Presentation is loading. Please wait.

Presentation is loading. Please wait.

Zerocash: Decentralized Anonymized Payments from Bitcoins

Published byLidia Kulesza Modified over 5 years ago

Similar presentations

Presentation on theme: "Zerocash: Decentralized Anonymized Payments from Bitcoins"— Presentation transcript:

1 Zerocash: Decentralized Anonymized Payments from Bitcoins
Andrew Morris

2 Zerocash The concept was developed by: Eli Ben-Sason, Alessandro Chieso, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza Zerocash was presented at the 2014 IEEE Symposium on Security and Privacy. You may remember our guest lecturer, Matthew, whose startup is attempting to capitalize on mining ZCash.

3 Brief History of Digital Monies
1980s- Digital Cash in the Netherlands Late 80’s- Chaum’s Digicash- blinded transactions, but legally bound to central banks E-gold- Backed by central authority, victim of post 9/11 Bitcoin

4 Zerocoin Developed by many of the same authors as this paper
Logical predecessor to Zerocash Introduced zk-Snarks to verify the validity of coins Made steps towards achieving total anonymity and privacy, but was ultimately impractical Transactions were cumbersome TX’s needed to be atomic No way to send Zerocoin to users

5 zk-SNark Zero-Knowledge Succinct Non-Interactive Arguments of Knowledge Essentially, this allows any user, public or private to verify the correctness of a computation without actually performing the computation, or knowing what computation was executed. Used in both Zerocoin and Zerocash to authenticate coins

6 Goals Part of the goals of the Zerocash team was to build a practical anonymous and private currency, essentially elevating Zerocoin to the next level

7 Zerocash vs. ZCash Zerocash is the underlying cryptographic protocol that makes ZCash possible, while ZCash is built primarily on the back of Zerocash, ZCash has added some marginal differences. It is worthwhile to note that all of the aforementioned authors of the Zerocash paper are developers on the ZCash team. (ZCash)

8 Understanding the Issue with BTC
Not Anonymous! Easily traceable using blockchain analysis of the public ledger Legitimate users have a concern for privacy “But there are tumblers” !?!?

9 Tumblers/Mixers How Tumblers/Mixers work
Issues that can/have arisen from Tumblers Is this really a solution?

10 Zerocash Zerocash aims to be a solution to the issue of the lack of anonymity in BTC. In doing so, Zerocash aims to achieve two primary goals: Allow for anonymous TX of variable amounts And hide TX amounts and the values of coins held by users. In Zerocash, this is accomplished by using a Decentralized Anonymous Payment system.

11 Backbone of Zerocash Zerocash is conceptually backed by the Decentralized Anonymized Payment Scheme What is DAP? Sits atop the Bitcoin ledger 6 Concrete Steps

12 Step 1: User anonymity with fixed value coins
Conceptually developed with fixed value coins (atomic BTC only) Process of theoretically minting a coin by depositing to a backed escrow account > Left with coin “c” How do you spend “c”? “C” is validated by a combination of serial number and zk-SNARK proof to establish “c” exists in the mint zk-SNARK= zero knowledge Succint non-interactive ARguments of Knowledge?

13 Step 2: Compressing the list of Coin Committments
The “mint” in step 1 is linear- list like By using collision resistant hash function, CRH, we can change the way time and space is compiled. From linear ----> logarithmic With a merkle tree (mint) depth of 64, there are 2^64 coins available A total of e+19 coins

14 Step 3: Extending coins for Direct Anonymous Payments
Up to now, our model is theoretically sound and anonymous, but highly impractical. To remedy this we add addresses (targets for payments) and the ability to derive non atomic coins Coins are spent using the “pour” operation

15 Step 4: Sending Coins Makes use of a key pair for private key encryption by adding public keys and secret keys to the addresses. (addr-pk,addr-sk) Example send TX: 1: User1 wishes to send coins to User 2, begins by encrypting cypher text © using User2’s pk 2: User1 includes © in the POUR TX, User 2 can scan the ledger and then decrypt © with their SK

16 Step 5: Public Outputs How do we go from Zerocash to Bitcoin?
Modify the POUR transaction to include a public output The string info. Included helps to determine the destination of the funds

17 Step 6: Non-Malleability
How do we prevent the double spend problem and other malicious users? We add a digital signature scheme to the POUR TX Utilizes Collision Resistant Hashing and a high-entropy system, wherein the signed values change frequently

18 CRH based Merkle Tree

19 Are we Secure? Must satisfy three requirements- ledger indistinguishability, transaction non- malleability, and balance

20 Implementation?

Download ppt "Zerocash: Decentralized Anonymized Payments from Bitcoins"

Similar presentations

Zerocash Decentralized Anonymous Payments from Bitcoin

Zerocash Decentralized Anonymous Payments from Bitcoin
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
ZeroCash: ZeroCoin meets SCIPR-lab Eli Ben-Sasson (Technion), Joint work with Alessandro Chiesa (MIT), Christina Garman (JHU), Matthew Green (JHU), Ian.

ZeroCash: ZeroCoin meets SCIPR-lab Eli Ben-Sasson (Technion), Joint work with Alessandro Chiesa (MIT), Christina Garman (JHU), Matthew Green (JHU), Ian.
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.

Secure Digital Currency: Bitcoin Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See the.
Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.

Digital Cash Present By Kevin, Hiren, Amit, Kai. What is Digital Cash?  A payment message bearing a digital signature which functions as a medium of.
Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.

Ian Miers Christina Garman | Matthew Green | Avi Rubin Zerocoin: Anonymous Distributed E-Cash from Bitcoin.
Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.

Bitcoin. What is Bitcoin? A P2P network for electronic payments Benefits: – Low fees – No middlemen – No central authority – Can be anonymous – Each payment.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.

Introduction to Modern Cryptography, Lecture 13 Money Related Issues ($$$) and Odds and Ends.
Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.

Your Presenter Amer Sharaf Electronic Payments: Where do we go from here? ByMarkus Jakobsson David Mraihi Yiannis Tsiounis Moti Yung.
Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.

Digital Cash Damodar Nagapuram. Overview ► Monetary Freedom ► Digital Cash and its importance ► Achieving Digital Cash ► Disadvantages with digital cash.
ELI BEN-SASSON, ALESSANDRO CHIESA, ERAN TROMER AND MADARS VIRZA USENIX SECURITY SYMPOSIUM 2014 Succinct Non-Interactive Zero Knowledge for a von Neumann.

ELI BEN-SASSON, ALESSANDRO CHIESA, ERAN TROMER AND MADARS VIRZA USENIX SECURITY SYMPOSIUM 2014 Succinct Non-Interactive Zero Knowledge for a von Neumann.
Electronic Payment Systems. Transaction reconciliation –Cash or check.

Electronic Payment Systems. Transaction reconciliation –Cash or check.
E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.

E-Money / Digital Cash Lin Huang. Money / Digital Cash What is Money –Coins, Bill – can’t exist on two places at one time –Bearer bonds: immediate cashable.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.

The world’s first decentralized digital currency Meni Rosenfeld Bitcoil 29/11/2012Written by Meni Rosenfeld1.
Bitcoin (what, why and how?)

Bitcoin (what, why and how?)
Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.

Lecture 8 e-money. Today Secure Electronic Transaction (SET) CyberCash On line payment system using e-money ECash NetCash MilliCent CyberCoin.

Similar presentations

Ads by Google