TY - GEN
T1 - A Lattice-Based Anonymous Distributed E-Cash from Bitcoin
AU - Lu, Zeming
AU - Jiang, Zoe L.
AU - Wu, Yulin
AU - Wang, Xuan
AU - Zhong, Yantao
N1 - Publisher Copyright:
© 2019, Springer Nature Switzerland AG.
PY - 2019
Y1 - 2019
N2 - Although Bitcoin was the first widely adopted cryptographic currency system, it provides a limited form of anonymity and privacy. To protect the anonymity and privacy of Bitcoin transactions, many Bitcoin-based cryptocurrency extensions were proposed. However, most of the systems with anonymity and privacy are based on traditional cryptographic algorithms, which may become insecure in the next decades due to the attack of quantum computing. In this paper, we propose a lattice-based distributed e-cash scheme protecting payer’s anonymity, which is built upon the framework of Zerocoin and lattice-based zero-knowledge argument. Firstly, payer who owes a transaction redeems it to a newly-minted coin. Secondly, to pay for the next transaction, he/she collects a set of such coins to hide his owns, which can further hide his/her identity. Thirdly, to prove that the payer has one of the coins and no attempts to double-spend have occurred, we adapt a zero-knowledge argument of membership based on a lattice-based accumulator and a commitment protocol. Finally, the security proof of the scheme are given.
AB - Although Bitcoin was the first widely adopted cryptographic currency system, it provides a limited form of anonymity and privacy. To protect the anonymity and privacy of Bitcoin transactions, many Bitcoin-based cryptocurrency extensions were proposed. However, most of the systems with anonymity and privacy are based on traditional cryptographic algorithms, which may become insecure in the next decades due to the attack of quantum computing. In this paper, we propose a lattice-based distributed e-cash scheme protecting payer’s anonymity, which is built upon the framework of Zerocoin and lattice-based zero-knowledge argument. Firstly, payer who owes a transaction redeems it to a newly-minted coin. Secondly, to pay for the next transaction, he/she collects a set of such coins to hide his owns, which can further hide his/her identity. Thirdly, to prove that the payer has one of the coins and no attempts to double-spend have occurred, we adapt a zero-knowledge argument of membership based on a lattice-based accumulator and a commitment protocol. Finally, the security proof of the scheme are given.
KW - Anonymity
KW - Bitcoin
KW - Lattice-based cryptocurrency
KW - Zero-knowledge argument
UR - https://www.scopus.com/pages/publications/85075759274
U2 - 10.1007/978-3-030-31919-9_16
DO - 10.1007/978-3-030-31919-9_16
M3 - 会议稿件
AN - SCOPUS:85075759274
SN - 9783030319182
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 275
EP - 287
BT - Provable Security - 13th International Conference, ProvSec 2019, Proceedings
A2 - Steinfeld, Ron
A2 - Yuen, Tsz Hon
PB - Springer
T2 - 13th International Conference on Provable and Practical Security, ProvSec 2019
Y2 - 1 October 2019 through 4 October 2019
ER -