Abstract
Smart contract platforms such as Ethereum and Libra provide ways to seamlessly remove trust and add transparency to various distributed applications. Yet, these platforms lack mechanisms to guarantee user privacy, even at the level of simple payments, which are essential for most smart contracts.
In this paper, we propose Zether, a trustless mechanism for privacy-preserving payments in smart contract platforms. We take an account-based approach similar to Ethereum and Libra for efficiency and usability. Zether is implemented as a smart contract that keeps account balances encrypted and exposes methods to deposit, transfer, and withdraw funds to/from accounts through cryptographic proofs at only a small cost.
We address several technical challenges to protect Zether against replay attacks and front-running situations and develop a mechanism to enable interoperability with arbitrary smart contracts, making applications like auctions, payment channels, and voting privacy-preserving. To make Zether efficient, we propose \(\varSigma \)-Bullets, a zero-knowledge proof system that is optimized for \(\varSigma \)-protocols. We implement Zether as an Ethereum smart contract and show its practicality by measuring the amount of gas used by the Zether contract. A Zether confidential transaction costs about 0.014 ETH or approximately $1.51 (as of early 2019), which can be drastically reduced with minor changes to Ethereum that we describe in the paper.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
If y has no record on ZSC yet, then a new record is created and initialized with the aforementioned ciphertext.
- 2.
One can potentially use Zether in combination with Möbius on Ethereum to get the best of both worlds. We leave this as an interesting open question.
- 3.
A non-interactive one-out-of-many proof can be used to instantiate a ring-signature in which a signer reveals that she knows a private key out of.
References
Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_28. (April/May 2002)
Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from Bitcoin. Cryptology ePrint Archive, Report 2014/349 (2014). http://eprint.iacr.org/2014/349
Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 781–796. SEC 2014. USENIX Association (2014). dl.acm.org/citation.cfm?id=2671225.2671275
Precompiled contracts for addition and scalar multiplication on the elliptic curve alt bn128. https://eips.ethereum.org/EIPS/eip-196
Reduce alt bn128 precompile gas costs. https://eips.ethereum.org/EIPS/eip-1108
Boneh, D., Shoup, V.: A Graduate Course in Applied Cryptography, Cambridge (2018). cryptobook.us
Bonneau, J., Clark, J., Goldfeder, S.: On bitcoin as a public randomness source. Cryptology ePrint Archive, Report 2015/1015 (2015). http://eprint.iacr.org/2015/1015
Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: Anonymity for Bitcoin with accountable mixes. Cryptology ePrint Archive, Report 2014/077 (2014). http://eprint.iacr.org/2014/077
Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J., Petit, C.: Short accountable ring signatures based on DDH. Cryptology ePrint Archive, Report 2015/643 (2015). http://eprint.iacr.org/2015/643
Bowe, S., Chiesa, A., Green, M., Miers, I., Mishra, P., Wu, H.: Zexe: Enabling decentralized private computation. Cryptology ePrint Archive, Report 2018/962 (2018). https://eprint.iacr.org/2018/962
Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: Towards privacy in a smart contract world. Cryptology ePrint Archive, Report 2019/191 (2019). https://eprint.iacr.org/2019/191
Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press, May 2018
Buterin, V.: Thoughts on UTXOs (2016). https://medium.com/@ConsenSys/thoughts-on-utxo-by-vitalik-buterin-2bb782c67e53
Buterin, V., Griffith, V.: Casper the friendly finality gadget. CoRR abs/1710.09437 (2017). arxiv.org/abs/1710.09437
Camenisch, J., Lysyanskaya, A.: Dynamic Accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_5. (August 2002)
Cecchetti, E., Zhang, F., Ji, Y., Kosba, A.E., Juels, A., Shi, E.: Solidus: confidential distributed ledger transactions via PVORM. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17, pp. 701–717. ACM Press, October/November 2017
Cheng, R., et al.: Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contract execution. CoRR abs/1804.05141 (2018). arxiv.org/abs/1804.05141
Cramer, R., Damgård, I.: Zero-knowledge proofs for finite field arithmetic, or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055745. (August 1998)
Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_9. (May 1997)
Curve25519-ristretto. https://ristretto.group/
Dåmgard, I.: On sigma protocols. https://www.cs.au.dk/~ivan/Sigma.pdf
Danezis, G., Meiklejohn, S.: Centrally banked cryptocurrencies. In: NDSS 2016. The Internet Society, February 2016
Ethereum Project: Blockchain App Platform. https://www.ethereum.org/
Ethereum Gasstation. https://ethgasstation.info/calculatorTxV.php
Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C.: Quisquis: a new design for anonymous cryptocurrencies. Cryptology ePrint Archive, Report 2018/990 (2018). https://eprint.iacr.org/2018/990
Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37. (May 2013)
Grin. https://grin-tech.org/
Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253–280. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_9. (April 2015)
Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: Tumblebit: an untrusted bitcoin-compatible anonymous payment hub. In: NDSS 2017. The Internet Society, February/March 2017
Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839–858. IEEE Computer Society Press, May 2016
Kurosawa, K.: Multi-recipient public-key encryption with shortened ciphertext. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 48–63. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_4. (February 2002)
Total Market Capitalization. https://coinmarketcap.com/charts
Maxwell, G.: Coinjoin: Bitcoin privacy for the real world (2013). https://bitcointalk.org/?topic=279249
Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt
Meiklejohn, S., Mercer, R.: Möbius: trustless tumbling for transaction privacy. PoPETs 2018(2), 105–121 (2018)
Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed E-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE Computer Society Press, May 2013
Narula, N., Vasquez, W., Virza, M.: zkLedger: privacy-preserving auditing for distributed ledgers. In: 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018, Renton, WA, USA, 9–11 April 2018, pp. 65–80 (2018)
Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). http://eprint.iacr.org/2015/1098
Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9. dl.acm.org/citation.cfm?id=646756.705507
Pippenger, N.: On the evaluation of powers and monomials. SIAM J. Comput. 9(2), 230–250 (1980)
Poelstra, A.: Mimblewimble (2016). https://scalingbitcoin.org/papers/mimblewimble.pdf
Announcing the world’s largest multi-party computation ceremony. https://www.zfnd.org/blog/powers-of-tau/
PRECOMPILED CALL opcode (Remove CALL costs for precompiled contracts). https://eips.ethereum.org/EIPS/eip-1109
Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_20. (September 2014)
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 688–689. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_68. (abstract) (rump session), (April 1990)
Secp256k1. https://en.bitcoin.it/wiki/Secp256k1
Solidity webpage. https://solidity.readthedocs.io
Szabo, N.: Smart contracts: building blocks for digital markets. EXTROPY: J. Transhumanist Thought 16 (1996)
Zamfir, V.: Casper the friendly ghost: a correct by construction blockchain consensus protocol (2017). https://github.com/ethereum/research/blob/master/papers/CasperTFG/CasperTFG.pdf
Zcash: Privacy-protecting digital currency. https://z.cash/
zcash Documentation. https://media.readthedocs.org/pdf/zcash/english-docs/zcash.pdf
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 International Financial Cryptography Association
About this paper
Cite this paper
Bünz, B., Agrawal, S., Zamani, M., Boneh, D. (2020). Zether: Towards Privacy in a Smart Contract World. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_23
Download citation
DOI: https://doi.org/10.1007/978-3-030-51280-4_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-51279-8
Online ISBN: 978-3-030-51280-4
eBook Packages: Computer ScienceComputer Science (R0)