Skip to main content
SpringerLink
Log in

Switch Commitments: A Safety Switch for Confidential Transactions

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10323))

Included in the following conference series:

Abstract

Cryptographic agility is the ability to switch to larger cryptographic parameters or different algorithms in the case of security doubts. This very desirable property of cryptographic systems is inherently difficult to achieve in cryptocurrencies due to their permanent state in the blockchain: for example, if it turns out that the employed signature scheme is insecure, a switch to a different scheme can only protect the outputs of future transactions but cannot fix transaction outputs already recorded in the blockchain, exposing owners of the corresponding money to risk of theft. This situation is even worse with Confidential Transactions, a recent privacy-enhancing proposal to hide transacted monetary amounts in homomorphic commitments. If an attacker manages to break the computational binding property of a commitment, he can create money out of thin air, jeopardizing the security of the entire currency. The obvious solution is to use statistically or perfectly binding commitment schemes but they come with performance drawbacks due to the need for less efficient range proofs.

In this paper, our aim is to overcome this dilemma. We introduce switch commitments, which constitute a cryptographic middle ground between computationally binding and statistically binding commitments. The key property of this novel primitive is the possibility to switch existing commitments, e.g., recorded in the blockchain, from computational bindingness to statistical bindingness if doubts in the underlying hardness assumption arise. This switch trades off efficiency for security. We provide a practical and simple construction of switch commitments by proving that ElGamal commitments with a restricted message space are secure switch commitments. The combination of switch commitments and statistically sound range proofs yields an instantiation of Confidential Transactions that can be switched to be resilient against post-quantum attackers trying to inflate the currency.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The ElGamal commitment is actually even perfectly binding. We stick to the more general statistical property in this work.

  2. 2.

    In fact, the value supported by CT is expressed by a floating point number, with the exponent being public and only the mantissa hidden in the commitment [6, 9]. We ignore the public exponent in our description, because it does not affect our treatment. The valid range of values for the mantissa is \([0,2^{32}-1]\), i.e., \(d=2^{32}-1\) satoshis (currency units).

References

  1. Andreev, O.: Confidential Assets (2017). https://github.com/chain/chain/blob/confidential-spec/docs/protocol/specifications/ca.md#value-range-proof, http://www.webcitation.org/6qUEe3dKc

  2. Bao, F., Deng, R.H., Zhu, H.F.: Variations of Diffie-Hellman problem. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 301–312. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39927-8_28

    Chapter  Google Scholar 

  3. Certicom Research: Sec 1: Elliptic curve cryptography. http://www.secg.org/download/aid-780/sec1-v2.pdf

  4. Elements Project: Alpha sidechain. https://www.elementsproject.org/sidechains/alpha/

  5. ElGamal, T.: A public key cryptosystem and a signature scheme based on discrete logarithms. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 10–18. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_2

    Chapter  Google Scholar 

  6. Gibson, A.: An investigation into confidential transactions (2016). http://diyhpl.us/~bryan/papers2/bitcoin/An%20investigation%20into%20Confidential%20Transactions%20-%20Adam%20Gibson%20-%202016.pdf, http://www.webcitation.org/6qUF8XYmP

  7. Harnik, D., Naor, M.: On everlasting security in the hybrid bounded storage model. In: ICALP 2006 (2006)

    Google Scholar 

  8. Maxwell, G., Poelstra, A.: Borromean ring signatures (2015). https://github.com/Blockstream/borromean_paper/raw/master/borromean_draft_0.01_9ade1e49.pdf, http://www.webcitation.org/6qUFVS2Ux

  9. Maxwell, G.: Confidential transactions (2015). https://people.xiph.org/~greg/confidential_values.txt, http://www.webcitation.org/6qUFGwJah

  10. Moran, T., Naor, M.: Receipt-free universally-verifiable voting with everlasting privacy. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 373–392. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_22

    Chapter  Google Scholar 

  11. Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger (2016). http://www.ledgerjournal.org/ojs/index.php/ledger/article/view/34

  12. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    Google Scholar 

  13. Poelstra, A., Back, A., Friedenbach, M., Maxwell, G., Wuille, P.: Confidential assets. In: BITCOIN 2017. Springer, Cham (2017). https://fc17.ifca.ai/bitcoin/papers/bitcoin17-final41.pdf

  14. Unruh, D.: Everlasting multi-party computation. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 380–397. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_22

    Chapter  Google Scholar 

  15. Unruh, D.: Post-quantum security of Fiat-Shamir. Cryptology ePrint Archive, Report 2017/398 (2017). https://eprint.iacr.org/2017/398

Download references

Acknowledgements

We thank the anonymous reviewers for their helpful comments and suggestions. This work was supported by the German Ministry for Education and Research (BMBF) through funding for the Center for IT-Security, Privacy and Accountability (CISPA) and the German Universities Excellence Initiative.

Author information

Authors and Affiliations

  1. Saarland University, Saarbrücken, Germany

    Tim Ruffing

  2. Friedrich-Alexander University, Erlangen-Nürnberg, Germany

    Giulio Malavolta

Authors
  1. Tim Ruffing
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giulio Malavolta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tim Ruffing .

Editor information

Editors and Affiliations

  1. Leibniz Universität Hannover, Hannover, Germany

    Michael Brenner

  2. New Jersey Institute of Technology, Newark, New Jersey, USA

    Kurt Rohloff

  3. New York University, New York, New York, USA

    Joseph Bonneau

  4. University of Illinois at Urbana-Champaign, Urbana, Illinois, USA

    Andrew Miller

  5. University of Luxembourg, Luxembourg, Luxembourg

    Peter Y.A. Ryan

  6. University of Melbourne, Parkville, Victoria, Australia

    Vanessa Teague

  7. University of Stirling, Stirling, United Kingdom

    Andrea Bracciali

  8. University of Trento, Trento, Italy

    Massimiliano Sala

  9. University of Trento, Trento, Italy

    Federico Pintore

  10. Agari Inc., San Mateo, California, USA

    Markus Jakobsson

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ruffing, T., Malavolta, G. (2017). Switch Commitments: A Safety Switch for Confidential Transactions. In: Brenner, M., et al. Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10323. Springer, Cham. https://doi.org/10.1007/978-3-319-70278-0_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70278-0_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70277-3

  • Online ISBN: 978-3-319-70278-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation