Article

Zerocash: Decentralized Anonymous Payments from Bitcoin

Authors:

Madars VirzaAuthors Info & Claims

SP '14: Proceedings of the 2014 IEEE Symposium on Security and Privacy

Pages 459 - 474

https://doi.org/10.1109/SP.2014.36

Published: 18 May 2014 Publication History

Abstract

Bit coin is the first digital currency to see widespread adoption. While payments are conducted between pseudonyms, Bit coin cannot offer strong privacy guarantees: payment transactions are recorded in a public decentralized ledger, from which much information can be deduced. Zero coin (Miers et al., IEEE S&P 2013) tackles some of these privacy issues by unlinking transactions from the payment's origin. Yet, it still reveals payments' destinations and amounts, and is limited in functionality. In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive Arguments of Knowledge (zk-SNARKs). First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment's origin, destination, and transferred amount. We provide formal definitions and proofs of the construction's security. Second, we build Zero cash, a practical instantiation of our DAP scheme construction. In Zero cash, transactions are less than 1 kB and take under 6 ms to verify - orders of magnitude more efficient than the less-anonymous Zero coin and competitive with plain Bit coin.

Cited By

View all

Chen JYan HLiu ZZhang MXiong HYu S(2024)When Federated Learning Meets Privacy-Preserving ComputationACM Computing Surveys10.1145/367901356:12(1-36)Online publication date: 22-Jul-2024
https://dl.acm.org/doi/10.1145/3679013
Liang WLiu YYang CXie SLi KSusilo W(2024)On Identity, Transaction, and Smart Contract Privacy on Permissioned and Permissionless Blockchain: A Comprehensive SurveyACM Computing Surveys10.1145/367616456:12(1-35)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3676164
Visconti I(2024)The Right to Be Zero-Knowledge ForgottenProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669973(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669973
Show More Cited By

Index Terms

Zerocash: Decentralized Anonymous Payments from Bitcoin
1. Applied computing
  1. Electronic commerce

Recommendations

Z-Channel: Scalable and Efficient Scheme in Zerocash
Information Security and Privacy
Abstract
Decentralized ledger-based cryptocurrencies like Bitcoin present a way to construct payment systems without trusted banks. However, the anonymity of Bitcoin is fragile. Many altcoins and protocols are designed to improve Bitcoin on this issue, ...
Mastering Bitcoin: The Secret Tips on Making Money Through Bitcoin Mining and Investment
Bitcoin for Dummies: Bitcoin Secrets and Tips that Will Change Your Life in Three Weeks

Reviews

Reviewer: Subhankar Ray

Bitcoin and its underlying blockchain technology have solved the Byzantine generals problem [1]. However, blockchain associated with the Bitcoin currency is a public ledger, and it does not provide the basic privacy offered by financial transactions that the world is accustomed to. Several researchers have shown that the parties involved in a Bitcoin transaction can be identified even after significant efforts by the transacting parties to keep themselves anonymous [2]. To keep the transacting parties anonymous, Miers et al. proposed Zerocoin with significant performance issues, restrictive fixed denomination, and lack of anonymity for the metadata related to the transaction. However, Zerocoin is a process to add anonymity to Bitcoin [2]. Hence, it can take advantage of the critical mass and infrastructure of a Bitcoin ecosystem. Zerocash, described in this paper, has solved the limitations of Zerocoin, and it is a serious invention using zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs). There have been a few other zero-knowledge-related algorithms like zero-knowledge interactive/non-interactive (for example, Feige-Fiat-Shamir identification scheme), statistical zero-knowledge, computational zero-knowledge, and others. It would be nice to know if those could have been used, or what their shortcomings are. There are several challenges that Zerocash must overcome for practical use, such as full integration with Bitcoin, the need to use a public trusted party, and the abandonment of blockchain-based double spending prevention [3]. In section 6, sub-section C, the author proposes Tor (or mixnets) for Internet protocol (IP) level anonymity. It was not clear if this is only needed to integrate with existing ledger-based currency, or if it is a requirement for the anonymity for any Zerocash system. Zero-knowledge protocols must have a property of knowledge and soundness, which means that "if the statement is false, no cheating prover can convince the honest verifier that it is true, except with some small probability" [4]. One may wonder if even a "small probability" is too much for financial transactions. This is a complex field at the intersection of theoretical computer science and mathematics (a limited number of researchers mostly in academia understand it very well, and skill sets in this area will be hard to find). The abstract states, "We construct a full-fledged ledger-based digital currency"; however, the experiments in section 7 use a Bitcoin network. It is not clear why the authors have not performed a simulation using only a Zerocash network. This paper is a significant research work. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Information & Contributors

Information

Published In

SP '14: Proceedings of the 2014 IEEE Symposium on Security and Privacy

May 2014

694 pages

ISBN:9781479946860

Publisher

IEEE Computer Society

United States

Publication History

Published: 18 May 2014

Author Tag

Bitcoin, decentralized electronic cash, zero knowledge

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

202
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 10 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chen JYan HLiu ZZhang MXiong HYu S(2024)When Federated Learning Meets Privacy-Preserving ComputationACM Computing Surveys10.1145/367901356:12(1-36)Online publication date: 22-Jul-2024
https://dl.acm.org/doi/10.1145/3679013
Liang WLiu YYang CXie SLi KSusilo W(2024)On Identity, Transaction, and Smart Contract Privacy on Permissioned and Permissionless Blockchain: A Comprehensive SurveyACM Computing Surveys10.1145/367616456:12(1-35)Online publication date: 29-Jun-2024
https://dl.acm.org/doi/10.1145/3676164
Visconti I(2024)The Right to Be Zero-Knowledge ForgottenProceedings of the 19th International Conference on Availability, Reliability and Security10.1145/3664476.3669973(1-9)Online publication date: 30-Jul-2024
https://dl.acm.org/doi/10.1145/3664476.3669973
Xu MGuo YLiu CHu QYu DXiong ZNiyato DCheng X(2024)Exploring Blockchain Technology through a Modular Lens: A SurveyACM Computing Surveys10.1145/365728856:9(1-39)Online publication date: 11-Apr-2024
https://dl.acm.org/doi/10.1145/3657288
Kim JLee JOh HKim JQuek TGao DZhou JCardenas A(2024)zkLogis: Scalable, Privacy-Enhanced, and Traceable Logistics on Public BlockchainProceedings of the 19th ACM Asia Conference on Computer and Communications Security10.1145/3634737.3637663(1406-1417)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1145/3634737.3637663
Capretto MCeresa MFndez Anta ARusso ASánchez C(2024)Improving Blockchain Scalability with the Setchain Data-TypeDistributed Ledger Technologies: Research and Practice10.1145/36269633:2(1-27)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3626963
Zhou LDiro ASaini AKaisar SHiep P(2024)Leveraging zero knowledge proofs for blockchain-based identity sharingJournal of Information Security and Applications10.1016/j.jisa.2023.10367880:COnline publication date: 17-Apr-2024
https://dl.acm.org/doi/10.1016/j.jisa.2023.103678
Leszczyna R(2024)Activity-based payments: alternative (anonymous) online payment modelInternational Journal of Information Security10.1007/s10207-024-00816-023:3(1741-1759)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10207-024-00816-0
Meng ZZhou ZZhang ZJin Y(2024)Lightweight Instance Batch Schemes Towards Prover-Efficient Decentralized Private ComputationInformation Security and Privacy10.1007/978-981-97-5101-3_4(64-83)Online publication date: 15-Jul-2024
https://dl.acm.org/doi/10.1007/978-981-97-5101-3_4
Mathialagan SPeters SVaikuntanathan V(2024)Adaptively Sound Zero-Knowledge SNARKs for UPAdvances in Cryptology – CRYPTO 202410.1007/978-3-031-68403-6_2(38-71)Online publication date: 18-Aug-2024
https://dl.acm.org/doi/10.1007/978-3-031-68403-6_2
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Index Terms

Recommendations

Z-Channel: Scalable and Efficient Scheme in Zerocash

Mastering Bitcoin: The Secret Tips on Making Money Through Bitcoin Mining and Investment

Bitcoin for Dummies: Bitcoin Secrets and Tips that Will Change Your Life in Three Weeks

Reviews

Access critical reviews of Computing literature here

Comments

Information

Published In

Publisher

Publication History

Author Tag

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations