• PDF / 339,850 Bytes
• 21 Pages / 439.37 x 666.142 pts Page_size
• 14 Downloads / 193 Views

DOWNLOAD

REPORT

Abstract. Bitcoin is an online distributed ledger in which coins are distributed according to the unspent transaction output (UTXO) set, and transactions describe changes to this set. Every UTXO has associated to it an amount and signature verification key, representing the quantity that can be spent and the entity authorized to do so, respectively. Because the ledger is distributed and publicly verifiable, every UTXO (and the history of all changes) is publicly available and may be used for analysis of all users’ payment history. Although this history is not directly linked to users in any way, it exposes enough structure that even small amounts of personally identifiable information may completely break users’ privacy. Further, the ability to trace coin history creates a market for “clean” coins, harming the fungibility of the underlying asset. In this paper we describe a scheme, confidential transactions, which blinds the amounts of all UTXOs, while preserving public verifiability that no transaction creates or destroys coins. This removes a significant amount of information from the transaction graph, improving privacy and fungibility without a trusted setup or exotic cryptographic assumptions. We further extend this to confidential assets, a scheme in which a single blockchain-based ledger may track multiple asset types. We extend confidential transactions to blind not only output amounts, but also their asset type, improving the privacy and fungibility of all assets.

1

Introduction

Deployed in 2009, Bitcoin [16] is an online currency with no trusted issuer or transaction processor, which works by means of a publicly verifiable distributed ledger called a blockchain. The blockchain contains every transaction since its inception, resulting in a final state, the unspent transaction output set (UTXO set), which describes the amounts and owners of all coins. Each UTXO contains an amount and a verification key; transactions destroy UTXOs and create new ones of equal or lesser total amount, and must be signed with the keys associated to each destroyed UTXO. This model allows all users to verify transaction correctness without trusting any payment processor to be honest or reliable. However, this model has a serious cost to user privacy, since every transaction is preserved forever, exposing significant amounts of information directly and indirectly [10]. c International Financial Cryptography Association 2019  A. Zohar et al. (Eds.): FC 2018 Workshops, LNCS 10958, pp. 43–63, 2019. https://doi.org/10.1007/978-3-662-58820-8_4

44

A. Poelstra et al.

One suggestion to obscure transaction structure is CoinJoin [13], which allows users to interactively combine transactions, obscuring which inputs map to which outputs. However, because transaction amounts are exposed, it is difficult to use CoinJoin in such a way that these mappings cannot be recovered, at least in a statistical sense [20]. In particular, unless all output amounts are the same, they are distinguishable and may be grouped. We propose a partial solution to the ex

Recommend Documents

Compact Multi-Party Confidential Transactions

159 46 25MB

PGC: Decentralized Confidential Payment System with Auditability

152 7 48MB

The database right: Copyright and confidential information

179 65 288KB

Fixed assets repair timetable

181 97 69KB

Importing Assets in Detail

172 43 19MB

Expenditure on Fixed Assets

183 0 10MB

Safe Assets and Reserve Management

166 43 13MB

Water Resource Assets Management Reform

155 79 6MB

Intangible Assets: Sorgenkinder der Betriebswirtschaft?

146 89 111KB

Basic of 3D Modeling: Assets

187 32 19MB

Corrosion Control in Military Assets

179 58 1MB

Confidential Informants A Closer Look at Police Policy

155 83 1MB