AuthorsP. Fauzi, S. Meiklejohn, R. Mercer and C. Orlandi
EditorsS. D. Galbraith and S. Moriai
TitleQuisquis: A New Design for Anonymous Cryptocurrencies
Project(s)Simula UiB
Publication TypeProceedings, refereed
Year of Publication2019
Conference NameAdvances in Cryptology – ASIACRYPT 2019
Pagination649 - 678
PublisherSpringer International Publishing
Place PublishedCham
ISBN Number978-3-030-34577-8
ISSN Number0302-9743
Keywordscryptocurrencies, cryptographic protocols / anonymity, Zero knowledge

Despite their usage of pseudonyms rather than persistent identifiers, most existing cryptocurrencies do not provide users with any meaningful levels of privacy. This has prompted the creation of privacy-enhanced cryptocurrencies such as Monero and Zcash, which are specifically designed to counteract the tracking analysis possible in currencies like Bitcoin. These cryptocurrencies, however, also suffer from some drawbacks: in both Monero and Zcash, the set of potential unspent coins is always growing, which means users cannot store a concise representation of the blockchain. Additionally, Zcash requires a common reference string and the fact that addresses are reused multiple times in Monero has led to attacks to its anonymity.

In this paper we propose a new design for anonymous cryptocurrencies, Quisquis, that achieves provably secure notions of anonymity. Quisquis stores a relatively small amount of data, does not require trusted setup, and in Quisquis each address appears on the blockchain at most twice: once when it is generated as output of a transaction, and once when it is spent as input to a transaction. Our result is achieved by combining a DDH-based tool (that we call updatable keys) with efficient zero-knowledge arguments.

Citation Key27143