File Download
There are no files associated with this item.
Links for fulltext
(May Require Subscription)
- Publisher Website: 10.1007/978-3-030-58951-6_29
- Scopus: eid_2-s2.0-85091600726
- Find via
Supplementary
-
Citations:
- Scopus: 0
- Appears in Collections:
Conference Paper: PGC: Decentralized Confidential Payment System with Auditability
Title | PGC: Decentralized Confidential Payment System with Auditability |
---|---|
Authors | |
Keywords | cryptocurrencies decentralized payment system confidential transactions auditable twisted ElGamal |
Issue Date | 2020 |
Publisher | Springer. |
Citation | The 25th European Symposium on Research in Computer Security (ESORICS) 2020, Guildford, UK, 14-18 September 2020. In Chen, L ... (et al) (eds), Computer Security – ESORICS 2020, Proceedings, pt. 1, p. 591-610 How to Cite? |
Abstract | Modern cryptocurrencies such as Bitcoin and Ethereum achieve decentralization by replacing a
trusted center with a distributed and append-only ledger (known as blockchain). However, removing
this trusted center comes at significant cost of privacy due to the public nature of blockchain. Many
existing cryptocurrencies fail to provide transaction anonymity and confidentiality, meaning that
addresses of sender, receiver and transfer amount are publicly accessible. As the privacy concerns
grow, a number of academic work have sought to enhance privacy by leveraging cryptographic tools.
Though strong privacy is appealing, it might be abused in some cases. In decentralized payment
systems, anonymity poses great challenges to system’s auditability, which is a crucial property for
scenarios that require regulatory compliance and dispute arbitration guarantee.
Aiming for a middle ground between privacy and auditability, we introduce the notion of decentralized confidential payment (DCP) system with auditability. In addition to offering transaction
confidentiality, DCP supports privacy-preserving audit in which an external party can specify a
set of transactions and then request the participant to prove their compliance with a large class
of policies. We present a generic construction of auditable DCP system from integrated signature
and encryption scheme and non-interactive zero-knowledge proof systems. We then instantiate our
generic construction by carefully designing the underlying building blocks, yielding a standalone
cryptocurrency called PGC. In PGC, the setup is transparent, transactions are less than 1.3KB and
take under 38ms to generate and 15ms to verify.
At the core of PGC is an additively homomorphic public-key encryption scheme that we introduce,
twisted ElGamal, which is not only as secure as standard exponential ElGamal, but also friendly to
Sigma protocols and range proofs. This enables us to easily devise zero-knowledge proofs for basic
correctness of transactions as well as various application-dependent policies in a modular fashion.
Moreover, it is very efficient. Compared with the most efficient reported implementation of Paillier
PKE, twisted ElGamal is an order of magnitude better in key and ciphertext size and decryption
speed (for small message space), two orders of magnitude better in encryption speed. We believe
twisted ElGamal is of independent interest on its own right. Along the way of designing and reasoning
zero-knowledge proofs for PGC, we also obtain two interesting results. One is weak forking lemma
which is a useful tool to prove computational knowledge soundness. The other is a trick to prove
no-knowledge of discrete logarithm, which is a complement of standard proof of discrete logarithm
knowledge. |
Description | Track A: Network security part 2 ESORICS 2020 took place virtually due to COVID-19 |
Persistent Identifier | http://hdl.handle.net/10722/284136 |
ISBN | |
ISSN | 2023 SCImago Journal Rankings: 0.606 |
Series/Report no. | Lecture Notes in Computer Science (LNCS) ; v. 12308 |
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Chen, Y | - |
dc.contributor.author | Ma, X | - |
dc.contributor.author | Tang, C | - |
dc.contributor.author | Au, AMH | - |
dc.date.accessioned | 2020-07-20T05:56:22Z | - |
dc.date.available | 2020-07-20T05:56:22Z | - |
dc.date.issued | 2020 | - |
dc.identifier.citation | The 25th European Symposium on Research in Computer Security (ESORICS) 2020, Guildford, UK, 14-18 September 2020. In Chen, L ... (et al) (eds), Computer Security – ESORICS 2020, Proceedings, pt. 1, p. 591-610 | - |
dc.identifier.isbn | 978-3-030-58950-9 | - |
dc.identifier.issn | 0302-9743 | - |
dc.identifier.uri | http://hdl.handle.net/10722/284136 | - |
dc.description | Track A: Network security part 2 | - |
dc.description | ESORICS 2020 took place virtually due to COVID-19 | - |
dc.description.abstract | Modern cryptocurrencies such as Bitcoin and Ethereum achieve decentralization by replacing a trusted center with a distributed and append-only ledger (known as blockchain). However, removing this trusted center comes at significant cost of privacy due to the public nature of blockchain. Many existing cryptocurrencies fail to provide transaction anonymity and confidentiality, meaning that addresses of sender, receiver and transfer amount are publicly accessible. As the privacy concerns grow, a number of academic work have sought to enhance privacy by leveraging cryptographic tools. Though strong privacy is appealing, it might be abused in some cases. In decentralized payment systems, anonymity poses great challenges to system’s auditability, which is a crucial property for scenarios that require regulatory compliance and dispute arbitration guarantee. Aiming for a middle ground between privacy and auditability, we introduce the notion of decentralized confidential payment (DCP) system with auditability. In addition to offering transaction confidentiality, DCP supports privacy-preserving audit in which an external party can specify a set of transactions and then request the participant to prove their compliance with a large class of policies. We present a generic construction of auditable DCP system from integrated signature and encryption scheme and non-interactive zero-knowledge proof systems. We then instantiate our generic construction by carefully designing the underlying building blocks, yielding a standalone cryptocurrency called PGC. In PGC, the setup is transparent, transactions are less than 1.3KB and take under 38ms to generate and 15ms to verify. At the core of PGC is an additively homomorphic public-key encryption scheme that we introduce, twisted ElGamal, which is not only as secure as standard exponential ElGamal, but also friendly to Sigma protocols and range proofs. This enables us to easily devise zero-knowledge proofs for basic correctness of transactions as well as various application-dependent policies in a modular fashion. Moreover, it is very efficient. Compared with the most efficient reported implementation of Paillier PKE, twisted ElGamal is an order of magnitude better in key and ciphertext size and decryption speed (for small message space), two orders of magnitude better in encryption speed. We believe twisted ElGamal is of independent interest on its own right. Along the way of designing and reasoning zero-knowledge proofs for PGC, we also obtain two interesting results. One is weak forking lemma which is a useful tool to prove computational knowledge soundness. The other is a trick to prove no-knowledge of discrete logarithm, which is a complement of standard proof of discrete logarithm knowledge. | - |
dc.language | eng | - |
dc.publisher | Springer. | - |
dc.relation.ispartof | The 25th European Symposium on Research in Computer Security (ESORICS 2020) | - |
dc.relation.ispartofseries | Lecture Notes in Computer Science (LNCS) ; v. 12308 | - |
dc.subject | cryptocurrencies | - |
dc.subject | decentralized payment system | - |
dc.subject | confidential transactions | - |
dc.subject | auditable | - |
dc.subject | twisted ElGamal | - |
dc.title | PGC: Decentralized Confidential Payment System with Auditability | - |
dc.type | Conference_Paper | - |
dc.identifier.email | Au, AMH: manhoau@hku.hk | - |
dc.identifier.authority | Au, AMH=rp02638 | - |
dc.description.nature | link_to_subscribed_fulltext | - |
dc.identifier.doi | 10.1007/978-3-030-58951-6_29 | - |
dc.identifier.scopus | eid_2-s2.0-85091600726 | - |
dc.identifier.hkuros | 310889 | - |
dc.identifier.issue | pt. 1 | - |
dc.identifier.spage | 591 | - |
dc.identifier.epage | 610 | - |
dc.identifier.eissn | 1611-3349 | - |
dc.publisher.place | Cham | - |
dc.identifier.issnl | 0302-9743 | - |