Skip to main content
SpringerLink
Log in

Rational Zero: Economic Security for Zerocoin with Everlasting Anonymity

  • Conference paper
  • First Online:
Book cover Financial Cryptography and Data Security (FC 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8438))

Included in the following conference series:

Abstract

Zerocoin proposed adding decentralized cryptographically anonymous e-cash to Bitcoin. Given the increasing popularity of Bitcoin and its reliance on a distributed pseudononymous public ledger, this anonymity is important if only to provide the same minimal privacy protections from nosy neighbors offered by conventional banking. Unfortunately, at 25 KB, the non-interactive zero-knowledge proofs for spending a zerocoin are nearly prohibitively large. In this paper, we consider several improvements. First, we strengthen Zerocoin’s anonymity guarantees, making them independent of the size of these proofs. Given this freedom, we explore several techniques for drastically reducing proof size while ensuring that forging a single zerocoin is more difficult than the block mining process used to maintain Bitcoin’s distributed ledger. Provided a zerocoin is worth less than the reward for a Bitcoin block, forging a coin is not an economically rational action. Hence we preserve Zerocoin’s absolute anonymity guarantees while achieving drastic reductions in proof size by limiting ourselves to security against rational attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Some recent results raise questions about this 50 % number [9].

  2. 2.

    Specifically, we are concerned with future vulnerabilities in hash functions such as SHA256 that might allow for practical attacks on the zero-knowledge property of Fiat-Shamir proofs. While this concern seems rarified, existing analyses do not allow us to rule out such attacks.

  3. 3.

    This is discounted to allow for lower payouts from, e.g., a mining cartel’s cut.

  4. 4.

    Recall that the difficulty of mining a block adjusts to keep blocks spaced at 10 min intervals. Hence greater hashing power necessitates more hashes needed per block.

  5. 5.

    It is possible to prune some of this work by checking if given, e.g., the first two of \(n\) blocks, any assignment of the remaining bits would hash to the correct challenge. We leave to future work the analysis of this strategy along with the best way to skew the sampling of bits from the \(n\) blocks to minimize it.

References

  1. Mining hardware comparison. https://en.bitcoin.it/wiki/Mining_hardware_comparison. Accessed 23 Nov 2013

  2. Kuhn, F., Struik, R.: Random walks revisited: extensions of pollard’s rho algorithm for computing multiple discrete logarithms. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 212–229. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Benaloh, J.C., de Mare, M.: One-way accumulators: a decentralized alternative to digital signatures. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 274–285. Springer, Heidelberg (1994)

    Chapter  Google Scholar 

  4. Boudot, F.: Efficient proofs that a committed number lies in an interval. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 431–444. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  5. Camenisch, J.L., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  6. Camenisch, J.L., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, p. 93. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Camenisch, J.L., Stadler, M.A.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Google Scholar 

  8. Camenisch, J.L.: Group signature schemes and payment systems based on the discrete logarithm problem. Ph.D. thesis, ETH Zürich (1998)

    Google Scholar 

  9. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable (2013)

    Google Scholar 

  10. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  11. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity and a methodology of cryptographic protocol design. In: FOCS (1986)

    Google Scholar 

  12. Goldreich, O.: A short tutorial of zero-knowledge (2010)

    Google Scholar 

  13. Groth, J.: Non-interactive zero-knowledge arguments for voting. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 467–482. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Lee, T.B.: Bitcoin needs to scale by a factor of 1000 to compete with Visa. Here’s how to do it, November 2013. http://www.washingtonpost.com

  15. Lipmaa, H.: On diophantine complexity and statistical zero-knowledge arguments. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 398–415. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  16. Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of bitcoins: characterizing payments among men with no names. In: Internet Measurement Conference (2013)

    Google Scholar 

  17. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: IEEE Symposium on Security and Privacy (2013)

    Google Scholar 

  18. Mihalcik, J.: An analysis of algorithms for solving discrete logarithms in fixed groups. Master’s thesis, Navel Post Graduate School (March 2010)

    Google Scholar 

  19. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system, 2009 (2012). http://www.bitcoin.org/bitcoin.pdf

  20. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992)

    Google Scholar 

  21. Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Security and Privacy in Social Networks (SOCIALCOM) (2011)

    Google Scholar 

  22. Schnorr, C.P.: Efficient signature generation for smart cards. J. Cryptol. 4(3), 239–252 (1991)

    MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, The Johns Hopkins University, Baltimore, USA

    Christina Garman, Matthew Green, Ian Miers & Aviel D. Rubin

Authors
  1. Christina Garman
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthew Green
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ian Miers
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Aviel D. Rubin
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ian Miers .

Editor information

Editors and Affiliations

  1. University of Münster, Münster, Germany

    Rainer Böhme

  2. University of Hannover, Hannover, Niedersachsen, Germany

    Michael Brenner

  3. Southern Methodist University CS and Engineering Department, Dallas, Texas, USA

    Tyler Moore

  4. University of Bonn, Bonn, Germany

    Matthew Smith

Rights and permissions

Reprints and permissions

Copyright information

© 2014 IFCA/Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Garman, C., Green, M., Miers, I., Rubin, A.D. (2014). Rational Zero: Economic Security for Zerocoin with Everlasting Anonymity. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds) Financial Cryptography and Data Security. FC 2014. Lecture Notes in Computer Science(), vol 8438. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44774-1_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44774-1_10

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44773-4

  • Online ISBN: 978-3-662-44774-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation