Abstract
Privacy-oriented cryptocurrencies, like Zcash
or Monero, provide fair transaction anonymity and con-
fidentiality, but lack important features compared to
fully public systems, like Ethereum. Specifically, sup-
porting assets of multiple types and providing a mech-
anism to atomically exchange them, which is critical
for e.g. decentralized finance (DeFi), is challenging in
the private setting. By combining insights and secu-
rity properties from Zcash and SwapCT (PETS 21, an
atomic swap system for Monero), we present a simple
zk-SNARKs based transaction scheme, called Zswap,
which is carefully malleable to allow the merging of
transactions, while preserving anonymity. Our protocol
enables multiple assets and atomic exchanges by making
use of sparse homomorphic commitments with aggre-
gated open randomness, together with Zcash friendly
simulation-extractable non-interactive zero-knowledge
(NIZK) proofs. This results in a provably secure privacy-
preserving transaction protocol, with efficient swaps,
and overall performance close to that of existing de-
ployed private cryptocurrencies. It is similar to Zcash
Sapling and benefits from existing code-bases and im-
plementation expertise.
or Monero, provide fair transaction anonymity and con-
fidentiality, but lack important features compared to
fully public systems, like Ethereum. Specifically, sup-
porting assets of multiple types and providing a mech-
anism to atomically exchange them, which is critical
for e.g. decentralized finance (DeFi), is challenging in
the private setting. By combining insights and secu-
rity properties from Zcash and SwapCT (PETS 21, an
atomic swap system for Monero), we present a simple
zk-SNARKs based transaction scheme, called Zswap,
which is carefully malleable to allow the merging of
transactions, while preserving anonymity. Our protocol
enables multiple assets and atomic exchanges by making
use of sparse homomorphic commitments with aggre-
gated open randomness, together with Zcash friendly
simulation-extractable non-interactive zero-knowledge
(NIZK) proofs. This results in a provably secure privacy-
preserving transaction protocol, with efficient swaps,
and overall performance close to that of existing de-
ployed private cryptocurrencies. It is similar to Zcash
Sapling and benefits from existing code-bases and im-
plementation expertise.
Originalsprog | Engelsk |
---|---|
Tidsskrift | Proceedings on Privacy Enhancing Technologies |
Vol/bind | 2022 |
Udgave nummer | 4 |
Sider (fra-til) | 507-527 |
ISSN | 2299-0984 |
Status | Udgivet - 15 jul. 2022 |
Emneord
- Privacy-oriented cryptocurrencies
- Anonymity
- Decentralized finance (DeFi)
- zk-SNARKs
- Atomic exchanges