Skip to main content
SpringerLink
Log in

Zether: Towards Privacy in a Smart Contract World

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12059))

Included in the following conference series:

Abstract

Smart contract platforms such as Ethereum and Libra provide ways to seamlessly remove trust and add transparency to various distributed applications. Yet, these platforms lack mechanisms to guarantee user privacy, even at the level of simple payments, which are essential for most smart contracts.

In this paper, we propose Zether, a trustless mechanism for privacy-preserving payments in smart contract platforms. We take an account-based approach similar to Ethereum and Libra for efficiency and usability. Zether is implemented as a smart contract that keeps account balances encrypted and exposes methods to deposit, transfer, and withdraw funds to/from accounts through cryptographic proofs at only a small cost.

We address several technical challenges to protect Zether against replay attacks and front-running situations and develop a mechanism to enable interoperability with arbitrary smart contracts, making applications like auctions, payment channels, and voting privacy-preserving. To make Zether efficient, we propose \(\varSigma \)-Bullets, a zero-knowledge proof system that is optimized for \(\varSigma \)-protocols. We implement Zether as an Ethereum smart contract and show its practicality by measuring the amount of gas used by the Zether contract. A Zether confidential transaction costs about 0.014 ETH or approximately $1.51 (as of early 2019), which can be drastically reduced with minor changes to Ethereum that we describe in the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    If y has no record on ZSC yet, then a new record is created and initialized with the aforementioned ciphertext.

  2. 2.

    One can potentially use Zether in combination with Möbius on Ethereum to get the best of both worlds. We leave this as an interesting open question.

  3. 3.

    A non-interactive one-out-of-many proof can be used to instantiate a ring-signature in which a signer reveals that she knows a private key out of.

References

  1. Abdalla, M., An, J.H., Bellare, M., Namprempre, C.: From identification to signatures via the Fiat-Shamir transform: minimizing assumptions for security and forward-security. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 418–433. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46035-7_28. (April/May 2002)

    Chapter  Google Scholar 

  2. Ben-Sasson, E., et al.: Zerocash: decentralized anonymous payments from Bitcoin. Cryptology ePrint Archive, Report 2014/349 (2014). http://eprint.iacr.org/2014/349

  3. Ben-Sasson, E., Chiesa, A., Tromer, E., Virza, M.: Succinct non-interactive zero knowledge for a von Neumann architecture. In: Proceedings of the 23rd USENIX Conference on Security Symposium, pp. 781–796. SEC 2014. USENIX Association (2014). dl.acm.org/citation.cfm?id=2671225.2671275

  4. Precompiled contracts for addition and scalar multiplication on the elliptic curve alt bn128. https://eips.ethereum.org/EIPS/eip-196

  5. Reduce alt bn128 precompile gas costs. https://eips.ethereum.org/EIPS/eip-1108

  6. Boneh, D., Shoup, V.: A Graduate Course in Applied Cryptography, Cambridge (2018). cryptobook.us

  7. Bonneau, J., Clark, J., Goldfeder, S.: On bitcoin as a public randomness source. Cryptology ePrint Archive, Report 2015/1015 (2015). http://eprint.iacr.org/2015/1015

  8. Bonneau, J., Narayanan, A., Miller, A., Clark, J., Kroll, J.A., Felten, E.W.: Mixcoin: Anonymity for Bitcoin with accountable mixes. Cryptology ePrint Archive, Report 2014/077 (2014). http://eprint.iacr.org/2014/077

  9. Bootle, J., Cerulli, A., Chaidos, P., Ghadafi, E., Groth, J., Petit, C.: Short accountable ring signatures based on DDH. Cryptology ePrint Archive, Report 2015/643 (2015). http://eprint.iacr.org/2015/643

  10. Bowe, S., Chiesa, A., Green, M., Miers, I., Mishra, P., Wu, H.: Zexe: Enabling decentralized private computation. Cryptology ePrint Archive, Report 2018/962 (2018). https://eprint.iacr.org/2018/962

  11. Bünz, B., Agrawal, S., Zamani, M., Boneh, D.: Zether: Towards privacy in a smart contract world. Cryptology ePrint Archive, Report 2019/191 (2019). https://eprint.iacr.org/2019/191

  12. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: 2018 IEEE Symposium on Security and Privacy, pp. 315–334. IEEE Computer Society Press, May 2018

    Google Scholar 

  13. Buterin, V.: Thoughts on UTXOs (2016). https://medium.com/@ConsenSys/thoughts-on-utxo-by-vitalik-buterin-2bb782c67e53

  14. Buterin, V., Griffith, V.: Casper the friendly finality gadget. CoRR abs/1710.09437 (2017). arxiv.org/abs/1710.09437

  15. Camenisch, J., Lysyanskaya, A.: Dynamic Accumulators and application to efficient revocation of anonymous credentials. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 61–76. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_5. (August 2002)

    Chapter  Google Scholar 

  16. Cecchetti, E., Zhang, F., Ji, Y., Kosba, A.E., Juels, A., Shi, E.: Solidus: confidential distributed ledger transactions via PVORM. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 17, pp. 701–717. ACM Press, October/November 2017

    Google Scholar 

  17. Cheng, R., et al.: Ekiden: A platform for confidentiality-preserving, trustworthy, and performant smart contract execution. CoRR abs/1804.05141 (2018). arxiv.org/abs/1804.05141

  18. Cramer, R., Damgård, I.: Zero-knowledge proofs for finite field arithmetic, or: can zero-knowledge be for free? In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 424–441. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055745. (August 1998)

    Chapter  Google Scholar 

  19. Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_9. (May 1997)

    Chapter  Google Scholar 

  20. Curve25519-ristretto. https://ristretto.group/

  21. Dåmgard, I.: On sigma protocols. https://www.cs.au.dk/~ivan/Sigma.pdf

  22. Danezis, G., Meiklejohn, S.: Centrally banked cryptocurrencies. In: NDSS 2016. The Internet Society, February 2016

    Google Scholar 

  23. Ethereum Project: Blockchain App Platform. https://www.ethereum.org/

  24. Ethereum Gasstation. https://ethgasstation.info/calculatorTxV.php

  25. Fauzi, P., Meiklejohn, S., Mercer, R., Orlandi, C.: Quisquis: a new design for anonymous cryptocurrencies. Cryptology ePrint Archive, Report 2018/990 (2018). https://eprint.iacr.org/2018/990

  26. Gennaro, R., Gentry, C., Parno, B., Raykova, M.: Quadratic span programs and succinct NIZKs without PCPs. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 626–645. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-38348-9_37. (May 2013)

    Chapter  Google Scholar 

  27. Grin. https://grin-tech.org/

  28. Groth, J., Kohlweiss, M.: One-out-of-many proofs: or how to leak a secret and spend a coin. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 253–280. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_9. (April 2015)

    Chapter  Google Scholar 

  29. Heilman, E., Alshenibr, L., Baldimtsi, F., Scafuro, A., Goldberg, S.: Tumblebit: an untrusted bitcoin-compatible anonymous payment hub. In: NDSS 2017. The Internet Society, February/March 2017

    Google Scholar 

  30. Kosba, A.E., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. In: 2016 IEEE Symposium on Security and Privacy, pp. 839–858. IEEE Computer Society Press, May 2016

    Google Scholar 

  31. Kurosawa, K.: Multi-recipient public-key encryption with shortened ciphertext. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 48–63. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45664-3_4. (February 2002)

    Chapter  MATH  Google Scholar 

  32. Total Market Capitalization. https://coinmarketcap.com/charts

  33. Maxwell, G.: Coinjoin: Bitcoin privacy for the real world (2013). https://bitcointalk.org/?topic=279249

  34. Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt

  35. Meiklejohn, S., Mercer, R.: Möbius: trustless tumbling for transaction privacy. PoPETs 2018(2), 105–121 (2018)

    Google Scholar 

  36. Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed E-cash from Bitcoin. In: 2013 IEEE Symposium on Security and Privacy, pp. 397–411. IEEE Computer Society Press, May 2013

    Google Scholar 

  37. Narula, N., Vasquez, W., Virza, M.: zkLedger: privacy-preserving auditing for distributed ledgers. In: 15th USENIX Symposium on Networked Systems Design and Implementation, NSDI 2018, Renton, WA, USA, 9–11 April 2018, pp. 65–80 (2018)

    Google Scholar 

  38. Noether, S.: Ring signature confidential transactions for Monero. Cryptology ePrint Archive, Report 2015/1098 (2015). http://eprint.iacr.org/2015/1098

  39. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9. dl.acm.org/citation.cfm?id=646756.705507

    Chapter  Google Scholar 

  40. Pippenger, N.: On the evaluation of powers and monomials. SIAM J. Comput. 9(2), 230–250 (1980)

    Article  MathSciNet  Google Scholar 

  41. Poelstra, A.: Mimblewimble (2016). https://scalingbitcoin.org/papers/mimblewimble.pdf

  42. Announcing the world’s largest multi-party computation ceremony. https://www.zfnd.org/blog/powers-of-tau/

  43. PRECOMPILED CALL opcode (Remove CALL costs for precompiled contracts). https://eips.ethereum.org/EIPS/eip-1109

  44. Ruffing, T., Moreno-Sanchez, P., Kate, A.: CoinShuffle: practical decentralized coin mixing for bitcoin. In: Kutyłowski, M., Vaidya, J. (eds.) ESORICS 2014. LNCS, vol. 8713, pp. 345–364. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11212-1_20. (September 2014)

    Chapter  Google Scholar 

  45. Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 688–689. Springer, Heidelberg (1990). https://doi.org/10.1007/3-540-46885-4_68. (abstract) (rump session), (April 1990)

    Chapter  Google Scholar 

  46. Secp256k1. https://en.bitcoin.it/wiki/Secp256k1

  47. Solidity webpage. https://solidity.readthedocs.io

  48. Szabo, N.: Smart contracts: building blocks for digital markets. EXTROPY: J. Transhumanist Thought 16 (1996)

    Google Scholar 

  49. Zamfir, V.: Casper the friendly ghost: a correct by construction blockchain consensus protocol (2017). https://github.com/ethereum/research/blob/master/papers/CasperTFG/CasperTFG.pdf

  50. Zcash: Privacy-protecting digital currency. https://z.cash/

  51. zcash Documentation. https://media.readthedocs.org/pdf/zcash/english-docs/zcash.pdf

Download references

Author information

Authors and Affiliations

  1. Stanford University, Stanford, CA, USA

    Benedikt Bünz & Dan Boneh

  2. Visa Research, Palo Alto, CA, USA

    Shashank Agrawal & Mahdi Zamani

Authors
  1. Benedikt Bünz
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashank Agrawal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahdi Zamani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dan Boneh
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Benedikt Bünz .

Editor information

Editors and Affiliations

  1. New York University, New York City, NY, USA

    Joseph Bonneau

  2. University of California, La Jolla, CA, USA

    Nadia Heninger

Rights and permissions

Reprints and permissions

Copyright information

© 2020 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bünz, B., Agrawal, S., Zamani, M., Boneh, D. (2020). Zether: Towards Privacy in a Smart Contract World. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-51280-4_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-51279-8

  • Online ISBN: 978-3-030-51280-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation