Decentralized Anonymous Micropayments
Micropayments (payments worth a few pennies) have numerous potential applications. A challenge in achieving them is that payment networks charge fees that are high compared to “micro” sums of money.
Wheeler (1996) and Rivest (1997) proposed probabilistic payments as a technique to achieve micropayments: a merchant receives a macro-value payment with a given probability so that, in expectation, he receives a micro-value payment. Despite much research and trial deployment, micropayment schemes have not seen adoption, partly because a trusted party is required to process payments and resolve disputes.
The widespread adoption of decentralized currencies such as Bitcoin (2009) suggests that decentralized micropayment schemes are easier to deploy. Pass and Shelat (2015) proposed several micropayment schemes for Bitcoin, but their schemes provide no more privacy guarantees than Bitcoin itself, whose transactions are recorded in plaintext in a public ledger.
We formulate and construct decentralized anonymous micropayment (DAM) schemes, which enable parties with access to a ledger to conduct offline probabilistic payments with one another, directly and privately. Our techniques extend those of Zerocash (2014) with a new privacy-preserving probabilistic payment protocol. One of the key ingredients of our construction is fractional message transfer (FMT), a primitive that enables probabilistic message transmission between two parties, and for which we give an efficient instantiation.
Double spending in our setting cannot be prevented. Our second contribution is an economic analysis that bounds the additional utility gain of any cheating strategy, and applies to virtually any probabilistic payment scheme with offline validation. In our construction, this bound allows us to deter double spending by way of advance deposits that are revoked when cheating is detected.
- [BCG+14]Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza. M.: Zerocash: decentralized anonymous payments from Bitcoin. In: SP 2014 (2014)Google Scholar
- [Bit13]Bitcoinj: Working with micropayment channels (2013). https://bitcoinj.github.io/working-with-micropayments
- [Blo14]Block Chain Analysis: Block chain analysis (2014). http://www.block-chain-analysis.com/
- [Cal12]Caldwell, M.: Sustainable nanopayment idea: probabilistic payments (2012). https://bitcointalk.org/index.php?topic=62558.0
- [Cha82]Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T., (eds.) CRYPTO 1982. Springer, New York (1982)Google Scholar
- [Cha15]Chainalysis: Chainalysis inc. (2015). https://chainalysis.com/
- [DFKP13]Danezis, G., Fournet, C., Kohlweiss, M., Parno, B.: Pinocchio Coin: building Zerocoin from a succinct pairing-based proof system. In: PETShop 2013 (2013)Google Scholar
- [Ell13]Elliptic: Elliptic enterprises limited (2013). https://www.elliptic.co/
- [GM16]Green, M., Miers, I.: Bolt: anonymous payment channels for decentralized currencies. ePrint 2016/701 (2016)Google Scholar
- [HAB+16]Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. ePrint 2016/575 (2016)Google Scholar
- [HKZG15]Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: Security 2015 (2015)Google Scholar
- [HS12]Hearn, M., Spilman, J.: Bitcoin contracts (2012). https://en.bitcoin.it/wiki/Contract
- [KMS+16]Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: SP 2016 (2016)Google Scholar
- [MGGR13]Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: SP 2013 (2013)Google Scholar
- [Mic14]Micali, S.: Universal payment systems (2014). https://www.youtube.com/watch?v=xgA6TO7drok
- [MPJ+13]Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of Bitcoins: characterizing payments among men with no names. In: IMC 2013 (2013)Google Scholar
- [MRK03]Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS 2003 (2003)Google Scholar
- [Nak09]Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009). http://www.bitcoin.org/bitcoin.pdf
- [PD16]Poon, J., Dryja, T.: The Bitcoin lightning network: scalable off-chain instant payments (2016). https://lightning.network/lightning-network-paper.pdf
- [PS15]Pass, R., Shelat, A.: Micropayments for decentralized currencies. In: CCS 2015 (2015)Google Scholar
- [PS16]Pass, R., Shelat, A.: Micropayments for decentralized currencies. ePrint 2016/332 (2016)Google Scholar
- [RH11]Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: SocialCom/PASSAT 2011 (2011)Google Scholar
- [RKS15]Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire!: penalizing equivocation by loss of Bitcoins. In: CCS 2015 (2015)Google Scholar
- [Yao77]Chi-Chih Yao, A.: Probabilistic computations: toward a unified measure of complexity. In: FOCS 1977 (1977)Google Scholar