Skip to main content
Springer Nature Link
Log in

PGC: Decentralized Confidential Payment System with Auditability

  • Conference paper
  • First Online:
Computer Security – ESORICS 2020 (ESORICS 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12308))

Included in the following conference series:

Abstract

Many existing cryptocurrencies fail to provide transaction anonymity and confidentiality. As the privacy concerns grow, a number of works have sought to enhance privacy by leveraging cryptographic tools. Though strong privacy is appealing, it might be abused in some cases. In decentralized payment systems, anonymity poses great challenges to system’s auditability, which is a crucial property for scenarios that require regulatory compliance and dispute arbitration guarantee.

Aiming for a middle ground between privacy and auditability, we introduce the notion of decentralized confidential payment (DCP) system with auditability. In addition to offering confidentiality, DCP supports privacy-preserving audit in which an external party can specify a set of transactions and then request the participant to prove their compliance with a large class of policies. We present a generic construction of auditable DCP system from integrated signature and encryption scheme and non-interactive zero-knowledge proof systems. We then instantiate our generic construction by carefully designing the underlying building blocks, yielding a standalone cryptocurrency called PGC. In PGC, the setup is transparent, transactions are less than 1.3 KB and take under 38ms to generate and 15 ms to verify.

At the core of PGC is an additively homomorphic public-key encryption scheme that we newly introduce, twisted ElGamal, which is not only as secure as standard exponential ElGamal, but also friendly to Sigma protocols and Bulletproofs. This enables us to easily devise zero-knowledge proofs for basic correctness of transactions as well as various application-dependent policies in a modular fashion.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    In the remainder of this paper, we simply refer to the exponential ElGamal PKE as ElGamal PKE for ease of exposition.

  2. 2.

    As indicated in  [CZ14], the essence of ElGamal is \(F_{sk}(g^r) = pk^r\) forms a publicly evaluable pseudorandom functions over \(\mathbb {G}\). The key insight of switching is that \(F_{sk}\) is in fact a permutation.

  3. 3.

    We describe our generic DCP construction using NIZK in the CRS model. The construction and security proof carries out naturally if using NIZK in the random oracle model instead.

  4. 4.

    By default, \(\tilde{m}\) and \(\mathsf {sn}\) should be zero, r should be a fixed and publicly known randomness, say the zero string \(0^\lambda \). This settlement guarantees that the initial account state is publicly auditable. Here, we do not make it as an enforcement for flexibility.

  5. 5.

    In the non-interactive setting, there is no distinction between sequential and parallel composition.

  6. 6.

    Since both \(v_1\), \(v_2\), \(\alpha \), \(\beta \) are much smaller than p, no overflow will happen.

  7. 7.

    We expect at least \(2\times \) speedup after optimizations.

References

  1. Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: towards privacy in a smart contract world. In: Bonneau, J., Heninger, N. (eds.) FC 2020. LNCS, vol. 12059, pp. 423–443. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-51280-4_23

    Chapter  Google Scholar 

  2. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, SP 2018, pp. 315–334 (2018)

    Google Scholar 

  3. Biryukov, A., Khovratovich, D., Pustogarov, I.: Deanonymisation of clients in bitcoin P2P network. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 15–29 (2014)

    Google Scholar 

  4. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_31

    Chapter  Google Scholar 

  5. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_9

    Chapter  Google Scholar 

  6. Chen, Y., Ma, X., Tang, C., Au, M.H.: PGC: pretty good confidential transaction system with auditability. Cryptology ePrint Archive, Report 2019/319 (2019). https://eprint.iacr.org/2019/319

  7. Chaum, D., Pedersen, T.P.: Wallet databases with observers. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 89–105. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_7

    Chapter  Google Scholar 

  8. Chen, Yu., Zhang, Z.: Publicly evaluable pseudorandom functions and their applications. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 115–134. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10879-7_8

    Chapter  Google Scholar 

  9. Dash. https://www.dash.org

  10. Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C.: Quisquis: a new design for anonymous cryptocurrencies. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 649–678. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_23

    Chapter  Google Scholar 

  11. Garman, C., Green, M., Miers, I.: Accountable privacy for decentralized anonymous payments. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 81–98. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54970-4_5

    Chapter  Google Scholar 

  12. Goldreich, O.: Foundations of Cryptography, vol. 1. Cambridge University Press, New York (2006)

    MATH  Google Scholar 

  13. Grin. https://grin-tech.org/

  14. libPGC. https://github.com/yuchen1024/libPGC

  15. Maxwell, G.: Confidential transactions (2016). https://people.xiph.org/~greg/confidential_values.txt

  16. Meiklejohn, S., Mercer, R.: Möbius: trustless tumbling for transaction privacy. PoPETs 2, 105–121 (2018)

    Google Scholar 

  17. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  18. Noether, S.: Ring signature confidential transactions for monero (2015). https://eprint.iacr.org/2015/1098

  19. Narula, N., Vasquez, W., Virza, M.: zkLedger: privacy-preserving auditing for distributed ledgers. In: 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018, pp. 65–80 (2018)

    Google Scholar 

  20. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    Chapter  Google Scholar 

  21. Poelstra, A.: Mimblewimble. https://download.wpsoftware.net/bitcoin/wizardry/mimblewimble.pdf

  22. Paterson, K.G., Schuldt, J.C.N., Stam, M., Thomson, S.: On the joint security of encryption and signature, revisited. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 161–178. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_9

    Chapter  Google Scholar 

  23. Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_20

    Chapter  Google Scholar 

  24. Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_2

    Chapter  Google Scholar 

  25. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptol. 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

  26. Wood, G.: Ethereum: a secure decentralized transaction ledger (2014). http://gavwood.com/paper.pdf, https://www.ethereum.org/

  27. Zcash: privacy-protecting digital currency. https://z.cash/

Download references

Acknowledgments

We thank Benny Pinkas and Jonathan Bootle for clarifications on Sigma protocols and Bulletproofs in the early stages of this research. We particularly thank Shuai Han for many enlightening discussions. Yu Chen is supported by National Natural Science Foundation of China (Grant No. 61772522, No. 61932019). Man Ho Au is supported by National Natural Science Foundation of China (Grant No. 61972332).

Author information

Authors and Affiliations

  1. School of Cyber Science and Technology, Shandong University, Qingdao, 266237, China

    Yu Chen

  2. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Yu Chen

  3. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Qingdao, 266237, China

    Yu Chen

  4. Shandong Institute of Blockchain, Jinan, China

    Yu Chen

  5. State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100093, China

    Xuecheng Ma

  6. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100049, China

    Xuecheng Ma

  7. Beijing Temi Co., Ltd., pgc.info, Beijing, China

    Cong Tang

  8. Department of Computer Science, The University of Hong Kong, Pok Fu Lam, China

    Man Ho Au

Authors
  1. Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xuecheng Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cong Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Man Ho Au
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Man Ho Au .

Editor information

Editors and Affiliations

  1. University of Surrey, Guildford, UK

    Liqun Chen

  2. Purdue University, West Lafayette, IN, USA

    Ninghui Li

  3. Delft University of Technology, Delft, The Netherlands

    Kaitai Liang

  4. University of Surrey, Guildford, UK

    Steve Schneider

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chen, Y., Ma, X., Tang, C., Au, M.H. (2020). PGC: Decentralized Confidential Payment System with Auditability. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12308. Springer, Cham. https://doi.org/10.1007/978-3-030-58951-6_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-58951-6_29

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-58950-9

  • Online ISBN: 978-3-030-58951-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics