Quisquis: A New Design for Anonymous Cryptocurrencies

  • Prastudy FauziEmail author
  • Sarah Meiklejohn
  • Rebekah Mercer
  • Claudio Orlandi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11921)


Despite their usage of pseudonyms rather than persistent identifiers, most existing cryptocurrencies do not provide users with any meaningful levels of privacy. This has prompted the creation of privacy-enhanced cryptocurrencies such as Monero and Zcash, which are specifically designed to counteract the tracking analysis possible in currencies like Bitcoin. These cryptocurrencies, however, also suffer from some drawbacks: in both Monero and Zcash, the set of potential unspent coins is always growing, which means users cannot store a concise representation of the blockchain. Additionally, Zcash requires a common reference string and the fact that addresses are reused multiple times in Monero has led to attacks to its anonymity.

In this paper we propose a new design for anonymous cryptocurrencies, Quisquis, that achieves provably secure notions of anonymity. Quisquis stores a relatively small amount of data, does not require trusted setup, and in Quisquis each address appears on the blockchain at most twice: once when it is generated as output of a transaction, and once when it is spent as input to a transaction. Our result is achieved by combining a DDH-based tool (that we call updatable keys) with efficient zero-knowledge arguments.



Sarah Meiklejohn was supported in part by EPSRC Grant EP/N028104/1. Most of this work was done while the other three authors were working at Aarhus University and were supported by: the Concordium Blockhain Research Center, Aarhus University, Denmark; the Carlsberg Foundation under the Semper Ardens Research Project CF18-112 (BCM); the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme under grant agreement No 803096 (SPEC); the Danish Independent Research Council under Grant-ID DFF-6108-00169 (FoCC); the European Union’s Horizon 2020 research and innovation programme under grant agreement No 731583 (SODA).


  1. 1.
  2. 2.
  3. 3.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). Scholar
  4. 4.
    Backes, M., Hanzlik, L., Kluczniak, K., Schneider, J.: Signatures with flexible public key: a unified approach to privacy-preserving signatures. IACR ePrint Archive, Report 2018/191.
  5. 5.
    Bayer, S., Groth, J.: Efficient zero-knowledge argument for correctness of a shuffle. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 263–280. Springer, Heidelberg (2012). Scholar
  6. 6.
    Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from Bitcoin. In: 2014 IEEE Symposium on Security and Privacy, Berkeley, CA, USA, 18–21 May 2014, pp. 459–474. IEEE Computer Society Press (2014)Google Scholar
  7. 7.
    Bissias, G., Ozisik, A.P., Levine, B.N., Liberatore, M.: Sybil-resistant mixing for Bitcoin. In: Proceedings of the 13th Workshop on Privacy in the Electronic Society, pp. 149–158. ACM (2014)Google Scholar
  8. 8.
    Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: anonymity for Bitcoin with accountable mixes. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 486–504. Springer, Heidelberg (2014). Scholar
  9. 9.
    Bowe, S., Gabizon, A., Green, M.: A multi-party protocol for constructing the public parameters of the Pinocchio zk-SNARK. In: Proceedings of the 5th Workshop on Bitcoin and Blockchain Research (2018)Google Scholar
  10. 10.
    Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: towards privacy in a smart contract world.
  11. 11.
    Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. IACR Cryptology ePrint Archive 2017, 1066 (2017)Google Scholar
  12. 12.
    Delgado-Segura, S., Pérez-Solà, C., Navarro-Arribas, G., Herrera-Joancomartí, J.: Analysis of the Bitcoin UTXO set. In: Zohar, A., et al. (eds.) FC 2018. LNCS, vol. 10958, pp. 78–91. Springer, Heidelberg (2019). Scholar
  13. 13.
    Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C.: Quisquis: a new design for anonymous cryptocurrencies.
  14. 14.
    Fleischhacker, N., Krupp, J., Malavolta, G., Schneider, J., Schröder, D., Simkin, M.: Efficient unlinkable sanitizable signatures from signatures with re-randomizable keys. In: Cheng, C.-M., Chung, K.-M., Persiano, G., Yang, B.-Y. (eds.) PKC 2016. LNCS, vol. 9614, pp. 301–330. Springer, Heidelberg (2016). Scholar
  15. 15.
    Fuchsbauer, G., Orrù, M., Seurin, Y.: Aggregate cash systems: a cryptographic investigation of mimblewimble. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 657–689. Springer, Cham (2019). Scholar
  16. 16.
    Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. In: Proceedings of NDSS 2017 (2017)Google Scholar
  17. 17.
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: Proceedings of the USENIX Security Symposium (2017)Google Scholar
  18. 18.
    Hinteregger, A., Haslhofer, B.: An empirical analysis of Monero cross-chain traceability. CoRR, abs/1812.02808 (2018)Google Scholar
  19. 19.
    Kappos, G., Yousaf, H., Maller, M., Meiklejohn, S.: An empirical analysis of anonymity in Zcash. In: Enck, W., Felt, A.P. (eds.) 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15–17 August 2018, pp. 463–477. USENIX Association (2018)Google Scholar
  20. 20.
    Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of Monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). Scholar
  21. 21.
    Lerner, S.D.: AppeCoin: practical anonymous peer-to-peer e-cash system.
  22. 22.
    Malavolta, G., Schröder, D.: Efficient ring signatures in the standard model. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 128–157. Springer, Cham (2017). Scholar
  23. 23.
    Maxwell, G.: CoinJoin: Bitcoin privacy for the real world. In: Post on Bitcoin Forum (2013)Google Scholar
  24. 24.
    Meiklejohn, S., Mercer, R.: Möbius: trustless tumbling for transaction privacy. In: Proceedings on Privacy Enhancing Technologies (2018)CrossRefGoogle Scholar
  25. 25.
    Meiklejohn, S., Orlandi, C.: Privacy-enhancing overlays in Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 127–141. Springer, Heidelberg (2015). Scholar
  26. 26.
    Meiklejohn, S., et al.: A fistful of Bitcoins: characterizing payments among. men with no names. In: Proceedings of the 2013 Internet Measurement Conference, pp. 127–140. ACM (2013)Google Scholar
  27. 27.
    Miller, A., Möser, M., Lee, K., Narayanan, A.: An empirical analysis of linkability in the Monero blockchain. In: Proceedings on Privacy Enhancing Technologies (2018)Google Scholar
  28. 28.
    Moreno-Sanchez, P., Zafar, M.B., Kate, A.: Listening to whispers of Ripple: linking wallets and deanonymizing transactions in the Ripple network. In: Proceedings on Privacy Enhancing Technologies 2016, vol. 4, pp. 436–453 (2016)CrossRefGoogle Scholar
  29. 29.
    Möser, M., Böhme, R., Breuker, D.: An inquiry into money laundering tools in the Bitcoin ecosystem. In: Proceedings of the APWG E-Crime Researchers Summit (2013)Google Scholar
  30. 30.
    Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System (2008).
  31. 31.
    Noether, S., Mackenzie, A., et al.: Ring confidential transactions. Ledger 1, 1–18 (2016)CrossRefGoogle Scholar
  32. 32.
  33. 33.
    Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks, pp. 197–223. Springer, New York (2013)CrossRefGoogle Scholar
  34. 34.
    Ron, D., Shamir, A.: Quantitative analysis of the Full Bitcoin Transaction Graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013). Scholar
  35. 35.
    Ruffing, T., Moreno-Sanchez, P.: ValueShuffle: mixing confidential transactions for comprehensive transaction privacy in Bitcoin. In: Brenner, M., et al. (eds.) FC 2017. LNCS, vol. 10323, pp. 133–154. Springer, Cham (2017). Scholar
  36. 36.
    Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for Bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). Scholar
  37. 37.
    Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). Scholar
  38. 38.
    Valenta, L., Rowan, B.: Blindcoin: blinded, accountable mixes for Bitcoin. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 112–126. Springer, Heidelberg (2015). Scholar
  39. 39.
    Waters, B.R., Felten, E.W., Sahai, A.: Receiver anonymity via incomparable public keys. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM CCS 2003, Washington D.C., USA, 27–30 October 2003, pp. 112–121. ACM Press (2003)Google Scholar
  40. 40.
    Yu, Z., Au, M.H., Yu, J., Yang, R., Xu, Q., Lau, W.F.: New empirical traceability analysis of CryptoNote-style blockchains. In: Goldberg, I., Moore, T. (eds.) Financial Cryptography and Data Security, FC 2019. LNCS, vol. 11598, pp. 133–149. Springer, Cham (2019). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Prastudy Fauzi
    • 1
    Email author
  • Sarah Meiklejohn
    • 2
  • Rebekah Mercer
    • 3
  • Claudio Orlandi
    • 4
  1. 1.Simula UiBBergenNorway
  2. 2.University College LondonLondonUK
  3. 3.O(1) LabsSan FranciscoUSA
  4. 4.Department of Computer Science, DIGITAarhus UniversityAarhusDenmark

Personalised recommendations