Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Published byBrianna Bradford Modified over 8 years ago

Similar presentations

Presentation on theme: "Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin."— Presentation transcript:

1 Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin

2 What is money?

3 Digitizing money Two ways to do it Create digital cash Create digital checks

4 Bank accounts

5 Problem: privacy Bank sees every transaction Merchants can track customers across interactions

6 Digital cash Can’t make uncopyable digital goods Can make single use currency Get a unique serial number when you withdraw money Spend it by showing an unused serial number

7 E-cash Banks signs an opaque serial number Reveal an unused serial number and signature to spend

8 E-cash schemes Chaum82: blind signatures for e-cash Chaum88: offline e-cash with double spender identification Brandis95: restricted blind signatures Camenisch05: compact offline e-cash

9 Decentralized Secure Private An ideal digital currency

10 Bitcoin A distributed digital currency system Released by Satoshi Nakamoto 2008 Market cap of 1.2 Billion USD (as of early May 2013) Effectively a bank run by an ad hoc network Digital checks A distributed transaction log

11 DecentralizedBitcoin

12 Bitcoin Secure

13 Bitcoin Decentralized Secure Private?

14 Bitcoin Decentralized Secure Private

15

16

17

18 Bitcoin: all of your information is known to the bank the merchants EVERYONE

19 Data mining and privacy Target used data mining on customer purchases to identify pregnant women and target ads at them (NYT 2012) Ended up informing a woman’s father that his teenage daughter was pregnant Imagine what credit card companies could do with the data

20 Chaum’s e-cash + Bitcoin Decentralized Secure Private

21 Bitcoin laundries Decentralized Secure Private

22 Zerocoin A distributed approach to private electronic cash Extends Bitcoin by adding an anonymous currency on top of it Zerocoins are exchangeable for bitcoins

23 What is a zerocoin? A zerocoin is: Economically: a promissory note redeemable for a bitcoin Cryptographically: an opaque envelope containing a serial number used to prevent double spending 823848273471 012983

24 Zerocoins: where do they come from? Anyone can make one Create an envelope containing a random serial number Mint a zerocoin by putting a mint transaction in the block chain which “spends” a bitcoin Spending a zerocoin gets you back a bitcoin

25 Zerocoins:...and where do they go? The “spent” bitcoins end up escrowed To spend a zerocoin, you reveal the serial number and prove it is from some zerocoin in the block chain The serial number is marked as spent in the block chain The recipient gets back a random bitcoin from the escrow pool

26 Zero-knowledge proofs Zero-knowledge [Goldwasser, Micali 1980s, and beyond] Prove knowledge of a witness satisfying a statement Specific variant: non-interactive proof of knowledge Here we prove we know: 1. The serial number of a zerocoin 2. That the coin is in the block chain

27 Performance Modified bitcoind client on 3.5GZ Intel Xeon E3- 1270V2 1024 bit commitments 1024, 2048, and 3072 bit RSA moduli

28 Obstacles and future work Scale to larger networks Reduce proof size (duh) Make divisible coins (we have a construction) Get people to believe this works

29 How does this get adopted? As part of Bitcoin? As part of an alternative currency? Where do we store the proofs? Do people care if they go away? Can you meaningfully verify anonymous transactions? How to explain Zerocoin to people?

30 Zerocoin Decentralized Secure Private zerocoin.org Ian Miers|Christina Garman|Matthew Green|Avi Rubin

Download ppt "Ian Miers, Christina Garman, Matthew Green, Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin."

Similar presentations

Zerocash Decentralized Anonymous Payments from Bitcoin

Zerocash Decentralized Anonymous Payments from Bitcoin
Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.

Recoverable and Untraceable E-Cash Dr. Joseph K. Liu The Chinese University of HongKong.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.
Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.
Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.

Slide 1 Vitaly Shmatikov CS 378 Digital Cash. slide 2 Digital Cash: Properties uDigital “payment message” with properties of cash uUnforgeable Users cannot.
Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman

Class 12 Anonymous Digital Currency CIS 755: Advanced Computer Security Spring 2014 Eugene Vasserman
Presentation by Team 4.  What Is It?—Tim Johnson  How Does it Work—Javier Navarro  Different Kinds of Cryptocurrency—Idong  Challenges—Mark Weeks.

Presentation by Team 4.  What Is It?—Tim Johnson  How Does it Work—Javier Navarro  Different Kinds of Cryptocurrency—Idong  Challenges—Mark Weeks.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
ELECTRONIC PAYMENT SYSTEMS 20-763 SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems 20-763 Lecture 11 Electronic Cash.

ELECTRONIC PAYMENT SYSTEMS SPRING 2004 COPYRIGHT © 2004 MICHAEL I. SHAMOS Electronic Payment Systems Lecture 11 Electronic Cash.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)

Electronic Voting Schemes and Other stuff. Requirements Only eligible voters can vote (once only) No one can tell how voter voted Publish who voted (?)
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.

Module 8 – Anonymous Digital Cash Blind Signatures DigiCash coins.
Electronic Payment Systems. Transaction reconciliation –Cash or check.

Electronic Payment Systems. Transaction reconciliation –Cash or check.
E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.

E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.
J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.

J. Wang. Computer Network Security Theory and Practice. Springer 2008 Chapter 4 Data Authentication Part II.
Cryptography Project David B. Robins March 2011. What are some desirable qualities? What should be used? 1.Portability 2.Durability 3.Fungibility/homogeneity.

Cryptography Project David B. Robins March What are some desirable qualities? What should be used? 1.Portability 2.Durability 3.Fungibility/homogeneity.

Similar presentations

Ads by Google