The public blockchain lacks user privacy due to the possibility of link- ing transactions and disclosing related information. Recent works experi- ment with advanced cryptography, in particular Zero-Knowledge proofs (ZK- proofs) can be supplied within a transaction to prove its validity, without revealing sensitive information. We analyze solutions that adopt ZK-proofs, such as Confidential Transactions (CTs). Several challenges emerge depend- ing on both the zero-knowledge system and the balance model considered. ZK-proofs need to be trustless, i.e., zero-knowledge systems that do not in- troduce additional trust are required. Moreover, CTs do not fully exploit the potential of ZK-proofs, since each transaction comes with one or more proofs for a single transfer. This leads to higher blockchain space when the proofs are stored in blocks, and higher fees when the proofs are verified by blockchain maintainers. On the other hand, the account model is the most flexible for addressing security challenges. As the first contribution of this thesis, we present ZeroMT, a novel multi- transfer private payment scheme for account-based blockchains. Our ap- proach develops a payment model that supports multiple payees within a single transaction. This also benefits scalability: ZeroMT enriches the CTs with the aggregation property, i.e., the batch verification of multiple transfers from a single and aggregate proof. We show that our cryptographic scheme in the extended model provides privacy for users and preserves the security requirements of CTs solutions. We provide an implementation and evaluation of ZeroMT, showing the benefits of aggregating multiple transfers in terms of transaction cost savings. Despite the trustless nature of our ZK-proofs, a computationally expensive sub-component is highlighted, that is the Inner- Product Argument (IPA). In the final part of this thesis, we reconcile the IPA with the new compressed Σ-Protocol theory and propose the compressed Σ-IPA. Our new argument system achieves computational costs reduced by a factor of 2 compared to the original IPA.
Trustless zero-knowledge proofs in public blockchain
SCALA, EMANUELE
2024
Abstract
The public blockchain lacks user privacy due to the possibility of link- ing transactions and disclosing related information. Recent works experi- ment with advanced cryptography, in particular Zero-Knowledge proofs (ZK- proofs) can be supplied within a transaction to prove its validity, without revealing sensitive information. We analyze solutions that adopt ZK-proofs, such as Confidential Transactions (CTs). Several challenges emerge depend- ing on both the zero-knowledge system and the balance model considered. ZK-proofs need to be trustless, i.e., zero-knowledge systems that do not in- troduce additional trust are required. Moreover, CTs do not fully exploit the potential of ZK-proofs, since each transaction comes with one or more proofs for a single transfer. This leads to higher blockchain space when the proofs are stored in blocks, and higher fees when the proofs are verified by blockchain maintainers. On the other hand, the account model is the most flexible for addressing security challenges. As the first contribution of this thesis, we present ZeroMT, a novel multi- transfer private payment scheme for account-based blockchains. Our ap- proach develops a payment model that supports multiple payees within a single transaction. This also benefits scalability: ZeroMT enriches the CTs with the aggregation property, i.e., the batch verification of multiple transfers from a single and aggregate proof. We show that our cryptographic scheme in the extended model provides privacy for users and preserves the security requirements of CTs solutions. We provide an implementation and evaluation of ZeroMT, showing the benefits of aggregating multiple transfers in terms of transaction cost savings. Despite the trustless nature of our ZK-proofs, a computationally expensive sub-component is highlighted, that is the Inner- Product Argument (IPA). In the final part of this thesis, we reconcile the IPA with the new compressed Σ-Protocol theory and propose the compressed Σ-IPA. Our new argument system achieves computational costs reduced by a factor of 2 compared to the original IPA.| File | Dimensione | Formato | |
|---|---|---|---|
|
07_19_24 - Scala Emanuele.pdf
Open Access dal 20/01/2025
Dimensione
1.73 MB
Formato
Adobe PDF
|
1.73 MB | Adobe PDF | Visualizza/Apri |
I documenti in UNITESI sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
https://hdl.handle.net/20.500.14242/210668
URN:NBN:IT:UNICAM-210668