rigorous security requirements and comprehensive analysis of our scheme. The performance evaluation suggested that our scheme suffers from some unscalabilities in large-scale implementations. A more elegant design to achieve stronger security and ideal scalability is deemed as a challenging and interesting future work.</p>Journal Article: Monero with Multi-Grained Redaction2024-01-05T19:16:05+00:002024-01-05T18:50:37+00:00https://moneroresearch.info/resource/193Rucknium<p>Huang, K., Mu, Y., Rezaeibagha, F., Zhang, X., & Li, X. (2023). <b>Monero with multi-grained redaction</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, 1–13.</p>
<p><strong>Abstract</strong></p>
<p>Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions with multiple input and output addresses. Current research on Monero mainly focuses on identifying design vulnerabilities or optimizing towards stronger privacy, security, etc. For example, improving the design of ring confidential transaction (RingCT) protocol proposed by Noether et al. As revealed by Ali et al. in USENIX 2016, new blockchains have inadequate nodes and network computing resources to resist powerful attack (e.g. 51% attack). Obviously, Monero blockchain is not an exception. Ateniese et al. proposed the notion of redactable blockchain in EuroS&P 2017, which begins the trend of formalizing blockchain with extra cryptographic primitives. The motivation is to turn an immutable blockchain into a mutable ledger by adapting the blockchain design and integrating with new cryptographic schemes. In such a setting, users could use their private keys to perform the secure multi-party computation to reverse blockchain history. The idea of redactable blockchain has attracted many researchers to pursuit this topic. However, few works have considered the privacy-preserving setting. Even fewer have practised their designs in an actual cryptocurrency. In this paper, we seek to adapt the RingCT protocol with several building blocks. Our proposal achieves most of the desired properties for blockchain redaction. It allows multiple tracing authorities to collaboratively trace users' identities, and a system manager to perform multi-grained (including block-level, transaction-level, accumulator-level and commitment-level) redaction on block contents. Our proposal can be seen as an extension of RingCT protocol. We give rigorous security requirements and comprehensive analysis of our scheme. The performance evaluation suggested that our scheme suffers from some unscalabilities in large-scale implementations. A more elegant design to achieve stronger security and ideal scalability is deemed as a challenging and interesting future work.</p>Journal Article: Monero with Multi-Grained Redaction2024-01-05T19:16:05+00:002024-01-05T18:50:37+00:00https://moneroresearch.info/resource/193Rucknium<p>Huang, K., Mu, Y., Rezaeibagha, F., Zhang, X., & Li, X. (2023). <b>Monero with multi-grained redaction</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, 1–13.</p>
<p><strong>Abstract</strong></p>
<p>Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions with multiple input and output addresses. Current research on Monero mainly focuses on identifying design vulnerabilities or optimizing towards stronger privacy, security, etc. For example, improving the design of ring confidential transaction (RingCT) protocol proposed by Noether et al. As revealed by Ali et al. in USENIX 2016, new blockchains have inadequate nodes and network computing resources to resist powerful attack (e.g. 51% attack). Obviously, Monero blockchain is not an exception. Ateniese et al. proposed the notion of redactable blockchain in EuroS&P 2017, which begins the trend of formalizing blockchain with extra cryptographic primitives. The motivation is to turn an immutable blockchain into a mutable ledger by adapting the blockchain design and integrating with new cryptographic schemes. In such a setting, users could use their private keys to perform the secure multi-party computation to reverse blockchain history. The idea of redactable blockchain has attracted many researchers to pursuit this topic. However, few works have considered the privacy-preserving setting. Even fewer have practised their designs in an actual cryptocurrency. In this paper, we seek to adapt the RingCT protocol with several building blocks. Our proposal achieves most of the desired properties for blockchain redaction. It allows multiple tracing authorities to collaboratively trace users' identities, and a system manager to perform multi-grained (including block-level, transaction-level, accumulator-level and commitment-level) redaction on block contents. Our proposal can be seen as an extension of RingCT protocol. We give rigorous security requirements and comprehensive analysis of our scheme. The performance evaluation suggested that our scheme suffers from some unscalabilities in large-scale implementations. A more elegant design to achieve stronger security and ideal scalability is deemed as a challenging and interesting future work.</p>Journal Article: Monero with Multi-Grained Redaction2024-01-05T19:16:05+00:002024-01-05T18:50:37+00:00https://moneroresearch.info/resource/193Rucknium<p>Huang, K., Mu, Y., Rezaeibagha, F., Zhang, X., & Li, X. (2023). <b>Monero with multi-grained redaction</b>. <em>IEEE Transactions on Dependable and Secure Computing</em>, 1–13.</p>
<p><strong>Abstract</strong></p>
<p>Monero is a privacy-centric cryptocurrency that allows users to obscure their transactions with multiple input and output addresses. Current research on Monero mainly focuses on identifying design vulnerabilities or optimizing towards stronger privacy, security, etc. For example, improving the design of ring confidential transaction (RingCT) protocol proposed by Noether et al. As revealed by Ali et al. in USENIX 2016, new blockchains have inadequate nodes and network computing resources to resist powerful attack (e.g. 51% attack). Obviously, Monero blockchain is not an exception. Ateniese et al. proposed the notion of redactable blockchain in EuroS&P 2017, which begins the trend of formalizing blockchain with extra cryptographic primitives. The motivation is to turn an immutable blockchain into a mutable ledger by adapting the blockchain design and integrating with new cryptographic schemes. In such a setting, users could use their private keys to perform the secure multi-party computation to reverse blockchain history. The idea of redactable blockchain has attracted many researchers to pursuit this topic. However, few works have considered the privacy-preserving setting. Even fewer have practised their designs in an actual cryptocurrency. In this paper, we seek to adapt the RingCT protocol with several building blocks. Our proposal achieves most of the desired properties for blockchain redaction. It allows multiple tracing authorities to collaboratively trace users' identities, and a system manager to perform multi-grained (including block-level, transaction-level, accumulator-level and commitment-level) redaction on block contents. Our proposal can be seen as an extension of RingCT protocol. We give rigorous security requirements and comprehensive analysis of our scheme. The performance evaluation suggested that our scheme suffers from some unscalabilities in large-scale implementations. A more elegant design to achieve stronger security and ideal scalability is deemed as a challenging and interesting future work.</p>Proceedings Article: {Privacy-Preserving Transactions with Verifiable Local Differential Privacy}2024-01-05T19:14:26+00:002024-01-05T18:56:21+00:00https://moneroresearch.info/resource/194Rucknium<p>Movsowitz Davidow, D., Manevich, Y., & Toch, E. 2023, <em><b>Privacy-Preserving Transactions with Verifiable Local Differential Privacy</b></em>. Paper presented at 5th Conference on Advances in Financial Technologies (AFT 2023).</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving transaction systems on blockchain networks like Monero or Zcash provide complete transaction anonymity through cryptographic commitments or encryption. While this secures privacy, it inhibits the collection of statistical data, which current financial markets heavily rely on for economic and sociological research conducted by central banks, statistics bureaus, and research companies. Differential privacy techniques have been proposed to preserve individuals' privacy while still making aggregate analysis possible. We show that differential privacy and privacy-preserving transactions can coexist. We propose a modular scheme incorporating verifiable local differential privacy techniques into a privacy-preserving transaction system. We devise a novel technique that, on the one hand, ensures unbiased randomness and integrity when computing the differential privacy noise by the user and on the other hand, does not degrade the user’s privacy guarantees.</p>Proceedings Article: {Privacy-Preserving Transactions with Verifiable Local Differential Privacy}2024-01-05T19:14:26+00:002024-01-05T18:56:21+00:00https://moneroresearch.info/resource/194Rucknium<p>Movsowitz Davidow, D., Manevich, Y., & Toch, E. 2023, <em><b>Privacy-Preserving Transactions with Verifiable Local Differential Privacy</b></em>. Paper presented at 5th Conference on Advances in Financial Technologies (AFT 2023).</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving transaction systems on blockchain networks like Monero or Zcash provide complete transaction anonymity through cryptographic commitments or encryption. While this secures privacy, it inhibits the collection of statistical data, which current financial markets heavily rely on for economic and sociological research conducted by central banks, statistics bureaus, and research companies. Differential privacy techniques have been proposed to preserve individuals' privacy while still making aggregate analysis possible. We show that differential privacy and privacy-preserving transactions can coexist. We propose a modular scheme incorporating verifiable local differential privacy techniques into a privacy-preserving transaction system. We devise a novel technique that, on the one hand, ensures unbiased randomness and integrity when computing the differential privacy noise by the user and on the other hand, does not degrade the user’s privacy guarantees.</p>Proceedings Article: {Privacy-Preserving Transactions with Verifiable Local Differential Privacy}2024-01-05T19:14:26+00:002024-01-05T18:56:21+00:00https://moneroresearch.info/resource/194Rucknium<p>Movsowitz Davidow, D., Manevich, Y., & Toch, E. 2023, <em><b>Privacy-Preserving Transactions with Verifiable Local Differential Privacy</b></em>. Paper presented at 5th Conference on Advances in Financial Technologies (AFT 2023).</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving transaction systems on blockchain networks like Monero or Zcash provide complete transaction anonymity through cryptographic commitments or encryption. While this secures privacy, it inhibits the collection of statistical data, which current financial markets heavily rely on for economic and sociological research conducted by central banks, statistics bureaus, and research companies. Differential privacy techniques have been proposed to preserve individuals' privacy while still making aggregate analysis possible. We show that differential privacy and privacy-preserving transactions can coexist. We propose a modular scheme incorporating verifiable local differential privacy techniques into a privacy-preserving transaction system. We devise a novel technique that, on the one hand, ensures unbiased randomness and integrity when computing the differential privacy noise by the user and on the other hand, does not degrade the user’s privacy guarantees.</p>Proceedings Article: {Privacy-Preserving Transactions with Verifiable Local Differential Privacy}2024-01-05T19:14:26+00:002024-01-05T18:56:21+00:00https://moneroresearch.info/resource/194Rucknium<p>Movsowitz Davidow, D., Manevich, Y., & Toch, E. 2023, <em><b>Privacy-Preserving Transactions with Verifiable Local Differential Privacy</b></em>. Paper presented at 5th Conference on Advances in Financial Technologies (AFT 2023).</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving transaction systems on blockchain networks like Monero or Zcash provide complete transaction anonymity through cryptographic commitments or encryption. While this secures privacy, it inhibits the collection of statistical data, which current financial markets heavily rely on for economic and sociological research conducted by central banks, statistics bureaus, and research companies. Differential privacy techniques have been proposed to preserve individuals' privacy while still making aggregate analysis possible. We show that differential privacy and privacy-preserving transactions can coexist. We propose a modular scheme incorporating verifiable local differential privacy techniques into a privacy-preserving transaction system. We devise a novel technique that, on the one hand, ensures unbiased randomness and integrity when computing the differential privacy noise by the user and on the other hand, does not degrade the user’s privacy guarantees.</p>Proceedings Article: {Privacy-Preserving Transactions with Verifiable Local Differential Privacy}2024-01-05T19:14:26+00:002024-01-05T18:56:21+00:00https://moneroresearch.info/resource/194Rucknium<p>Movsowitz Davidow, D., Manevich, Y., & Toch, E. 2023, <em><b>Privacy-Preserving Transactions with Verifiable Local Differential Privacy</b></em>. Paper presented at 5th Conference on Advances in Financial Technologies (AFT 2023).</p>
<p><strong>Abstract</strong></p>
<p>Privacy-preserving transaction systems on blockchain networks like Monero or Zcash provide complete transaction anonymity through cryptographic commitments or encryption. While this secures privacy, it inhibits the collection of statistical data, which current financial markets heavily rely on for economic and sociological research conducted by central banks, statistics bureaus, and research companies. Differential privacy techniques have been proposed to preserve individuals' privacy while still making aggregate analysis possible. We show that differential privacy and privacy-preserving transactions can coexist. We propose a modular scheme incorporating verifiable local differential privacy techniques into a privacy-preserving transaction system. We devise a novel technique that, on the one hand, ensures unbiased randomness and integrity when computing the differential privacy noise by the user and on the other hand, does not degrade the user’s privacy guarantees.</p>Proceedings Article: A Blockchain-based Covert Document Communication System Model2024-01-05T19:13:43+00:002024-01-05T19:13:43+00:00https://moneroresearch.info/resource/195Rucknium<p>Su, W., & Ma, L. 2023, April <em><b>A blockchain-based covert document communication system model</b></em>. Paper presented at 2023 8th International Conference on Computer and Communication Systems (ICCCS).</p>
<p><strong>Abstract</strong></p>
<p>The communication method in which both parties could modify certain types of shared resources without attracting the attention of other users is called covert communication. Blockchain is an integrated technology system platform that combines cryptography, mathematics, computer programming, game, and other disciplines. Generally, researchers believe that blockchain, as a distributed storage database that can still guarantee security in an unreliable network environment, has excellent characteristics such as open, decentralized, untrusted, anonymous, tamper prevention, traceability, and contract execution automation. More and more studies have applied it to covert communication technology. To satisfy the requirements of increasing confidentiality of information transmission, enhancing the quantity of data transmitted by covert communication, and decreasing the loss of secret information, this paper proposes a covert document communication model based on blockchain. According to the structure of Monero, the sensitive documents are encrypted by attribute-based encryption, and the communication model that can transmit confidential documents is realized by combining an interplanetary file system. The performance of this scheme is experimentally analyzed, and the concealment and security are proven.</p>Proceedings Article: A Blockchain-based Covert Document Communication System Model2024-01-05T19:13:43+00:002024-01-05T19:13:43+00:00https://moneroresearch.info/resource/195Rucknium<p>Su, W., & Ma, L. 2023, April <em><b>A blockchain-based covert document communication system model</b></em>. Paper presented at 2023 8th International Conference on Computer and Communication Systems (ICCCS).</p>
<p><strong>Abstract</strong></p>
<p>The communication method in which both parties could modify certain types of shared resources without attracting the attention of other users is called covert communication. Blockchain is an integrated technology system platform that combines cryptography, mathematics, computer programming, game, and other disciplines. Generally, researchers believe that blockchain, as a distributed storage database that can still guarantee security in an unreliable network environment, has excellent characteristics such as open, decentralized, untrusted, anonymous, tamper prevention, traceability, and contract execution automation. More and more studies have applied it to covert communication technology. To satisfy the requirements of increasing confidentiality of information transmission, enhancing the quantity of data transmitted by covert communication, and decreasing the loss of secret information, this paper proposes a covert document communication model based on blockchain. According to the structure of Monero, the sensitive documents are encrypted by attribute-based encryption, and the communication model that can transmit confidential documents is realized by combining an interplanetary file system. The performance of this scheme is experimentally analyzed, and the concealment and security are proven.</p>Journal Article: Double spend races2023-08-23T16:52:42+00:002023-08-23T16:51:57+00:00https://moneroresearch.info/resource/192Rucknium<p>Grunspan, C., & Perez-Marco, R. (2018). <b>Double spend races</b>. <em>Int. J. Theor. Appl. Finance</em>, <em>21</em>(8), 1850053.</p>
<p><strong>Abstract</strong></p>
<p>We correct the double spend race analysis given in Nakamoto's foundational Bitcoin article and find the exact closed-form formula for the probability of success of a double spend attack using the regularized incomplete beta function. We give the first proof of its exponential decay on the number of confirmations, often cited in the literature, and find an asymptotic formula. Larger number of confirmations are required compared to those given by Nakamoto. We also compute this probability conditional to the knowledge of the time of the confirmations. This provides a finer risk analysis than the classical one.</p>Journal Article: Double spend races2023-08-23T16:52:42+00:002023-08-23T16:51:57+00:00https://moneroresearch.info/resource/192Rucknium<p>Grunspan, C., & Perez-Marco, R. (2018). <b>Double spend races</b>. <em>Int. J. Theor. Appl. Finance</em>, <em>21</em>(8), 1850053.</p>
<p><strong>Abstract</strong></p>
<p>We correct the double spend race analysis given in Nakamoto's foundational Bitcoin article and find the exact closed-form formula for the probability of success of a double spend attack using the regularized incomplete beta function. We give the first proof of its exponential decay on the number of confirmations, often cited in the literature, and find an asymptotic formula. Larger number of confirmations are required compared to those given by Nakamoto. We also compute this probability conditional to the knowledge of the time of the confirmations. This provides a finer risk analysis than the classical one.</p>Miscellaneous: Analysis of Hashrate-Based Double Spending2023-08-23T16:48:15+00:002023-08-23T16:47:03+00:00https://moneroresearch.info/resource/191Rucknium<p>Rosenfeld, M. 2014. <em><b>Analysis of hashrate-based double spending</b></em>.</p>
<p><strong>Abstract</strong></p>
<p>Bitcoin is the world's first decentralized digital currency. Its main technical innovation is the use of a blockchain and hash-based proof of work to synchronize transactions and prevent double-spending the currency. While the qualitative nature of this system is well understood, there is widespread confusion about its quantitative aspects and how they relate to attack vectors and their countermeasures. In this paper we take a look at the stochastic processes underlying typical attacks and their resulting probabilities of success</p>Journal Article: BaseSAP2023-07-29T03:09:04+00:002023-07-29T03:08:44+00:00https://moneroresearch.info/resource/190Jack<p>Wahrst"atter, A., Solomon, M., DiFrancesco, B., Buterin, V., & Svetinovic, D. (2023). <b>Basesap: </b><b>Modular stealth address protocol for programmable blockchains</b>. <em>arXiv preprint arXiv:2306.14272</em>,</p>
<p><strong>Abstract</strong></p>
<p>Stealth addresses represent an approach to enhancing privacy within public and distributed blockchains, such as Ethereum and Bitcoin. Stealth address protocols generate a distinct, randomly generated address for the recipient, thereby concealing interactions between entities. In this study, we introduce BaseSAP, an autonomous base-layer protocol for embedding stealth addresses within the application layer of programmable blockchains. BaseSAP expands upon previous research to develop a modular protocol for executing unlikable transactions on public blockchains. BaseSAP allows for developing additional stealth address layers using different cryptographic algorithms on top of the primary implementation, capitalizing on its modularity. To demonstrate the effectiveness of our proposed protocol, we present simulations of an advanced Secp256k1-based dual-key stealth address protocol. This protocol is designed on top of BaseSAP and is deployed on the Goerli and Sepolia test networks as the first prototype implementation. Furthermore, we provide cost analyses and underscore potential security ramifications and attack vectors that could affect the privacy of stealth addresses. Our study reveals the flexibility of the BaseSAP protocol and offers insight into the broader implications of stealth address technology.</p>Journal Article: BaseSAP2023-07-29T03:09:04+00:002023-07-29T03:08:44+00:00https://moneroresearch.info/resource/190Jack<p>Wahrst"atter, A., Solomon, M., DiFrancesco, B., Buterin, V., & Svetinovic, D. (2023). <b>Basesap: </b><b>Modular stealth address protocol for programmable blockchains</b>. <em>arXiv preprint arXiv:2306.14272</em>,</p>
<p><strong>Abstract</strong></p>
<p>Stealth addresses represent an approach to enhancing privacy within public and distributed blockchains, such as Ethereum and Bitcoin. Stealth address protocols generate a distinct, randomly generated address for the recipient, thereby concealing interactions between entities. In this study, we introduce BaseSAP, an autonomous base-layer protocol for embedding stealth addresses within the application layer of programmable blockchains. BaseSAP expands upon previous research to develop a modular protocol for executing unlikable transactions on public blockchains. BaseSAP allows for developing additional stealth address layers using different cryptographic algorithms on top of the primary implementation, capitalizing on its modularity. To demonstrate the effectiveness of our proposed protocol, we present simulations of an advanced Secp256k1-based dual-key stealth address protocol. This protocol is designed on top of BaseSAP and is deployed on the Goerli and Sepolia test networks as the first prototype implementation. Furthermore, we provide cost analyses and underscore potential security ramifications and attack vectors that could affect the privacy of stealth addresses. Our study reveals the flexibility of the BaseSAP protocol and offers insight into the broader implications of stealth address technology.</p>Journal Article: BaseSAP2023-07-29T03:09:04+00:002023-07-29T03:08:44+00:00https://moneroresearch.info/resource/190Jack<p>Wahrst"atter, A., Solomon, M., DiFrancesco, B., Buterin, V., & Svetinovic, D. (2023). <b>Basesap: </b><b>Modular stealth address protocol for programmable blockchains</b>. <em>arXiv preprint arXiv:2306.14272</em>,</p>
<p><strong>Abstract</strong></p>
<p>Stealth addresses represent an approach to enhancing privacy within public and distributed blockchains, such as Ethereum and Bitcoin. Stealth address protocols generate a distinct, randomly generated address for the recipient, thereby concealing interactions between entities. In this study, we introduce BaseSAP, an autonomous base-layer protocol for embedding stealth addresses within the application layer of programmable blockchains. BaseSAP expands upon previous research to develop a modular protocol for executing unlikable transactions on public blockchains. BaseSAP allows for developing additional stealth address layers using different cryptographic algorithms on top of the primary implementation, capitalizing on its modularity. To demonstrate the effectiveness of our proposed protocol, we present simulations of an advanced Secp256k1-based dual-key stealth address protocol. This protocol is designed on top of BaseSAP and is deployed on the Goerli and Sepolia test networks as the first prototype implementation. Furthermore, we provide cost analyses and underscore potential security ramifications and attack vectors that could affect the privacy of stealth addresses. Our study reveals the flexibility of the BaseSAP protocol and offers insight into the broader implications of stealth address technology.</p>Journal Article: BaseSAP2023-07-29T03:09:04+00:002023-07-29T03:08:44+00:00https://moneroresearch.info/resource/190Jack<p>Wahrst"atter, A., Solomon, M., DiFrancesco, B., Buterin, V., & Svetinovic, D. (2023). <b>Basesap: </b><b>Modular stealth address protocol for programmable blockchains</b>. <em>arXiv preprint arXiv:2306.14272</em>,</p>
<p><strong>Abstract</strong></p>
<p>Stealth addresses represent an approach to enhancing privacy within public and distributed blockchains, such as Ethereum and Bitcoin. Stealth address protocols generate a distinct, randomly generated address for the recipient, thereby concealing interactions between entities. In this study, we introduce BaseSAP, an autonomous base-layer protocol for embedding stealth addresses within the application layer of programmable blockchains. BaseSAP expands upon previous research to develop a modular protocol for executing unlikable transactions on public blockchains. BaseSAP allows for developing additional stealth address layers using different cryptographic algorithms on top of the primary implementation, capitalizing on its modularity. To demonstrate the effectiveness of our proposed protocol, we present simulations of an advanced Secp256k1-based dual-key stealth address protocol. This protocol is designed on top of BaseSAP and is deployed on the Goerli and Sepolia test networks as the first prototype implementation. Furthermore, we provide cost analyses and underscore potential security ramifications and attack vectors that could affect the privacy of stealth addresses. Our study reveals the flexibility of the BaseSAP protocol and offers insight into the broader implications of stealth address technology.</p>Journal Article: BaseSAP2023-07-29T03:09:04+00:002023-07-29T03:08:44+00:00https://moneroresearch.info/resource/190Jack<p>Wahrst"atter, A., Solomon, M., DiFrancesco, B., Buterin, V., & Svetinovic, D. (2023). <b>Basesap: </b><b>Modular stealth address protocol for programmable blockchains</b>. <em>arXiv preprint arXiv:2306.14272</em>,</p>
<p><strong>Abstract</strong></p>
<p>Stealth addresses represent an approach to enhancing privacy within public and distributed blockchains, such as Ethereum and Bitcoin. Stealth address protocols generate a distinct, randomly generated address for the recipient, thereby concealing interactions between entities. In this study, we introduce BaseSAP, an autonomous base-layer protocol for embedding stealth addresses within the application layer of programmable blockchains. BaseSAP expands upon previous research to develop a modular protocol for executing unlikable transactions on public blockchains. BaseSAP allows for developing additional stealth address layers using different cryptographic algorithms on top of the primary implementation, capitalizing on its modularity. To demonstrate the effectiveness of our proposed protocol, we present simulations of an advanced Secp256k1-based dual-key stealth address protocol. This protocol is designed on top of BaseSAP and is deployed on the Goerli and Sepolia test networks as the first prototype implementation. Furthermore, we provide cost analyses and underscore potential security ramifications and attack vectors that could affect the privacy of stealth addresses. Our study reveals the flexibility of the BaseSAP protocol and offers insight into the broader implications of stealth address technology.</p>Journal Article: From Portfolio Optimization to Quantum Blockchain and Security2023-07-29T03:07:35+00:002023-07-29T03:06:34+00:00https://moneroresearch.info/resource/189Jack<p>Naik, A., Yeniaras, E., Hellstern, G., Prasad, G., & Vishwakarma, S. K. L. P. (2023). <b>From portfolio optimization to quantum blockchain and security: </b><b>A systematic review of quantum computing in finance</b>. <em>arXiv preprint arXiv:2307.01155</em>,</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we provide an overview of the recent work in the quantum finance realm from various perspectives. The applications in consideration are Portfolio Optimization, Fraud Detec- tion, and Monte Carlo methods for derivative pricing and risk calculation. Furthermore, we give a comprehensive overview of the applications of quantum computing in the field of blockchain tech- nology which is a main concept in fintech. In that sense, we first introduce the general overview of blockchain with its main cryptographic primitives such as digital signature algorithms, hash functions, and random number generators as well as the security vulnerabilities of blockchain technologies after the merge of quantum computers considering Shor’s quantum factoring and Grover’s quantum search algorithms. We then discuss the privacy preserving quantum-resistant blockchain systems via threshold signatures, ring signatures, and zero-knowledge proof systems i.e. ZK-SNARKs in quantum resistant blockchains. After emphasizing the difference between the quantum-resistant blockchain and quantum-safe blockchain we mention the security counter- measures to take against the possible quantumized attacks aiming these systems. We finalize our discussion with quantum blockchain, efficient quantum mining and necessary infrastructures for constructing such systems based on quantum computing. This review has the intention to be a bridge to fill the gap between quantum computing and one of its most prominent application realms: Finance. We provide the state-of-the-art results in the intersection of finance and quan- tum technology for both industrial practitioners and academicians.</p>Journal Article: From Portfolio Optimization to Quantum Blockchain and Security2023-07-29T03:07:35+00:002023-07-29T03:06:34+00:00https://moneroresearch.info/resource/189Jack<p>Naik, A., Yeniaras, E., Hellstern, G., Prasad, G., & Vishwakarma, S. K. L. P. (2023). <b>From portfolio optimization to quantum blockchain and security: </b><b>A systematic review of quantum computing in finance</b>. <em>arXiv preprint arXiv:2307.01155</em>,</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we provide an overview of the recent work in the quantum finance realm from various perspectives. The applications in consideration are Portfolio Optimization, Fraud Detec- tion, and Monte Carlo methods for derivative pricing and risk calculation. Furthermore, we give a comprehensive overview of the applications of quantum computing in the field of blockchain tech- nology which is a main concept in fintech. In that sense, we first introduce the general overview of blockchain with its main cryptographic primitives such as digital signature algorithms, hash functions, and random number generators as well as the security vulnerabilities of blockchain technologies after the merge of quantum computers considering Shor’s quantum factoring and Grover’s quantum search algorithms. We then discuss the privacy preserving quantum-resistant blockchain systems via threshold signatures, ring signatures, and zero-knowledge proof systems i.e. ZK-SNARKs in quantum resistant blockchains. After emphasizing the difference between the quantum-resistant blockchain and quantum-safe blockchain we mention the security counter- measures to take against the possible quantumized attacks aiming these systems. We finalize our discussion with quantum blockchain, efficient quantum mining and necessary infrastructures for constructing such systems based on quantum computing. This review has the intention to be a bridge to fill the gap between quantum computing and one of its most prominent application realms: Finance. We provide the state-of-the-art results in the intersection of finance and quan- tum technology for both industrial practitioners and academicians.</p>Journal Article: From Portfolio Optimization to Quantum Blockchain and Security2023-07-29T03:07:35+00:002023-07-29T03:06:34+00:00https://moneroresearch.info/resource/189Jack<p>Naik, A., Yeniaras, E., Hellstern, G., Prasad, G., & Vishwakarma, S. K. L. P. (2023). <b>From portfolio optimization to quantum blockchain and security: </b><b>A systematic review of quantum computing in finance</b>. <em>arXiv preprint arXiv:2307.01155</em>,</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we provide an overview of the recent work in the quantum finance realm from various perspectives. The applications in consideration are Portfolio Optimization, Fraud Detec- tion, and Monte Carlo methods for derivative pricing and risk calculation. Furthermore, we give a comprehensive overview of the applications of quantum computing in the field of blockchain tech- nology which is a main concept in fintech. In that sense, we first introduce the general overview of blockchain with its main cryptographic primitives such as digital signature algorithms, hash functions, and random number generators as well as the security vulnerabilities of blockchain technologies after the merge of quantum computers considering Shor’s quantum factoring and Grover’s quantum search algorithms. We then discuss the privacy preserving quantum-resistant blockchain systems via threshold signatures, ring signatures, and zero-knowledge proof systems i.e. ZK-SNARKs in quantum resistant blockchains. After emphasizing the difference between the quantum-resistant blockchain and quantum-safe blockchain we mention the security counter- measures to take against the possible quantumized attacks aiming these systems. We finalize our discussion with quantum blockchain, efficient quantum mining and necessary infrastructures for constructing such systems based on quantum computing. This review has the intention to be a bridge to fill the gap between quantum computing and one of its most prominent application realms: Finance. We provide the state-of-the-art results in the intersection of finance and quan- tum technology for both industrial practitioners and academicians.</p>Journal Article: From Portfolio Optimization to Quantum Blockchain and Security2023-07-29T03:07:35+00:002023-07-29T03:06:34+00:00https://moneroresearch.info/resource/189Jack<p>Naik, A., Yeniaras, E., Hellstern, G., Prasad, G., & Vishwakarma, S. K. L. P. (2023). <b>From portfolio optimization to quantum blockchain and security: </b><b>A systematic review of quantum computing in finance</b>. <em>arXiv preprint arXiv:2307.01155</em>,</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we provide an overview of the recent work in the quantum finance realm from various perspectives. The applications in consideration are Portfolio Optimization, Fraud Detec- tion, and Monte Carlo methods for derivative pricing and risk calculation. Furthermore, we give a comprehensive overview of the applications of quantum computing in the field of blockchain tech- nology which is a main concept in fintech. In that sense, we first introduce the general overview of blockchain with its main cryptographic primitives such as digital signature algorithms, hash functions, and random number generators as well as the security vulnerabilities of blockchain technologies after the merge of quantum computers considering Shor’s quantum factoring and Grover’s quantum search algorithms. We then discuss the privacy preserving quantum-resistant blockchain systems via threshold signatures, ring signatures, and zero-knowledge proof systems i.e. ZK-SNARKs in quantum resistant blockchains. After emphasizing the difference between the quantum-resistant blockchain and quantum-safe blockchain we mention the security counter- measures to take against the possible quantumized attacks aiming these systems. We finalize our discussion with quantum blockchain, efficient quantum mining and necessary infrastructures for constructing such systems based on quantum computing. This review has the intention to be a bridge to fill the gap between quantum computing and one of its most prominent application realms: Finance. We provide the state-of-the-art results in the intersection of finance and quan- tum technology for both industrial practitioners and academicians.</p>Journal Article: From Portfolio Optimization to Quantum Blockchain and Security2023-07-29T03:07:35+00:002023-07-29T03:06:34+00:00https://moneroresearch.info/resource/189Jack<p>Naik, A., Yeniaras, E., Hellstern, G., Prasad, G., & Vishwakarma, S. K. L. P. (2023). <b>From portfolio optimization to quantum blockchain and security: </b><b>A systematic review of quantum computing in finance</b>. <em>arXiv preprint arXiv:2307.01155</em>,</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we provide an overview of the recent work in the quantum finance realm from various perspectives. The applications in consideration are Portfolio Optimization, Fraud Detec- tion, and Monte Carlo methods for derivative pricing and risk calculation. Furthermore, we give a comprehensive overview of the applications of quantum computing in the field of blockchain tech- nology which is a main concept in fintech. In that sense, we first introduce the general overview of blockchain with its main cryptographic primitives such as digital signature algorithms, hash functions, and random number generators as well as the security vulnerabilities of blockchain technologies after the merge of quantum computers considering Shor’s quantum factoring and Grover’s quantum search algorithms. We then discuss the privacy preserving quantum-resistant blockchain systems via threshold signatures, ring signatures, and zero-knowledge proof systems i.e. ZK-SNARKs in quantum resistant blockchains. After emphasizing the difference between the quantum-resistant blockchain and quantum-safe blockchain we mention the security counter- measures to take against the possible quantumized attacks aiming these systems. We finalize our discussion with quantum blockchain, efficient quantum mining and necessary infrastructures for constructing such systems based on quantum computing. This review has the intention to be a bridge to fill the gap between quantum computing and one of its most prominent application realms: Finance. We provide the state-of-the-art results in the intersection of finance and quan- tum technology for both industrial practitioners and academicians.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Journal Article: Fiat-Shamir Security of FRI and Related SNARKs2023-07-29T03:05:13+00:002023-07-29T03:04:40+00:00https://moneroresearch.info/resource/188Jack<p>Block, A. R., Garreta, A., Katz, J., Thaler, J., Tiwari, P. R., & Zajac, M. (2023). <b>Fiat-shamir security of fri and related snarks</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We establish new results on the Fiat-Shamir (FS) security of several protocols that are widely used in practice, and we provide general tools for establishing similar results for others. More precisely, we: (1) prove the FS security of the FRI and batched FRI protocols; (2) analyze a general class of protocols, which we call 𝛿-correlated, that use low-degree proximity testing as a subroutine (this includes many “Plonk-like” protocols (e.g., Plonky2 and Redshift), ethSTARK, RISC Zero, etc.); and (3) prove FS security of the aforementioned “Plonk-like” protocols, and sketch how to prove the same for the others. We obtain our first result by analyzing the round-by-round (RBR) soundness and RBR knowledge soundness of FRI. For the second result, we prove that if a 𝛿-correlated protocol is RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials, then it is RBR (knowledge) sound in general. Equipped with this tool, we prove our third result by formally showing that “Plonk-like” protocols are RBR (knowledge) sound under the assumption that adversaries always send low-degree polynomials. We then outline analogous arguments for the remainder of the aforementioned protocols. To the best of our knowledge, ours is the first formal analysis of the Fiat-Shamir security of FRI and widely deployed protocols that invoke it.</p>Unpublished Work: High Assurance Specification of the halo2 Protocol2023-07-29T03:03:23+00:002023-07-29T03:01:26+00:00https://moneroresearch.info/resource/187Jack<p>af halo2 Protokollen, H. G. S., & Spitters, B. 2023. <em><b>High assurance specification of the halo2 protocol</b></em>.</p>
<p><strong>Abstract</strong></p>
<p>halo2 is a zk-SNARK building on the original halo. It is novel in that it has several interesting properties; in particular, it is the first system to have recursive proof composition without needing a trusted setup. It has been developed by the Zcash team and the Electric Coin Company for use in the Zcash blockchain, but it is general purpose and can be used in any zero-knowledge application. This paper presents an executable specification of halo2’s proving system, realized using hacspec. hacspec is a specification language for producing executable specifications of cryptographic primitives. As halo2 is one of the more extensive projects to be specified with hacspec , it has also been an exploration of hacspec’s abilities for projects of this size. The tool rustdoc is used to organically present the specification together with its description, as hacpsec is a subset of rust. The labor of this paper also led to contributions to the official halo2 protocol de- scription, a hacspec specification of the Pasta curves, and a hacspec specification of a polynomial ring over the Vesta curve’s base field.</p>Unpublished Work: High Assurance Specification of the halo2 Protocol2023-07-29T03:03:23+00:002023-07-29T03:01:26+00:00https://moneroresearch.info/resource/187Jack<p>af halo2 Protokollen, H. G. S., & Spitters, B. 2023. <em><b>High assurance specification of the halo2 protocol</b></em>.</p>
<p><strong>Abstract</strong></p>
<p>halo2 is a zk-SNARK building on the original halo. It is novel in that it has several interesting properties; in particular, it is the first system to have recursive proof composition without needing a trusted setup. It has been developed by the Zcash team and the Electric Coin Company for use in the Zcash blockchain, but it is general purpose and can be used in any zero-knowledge application. This paper presents an executable specification of halo2’s proving system, realized using hacspec. hacspec is a specification language for producing executable specifications of cryptographic primitives. As halo2 is one of the more extensive projects to be specified with hacspec , it has also been an exploration of hacspec’s abilities for projects of this size. The tool rustdoc is used to organically present the specification together with its description, as hacpsec is a subset of rust. The labor of this paper also led to contributions to the official halo2 protocol de- scription, a hacspec specification of the Pasta curves, and a hacspec specification of a polynomial ring over the Vesta curve’s base field.</p>Journal Article: Post Quantum Fuzzy Stealth Signatures and Applications2023-07-29T02:59:55+00:002023-07-29T02:58:26+00:00https://moneroresearch.info/resource/185Jack<p>Pu, S., Thyagarajan, S. A., D"ottling, N., & Hanzlik, L. (2023). <b>Post quantum fuzzy stealth signatures and applications</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Private payments in blockchain-based cryptocurrencies have been a topic of research, both academic and industrial, ever since the advent of Bitcoin. Stealth address payments were proposed as a solution to improve payment privacy for users and are, in fact, deployed in several major cryptocurrencies today. The mechanism lets users receive payments so that none of these payments are linkable to each other or the recipient. Currently known stealth address mechanisms either (1) are insecure in certain reasonable adversarial models, (2) are inefficient in practice or (3) are incompatible with many existing currencies. In this work, we formalize the underlying cryptographic abstraction of this mechanism, namely, stealth signatures with formal game-based definitions. We show a surprising application of our notions to passwordless authentication defined in the Fast IDentity Online (FIDO) standard. We then present Spirit, the first efficient post-quantum secure stealth signature construction based on the NIST standardized signature and key-encapsulation schemes, Dilithium and Kyber. The basic form of Spirit is only secure in a weak security model, but we provide an efficiency- preserving and generic transform, which boosts the security of Spirit to guarantee the strongest security notion defined in this work. Compared to state-of-the-art, there is an approximately 800x improvement on the signature size while keeping signing and verification as efficient as 0.2 ms. We extend Spirit with a fuzzy tracking functionality where recipients can outsource the tracking of incoming transactions to a tracking server, satisfying an anonymity notion similar to that of fuzzy message detection (FMD) recently introduced in [CCS 2021]. We also extend Spirit with a new fuzzy tracking framework called scalable fuzzy tracking that we introduce in this work. This new framework can be considered as a dual of FMD, in that it reduces the tracking server’s computational workload to sublinear in the number of users, as opposed to linear in FMD. Experimental results show that, for millions of users, the server only needs 3.4 ms to filter each incoming message which is a significant improvement upon the state-of-the-art.</p>Journal Article: Post Quantum Fuzzy Stealth Signatures and Applications2023-07-29T02:59:55+00:002023-07-29T02:58:26+00:00https://moneroresearch.info/resource/185Jack<p>Pu, S., Thyagarajan, S. A., D"ottling, N., & Hanzlik, L. (2023). <b>Post quantum fuzzy stealth signatures and applications</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Private payments in blockchain-based cryptocurrencies have been a topic of research, both academic and industrial, ever since the advent of Bitcoin. Stealth address payments were proposed as a solution to improve payment privacy for users and are, in fact, deployed in several major cryptocurrencies today. The mechanism lets users receive payments so that none of these payments are linkable to each other or the recipient. Currently known stealth address mechanisms either (1) are insecure in certain reasonable adversarial models, (2) are inefficient in practice or (3) are incompatible with many existing currencies. In this work, we formalize the underlying cryptographic abstraction of this mechanism, namely, stealth signatures with formal game-based definitions. We show a surprising application of our notions to passwordless authentication defined in the Fast IDentity Online (FIDO) standard. We then present Spirit, the first efficient post-quantum secure stealth signature construction based on the NIST standardized signature and key-encapsulation schemes, Dilithium and Kyber. The basic form of Spirit is only secure in a weak security model, but we provide an efficiency- preserving and generic transform, which boosts the security of Spirit to guarantee the strongest security notion defined in this work. Compared to state-of-the-art, there is an approximately 800x improvement on the signature size while keeping signing and verification as efficient as 0.2 ms. We extend Spirit with a fuzzy tracking functionality where recipients can outsource the tracking of incoming transactions to a tracking server, satisfying an anonymity notion similar to that of fuzzy message detection (FMD) recently introduced in [CCS 2021]. We also extend Spirit with a new fuzzy tracking framework called scalable fuzzy tracking that we introduce in this work. This new framework can be considered as a dual of FMD, in that it reduces the tracking server’s computational workload to sublinear in the number of users, as opposed to linear in FMD. Experimental results show that, for millions of users, the server only needs 3.4 ms to filter each incoming message which is a significant improvement upon the state-of-the-art.</p>Journal Article: Post Quantum Fuzzy Stealth Signatures and Applications2023-07-29T02:59:55+00:002023-07-29T02:58:26+00:00https://moneroresearch.info/resource/185Jack<p>Pu, S., Thyagarajan, S. A., D"ottling, N., & Hanzlik, L. (2023). <b>Post quantum fuzzy stealth signatures and applications</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Private payments in blockchain-based cryptocurrencies have been a topic of research, both academic and industrial, ever since the advent of Bitcoin. Stealth address payments were proposed as a solution to improve payment privacy for users and are, in fact, deployed in several major cryptocurrencies today. The mechanism lets users receive payments so that none of these payments are linkable to each other or the recipient. Currently known stealth address mechanisms either (1) are insecure in certain reasonable adversarial models, (2) are inefficient in practice or (3) are incompatible with many existing currencies. In this work, we formalize the underlying cryptographic abstraction of this mechanism, namely, stealth signatures with formal game-based definitions. We show a surprising application of our notions to passwordless authentication defined in the Fast IDentity Online (FIDO) standard. We then present Spirit, the first efficient post-quantum secure stealth signature construction based on the NIST standardized signature and key-encapsulation schemes, Dilithium and Kyber. The basic form of Spirit is only secure in a weak security model, but we provide an efficiency- preserving and generic transform, which boosts the security of Spirit to guarantee the strongest security notion defined in this work. Compared to state-of-the-art, there is an approximately 800x improvement on the signature size while keeping signing and verification as efficient as 0.2 ms. We extend Spirit with a fuzzy tracking functionality where recipients can outsource the tracking of incoming transactions to a tracking server, satisfying an anonymity notion similar to that of fuzzy message detection (FMD) recently introduced in [CCS 2021]. We also extend Spirit with a new fuzzy tracking framework called scalable fuzzy tracking that we introduce in this work. This new framework can be considered as a dual of FMD, in that it reduces the tracking server’s computational workload to sublinear in the number of users, as opposed to linear in FMD. Experimental results show that, for millions of users, the server only needs 3.4 ms to filter each incoming message which is a significant improvement upon the state-of-the-art.</p>Journal Article: Post Quantum Fuzzy Stealth Signatures and Applications2023-07-29T02:59:55+00:002023-07-29T02:58:26+00:00https://moneroresearch.info/resource/185Jack<p>Pu, S., Thyagarajan, S. A., D"ottling, N., & Hanzlik, L. (2023). <b>Post quantum fuzzy stealth signatures and applications</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Private payments in blockchain-based cryptocurrencies have been a topic of research, both academic and industrial, ever since the advent of Bitcoin. Stealth address payments were proposed as a solution to improve payment privacy for users and are, in fact, deployed in several major cryptocurrencies today. The mechanism lets users receive payments so that none of these payments are linkable to each other or the recipient. Currently known stealth address mechanisms either (1) are insecure in certain reasonable adversarial models, (2) are inefficient in practice or (3) are incompatible with many existing currencies. In this work, we formalize the underlying cryptographic abstraction of this mechanism, namely, stealth signatures with formal game-based definitions. We show a surprising application of our notions to passwordless authentication defined in the Fast IDentity Online (FIDO) standard. We then present Spirit, the first efficient post-quantum secure stealth signature construction based on the NIST standardized signature and key-encapsulation schemes, Dilithium and Kyber. The basic form of Spirit is only secure in a weak security model, but we provide an efficiency- preserving and generic transform, which boosts the security of Spirit to guarantee the strongest security notion defined in this work. Compared to state-of-the-art, there is an approximately 800x improvement on the signature size while keeping signing and verification as efficient as 0.2 ms. We extend Spirit with a fuzzy tracking functionality where recipients can outsource the tracking of incoming transactions to a tracking server, satisfying an anonymity notion similar to that of fuzzy message detection (FMD) recently introduced in [CCS 2021]. We also extend Spirit with a new fuzzy tracking framework called scalable fuzzy tracking that we introduce in this work. This new framework can be considered as a dual of FMD, in that it reduces the tracking server’s computational workload to sublinear in the number of users, as opposed to linear in FMD. Experimental results show that, for millions of users, the server only needs 3.4 ms to filter each incoming message which is a significant improvement upon the state-of-the-art.</p>Journal Article: Stealth Address Schemes With Fast Retrievability Based On Subgroup Membership Assumptions Related To Factoring2023-06-07T12:27:56+00:002023-06-07T12:27:09+00:00https://moneroresearch.info/resource/184Jack<p>Wang, X., Lin, L., & Wang, Y. (2023). <b>Stealth address schemes with fast retrievability based on subgroup membership assumptions related to factoring</b>. <em>The Computer Journal</em>, bxad056.</p>
<p><strong>Abstract</strong></p>
<p>Stealth address is a known technique to ensure the privacy (anonymity) of a recipient participating in a certain transaction in a distributed blockchain scenario. However, most existing stealth address schemes require linear judge time and search time O (n), where n is the number of transactions of a certain block, so the only way to claim transactions for a recipient is to traverse the transaction list to find out whether an ever-arrived transaction belongs to him. To overcome this drawback, we proposed the notion of Fast Stealth Address (FSA), a novel approach that simultaneously preserves privacy and improves search efficiency of recipients. We give a generic construction of FSA scheme under subgroup membership assumption related to factoring and instantiate concrete schemes based on specific number-theoretic assumptions. Our framework mainly improves on two aspects: (i) allowing constant recognize time O (1) to judge whether a certain block contains recipient’s transactions and (ii) allowing logarithmic search time O (log n) to find out the precise transactions intended for a recipient. We formalize the security model of an FSA scheme and provide provable security analysis to ensure the security of our constructions. Besides, we implement our schemes to measure their real-world performance on several metrics and give comparison results to stealth address scheme utilized by Monero.</p>Journal Article: Stealth Address Schemes With Fast Retrievability Based On Subgroup Membership Assumptions Related To Factoring2023-06-07T12:27:56+00:002023-06-07T12:27:09+00:00https://moneroresearch.info/resource/184Jack<p>Wang, X., Lin, L., & Wang, Y. (2023). <b>Stealth address schemes with fast retrievability based on subgroup membership assumptions related to factoring</b>. <em>The Computer Journal</em>, bxad056.</p>
<p><strong>Abstract</strong></p>
<p>Stealth address is a known technique to ensure the privacy (anonymity) of a recipient participating in a certain transaction in a distributed blockchain scenario. However, most existing stealth address schemes require linear judge time and search time O (n), where n is the number of transactions of a certain block, so the only way to claim transactions for a recipient is to traverse the transaction list to find out whether an ever-arrived transaction belongs to him. To overcome this drawback, we proposed the notion of Fast Stealth Address (FSA), a novel approach that simultaneously preserves privacy and improves search efficiency of recipients. We give a generic construction of FSA scheme under subgroup membership assumption related to factoring and instantiate concrete schemes based on specific number-theoretic assumptions. Our framework mainly improves on two aspects: (i) allowing constant recognize time O (1) to judge whether a certain block contains recipient’s transactions and (ii) allowing logarithmic search time O (log n) to find out the precise transactions intended for a recipient. We formalize the security model of an FSA scheme and provide provable security analysis to ensure the security of our constructions. Besides, we implement our schemes to measure their real-world performance on several metrics and give comparison results to stealth address scheme utilized by Monero.</p>Journal Article: Stealth Address Schemes With Fast Retrievability Based On Subgroup Membership Assumptions Related To Factoring2023-06-07T12:27:56+00:002023-06-07T12:27:09+00:00https://moneroresearch.info/resource/184Jack<p>Wang, X., Lin, L., & Wang, Y. (2023). <b>Stealth address schemes with fast retrievability based on subgroup membership assumptions related to factoring</b>. <em>The Computer Journal</em>, bxad056.</p>
<p><strong>Abstract</strong></p>
<p>Stealth address is a known technique to ensure the privacy (anonymity) of a recipient participating in a certain transaction in a distributed blockchain scenario. However, most existing stealth address schemes require linear judge time and search time O (n), where n is the number of transactions of a certain block, so the only way to claim transactions for a recipient is to traverse the transaction list to find out whether an ever-arrived transaction belongs to him. To overcome this drawback, we proposed the notion of Fast Stealth Address (FSA), a novel approach that simultaneously preserves privacy and improves search efficiency of recipients. We give a generic construction of FSA scheme under subgroup membership assumption related to factoring and instantiate concrete schemes based on specific number-theoretic assumptions. Our framework mainly improves on two aspects: (i) allowing constant recognize time O (1) to judge whether a certain block contains recipient’s transactions and (ii) allowing logarithmic search time O (log n) to find out the precise transactions intended for a recipient. We formalize the security model of an FSA scheme and provide provable security analysis to ensure the security of our constructions. Besides, we implement our schemes to measure their real-world performance on several metrics and give comparison results to stealth address scheme utilized by Monero.</p>Journal Article: On sustainable ring-based anonymous systems2023-06-06T21:13:35+00:002023-06-06T21:05:59+00:00https://moneroresearch.info/resource/183Jack<p>Chow, S. S., Egger, C., Lai, R. W. F., Ronge, V., & Woo, I. K. Y. (2023). <b>On sustainable ring-based anonymous systems</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Anonymous systems (e.g. anonymous cryptocurrencies and updatable anonymous credentials) often follow a construction template where an account can only perform a single anonymous action, which in turn potentially spawns new (and still single-use) accounts (e.g. UTXO with a balance to spend or session with a score to claim). Due to the anonymous nature of the action, no party can be sure which account has taken part in an action and, therefore, must maintain an ever-growing list of potentially unused accounts to ensure that the system keeps running correctly. Consequently, anonymous systems constructed based on this common template are seemingly not sustainable. In this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a “ring”. On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anony- mous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks. On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system</p>Journal Article: On sustainable ring-based anonymous systems2023-06-06T21:13:35+00:002023-06-06T21:05:59+00:00https://moneroresearch.info/resource/183Jack<p>Chow, S. S., Egger, C., Lai, R. W. F., Ronge, V., & Woo, I. K. Y. (2023). <b>On sustainable ring-based anonymous systems</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Anonymous systems (e.g. anonymous cryptocurrencies and updatable anonymous credentials) often follow a construction template where an account can only perform a single anonymous action, which in turn potentially spawns new (and still single-use) accounts (e.g. UTXO with a balance to spend or session with a score to claim). Due to the anonymous nature of the action, no party can be sure which account has taken part in an action and, therefore, must maintain an ever-growing list of potentially unused accounts to ensure that the system keeps running correctly. Consequently, anonymous systems constructed based on this common template are seemingly not sustainable. In this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a “ring”. On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anony- mous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks. On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system</p>Journal Article: On sustainable ring-based anonymous systems2023-06-06T21:13:35+00:002023-06-06T21:05:59+00:00https://moneroresearch.info/resource/183Jack<p>Chow, S. S., Egger, C., Lai, R. W. F., Ronge, V., & Woo, I. K. Y. (2023). <b>On sustainable ring-based anonymous systems</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Anonymous systems (e.g. anonymous cryptocurrencies and updatable anonymous credentials) often follow a construction template where an account can only perform a single anonymous action, which in turn potentially spawns new (and still single-use) accounts (e.g. UTXO with a balance to spend or session with a score to claim). Due to the anonymous nature of the action, no party can be sure which account has taken part in an action and, therefore, must maintain an ever-growing list of potentially unused accounts to ensure that the system keeps running correctly. Consequently, anonymous systems constructed based on this common template are seemingly not sustainable. In this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a “ring”. On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anony- mous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks. On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system</p>Journal Article: On sustainable ring-based anonymous systems2023-06-06T21:13:35+00:002023-06-06T21:05:59+00:00https://moneroresearch.info/resource/183Jack<p>Chow, S. S., Egger, C., Lai, R. W. F., Ronge, V., & Woo, I. K. Y. (2023). <b>On sustainable ring-based anonymous systems</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Anonymous systems (e.g. anonymous cryptocurrencies and updatable anonymous credentials) often follow a construction template where an account can only perform a single anonymous action, which in turn potentially spawns new (and still single-use) accounts (e.g. UTXO with a balance to spend or session with a score to claim). Due to the anonymous nature of the action, no party can be sure which account has taken part in an action and, therefore, must maintain an ever-growing list of potentially unused accounts to ensure that the system keeps running correctly. Consequently, anonymous systems constructed based on this common template are seemingly not sustainable. In this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a “ring”. On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anony- mous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks. On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system</p>Journal Article: On sustainable ring-based anonymous systems2023-06-06T21:13:35+00:002023-06-06T21:05:59+00:00https://moneroresearch.info/resource/183Jack<p>Chow, S. S., Egger, C., Lai, R. W. F., Ronge, V., & Woo, I. K. Y. (2023). <b>On sustainable ring-based anonymous systems</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>Anonymous systems (e.g. anonymous cryptocurrencies and updatable anonymous credentials) often follow a construction template where an account can only perform a single anonymous action, which in turn potentially spawns new (and still single-use) accounts (e.g. UTXO with a balance to spend or session with a score to claim). Due to the anonymous nature of the action, no party can be sure which account has taken part in an action and, therefore, must maintain an ever-growing list of potentially unused accounts to ensure that the system keeps running correctly. Consequently, anonymous systems constructed based on this common template are seemingly not sustainable. In this work, we study the sustainability of ring-based anonymous systems, where a user performing an anonymous action is hidden within a set of decoy users, traditionally called a “ring”. On the positive side, we propose a general technique for ring-based anonymous systems to achieve sustainability. Along the way, we define a general model of decentralised anonymous systems (DAS) for arbitrary anonymous actions, and provide a generic construction which provably achieves sustainability. As a special case, we obtain the first construction of anony- mous cryptocurrencies achieving sustainability without compromising availability. We also demonstrate the generality of our model by constructing sustainable decentralised anonymous social networks. On the negative side, we show empirically that Monero, one of the most popular anonymous cryptocurrencies, is unlikely to be sustainable without altering its current ring sampling strategy. The main subroutine is a sub-quadratic-time algorithm for detecting used accounts in a ring-based anonymous system</p>Journal Article: Blockchain stealth address schemes2023-06-06T21:04:07+00:002023-06-06T21:03:18+00:00https://moneroresearch.info/resource/182Jack<p>Yu, G. (2020). <b>Blockchain stealth address schemes</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>In a blockchain system, address is an essential primitive which is used in transaction. The Stealth Address, which has an underlying address info of two public keys (𝐴, 𝐵), was developed by Monero blockchain in 2013, in which a one-time public key is used as the transaction destination, to protect the recipient privacy. At almost same time, hierarchical deterministic wallets scheme was proposed as bip-32 for Bitcoin, which makes it possible to share an extended public key (𝐾, 𝑐) between sender and receiver, where 𝐾 is a public key and 𝑐 is a 256-bits chain code, and only receiver knows the corresponding private key of this 𝐾. With the bip-32 scheme, the sender may derive the child public key 𝐾! with the child number 𝑖 by him/herself, without needing to request a new address for each payment from the receiver, make each transaction have a different destination key for privacy. This paper introduces an improved stealth address scheme (and some enhanced variants) which has an underlying address data of (𝐴 ! , 𝐵! , 𝑖), where 𝑖 is a child number and 𝑖 ∈ [0, 2"# − 1]. The sender gets the receiver’s address info (𝐴 ! , 𝐵! , 𝑖), generates a random secret number 𝑟 ∈ [0, 2$% − 1] and calculate a Pedersen commitment 𝐶 = 𝐴 ! 𝐵! ℎ & ! .( where 𝑅 ) = 𝐵! * , then the sender may use this commitment 𝐶 or 𝐻𝑎𝑠ℎ(𝐶) as the destination key for the output and packs the (𝑅, 𝑖) somewhere into the transaction. This improved stealth address scheme makes it possible to manage multiple stealth addresses in one wallet, therefore the user is able to share different addresses for different senders.</p>Proceedings Article: Faster dual-key stealth address for blockchain-based internet of things systems2023-06-06T21:02:04+00:002023-06-06T21:00:01+00:00https://moneroresearch.info/resource/181Jack<p>Fan, X. 2018, <em><b>Faster dual-key stealth address for blockchain-based internet of things systems</b></em>. Paper presented at Blockchain--ICBC 2018: First International Conference, Held as Part of the Services Conference Federation, SCF 2018, Seattle, WA, USA, June 25-30, 2018, Proceedings 1.</p>
<p><strong>Abstract</strong></p>
<p>Stealth address prevents public association of a blockchain transaction’s output with a recipient’s wallet address and hides the ac- tual destination address of a transaction. While stealth address provides an effective privacy-enhancing technology for a cryptocurrency network, it requires blockchain nodes to actively monitor all the transactions and compute the purported destination addresses, which restricts its applica- tion for resource-constrained environments like Internet of Things (IoT). In this paper, we propose DKSAP-IoT, a faster dual-key stealth address protocol for blockchain-based IoT systems. DKSAP-IoT utilizes a tech- nique similar to the TLS session resumption to improve the performance and reduce the transaction size at the same time between two commu- nication peers. Our theoretical analysis as well as the extensive experi- ments on an embedded computing platform demonstrate that DKSAP- IoT is able to reduce the computational overhead by at least 50% when compared to the state-of-the-art scheme, thereby paving the way for its application to blockchain-based IoT systems.</p>Journal Article: Bulletproofs+2023-03-29T18:12:58+00:002023-03-29T17:32:21+00:00https://moneroresearch.info/resource/180Jack<p>Chung, H., Han, K., Ju, C., Kim, M., & Seo, J. H. (2022). <b>Bulletproofs+: </b><b>Shorter proofs for a privacy-enhanced distributed ledger</b>. <em>IEEE Access</em>, <em>10</em>, 42067–42082.</p>
<p><strong>Abstract</strong></p>
<p>This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7% the size of the previous shortest proof due to Bünz et al. (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero- knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs+, an improved variety of Bulletproofs. The main component is the zero-knowledge weighted inner product argument (zk-WIP) which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero- knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs+ is superior to Bulletproofs in all aspects.</p>Journal Article: Bulletproofs+2023-03-29T18:12:58+00:002023-03-29T17:32:21+00:00https://moneroresearch.info/resource/180Jack<p>Chung, H., Han, K., Ju, C., Kim, M., & Seo, J. H. (2022). <b>Bulletproofs+: </b><b>Shorter proofs for a privacy-enhanced distributed ledger</b>. <em>IEEE Access</em>, <em>10</em>, 42067–42082.</p>
<p><strong>Abstract</strong></p>
<p>This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7% the size of the previous shortest proof due to Bünz et al. (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero- knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs+, an improved variety of Bulletproofs. The main component is the zero-knowledge weighted inner product argument (zk-WIP) which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero- knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs+ is superior to Bulletproofs in all aspects.</p>Journal Article: Bulletproofs+2023-03-29T18:12:58+00:002023-03-29T17:32:21+00:00https://moneroresearch.info/resource/180Jack<p>Chung, H., Han, K., Ju, C., Kim, M., & Seo, J. H. (2022). <b>Bulletproofs+: </b><b>Shorter proofs for a privacy-enhanced distributed ledger</b>. <em>IEEE Access</em>, <em>10</em>, 42067–42082.</p>
<p><strong>Abstract</strong></p>
<p>This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7% the size of the previous shortest proof due to Bünz et al. (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero- knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs+, an improved variety of Bulletproofs. The main component is the zero-knowledge weighted inner product argument (zk-WIP) which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero- knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs+ is superior to Bulletproofs in all aspects.</p>Journal Article: Bulletproofs+2023-03-29T18:12:58+00:002023-03-29T17:32:21+00:00https://moneroresearch.info/resource/180Jack<p>Chung, H., Han, K., Ju, C., Kim, M., & Seo, J. H. (2022). <b>Bulletproofs+: </b><b>Shorter proofs for a privacy-enhanced distributed ledger</b>. <em>IEEE Access</em>, <em>10</em>, 42067–42082.</p>
<p><strong>Abstract</strong></p>
<p>This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7% the size of the previous shortest proof due to Bünz et al. (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero- knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs+, an improved variety of Bulletproofs. The main component is the zero-knowledge weighted inner product argument (zk-WIP) which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero- knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs+ is superior to Bulletproofs in all aspects.</p>Journal Article: Bulletproofs+2023-03-29T18:12:58+00:002023-03-29T17:32:21+00:00https://moneroresearch.info/resource/180Jack<p>Chung, H., Han, K., Ju, C., Kim, M., & Seo, J. H. (2022). <b>Bulletproofs+: </b><b>Shorter proofs for a privacy-enhanced distributed ledger</b>. <em>IEEE Access</em>, <em>10</em>, 42067–42082.</p>
<p><strong>Abstract</strong></p>
<p>This paper presents a new short zero-knowledge argument for the range proof and arithmetic circuits without a trusted setup. In particular, it can achieve the shortest proof size of the proof system categories without a trusted setup. More specifically, when proving that a committed value is a positive integer less than 64 bits, except for negligible error in the 128-bit security parameter, the proof size is 576 bytes long, which is 85.7% the size of the previous shortest proof due to Bünz et al. (Bulletproofs, IEEE Security and Privacy 2018). Similarly, circuit satisfiability can be proven with less communication overhead. Nevertheless, computational overheads in both proof generation and verification are comparable with those of Bulletproofs. Bulletproofs is established as one of the important privacy-enhancing technologies for a distributed ledger due to its trustless feature and short proof size. In particular, it has been implemented and optimized in various programming languages for practical usage by independent entities since it was proposed. The essence of Bulletproofs is based on the logarithmic inner product argument with no zero- knowledge. This paper revisits Bulletproofs from the viewpoint of the first sublinear zero-knowledge argument for linear algebra due to Groth (CRYPTO 2009) and then propose Bulletproofs+, an improved variety of Bulletproofs. The main component is the zero-knowledge weighted inner product argument (zk-WIP) which enables to reduce both the range proof and the arithmetic circuit proof. It already has zero- knowledge properties, there is no additional information when reducing zk-WIP, and it incurs a minimal transmission cost during the reduction process. Note that zk-WIP has all characteristics of the inner product argument, such as an aggregating range proof and batch verification; thus, Bulletproofs+ is superior to Bulletproofs in all aspects.</p>Proceedings Article: Range Proofs with Constant Size and Trustless Setup2023-03-29T18:12:18+00:002023-03-28T21:38:55+00:00https://moneroresearch.info/resource/178Jack<p>Scala, E., & Mostarda, L. 2023, <em><b>Range proofs with constant size and trustless setup</b></em>. Paper presented at Advanced Information Networking and Applications: Proceedings of the 37th International Conference on Advanced Information Networking and Applications (AINA-2023), Volume 3.</p>
<p><strong>Abstract</strong></p>
<p>Range proofs are widely adopted in practice in many privacy-preserving cryptographic protocols in the public blockchain. The performances known in the literature for range proofs are logarithmic-sized proofs and linear verification time. In contexts where the proof verification is left to the ledger maintainers and proofs are stored in blocks, one might expect higher transaction fees and blockchain space when the size of the relation over the proof grows. With this paper, we improve Bulletproofs, a zero-knowledge argument of knowledge for range proofs, by modifying its Inner Product Argument (IPA) subroutine. In particular, we adopt a new relation from the polynomial commitment scheme of Halo, based on standard groups and assumptions (DLOG and RO) with a trustless setup. We design a two-step reduction algorithm and we obtain a constant number of two rounds in the IPA and a constant-sized proof composed of 5 G1 points and 2 Zp scalars.</p>Proceedings Article: Range Proofs with Constant Size and Trustless Setup2023-03-29T18:12:18+00:002023-03-28T21:38:55+00:00https://moneroresearch.info/resource/178Jack<p>Scala, E., & Mostarda, L. 2023, <em><b>Range proofs with constant size and trustless setup</b></em>. Paper presented at Advanced Information Networking and Applications: Proceedings of the 37th International Conference on Advanced Information Networking and Applications (AINA-2023), Volume 3.</p>
<p><strong>Abstract</strong></p>
<p>Range proofs are widely adopted in practice in many privacy-preserving cryptographic protocols in the public blockchain. The performances known in the literature for range proofs are logarithmic-sized proofs and linear verification time. In contexts where the proof verification is left to the ledger maintainers and proofs are stored in blocks, one might expect higher transaction fees and blockchain space when the size of the relation over the proof grows. With this paper, we improve Bulletproofs, a zero-knowledge argument of knowledge for range proofs, by modifying its Inner Product Argument (IPA) subroutine. In particular, we adopt a new relation from the polynomial commitment scheme of Halo, based on standard groups and assumptions (DLOG and RO) with a trustless setup. We design a two-step reduction algorithm and we obtain a constant number of two rounds in the IPA and a constant-sized proof composed of 5 G1 points and 2 Zp scalars.</p>Journal Article: Cuproof2023-03-28T21:58:35+00:002023-03-28T21:45:14+00:00https://moneroresearch.info/resource/179Jack<p>Deng, C., You, L., Tang, X., Hu, G., & Gao, S. (2022). <b>Cuproof: </b><b>Range proof with constant size</b>. <em>Entropy</em>, <em>24</em>(3), 334.</p>
<p><strong>Abstract</strong></p>
<p>Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0,2κ−1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a,b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6+2logκ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
<p> </p></p>Journal Article: Cuproof2023-03-28T21:58:35+00:002023-03-28T21:45:14+00:00https://moneroresearch.info/resource/179Jack<p>Deng, C., You, L., Tang, X., Hu, G., & Gao, S. (2022). <b>Cuproof: </b><b>Range proof with constant size</b>. <em>Entropy</em>, <em>24</em>(3), 334.</p>
<p><strong>Abstract</strong></p>
<p>Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0,2κ−1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a,b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6+2logκ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
<p> </p></p>Journal Article: Cuproof2023-03-28T21:58:35+00:002023-03-28T21:45:14+00:00https://moneroresearch.info/resource/179Jack<p>Deng, C., You, L., Tang, X., Hu, G., & Gao, S. (2022). <b>Cuproof: </b><b>Range proof with constant size</b>. <em>Entropy</em>, <em>24</em>(3), 334.</p>
<p><strong>Abstract</strong></p>
<p>Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0,2κ−1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a,b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6+2logκ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
<p> </p></p>Journal Article: Cuproof2023-03-28T21:58:35+00:002023-03-28T21:45:14+00:00https://moneroresearch.info/resource/179Jack<p>Deng, C., You, L., Tang, X., Hu, G., & Gao, S. (2022). <b>Cuproof: </b><b>Range proof with constant size</b>. <em>Entropy</em>, <em>24</em>(3), 334.</p>
<p><strong>Abstract</strong></p>
<p>Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0,2κ−1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a,b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6+2logκ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
<p> </p></p>Journal Article: Cuproof2023-03-28T21:58:35+00:002023-03-28T21:45:14+00:00https://moneroresearch.info/resource/179Jack<p>Deng, C., You, L., Tang, X., Hu, G., & Gao, S. (2022). <b>Cuproof: </b><b>Range proof with constant size</b>. <em>Entropy</em>, <em>24</em>(3), 334.</p>
<p><strong>Abstract</strong></p>
<p>Zero-Knowledge Proof is widely used in blockchains. For example, zk-SNARK is used in Zcash as its core technology to identifying transactions without the exposure of the actual transaction values. Up to now, various range proofs have been proposed, and their efficiency and range-flexibility have also been improved. Bootle et al. used the inner product method and recursion to construct an efficient Zero-Knowledge Proof in 2016. Later, Benediky Bünz et al. proposed an efficient range proof scheme called Bulletproofs, which can convince the verifier that a secret number lies in [0,2κ−1] with κ being a positive integer. By combining the inner-product and Lagrange’s four-square theorem, we propose a range proof scheme called Cuproof. Our Cuproof can make a range proof to show that a secret number v lies in an interval [a,b] with no exposure of the real value v or other extra information leakage about v. It is a good and practical method to protect privacy and information security. In Bulletproofs, the communication cost is 6+2logκ, while in our Cuproof, all the communication cost, the proving time and the verification time are of constant sizes.
<p> </p></p>Unpublished Work: UNDERSTANDING GE FROMFE FROMBYTES VARTIME2023-03-28T21:26:31+00:002023-03-28T21:24:25+00:00https://moneroresearch.info/resource/177Jack<p>Noether, S. <em><b>Understanding ge fromfe frombytes vartime</b></em>.</p>
<p><strong>Abstract</strong></p>
<p>In this short note, I discuss the function ge-fromfe-frombytes-vartime which Monero uses for it's Key-images. Note that this code is inherited from the the original CryptoNote developers, who although seemingly competent at cryptography, have a deciency when it comes to ex- plaining or commenting their work. Note that I have already replaced the majority of Monero's cryptographic library last summer with Bern- stein's "ref10" implementation of ed25519</p>Proceedings Article: MatRiCT+2023-03-28T20:46:55+00:002023-03-28T20:45:00+00:00https://moneroresearch.info/resource/176Jack<p>Esgin, M. F., Steinfeld, R., & Zhao, R. K. 2022, <em><b>Matrict+: </b><b>More efficient post-quantum private blockchain payments</b></em>. Paper presented at 2022 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>We introduce MatRiCT+, a practical private blockchain payment protocol based on “post-quantum” lattice assumptions. MatRiCT+ builds on MatRiCT due to Esgin et al. (ACM CCS’19) and, in general, follows the Ring Confidential Transactions (RingCT) approach used in Monero, the largest privacy-preserving cryptocurrency. In terms of the practical aspects, MatRiCT+ has 2–18× shorter proofs (depending on the number of input accounts, M ) and runs 3–11× faster (for a typical transaction) in comparison to MatRiCT. A significant advantage of MatRiCT+ is that the proof length’s dependence on M is very minimal (only O(log M )), while MatRiCT has a proof length linear in M . To support its efficiency, we devise several novel techniques in our design of MatRiCT+ to achieve compact lattice-based zero- knowledge proof systems, exploiting the algebraic properties of power-of-2 cyclotomic rings commonly used in practical lattice- based cryptography. Along the way, we design a family of “optimal” challenge spaces, using a technique we call partition- and-sample, with minimal `1-norm and invertible challenge differ- ences (with overwhelming probability), while supporting highly- splitting power-of-2 cyclotomic rings. We believe all these results to be widely applicable and of independent interest.</p>Proceedings Article: MatRiCT+2023-03-28T20:46:55+00:002023-03-28T20:45:00+00:00https://moneroresearch.info/resource/176Jack<p>Esgin, M. F., Steinfeld, R., & Zhao, R. K. 2022, <em><b>Matrict+: </b><b>More efficient post-quantum private blockchain payments</b></em>. Paper presented at 2022 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>We introduce MatRiCT+, a practical private blockchain payment protocol based on “post-quantum” lattice assumptions. MatRiCT+ builds on MatRiCT due to Esgin et al. (ACM CCS’19) and, in general, follows the Ring Confidential Transactions (RingCT) approach used in Monero, the largest privacy-preserving cryptocurrency. In terms of the practical aspects, MatRiCT+ has 2–18× shorter proofs (depending on the number of input accounts, M ) and runs 3–11× faster (for a typical transaction) in comparison to MatRiCT. A significant advantage of MatRiCT+ is that the proof length’s dependence on M is very minimal (only O(log M )), while MatRiCT has a proof length linear in M . To support its efficiency, we devise several novel techniques in our design of MatRiCT+ to achieve compact lattice-based zero- knowledge proof systems, exploiting the algebraic properties of power-of-2 cyclotomic rings commonly used in practical lattice- based cryptography. Along the way, we design a family of “optimal” challenge spaces, using a technique we call partition- and-sample, with minimal `1-norm and invertible challenge differ- ences (with overwhelming probability), while supporting highly- splitting power-of-2 cyclotomic rings. We believe all these results to be widely applicable and of independent interest.</p>Proceedings Article: MatRiCT+2023-03-28T20:46:55+00:002023-03-28T20:45:00+00:00https://moneroresearch.info/resource/176Jack<p>Esgin, M. F., Steinfeld, R., & Zhao, R. K. 2022, <em><b>Matrict+: </b><b>More efficient post-quantum private blockchain payments</b></em>. Paper presented at 2022 IEEE Symposium on Security and Privacy (SP).</p>
<p><strong>Abstract</strong></p>
<p>We introduce MatRiCT+, a practical private blockchain payment protocol based on “post-quantum” lattice assumptions. MatRiCT+ builds on MatRiCT due to Esgin et al. (ACM CCS’19) and, in general, follows the Ring Confidential Transactions (RingCT) approach used in Monero, the largest privacy-preserving cryptocurrency. In terms of the practical aspects, MatRiCT+ has 2–18× shorter proofs (depending on the number of input accounts, M ) and runs 3–11× faster (for a typical transaction) in comparison to MatRiCT. A significant advantage of MatRiCT+ is that the proof length’s dependence on M is very minimal (only O(log M )), while MatRiCT has a proof length linear in M . To support its efficiency, we devise several novel techniques in our design of MatRiCT+ to achieve compact lattice-based zero- knowledge proof systems, exploiting the algebraic properties of power-of-2 cyclotomic rings commonly used in practical lattice- based cryptography. Along the way, we design a family of “optimal” challenge spaces, using a technique we call partition- and-sample, with minimal `1-norm and invertible challenge differ- ences (with overwhelming probability), while supporting highly- splitting power-of-2 cyclotomic rings. We believe all these results to be widely applicable and of independent interest.</p>Unpublished Work: <span dir="ltr" style="left: 13.06%; top: 16.4%; font-size: calc(var(--scale-factor)*17.22px); font-family: sans-serif; transform: scaleX(0.829509);" role="presentation">Seraphis: A Privacy-Preserving Transaction Protocol Abstraction </span><span dir="ltr" style="left: 46.32%; top: 19.45%; font-size: calc(var(--scale-factor)*17.22px); font-family: sans-serif; transform: scaleX(0.981675);" role="presentation">(WIP)</span>2023-03-08T22:33:46+00:002023-03-08T22:32:24+00:00https://moneroresearch.info/resource/175Jack<p>koe. <em><b><span dir="ltr" style="left: 13.06%; top: 16.4%; font-size: calc(var(--scale-factor)*17.22px); font-family: sans-serif; transform: scalex(0.829509);" role="presentation">seraphis: a privacy-preserving transaction protocol abstraction </span><span dir="ltr" style="left: 46.32%; top: 19.45%; font-size: calc(var(--scale-factor)*17.22px); font-family: sans-serif; transform: scalex(0.981675);" role="presentation">(wip)</span></b></em>.</p>
<p><strong>Abstract</strong></p>
<p>Seraphis is a privacy-focused transaction protocol abstraction for p2p electronic cash sys- tems that use the transaction output model (the e-note model in this paper). Seraphis e-notes are amount-transfer devices in the RingCT tradition, which record an ‘amount’ as a Pedersen commitment and an ‘address with transfer-authority’ as a specially-designed prime-order group point (similar to CryptoNote one-time addresses). Unlike previous protocols compatible with CT (Confidential Transactions), where e-note membership, ownership, and unspentness proofs were highly integrated into one large proving structure (such as MLSAG or CLSAG in the case of standard RingCT), Seraphis separates membership proofs from ownership and unspentness proofs. This allows the security model for membership proofs to be abstracted away from any specific proving system, which enables relatively simpler proving structures to be used and greatly simplifies the overall security model of Seraphis compared to its predecessors. Doing so also allows a linking tag (a.k.a. key image) construction with a number of favorable properties. Most notably, implementers of Seraphis can use an addressing scheme which permits wallets with three tiers of permissions (view received amounts, full balance recovery, full balance recov- ery with spend authority). The second permission tier is unique to Seraphis among protocols in the CryptoNote tradition.</p>Miscellaneous: A Holistic Security Analysis of Monero Transactions2023-03-08T18:11:00+00:002023-03-06T22:23:19+00:00https://moneroresearch.info/resource/171Jack<p>Cremers, C., Loss, J., & Wagner, B. 2023. <em><b>A holistic security analysis of monero transactions</b></em>. [Cryptology ePrint Archive, Paper 2023/321].</p>
<p><strong>Abstract</strong></p>
<p>Monero is a popular cryptocurrency with strong privacy guarantees for users’ transactions. At the heart of Monero’s privacy claims lies a complex transaction system called RingCT, which combines several building blocks such as linkable ring signatures, homomorphic commitments, and range proofs, in a unique fashion. In this work, we provide the first rigorous security analysis for RingCT (as given in Zero to Monero, v2.0.0, 2020) in its entirety. This is in contrast to prior works that provided security arguments for only parts of RingCT. To this end, we provide the first holistic security model for Monero’s RingCT. In our model, we then prove the security of RingCT. Our framework is modular in that it allows to view RingCT as a combination of various different sub-protocols. This has the benefit that these components can be easily updated in future versions of RingCT with only minor modifications to our analysis. At a technical level, we introduce several new techniques that we believe to be of independent interest. First, we need to make several subtle modifications to the syntax and security properties of existing building blocks (e.g., linkable ring signatures), which result from the unusual way in which they are combined within RingCT. Then, we show how these building blocks can be combined in order to argue security of the top level transaction scheme. As a technical highlight of our proof, we show that our security goals can be mapped to a suitable graph problem. This allows us to take advantage of ideas from the theory of network flows in our analysis.</p>Miscellaneous: A Holistic Security Analysis of Monero Transactions2023-03-08T18:11:00+00:002023-03-06T22:23:19+00:00https://moneroresearch.info/resource/171Jack<p>Cremers, C., Loss, J., & Wagner, B. 2023. <em><b>A holistic security analysis of monero transactions</b></em>. [Cryptology ePrint Archive, Paper 2023/321].</p>
<p><strong>Abstract</strong></p>
<p>Monero is a popular cryptocurrency with strong privacy guarantees for users’ transactions. At the heart of Monero’s privacy claims lies a complex transaction system called RingCT, which combines several building blocks such as linkable ring signatures, homomorphic commitments, and range proofs, in a unique fashion. In this work, we provide the first rigorous security analysis for RingCT (as given in Zero to Monero, v2.0.0, 2020) in its entirety. This is in contrast to prior works that provided security arguments for only parts of RingCT. To this end, we provide the first holistic security model for Monero’s RingCT. In our model, we then prove the security of RingCT. Our framework is modular in that it allows to view RingCT as a combination of various different sub-protocols. This has the benefit that these components can be easily updated in future versions of RingCT with only minor modifications to our analysis. At a technical level, we introduce several new techniques that we believe to be of independent interest. First, we need to make several subtle modifications to the syntax and security properties of existing building blocks (e.g., linkable ring signatures), which result from the unusual way in which they are combined within RingCT. Then, we show how these building blocks can be combined in order to argue security of the top level transaction scheme. As a technical highlight of our proof, we show that our security goals can be mapped to a suitable graph problem. This allows us to take advantage of ideas from the theory of network flows in our analysis.</p>Miscellaneous: A Holistic Security Analysis of Monero Transactions2023-03-08T18:11:00+00:002023-03-06T22:23:19+00:00https://moneroresearch.info/resource/171Jack<p>Cremers, C., Loss, J., & Wagner, B. 2023. <em><b>A holistic security analysis of monero transactions</b></em>. [Cryptology ePrint Archive, Paper 2023/321].</p>
<p><strong>Abstract</strong></p>
<p>Monero is a popular cryptocurrency with strong privacy guarantees for users’ transactions. At the heart of Monero’s privacy claims lies a complex transaction system called RingCT, which combines several building blocks such as linkable ring signatures, homomorphic commitments, and range proofs, in a unique fashion. In this work, we provide the first rigorous security analysis for RingCT (as given in Zero to Monero, v2.0.0, 2020) in its entirety. This is in contrast to prior works that provided security arguments for only parts of RingCT. To this end, we provide the first holistic security model for Monero’s RingCT. In our model, we then prove the security of RingCT. Our framework is modular in that it allows to view RingCT as a combination of various different sub-protocols. This has the benefit that these components can be easily updated in future versions of RingCT with only minor modifications to our analysis. At a technical level, we introduce several new techniques that we believe to be of independent interest. First, we need to make several subtle modifications to the syntax and security properties of existing building blocks (e.g., linkable ring signatures), which result from the unusual way in which they are combined within RingCT. Then, we show how these building blocks can be combined in order to argue security of the top level transaction scheme. As a technical highlight of our proof, we show that our security goals can be mapped to a suitable graph problem. This allows us to take advantage of ideas from the theory of network flows in our analysis.</p>Miscellaneous: A Novel Related Nonce Attack for ECDSA2023-03-06T22:35:49+00:002023-03-06T22:25:06+00:00https://moneroresearch.info/resource/174Jack<p>Macchetti, M. 2023. <em><b>A novel related nonce attack for ecdsa</b></em>. [Cryptology ePrint Archive, Paper 2023/305].</p>
<p><strong>Abstract</strong></p>
<p>We describe a new related nonce attack able to extract the original signing key from a small collection of ECDSA signatures gener- ated with weak PRNGs. Under suitable conditions on the modulo order of the PRNG, we are able to attack linear, quadratic, cubic as well as arbitrary degree recurrence relations (with unknown coefficients) with few signatures and in negligible time. We also show that for any collec- tion of randomly generated ECDSA nonces, there is one more nonce that can be added following the implicit recurrence relation, and that would allow retrieval of the private key; we exploit this fact to present a novel rogue nonce attack against ECDSA. Up to our knowledge, this is the first known attack exploiting generic and unknown high-degree algebraic relations between nonces that do not require assumptions on the value of single bits or bit sequences (e.g. prefixes and suffixes).</p>Journal Article: A Transformation for Lifting Discrete Logarithm Based Cryptography to Post-Quantum Cryptography2023-03-06T22:32:07+00:002023-03-06T22:24:43+00:00https://moneroresearch.info/resource/173Jack<p>Gligoroski, D. (2023). <b>A transformation for lifting discrete logarithm based cryptography to post-quantum cryptography</b>. <em>Cryptology ePrint Archive</em>,</p>
<p><strong>Abstract</strong></p>
<p>We construct algebraic structures where rising to the non-associative power indices is no longer tied with the Discrete Logarithm Problem but with a problem that has been analysed in the last two decades and does not have a quantum polynomial algorithm that solves it. The problem is called Exponential Congruences Problem. By this, we disprove the claims presented in the ePrint report 2021/583 titled "Entropoids: Groups in Disguise" by Lorenz Panny that "all instantiations of the entropoid framework should be breakable in polynomial time on a quantum computer." Additionally, we construct an Arithmetic for power indices and propose generic recipe guidelines that we call "Entropic-Lift" for transforming some of the existing classical cryptographic schemes that depend on the hardness of Discrete Logarithm Problem to post-quantum cryptographic schemes that will base their security on the hardness of the Exponential Congruences Problem. As concrete examples, we show how to transform the classical Diffie-Hellman key exchange, DSA and Schnorr signature schemes. We also post one open problem: From the perspective of provable security, specifically from the standpoint of security of post-quantum cryptographic schemes, to precisely formalize and analyze the potentials and limits of the Entropic-Lift transformation.</p>Thesis/Dissertation: Blockchain Privacy Notions Using the Transaction Graph Model2023-03-06T22:29:54+00:002023-03-06T22:24:08+00:00https://moneroresearch.info/resource/172Jack<p>Wicht, F.-X., Cachin, C., & Le, D. V. (2023). <em><b>Blockchain privacy notions using the transaction graph model</b></em>. , University of Fribourg.</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability, unlinkability, and confidentiality. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains – Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Thesis/Dissertation: Blockchain Privacy Notions Using the Transaction Graph Model2023-03-06T22:29:54+00:002023-03-06T22:24:08+00:00https://moneroresearch.info/resource/172Jack<p>Wicht, F.-X., Cachin, C., & Le, D. V. (2023). <em><b>Blockchain privacy notions using the transaction graph model</b></em>. , University of Fribourg.</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability, unlinkability, and confidentiality. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains – Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Thesis/Dissertation: Blockchain Privacy Notions Using the Transaction Graph Model2023-03-06T22:29:54+00:002023-03-06T22:24:08+00:00https://moneroresearch.info/resource/172Jack<p>Wicht, F.-X., Cachin, C., & Le, D. V. (2023). <em><b>Blockchain privacy notions using the transaction graph model</b></em>. , University of Fribourg.</p>
<p><strong>Abstract</strong></p>
<p>Considerable work explores blockchain privacy notions. Yet, it usually employs entirely different models and notations, complicating potential comparisons. In this work, we use the Transaction Directed Acyclic Graph (TDAG) and extend it to capture blockchain privacy notions (PDAG). We give consistent definitions for untraceability, unlinkability, and confidentiality. Moreover, we specify conditions on a blockchain system to achieve each aforementioned privacy notion. Thus, we can compare the two most prominent privacy-preserving blockchains – Monero and Zcash, in terms of privacy guarantees. Finally, we unify linking heuristics from the literature with our graph notation and review a good portion of research on blockchain privacy.</p>Thesis/Dissertation: Monero-privacy in the blockchain2023-03-03T16:55:36+00:002023-03-03T16:52:31+00:00https://moneroresearch.info/resource/170Jack<p>Alonso, K. M. (2017). <em><b>Monero-privacy in the blockchain</b></em>. , Universitat Aut`onoma de Barcelona.</p>
<p><strong>Abstract</strong></p>
<p><span dir="ltr" style="left: 14.36%; top: 36.06%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.866531);" role="presentation">A cryptocurrency blockchain is commonly understood as a public distributed ledger</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 37.83%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.893871);" role="presentation">containing transactions verifiable by third parties, be it the mining community or</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 39.6%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.895954);" role="presentation">the public in general. It would seem that transactions would need to be sent and</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 41.37%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.881072);" role="presentation">stored in clear text format in order to make them publicly verifiable.</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 44.91%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.883466);" role="presentation">As we will show in this thesis, this is an incorrect assumption. It is indeed possible</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 46.68%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.874286);" role="presentation">to use cryptographic artifacts to conceal participants of transactions as well as the</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 48.45%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.880982);" role="presentation">amounts involved. And yet, allow transactions to be verified and consensuated by</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 50.22%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.877056);" role="presentation">the mining community.</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 53.76%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.916867);" role="presentation">Furthermore, we will also show that transaction privacy does not automatically</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 55.53%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.891998);" role="presentation">entail lawlessness nor a total lack of insight. There are mechanisms built into the</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 57.3%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.872113);" role="presentation">cryptocurrency studied here that allow for selective access to transactions by, say,</span><br role="presentation" /><span dir="ltr" style="left: 14.36%; top: 59.07%; font-size: calc(var(--scale-factor)*10.91px); font-family: sans-serif; transform: scaleX(0.888208);" role="presentation">authorities, without resulting in a conflict with user privacy.</span></p>Unpublished Work: From Zero (Knowledge) to Bulletproofs2023-03-03T16:18:12+00:002023-03-03T16:16:59+00:00https://moneroresearch.info/resource/169Jack<p>Gibson, A. <em><b>From zero (knowledge) to bulletproofs</b></em>.</p>
<p><strong>Abstract</strong></p>
<p><span dir="ltr" style="left: 20.97%; top: 37.21%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.843909);" role="presentation">This document doesn’t really address (at least, not well) two potential audiences:</span><br role="presentation" /><span dir="ltr" style="left: 23.01%; top: 39.82%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif;" role="presentation">•</span><span dir="ltr" style="left: 24.31%; top: 39.82%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif;" role="presentation"> </span><span dir="ltr" style="left: 25.15%; top: 39.82%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.879912);" role="presentation">Experts in the field who want academic rigour</span><br role="presentation" /><span dir="ltr" style="left: 23.01%; top: 41.24%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif;" role="presentation">•</span><span dir="ltr" style="left: 24.31%; top: 41.24%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif;" role="presentation"> </span><span dir="ltr" style="left: 25.15%; top: 41.24%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.870347);" role="presentation">Casual readers who want a quick skim in a few pages to get an idea</span><br role="presentation" /><span dir="ltr" style="left: 23.48%; top: 43.84%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.859312);" role="presentation">So it doesn’t leave many people left I guess!</span><br role="presentation" /><span dir="ltr" style="left: 23.48%; top: 45.26%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.908198);" role="presentation">But if you are very curious about: Confidential Transactions, Bulletproofs</span><br role="presentation" /><span dir="ltr" style="left: 20.97%; top: 46.68%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.852032);" role="presentation">as a way to improve them, and also the underlying technical ideas (in particular,</span><br role="presentation" /><span dir="ltr" style="left: 20.97%; top: 48.1%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.861015);" role="presentation">zero knowledge proofs in general, and commitment schemes), and you have an</span><br role="presentation" /><span dir="ltr" style="left: 20.97%; top: 49.52%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.866984);" role="presentation">intention to understand pretty deeply, you might find this investigation at least</span><br role="presentation" /><span dir="ltr" style="left: 20.97%; top: 50.94%; font-size: calc(var(--scale-factor)*9.96px); font-family: sans-serif; transform: scaleX(0.885357);" role="presentation">partly as interesting to read as I found it to construct!</span></p>Thesis/Dissertation: An Empirical Analysis of Privacy in Cryptocurrencies2023-02-21T04:36:33+00:002023-02-21T04:35:18+00:00https://moneroresearch.info/resource/168Jack<p>Kappos, G. (2022). <em><b>An empirical analysis of privacy in cryptocurrencies</b></em>. Unpublished PhD thesis, UCL (University College London).</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies have emerged as an important technology over the past decade and have, undoubtedly, become blockchain’s most popular application. Bitcoin has been by far the most popular out of the thousands of cryptocurrencies that have been created. Some of the features that made Bitcoin such a fascinating technology in- clude its transactions being made publicly available and permanently stored, and the ability for anyone to have access. Despite this transparency, it was initially believed that Bitcoin provides anonymity to its users, since it allowed them to transact using a pseudonym instead of their real identity. However, a long line of research has shown that this initial belief was false and that, given the appropriate tools, Bitcoin transactions can indeed be traced back to the real-life entities performing them. In this thesis, we perform a survey to examine the anonymity aspect of cryp- tocurrencies. We start with early works that made first efforts on analysing how pri- vate this new technology was. We analyse both from the perspective of a passive ob- server with eyes only to the public immutable state of transactions, the blockchain, as well as from an observer who has access to network layer information. We then look into the projects that aimed to enhance the anonymity provided in cryptocur- rencies and also analyse the evidence of how much they succeeded in practice. In the first part of our own contributions we present our own take on Bitcoin’s anonymity, inspired by the research already in place. We manage to extend existing heuristics and provide a novel methodology on measuring the confidence we have in our anonymity metrics, instead of looking into the issue from a binary perspective, as in previous research. In the second part we provide the first full-scale empirical work on measuring anonymity in a cryptocurrency that was built with privacy guarantees, based on a very well established cryptography, Zcash. We show that just building a tool which provides anonymity in theory is very different than the privacy offered in practice once users start to transact with it. Finally, we look into a technology that is not a cryptocurrency itself but is built on top of Bitcoin, thus providing a so-called layer 2 solution, the Lightning network. Again, our measurements showed some serious privacy concerns of this technology, some of which were novel and highly applicable.</p>Thesis/Dissertation: Systematic Modelling of Anonymity with Application to Cryptocurrencies2023-02-21T04:34:00+00:002023-02-21T04:32:29+00:00https://moneroresearch.info/resource/167Jack<p>Amarasinghe, N. (2022). <em><b>Systematic modelling of anonymity with application to cryptocurrencies</b></em>. Unpublished PhD thesis, Queensland University of Technology.</p>
<p><strong>Abstract</strong></p>
<p>The modern financial world has seen a significant rise in the use of cryptocurrencies in recent years, due to inherent convincing characteristics such as decentralised nature and convenience, and more importantly, perceived privacy and anonymity features. Despite being considered as the most widespread among all, Bitcoin is claimed to have significant lapses in relation to its anonymity. Many studies have shown that a majority of transactions can be traced back to their corresponding participants through the analysis of publicly available data, to which the cryptographic community has responded by proposing new constructions with improved anonymity claims. With the emergence of such new cryptocurrencies, many have attempted to evaluate such claims. These efforts have resulted in various interpretations of anonymity, which are often restricted to a particular currency scheme only. The absence of a common formalised metric for evaluating anonymity has led to much confusion over their claims, making it infeasible to properly compare different systems. More importantly, anonymity in such complex multi-party systems as finance, turns out to be a surprisingly multifaceted notion which needs to be defined and modelled with precision. In this work, we introduce a common framework, which can be used to evaluate the nature and extent of anonymity in (crypto)currencies and similar distributed transaction systems, irrespective of their implementation. For this purpose, we construct a theoretical model to represent the generic functionality of cryptocurrency schemes across different implementations, by establishing a cryptographically sound and secure foundation. We then develop a comprehensive adversarial model in order to capture different aspects of anonymity around system entities. Building upon this foundation, we formulate a common template, which is capable of modelling a multitude of different attacker scenarios with respect to various anonymity considerations. With an aim to strengthen the usability of this framework, we provide formal definitions for anonymity notions pertaining to various scenarios. In addition, we investigate the relationships among those definitions and formulate a set of theorems indicating the implications, dependencies and separations among them. Accordingly, this framework, together with the formal definitions and theorems, provides a means for modelling anonymity uniformly across different constructions. As such, the fine-grained systematisation of anonymity resulting from this work highlights the importance of precise definitions for modelling anonymity, which is a surprisingly nuanced concept.</p>Conference Paper: Anonymous Blockchain based model for e-Voting2023-02-21T04:30:20+00:002023-02-21T04:29:02+00:00https://moneroresearch.info/resource/166Jack<p>Taneska, M., & Halimi, F. 2022, <em><b>Anonymous blockchain based model for e-voting</b></em>. Unpublished paper presented at The 19th International Conference on Informatics and Information Technologies – CIIT 2022.</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we analyze the provided security, anonymity, and privacy provided by Zcash and Monero. We focus on the description for the e-voting framework based on Zcash and Monero using their anonymity advantages. Analyzing advantages and disadvantages of Zcash and Monero, we make comparation between them, and conluded that Monero is more secure than Zcash, and we recommend using Monero for serious e-Votings. Our key is to give a sparkle to Blockchain developers to create a legitimate framework or system that would be based on Zcash and Monero Blockchains to realize e-voting.</p>Conference Paper: Anonymous Blockchain based model for e-Voting2023-02-21T04:30:20+00:002023-02-21T04:29:02+00:00https://moneroresearch.info/resource/166Jack<p>Taneska, M., & Halimi, F. 2022, <em><b>Anonymous blockchain based model for e-voting</b></em>. Unpublished paper presented at The 19th International Conference on Informatics and Information Technologies – CIIT 2022.</p>
<p><strong>Abstract</strong></p>
<p>In this paper, we analyze the provided security, anonymity, and privacy provided by Zcash and Monero. We focus on the description for the e-voting framework based on Zcash and Monero using their anonymity advantages. Analyzing advantages and disadvantages of Zcash and Monero, we make comparation between them, and conluded that Monero is more secure than Zcash, and we recommend using Monero for serious e-Votings. Our key is to give a sparkle to Blockchain developers to create a legitimate framework or system that would be based on Zcash and Monero Blockchains to realize e-voting.</p>Unpublished Work: Fully Specified Estimation Plan for Optimal Static Parametric Estimation of Arbitrary Distributions (OSPEAD) Public Version2023-01-20T04:31:52+00:002023-01-20T04:23:35+00:00https://moneroresearch.info/resource/165Jack<p>Rucknium, R. <em><b>Fully specified estimation plan for optimal static parametric estimation of arbitrary distributions (ospead) public version</b></em>. Monero Research Lab.</p>Unpublished Work: LORD OF THE RINGS: AN EMPIRICAL ANALYSIS OF MONERO’S RING SIGNATURE RESILIENCE TO ARTIFICIALLY INTELLIGENT ATTACKS2023-01-20T04:16:30+00:002023-01-20T04:14:46+00:00https://moneroresearch.info/resource/164Jack<p>ACK-J, A.-J. 2022. <em><b>Lord of the rings: an empirical analysis of monero’s ring signature resilience to artificially intelligent attacks</b></em>. Multidisciplinary Academic Grants in Cryptocurrencies.</p>
<p><strong>Abstract</strong></p>
<p>Cryptocurrencies such as Bitcoin and Ethereum have seen a rapid increase in consumer adoption over the last decade. However, their lack of privacy guarantees has created a secondary market for more privacy-centric alternatives. Monero is a popular cryptocurrency with $2.9 billion in market capitalization and unique privacy properties which allow users to transact without a discernible history, similar to cash. In a transaction, the sender, receiver, and amount are hidden using well-established cryptographic primitives. The crux of Monero’s strong privacy claims has historically surrounded ring signatures, used to obfus- cate the transaction sender. A few previous works have analyzed the security of Monero’s ring signature implementation, but none have assessed its updated on-chain resiliency to AI-based attacks. In this work, we develop a process to collect large-scale datasets composed of Monero transactions accompanied by ground truth labels. Using this process, we built two datasets from the Monero testing and staging networks and used them to explore feature engineering and model selection. These datasets are used to train various supervised-learning classifiers, simulating an adversary who aims to remove the anonymity set of a Monero ring signature. Our most effective classifiers achieve a weighted F1-score of 34.60%, predicting an out-of-sample subset, and a macro F1-score of 13.30%, predicting against real mainnet Monero transactions. The model predictions show a marginal 4.30% increase in accuracy compared to the random guessing probability of 9%. Our research found that there to be minimal transaction risk posed by on-chain information leakage, correlated with adjacent Monero blockchains. We hope this work facilitates future multifaceted research into strengthening the Monero protocol against attacks correlating side-channel information.</p>Legal Rule/Regulation: USA v. LICHTENSTEIN et al2023-01-20T03:41:03+00:002023-01-20T03:28:14+00:00https://moneroresearch.info/resource/163Jack<p><em><b>Usa v. lichtenstein et al</b></em>.February 7 2022. US Dept. of Justice.</p>
<p><strong>Abstract</strong></p>
<p>In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets4 to an outside wallet (Wallet 1CGA4s5). At the time of the breach, 119,754 BTC was valued at approximately $71 million. Due to the increase in the value6 of BTC since the breach, the stolen funds are valued at over $4.5 billion as of February 2022.</p>