Anonymous Revocation Scheme for Bitcoin Confusion
-
摘要: 为解决用户在混币过程中无法请求退出的问题,该文提出一种支持用户匿名撤销混币的方案。采用承诺技术将用户和其目的地址进行绑定;当用户请求退出混洗服务时,利用累加器和知识签名对承诺进行零知识证明。最后将撤销用户的混淆输出地址修改为其指定的目的地址。安全性分析表明,该方案基于双离散对数问题和强RSA假设满足退群用户匿名性,且不用修改当前比特币系统即可实施。在n(n≥10)个诚实用户参与的混淆过程中,方案允许至多n–2个用户退出混币操作。Abstract: In order to solve the problem that users can not request to exit during the bitcoin confusion process, an anonymous revocation scheme for Bitcoin confusion is proposed. The commitment is used to bind the user with its destination address. When the user requests to quit the shuffle service, a zero-knowledge proof of the commitment is made using the accumulator and the signatures of knowledge. Finally, the shuffled output address of the user who quits the service is modified to its destination address. Security analysis shows that the scheme satisfies the anonymity of the user who quits the service based on the double discrete logarithm problem and the strong RSA assumption, and can be implemented without modifying the current bitcoin system. The scheme allows at most n–2 users to exit in the confusion process of n (n≥10) honest users participation.
-
Key words:
- Privacy protection /
- Bitcoin confusion /
- Revocable
-
表 1 不同方案性能比较
表 2 不同方案理论执行时间对比
方案 加密 模乘 模指数 哈希 椭圆曲线
上的点乘CoinParty[10] ${\left( {{n^2}} \right)_{\nu \left( E \right)}}$ ${\left( {8n} \right)_{\nu \left( m \right)}}$ ${\left( {4n} \right)_{\nu \left( M \right)}}$ ${\left( {4n} \right)_{\nu \left( H \right)}}$ ${\left( {10n} \right)_{\nu \left( R \right)}}$ ZeroCoin[14] 0 ${\left( {9n} \right)_{\nu \left( m \right)}}$ ${\left( {12n} \right)_{\nu \left( M \right)}}$ ${\left( n \right)_{\nu \left( H \right)}}$ 0 CoinExit ${\left( {2{n^2}} \right)_{\nu \left( E \right)}}$ ${\left( {11n} \right)_{\nu \left( m \right)}}$ ${\left( {17n} \right)_{\nu \left( M \right)}}$ ${\left( {2n} \right)_{\nu \left( H \right)}}$ ${\left( {5n} \right)_{\nu \left( R \right)}}$ -
秦波, 陈李昌豪, 伍前红, 等. 比特币与法定数字货币[J]. 密码学报, 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172QIN Bo, CHEN Lichanghao, WU Qianhong, et al. Bitcoin and digital fiat currency[J]. Journal of Cryptologic Research, 2017, 4(2): 176–186. doi: 10.13868/j.cnki.jcr.000172 KHALILOV M C K and LEVI A. A survey on anonymity and privacy in bitcoin-like digital cash systems[J]. IEEE Communications Surveys & Tutorials, 2018, 20(4): 2543–2585. doi: 10.1109/COMST.2018.2818623 MAXWELL G. CoinJoin: Bitcoin privacy for the real world[EB/OL]. https://en.bitcoin.it/wiki/CoinJoin, 2019. BONNEAU J, NARAYANAN A, MILLER A, et al. Mixcoin: Anonymity for Bitcoin with accountable mixes[C]. The 18th International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 486–504. HEILMAN E, ALSHENIBR L, BALDIMTSI F, et al. TumbleBit: An untrusted bitcoin-compatible anonymous payment hub[C]. Network and Distributed System Security Symposium, San Diego, California, 2017. RUFFING T, MORENO-SANCHEZ P, and KATE A. CoinShuffle: Practical decentralized coin mixing for bitcoin[C]. The 19th European Symposium on Research in Computer Security, Wroclaw, Poland, 2014: 345–364. MEIKLEJOHN S, POMAROLE M, JORDAN G, et al. A fistful of bitcoins: Characterizing payments among men with no names[C]. The 2013 Association for Computing Machinery Conference on Internet Measurement Conference, Barcelona, Spain, 2013: 127–140. RUFFING T, MORENO-SANCHEZ P, and KATE A. P2P mixing and unlinkable Bitcoin transactions[C]. Network and Distributed System Security Symposium, San Diego, California, 2017. ZIEGELDORF J H, GROSSMANN F, HENZE M, et al. CoinParty: Secure multi-party mixing of bitcoins[C]. The 5th Association for Computing Machinery Conference on Data and Application Security and Privacy, San Antonio, USA, 2015: 75–86. ZIEGELDORF J H, MATZUTT R, HENZE M, et al. Secure and anonymous decentralized Bitcoin mixing[J]. Future Generation Computer Systems, 2018, 80: 448–466. doi: 10.1016/j.future.2016.05.018 张卫国, 孙嫚, 陈振华, 等. 空间位置关系的安全多方计算及其应用[J]. 电子与信息学报, 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102ZHANG Weiguo, SUN Man, CHEN Zhenhua, et al. Secure multi-party computation of spatial relationship and its application[J]. Journal of Electronics &Information Technology, 2016, 38(9): 2294–2300. doi: 10.11999/JEIT160102 SAXENA A, MISRA J, and DHAR A. Increasing anonymity in Bitcoin[C]. International Conference on Financial Cryptography and Data Security, Christ Church, Barbados, 2014: 122–139. CHURYUMOV A. Byteball: A decentralized system for storage and transfer of value[EB/OL]. https://byteball.org/Byteball.pdf, 2018. MIERS I, GARMAN C, GREEN M, et al. Zerocoin: Anonymous distributed E-cash from bitcoin[C]. 2013 IEEE Symposium on Security and Privacy, Berkeley, USA, 2013: 397–411. CAMENISCH J and LYSYANSKAYA A. Dynamic accumulators and application to efficient revocation of anonymous credentials[C]. The 22nd Annual International Cryptology Conference on Advances in Cryptology, California, USA, 2002: 61–76. CHASE M and LYSYANSKAYA A. On signatures of knowledge[C]. Annual International Cryptology Conference on Advances in Cryptology, Santa Barbara, California, USA, 2006: 78–96. IBRAHIM M H. SecureCoin: A robust secure and efficient protocol for anonymous Bitcoin ecosystem[J]. International Journal of Network Security, 2017, 19(2): 295–312. doi: 10.6633/IJNS.201703.19(2).14 SUN Shifeng, AU M H, LIU J K, et al. RingCT 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero[C]. The 22nd European Symposium on Research in Computer Security, Oslo, Norway, 2017: 456–474. CORRIGAN-GIBBS H, BONEH D, and MAZIÈRES D. Riposte: An anonymous messaging system handling millions of users[C]. IEEE Symposium on Security and Privacy, San Jose, USA, 2015: 321–338.