Abstract
Zerocoin proposed adding decentralized cryptographically anonymous e-cash to Bitcoin. Given the increasing popularity of Bitcoin and its reliance on a distributed pseudononymous public ledger, this anonymity is important if only to provide the same minimal privacy protections from nosy neighbors offered by conventional banking. Unfortunately, at 25 KB, the non-interactive zero-knowledge proofs for spending a zerocoin are nearly prohibitively large. In this paper, we consider several improvements. First, we strengthen Zerocoin’s anonymity guarantees, making them independent of the size of these proofs. Given this freedom, we explore several techniques for drastically reducing proof size while ensuring that forging a single zerocoin is more difficult than the block mining process used to maintain Bitcoin’s distributed ledger. Provided a zerocoin is worth less than the reward for a Bitcoin block, forging a coin is not an economically rational action. Hence we preserve Zerocoin’s absolute anonymity guarantees while achieving drastic reductions in proof size by limiting ourselves to security against rational attackers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Some recent results raise questions about this 50 % number [9].
- 2.
Specifically, we are concerned with future vulnerabilities in hash functions such as SHA256 that might allow for practical attacks on the zero-knowledge property of Fiat-Shamir proofs. While this concern seems rarified, existing analyses do not allow us to rule out such attacks.
- 3.
This is discounted to allow for lower payouts from, e.g., a mining cartel’s cut.
- 4.
Recall that the difficulty of mining a block adjusts to keep blocks spaced at 10 min intervals. Hence greater hashing power necessitates more hashes needed per block.
- 5.
It is possible to prune some of this work by checking if given, e.g., the first two of \(n\) blocks, any assignment of the remaining bits would hash to the correct challenge. We leave to future work the analysis of this strategy along with the best way to skew the sampling of bits from the \(n\) blocks to minimize it.
References
Mining hardware comparison. https://en.bitcoin.it/wiki/Mining_hardware_comparison. Accessed 23 Nov 2013
Kuhn, F., Struik, R.: Random walks revisited: extensions of pollard’s rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Heidelberg (2001)
Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)
Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)
Camenisch, J.L., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)
Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 93. Springer, Heidelberg (2001)
Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)
Camenisch, J.L.: Group signature schemes and payment systems based on the discrete logarithm problem. Ph.D. thesis, ETH Zürich (1998)
Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable (2013)
Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)
Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: FOCS (1986)
Goldreich, O.: A short tutorial of zero-knowledge (2010)
Groth, J.: Non-interactive zero-knowledge arguments for voting. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 467–482. Springer, Heidelberg (2005)
Lee, T.B.: Bitcoin needs to scale by a factor of 1000 to compete with Visa. Here’s how to do it, November 2013. http://www.washingtonpost.com
Lipmaa, H.: On diophantine complexity and statistical zero-knowledge arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003)
Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: Internet Measurement Conference (2013)
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: IEEE Symposium on Security and Privacy (2013)
Mihalcik, J.: An analysis of algorithms for solving discrete logarithms in fixed groups. Master’s thesis, Navel Post Graduate School (March 2010)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system, 2009 (2012). http://www.bitcoin.org/bitcoin.pdf
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)
Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Security and Privacy in Social Networks (SOCIALCOM) (2011)
Schnorr, C.P.: Efficient signature generation for smart cards. J. Cryptol. 4(3), 239–252 (1991)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 IFCA/Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garman, C., Green, M., Miers, I., Rubin, A.D. (2014). Rational Zero: Economic Security for Zerocoin with Everlasting Anonymity. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44774-1_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-44774-1_10
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44773-4
Online ISBN: 978-3-662-44774-1
eBook Packages: Computer ScienceComputer Science (R0)