Decentralized Anonymous Micropayments

  • Alessandro Chiesa
  • Matthew Green
  • Jingcheng Liu
  • Peihan Miao
  • Ian Miers
  • Pratyush Mishra
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10211)


Micropayments (payments worth a few pennies) have numerous potential applications. A challenge in achieving them is that payment networks charge fees that are high compared to “micro” sums of money.

Wheeler (1996) and Rivest (1997) proposed probabilistic payments as a technique to achieve micropayments: a merchant receives a macro-value payment with a given probability so that, in expectation, he receives a micro-value payment. Despite much research and trial deployment, micropayment schemes have not seen adoption, partly because a trusted party is required to process payments and resolve disputes.

The widespread adoption of decentralized currencies such as Bitcoin (2009) suggests that decentralized micropayment schemes are easier to deploy. Pass and Shelat (2015) proposed several micropayment schemes for Bitcoin, but their schemes provide no more privacy guarantees than Bitcoin itself, whose transactions are recorded in plaintext in a public ledger.

We formulate and construct decentralized anonymous micropayment (DAM) schemes, which enable parties with access to a ledger to conduct offline probabilistic payments with one another, directly and privately. Our techniques extend those of Zerocash (2014) with a new privacy-preserving probabilistic payment protocol. One of the key ingredients of our construction is fractional message transfer (FMT), a primitive that enables probabilistic message transmission between two parties, and for which we give an efficient instantiation.

Double spending in our setting cannot be prevented. Our second contribution is an economic analysis that bounds the additional utility gain of any cheating strategy, and applies to virtually any probabilistic payment scheme with offline validation. In our construction, this bound allows us to deter double spending by way of advance deposits that are revoked when cheating is detected.


  1. [BBSU12]
    Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better — how to make bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-32946-3_29 CrossRefGoogle Scholar
  2. [BCG+14]
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza. M.: Zerocash: decentralized anonymous payments from Bitcoin. In: SP 2014 (2014)Google Scholar
  3. [Bit13]
    Bitcoinj: Working with micropayment channels (2013).
  4. [Blo14]
    Block Chain Analysis: Block chain analysis (2014).
  5. [BM89]
    Bellare, M., Micali, S.: Non-interactive oblivious transfer and applications. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 547–557. Springer, New York (1990). doi: 10.1007/0-387-34805-0_48 CrossRefGoogle Scholar
  6. [BP15]
    Biryukov, A., Pustogarov, I.: Proof-of-work as anonymous micropayment: rewarding a tor relay. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 445–455. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-47854-7_27 CrossRefGoogle Scholar
  7. [BR99]
    Bellare, M., Rivest, R.L.: Translucent cryptography - an alternative to key escrow, and its implementation via fractional oblivious transfer. J. Cryptology 12(2), 117–139 (1999)CrossRefzbMATHGoogle Scholar
  8. [Cal12]
    Caldwell, M.: Sustainable nanopayment idea: probabilistic payments (2012).
  9. [Cha82]
    Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R.L., Sherman, A.T., (eds.) CRYPTO 1982. Springer, New York (1982)Google Scholar
  10. [Cha15]
    Chainalysis: Chainalysis inc. (2015).
  11. [CHL05]
    Camenisch, J., Hohenberger, S., Lysyanskaya, A.: Compact e-cash. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 302–321. Springer, Heidelberg (2005). doi: 10.1007/11426639_18 CrossRefGoogle Scholar
  12. [DFKP13]
    Danezis, G., Fournet, C., Kohlweiss, M., Parno, B.: Pinocchio Coin: building Zerocoin from a succinct pairing-based proof system. In: PETShop 2013 (2013)Google Scholar
  13. [DW15]
    Decker, C., Wattenhofer, R.: A fast and scalable payment network with Bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). doi: 10.1007/978-3-319-21741-3_1 CrossRefGoogle Scholar
  14. [Elg85]
    Elgamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Inf. Theor. 31(4), 469–472 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  15. [Ell13]
    Elliptic: Elliptic enterprises limited (2013).
  16. [GM16]
    Green, M., Miers, I.: Bolt: anonymous payment channels for decentralized currencies. ePrint 2016/701 (2016)Google Scholar
  17. [HAB+16]
    Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: TumbleBit: an untrusted Bitcoin-compatible anonymous payment hub. ePrint 2016/575 (2016)Google Scholar
  18. [HKZG15]
    Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on Bitcoin’s peer-to-peer network. In: Security 2015 (2015)Google Scholar
  19. [HS12]
    Hearn, M., Spilman, J.: Bitcoin contracts (2012).
  20. [KMS+16]
    Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. In: SP 2016 (2016)Google Scholar
  21. [LO98]
    Lipton, R.J., Ostrovsky, R.: Micro-payments via efficient coin-flipping. In: Hirchfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 1–15. Springer, Heidelberg (1998). doi: 10.1007/BFb0055469 CrossRefGoogle Scholar
  22. [MB15]
    Möser, M., Böhme, R.: Trends, tips, tolls: a longitudinal study of bitcoin transaction fees. In: Brenner, M., Christin, N., Johnson, B., Rohloff, K. (eds.) FC 2015. LNCS, vol. 8976, pp. 19–33. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48051-9_2 CrossRefGoogle Scholar
  23. [MGGR13]
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from Bitcoin. In: SP 2013 (2013)Google Scholar
  24. [Mic14]
    Micali, S.: Universal payment systems (2014).
  25. [MPJ+13]
    Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G.M., Savage, S.: A fistful of Bitcoins: characterizing payments among men with no names. In: IMC 2013 (2013)Google Scholar
  26. [MR02]
    Micali, S., Rivest, R.L.: Micropayments revisited. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 149–163. Springer, Heidelberg (2002). doi: 10.1007/3-540-45760-7_11 CrossRefGoogle Scholar
  27. [MRK03]
    Micali, S., Rabin, M.O., Kilian, J.: Zero-knowledge sets. In: FOCS 2003 (2003)Google Scholar
  28. [Nak09]
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009).
  29. [PD16]
    Poon, J., Dryja, T.: The Bitcoin lightning network: scalable off-chain instant payments (2016).
  30. [Ped91]
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). doi: 10.1007/3-540-46766-1_9 Google Scholar
  31. [PS15]
    Pass, R., Shelat, A.: Micropayments for decentralized currencies. In: CCS 2015 (2015)Google Scholar
  32. [PS16]
    Pass, R., Shelat, A.: Micropayments for decentralized currencies. ePrint 2016/332 (2016)Google Scholar
  33. [RH11]
    Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: SocialCom/PASSAT 2011 (2011)Google Scholar
  34. [Riv97]
    Rivest, R.L.: Electronic lottery tickets as micropayments. In: Hirschfeld, R. (ed.) FC 1997. LNCS, vol. 1318, pp. 307–314. Springer, Heidelberg (1997). doi: 10.1007/3-540-63594-7_87 CrossRefGoogle Scholar
  35. [Riv04]
    Rivest, R.L.: Peppercoin micropayments. In: Juels, A. (ed.) FC 2004. LNCS, vol. 3110, pp. 2–8. Springer, Heidelberg (2004). doi: 10.1007/978-3-540-27809-2_2 CrossRefGoogle Scholar
  36. [RKS15]
    Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire!: penalizing equivocation by loss of Bitcoins. In: CCS 2015 (2015)Google Scholar
  37. [RS13]
    Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 6–24. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-39884-1_2 CrossRefGoogle Scholar
  38. [ST99]
    Sander, T., Ta-Shma, A.: Auditable, anonymous electronic cash. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 555–572. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_35 Google Scholar
  39. [vOR+03]
    Someren, N., Odlyzko, A., Rivest, R., Jones, T., Goldie-Scot, D.: Does anyone really need micropayments? In: Wright, R.N. (ed.) FC 2003. LNCS, vol. 2742, pp. 69–76. Springer, Heidelberg (2003). doi: 10.1007/978-3-540-45126-6_5 CrossRefGoogle Scholar
  40. [Whe96]
    Wheeler, D.: Transactions using bets. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 89–92. Springer, Heidelberg (1997). doi: 10.1007/3-540-62494-5_7 CrossRefGoogle Scholar
  41. [Yao77]
    Chi-Chih Yao, A.: Probabilistic computations: toward a unified measure of complexity. In: FOCS 1977 (1977)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Alessandro Chiesa
    • 1
  • Matthew Green
    • 2
  • Jingcheng Liu
    • 1
  • Peihan Miao
    • 1
  • Ian Miers
    • 2
  • Pratyush Mishra
    • 1
  1. 1.UC BerkeleyBerkeleyUSA
  2. 2.Johns Hopkins UniversityBaltimoreUSA

Personalised recommendations