Zerocash Paper

Zerocash: Decentralized Anonymous Payments from Bitcoin |

Eli Ben-Sasson Alessandro Chiesa Christina Garman Matthew Green
Ian Miers Eran Tromer Madars Virza

IEEE Symposium on Security and Privacy (Oakland) 2014|PDF

Bitcoin is the first digital currency to see widespread adoption. While payments are conducted between pseudonyms, Bitcoin cannot offer strong privacy guarantees: payment transactions are recorded in a public decentralized ledger, from which much information can be deduced. Zerocoin(Miers et al., IEEE S&P 2013) tackles some of these privacy issues by unlinking transactions from the payment’s origin. Yet, it still reveals payments’ destinations and amounts, and is limited in functionality. In this paper, we construct a full-fledged ledger-based digital currency with strong privacy guarantees. Our results leverage recent advances in zero-knowledge Succinct Non-interactive ARguments of Knowledge (zk-SNARKs). First, we formulate and construct decentralized anonymous payment schemes (DAP schemes). A DAP scheme enables users to directly pay each other privately: the corresponding transaction hides the payment’s origin, destination, and transferred amount. We provide formal definitions and proofs of the construction’s security.Second, we build Zerocash, a practical instantiation of our DAP scheme construction. In Zerocash, transactions are less than 1 kB and take under 6 ms to verify — orders of magnitude >more efficient than the less-anonymous Zerocoin and competitive with plain Bitcoin.

Zerocoin Paper

Zerocoin: Anonymous Distributed E-Cash from Bitcoin

Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin

IEEE Symposium on Security and Privacy (Oakland) 2013 | PDF| Abstract:

Bitcoin is the first e-cash system to see widespread adoption. While Bitcoin offers the potential for new types of financial interaction, it has significant limitations regarding privacy. Specifically, because the Bitcoin transaction log is completely public, users’ privacy is protected only through the use of pseudonyms. In this paper we propose Zerocoin, a cryptographic extension to Bitcoin that augments the protocol to allow for fully anonymous currency transactions. Our system uses standard cryptographic assumptions and does not introduce new trusted parties or otherwise change the security model of Bitcoin. We detail Zerocoin’s cryptographic construction, its integration into Bitcoin, and examine its performance both in terms of computation and impact on the Bitcoin protocol.

Zerocash Paper

Selected Press

Talks

  • May 19, 2013: Universal and affordable computational integrity

    Given at Bitcoin 2013 by Eli Ben-Sasson (video).

    The talk covers, at high level, the idea of “succinct” (short and easy-to-verify) proofs.

  • January 13, 2014: Anonymizing Cryptocurrencies: How to make Bitcoin Anonymous

    Given at the 2014 Real-World Cryptography Workshop by Matthew Green (video).

    The talk covers Zerocoin and (an early version of) Zerocash.

  • February 27, 2014: Zerocash: Zerocoin meets SCIPR Lab

    Given at the 2014 Bitcoin Israel Conference by Eli Ben-Sasson (video).

    The talk covers the Zerocash construction.

  • March 26, 2014: Zerocash: מטבע דיגיטלי משמר פרטיות (Privacy-Preserving Digital Currency)

    Given at the 2014 Israel Science Day by Eran Tromer.

    A brief overview of Zerocash, in Hebrew, to the general public.

  • April 22, 2014: Zerocash: Zerocoin meets SCIPR Lab

    Given at the Israel Bitcoin Foundation by Eli Ben-Sasson (video).

    The talk covers the Zerocash construction.

  • May 20, 2014: Zerocash: Decentralized Anonymous Payments from Bitcoin

    To be given at the 2014 IEEE Symposium on Security and Privacy.

    The short talk will cover the Zerocash system at a high level, from a technical perspective.

  • May 21, 2013 Ian Miers @ IEEE Symposium on Security and Privacy Sadly no video as far as we know. Slides KEYNOTE | PDF| POWERPOINT

  • May 19, 2013 Ian Miers @ Bitcoin 2013 Less technical version of the IEEE talk above. Slides KEYNOTE | PDF| POWERPOINT

  • May 4, 2013 Matthew Green @ Microsoft Research See for video. Slides KEYNOTE| PDF | POWERPOINT