A Lattice-Based Anonymous Distributed E-Cash from Bitcoin

  • Zeming Lu
  • Zoe L. JiangEmail author
  • Yulin Wu
  • Xuan Wang
  • Yantao Zhong
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11821)


Although Bitcoin was the first widely adopted cryptographic currency system, it provides a limited form of anonymity and privacy. To protect the anonymity and privacy of Bitcoin transactions, many Bitcoin-based cryptocurrency extensions were proposed. However, most of the systems with anonymity and privacy are based on traditional cryptographic algorithms, which may become insecure in the next decades due to the attack of quantum computing. In this paper, we propose a lattice-based distributed e-cash scheme protecting payer’s anonymity, which is built upon the framework of Zerocoin and lattice-based zero-knowledge argument. Firstly, payer who owes a transaction redeems it to a newly-minted coin. Secondly, to pay for the next transaction, he/she collects a set of such coins to hide his owns, which can further hide his/her identity. Thirdly, to prove that the payer has one of the coins and no attempts to double-spend have occurred, we adapt a zero-knowledge argument of membership based on a lattice-based accumulator and a commitment protocol. Finally, the security proof of the scheme are given.


Bitcoin Anonymity Lattice-based cryptocurrency Zero-knowledge argument 



This work is supported in part National Natural Science Foundation of China (No. 61872109), Guangdong Key R&D Program (No. 2019B010136001), Key Technology Program of Shenzhen, China, (No. JSGG20170824163239586).


  1. 1.
    Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999). Scholar
  2. 2.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Miller, G.L. (ed.) STOC, pp. 99–108. ACM (1996)Google Scholar
  3. 3.
    Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). Scholar
  4. 4.
    Camenisch, J., Lysyanskaya, A.: Dynamic accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). Scholar
  5. 5.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 197–206. ACM (2008)Google Scholar
  6. 6.
    Goldreich, O., Goldwasser, S., Halevi, S.: Collision-free hashing from lattice problems. In: Goldreich, O. (ed.) Studies in Complexity and Cryptography. Miscellanea on the Interplay between Randomness and Computation. LNCS, vol. 6650, pp. 30–39. Springer, Heidelberg (2011). Scholar
  7. 7.
    Herrera-Joancomartí, J.: Research and challenges on bitcoin anonymity. In: Garcia-Alfaro, J., et al. (eds.) DPM/QASA/SETOP -2014. LNCS, vol. 8872, pp. 3–16. Springer, Cham (2015). Scholar
  8. 8.
    Kawachi, A., Tanaka, K., Xagawa, K.: Concurrently secure identification schemes based on the worst-case hardness of lattice problems. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 372–389. Springer, Heidelberg (2008). Scholar
  9. 9.
    Libert, B., Ling, S., Nguyen, K., Wang, H.: Zero-knowledge arguments for lattice-based accumulators: logarithmic-size ring signatures and group signatures without trapdoors. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 1–31. Springer, Heidelberg (2016). Scholar
  10. 10.
    Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for Ad Hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). Scholar
  11. 11.
    Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008). Scholar
  12. 12.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. In: 45th Annual IEEE Symposium on Foundations of Computer Science, pp. 372–381. IEEE (2004)Google Scholar
  13. 13.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE (2013)Google Scholar
  14. 14.
    Sasson, E.B., et al.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 459–474 (2014).
  15. 15.
    Shor, J.S., Bemis, L., Kurtz, A.D., Grimberg, I., Weiss, B.Z., Macmillian, M.F., Choyke, W.J.: Characterization of nanocrystallites in porous p-type 6H-SiC. J. Appl. Phys. 76(7), 4045–4049 (1994)CrossRefGoogle Scholar
  16. 16.
    Sun, S.-F., Au, M.H., Liu, J.K., Yuen, T.H.: RingCT 2.0: a compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 456–474. Springer, Cham (2017). Scholar
  17. 17.
    Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015). Scholar
  18. 18.
    Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). Scholar
  19. 19.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 90–108. Springer, Heidelberg (2013). Scholar
  20. 20.
    Lu, X., Au, M.H., Zhang, Z.: Raptor: a practical lattice-based (linkable) ring signature. In: Deng, R.H., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds.) ACNS 2019. LNCS, vol. 11464, pp. 110–130. Springer, Cham (2019). Scholar
  21. 21.
    Yang, R., Au, M.H., Zhang, Z., Xu, Q., Yu, Z., Whyte, W.: Efficient lattice-based zero-knowledge arguments with standard soundness: construction and applications. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 147–175. Springer, Cham (2019). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Harbin Institute of TechnologyShenzhenChina
  2. 2.Cyberspace Security Research Center, Peng Cheng LaboratoryShenzhenChina
  3. 3.Shenzhen Network Security Testing Technology Co. LtdShenzhenChina

Personalised recommendations