Skip to main content
SpringerLink
Log in

An Airdrop that Preserves Recipient Privacy

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12059))

Included in the following conference series:

Abstract

A common approach to bootstrapping a new cryptocurrency is an airdrop, an arrangement in which existing users give away currency to entice new users to join. But current airdrops offer no recipient privacy: they leak which recipients have claimed the funds, and this information is easily linked to off-chain identities.

In this work, we address this issue by defining a private airdrop and describing concrete schemes for widely-used user credentials, such as those based on ECDSA and RSA. Our private airdrop for RSA builds upon a new zero-knowledge argument of knowledge of the factorization of a committed secret integer, which may be of independent interest. We also design a private genesis airdrop that efficiently sends private airdrops to millions of users at once. Finally, we implement and evaluate. Our fastest implementation takes 40–180 ms to generate and 3.7–10 ms to verify an RSA private airdrop signature. Signatures are 1.8–3.3 kiB depending on the security parameter.

Extended abstract. The full paper is available from https://goosig.crypto.fyi.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This is usually accomplished by encrypting the secret to the recipient’s \( pk \) and publishing the resulting ciphertext, so no explicit private channel is necessary.

  2. 2.

    In an interactive protocol, would suffice for soundness. Applying the Fiat-Shamir heuristic causes a loss in security, thus requiring a larger \(\ell \)  [17, §3.3].

References

  1. Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415–432. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-36178-2_26. (December 2002)

    Chapter  Google Scholar 

  2. Airdrop Alert. https://airdropalert.com/

  3. Ames, S., Hazay, C., Ishai, Y., Venkitasubramaniam, M.: Ligero: lightweight sublinear arguments without a trusted setup. In: ACM CCS, October/November 2017

    Google Scholar 

  4. Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4. (April 2013)

    Chapter  Google Scholar 

  5. Bangerter, E., Camenisch, J., Krenn, S.: Efficiency limitations for \(\Sigma \)-protocols for group homomorphisms. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 553–571. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_33. (February 2010)

    Chapter  Google Scholar 

  6. Bangerter, E., Camenisch, J., Maurer, U.: Efficient proofs of knowledge of discrete logarithms and representations in groups with hidden order. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 154–171. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_11. (January 2005)

    Chapter  Google Scholar 

  7. Bellare, M., Micciancio, D., Warinschi, B.: Foundations of group signatures: formal definitions, simplified requirements, and a construction based on general assumptions. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 614–629. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-39200-9_38. (May 2003)

    Chapter  Google Scholar 

  8. Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, November 1993

    Google Scholar 

  9. Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable zero knowledge with no trusted setup. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 701–732. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_23. (August 2019)

    Chapter  Google Scholar 

  10. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: IEEE S&P, May 2014

    Google Scholar 

  11. Ben-Sasson, E., Chiesa, A., Spooner, N.: Interactive oracle proofs. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9986, pp. 31–60. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53644-5_2. (October/November 2016)

    Chapter  Google Scholar 

  12. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: USENIX Security, August 2014

    Google Scholar 

  13. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.-Y.: High-speed high-security signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 124–142. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23951-9_9. (September/October 2011)

    Chapter  Google Scholar 

  14. Bjorøy, T.V.: The latest crypto PR craze: ‘airdropping’ free coins into your wallet. VentureBeat, September 2017

    Google Scholar 

  15. Blum, L., Blum, M., Shub, M.: Comparison of two pseudo-random number generators. In: Chaum, D., Rivest, R.L., Sherman, A.T. (eds.) Advances in Cryptology, pp. 61–78. Springer, Boston, MA (1983). https://doi.org/10.1007/978-1-4757-0602-4_6

    Chapter  Google Scholar 

  16. Bogart, S.: The trend that is increasing the urgency of owning Bitcoin and Etherium. Forbes (Oct 2017)

    Google Scholar 

  17. Boneh, D., Bünz, B., Fisch, B.: A survey of two verifiable delay functions. Cryptology ePrint Archive, Report 2018/712 (2018). https://eprint.iacr.org/2018/712

  18. Boneh, D., Bünz, B., Fisch, B.: Batching techniques for accumulators with applications to IOPs and stateless blockchains. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 561–586. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26948-7_20. (August 2019)

    Chapter  Google Scholar 

  19. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: SoK: research perspectives and challenges for bitcoin and cryptocurrencies. In: IEEE S&P, May 2015

    Google Scholar 

  20. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_31. (March 2014)

    Chapter  Google Scholar 

  21. Bootle, J., Cerulli, A., Chaidos, P., Groth, J., Petit, C.: Efficient zero-knowledge arguments for arithmetic circuits in the discrete log setting. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 327–357. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_12. (May 2016)

    Chapter  MATH  Google Scholar 

  22. Boyar, J., Friedl, K., Lund, C.: Practical zero-knowledge proofs: giving hints and using deficiencies. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 155–172. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_18. (April 1990)

    Chapter  Google Scholar 

  23. Brickell, E., Pointcheval, D., Vaudenay, S., Yung, M.: Design validations for discrete logarithm based signature schemes. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 276–292. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46588-1_19. (January 2000)

    Chapter  Google Scholar 

  24. Buchmann, J., Hamdy, S.: A survey on IQ cryptography. In: Public-Key Cryptography and Computational Number Theory, September 2000

    Google Scholar 

  25. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: IEEE S&P, May 2018

    Google Scholar 

  26. Camenisch, J., Michels, M.: Proving in zero-knowledge that a number is the product of two safe primes. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 107–122. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_8. (May 1999)

    Chapter  MATH  Google Scholar 

  27. Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives. In: ACM CCS, October/November 2017

    Google Scholar 

  28. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7. (August 1993)

    Chapter  Google Scholar 

  29. Chaum, D., van Heyst, E.: Group signatures. In: EUROCRYPT, April 1991

    Google Scholar 

  30. Cooper, D., Santesson, S., Farrell, S., Boeyen, S., Housley, R., Polk, W.: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. Technical Report RFC5280, IETF, May 2008

    Google Scholar 

  31. Cramer, R.J.F.: Modular design of secure yet practical cryptographic protocols. Ph.D. thesis, Universiteit van Amsterdam, January 1997

    Google Scholar 

  32. Damgård, I., Koprowski, M.: Generic lower bounds for root extraction and signature schemes in general groups. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 256–271. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_17. (April/May 2002)

    Chapter  MATH  Google Scholar 

  33. Dauterman, E., Corrigan-Gibbs, H., Mazières, D., Boneh, D., Rizzo, D.: True2F: backdoor-resistant authentication tokens. In: IEEE S&P, May 2019

    Google Scholar 

  34. Dodis, Y., Kiayias, A., Nicolosi, A., Shoup, V.: Anonymous identification in Ad Hoc groups. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 609–626. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_36. (May 2004)

    Chapter  MATH  Google Scholar 

  35. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12. (August 1987)

    Chapter  Google Scholar 

  36. Fröwis, M., Böhme, R.: The operational cost of Ethereum airdrops (2019). arXiv:1907.12383, https://arxiv.org/abs/1907.12383

  37. Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 33–62. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_2. (August 2018)

    Chapter  Google Scholar 

  38. Fuchsbauer, G., Orrù, M., Seurin, Y.: Aggregate cash systems: a cryptographic investigation of mimblewimble. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 657–689. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_22. (May 2019)

    Chapter  Google Scholar 

  39. Fuchsbauer, G., Pointcheval, D.: Anonymous proxy signatures. In: Ostrovsky, R., De Prisco, R., Visconti, I. (eds.) SCN 2008. LNCS, vol. 5229, pp. 201–217. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85855-3_14. (September 2008)

    Chapter  Google Scholar 

  40. Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski, B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997). https://doi.org/10.1007/BFb0052225. (August 1997)

    Chapter  Google Scholar 

  41. Gandal, N., Halaburda, H.: Competition in the cryptocurrency market. Technical Report DP10157, Center for Economic Policy Research, September 2014

    Google Scholar 

  42. Gennaro, R., Micciancio, D., Rabin, T.: An efficient non-interactive statistical zero-knowledge proof system for quasi-safe prime products. In: ACM CCS, November 1998

    Google Scholar 

  43. Giacomelli, I., Madsen, J., Orlandi, C.: ZKBoo: Faster zero-knowledge for Boolean circuits. In: USENIX Security, August 2016

    Google Scholar 

  44. GitHub: About. https://github.com/about

  45. GitHub: User public keys. https://developer.github.com/v3/users/keys/

  46. GitHub: User GPG keys. https://developer.github.com/v3/users/gpg_keys/

  47. GitLab: Users API. https://docs.gitlab.com/ce/api/users.html

  48. GooSig: short signatures from RSA that hide the signer’s public key. https://github.com/kwantam/GooSig

  49. GnuPG frequently asked questions. https://www.gnupg.org/faq/gnupg-faq.html#default_rsa2048

  50. handshake-org/goosig: Anonymous RSA signatures. https://github.com/handshake-org/goosig/

  51. ICO Drops. https://icodrops.com/

  52. Jedusor, T.E.: Mimblewimble. Technical report, July 2016. https://github.com/mimblewimble/docs/wiki/MimbleWimble-Origin

  53. Keybase.io. https://keybase.io/

  54. Maurer, U.M.: Unifying zero-knowledge proofs of knowledge. In: AFRICACRYPT, June 2009

    Google Scholar 

  55. Maxwell, G.: CoinJoin: Bitcoin privacy for the real world, August 2013. https://bitcointalk.org/index.php?topic=279249

  56. Maxwell, G.: Confidential transactions. Technical report (2016). https://people.xiph.org/~greg/confidential_values.txt

  57. Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: IMC, October 2013

    Google Scholar 

  58. MerkleMine specification. https://github.com/livepeer/merkle-mine/blob/master/SPEC.md

  59. Morita, H., Schuldt, J.C.N., Matsuda, T., Hanaoka, G., Iwata, T.: On the security of the schnorr signature scheme and DSA against related-key attacks. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 20–35. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30840-1_2

    Chapter  MATH  Google Scholar 

  60. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)

    Google Scholar 

  61. Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger 1, 1–18 (2016)

    Article  Google Scholar 

  62. Okamoto, T.: Provably secure and practical identification schemes and corresponding signature schemes. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 31–53. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_3. (August 1993)

    Chapter  Google Scholar 

  63. OmiseGO airdrop update, August 2017. https://www.omise.co/omisego-airdrop-update

  64. Parno, B., Howell, J., Gentry, C., Raykova, M.: Pinocchio: nearly practical verifiable computation. In: IEEE S&P, May 2013

    Google Scholar 

  65. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9. (August 1992)

    Chapter  Google Scholar 

  66. Penning, H.P.: Analysis of the strong set in the PGP web of trust, December 2018. https://pgp.cs.uu.nl/plot/

  67. Poelstra, A.: Mimblewimble. Technical report, October 2016. https://scalingbitcoin.org/papers/mimblewimble.pdf

  68. Poelstra, A., Back, A., Friedenbach, M., Maxwell, G., Wuille, P.: Confidential assets. Technical report, April 2017. https://blockstream.com/bitcoin17-final41.pdf

  69. Pooled payments (scaling solution for one-to-many transactions). https://ethresear.ch/t/pooled-payments-scaling-solution-for-one-to-many-transactions/590

  70. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: Boyd, C. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 552–565. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45682-1_32. (December 2001)

    Chapter  Google Scholar 

  71. Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_20. (September 2014)

    Chapter  Google Scholar 

  72. van Saberhagen, N.: CryptoNote v 2.0. Technical report, October 2013

    Google Scholar 

  73. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22. (August 1990)

    Chapter  Google Scholar 

  74. Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_18. (May 1997)

    Chapter  Google Scholar 

  75. ssh-keygen(1): OpenBSD manual pages. https://man.openbsd.org/ssh-keygen

  76. We’re distributing 16 billion Lumens to Bitcoin holders, March 2017. https://www.stellar.org/blog/bitcoin-claim-lumens-2/

  77. Terelius, B., Wikström, D.: Efficiency limitations of \(\Sigma \)-protocols for group homomorphisms revisited. In: Visconti, I., De Prisco, R. (eds.) SCN 2012. LNCS, vol. 7485, pp. 461–476. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32928-9_26. (September 2012)

    Chapter  MATH  Google Scholar 

  78. van de Graaf, J., Peralta, R.: A simple and secure way to show the validity of your public key. In: Pomerance, C. (ed.) CRYPTO 1987. LNCS, vol. 293, pp. 128–134. Springer, Heidelberg (1988). https://doi.org/10.1007/3-540-48184-2_9. (August 1988)

    Chapter  Google Scholar 

  79. Wahby, R.S., Boneh, D., Jeffrey, C., Poon, J.: An airdrop that preserves recipient privacy, January 2020. https://goosig.crypto.fyi

  80. Wahby, R.S., Tzialla, I., shelat, A., Thaler, J., Walfish, M.: Doubly-efficient zkSNARKs without trusted setup. In: IEEE S&P, May 2018

    Google Scholar 

  81. Wuille, P.: BIP 32: Hierarchical deterministic wallets, February 2012. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki

  82. The YubiKey. https://www.yubico.com/products/yubikey-hardware/

Download references

Acknowledgments

This work was supported in part by the NSF, the ONR, the Simons Foundation, the Stanford Center for Blockchain Research, and the Ripple Foundation. The authors thank Fraser Brown, Henry Corrigan-Gibbs, and Dmitry Kogan for helpful conversations, and David Mazières for pointing out the need for the orthogonality property.

Author information

Authors and Affiliations

  1. Stanford University, Stanford, USA

    Riad S. Wahby & Dan Boneh

  2. Purse.io, San Francisco, USA

    Christopher Jeffrey

  3. Pasadena, USA

    Joseph Poon

Authors
  1. Riad S. Wahby
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dan Boneh
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christopher Jeffrey
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joseph Poon
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Riad S. Wahby .

Editor information

Editors and Affiliations

  1. New York University, New York City, NY, USA

    Joseph Bonneau

  2. University of California, La Jolla, CA, USA

    Nadia Heninger

Rights and permissions

Reprints and permissions

Copyright information

© 2020 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Wahby, R.S., Boneh, D., Jeffrey, C., Poon, J. (2020). An Airdrop that Preserves Recipient Privacy. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-51280-4_24

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-51279-8

  • Online ISBN: 978-3-030-51280-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation