Skip to main content
Springer Nature Link
Log in

DLSAG: Non-interactive Refund Transactions for Interoperable Payment Channels in Monero

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2020)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12059))

Included in the following conference series:

Abstract

Monero has emerged as one of the leading cryptocurrencies with privacy by design. However, this comes at the price of reduced expressiveness and interoperability as well as severe scalability issues. First, Monero is restricted to coin exchanges among individual addresses and no further functionality is supported. Second, transactions are authorized by linkable ring signatures, a digital signature scheme used in Monero, hindering thereby the interoperability with virtually all the rest of cryptocurrencies that support different digital signature schemes. Third, Monero transactions require an on-chain footprint larger than other cryptocurrencies, leading to a rapid ledger growth and thus scalability issues.

This work extends Monero expressiveness and interoperability while mitigating its scalability issues. We present Dual Linkable Spontaneous Anonymous Group Signature for Ad Hoc Groups (DLSAG), a linkable ring signature scheme that enables for the first time non-interactive refund transactions natively in Monero: DLSAG can seamlessly be implemented along with other cryptographic tools already available in Monero such as commitments and range proofs. We formally prove that DLSAG provides the same security and privacy notions introduced in the original linkable ring signature  [29] namely, unforgeability, signer ambiguity, and linkability. We have evaluated DLSAG and showed that it imposes even slightly lower computation and similar communication overhead than the current digital signature scheme in Monero, demonstrating its practicality. We further show how to leverage DLSAG to enable off-chain scalability solutions in Monero such as payment channels and payment-channel networks as well as atomic swaps and interoperable payments with virtually all cryptocurrencies available today. DLSAG is currently being discussed within the Monero community as an option for adoption as a key building block for expressiveness, interoperability, and scalability.

A. Blue—Independent Researcher.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Monero in fact uses a matrix version of LSAG (MLSAG)  [37] to prove balance without revealing spent ring members. We describe here the simplest LSAG version but our constructions can be trivially extended to support matrix version.

  2. 2.

    The One-More Discrete Logarithm hardness assumption is defined in  [13].

References

  1. Cryptonote currencies. https://cryptonote.org/coins

  2. https://coinmarketcap.com/, https://coinmarketcap.com/

  3. Libsodium documentation. https://libsodium.gitbook.io/doc/

  4. Monero monthly blockchain growth. https://moneroblocks.info/stats/blockchain-growth

  5. Payment channels. https://en.bitcoin.it/wiki/Payment_channels

  6. Raiden network. https://raiden.network/

  7. Research meeting, 17:00 UTC, 18 March 2019. https://github.com/monero-project/meta/issues/319

  8. Understanding the structure of Monero’s LMDB and how explore its contents using mdb\_stat. https://monero.stackexchange.com/questions/10919/understanding-the-structure-of-moneros-lmdb-and-how-explore-its-contents-using

  9. What is Fungibility? https://www.investopedia.com/terms/f/fungibility.asp

  10. DLSAG prototype numbers (2019). https://github.com/levduc/DLSAG-prototype-number

  11. Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in Bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_4

    Chapter  Google Scholar 

  12. Barber, S., Boyen, X., Shi, E., Uzun, E.: Bitter to better—how to make Bitcoin a better currency. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 399–414. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-32946-3_29

    Chapter  Google Scholar 

  13. Bellare, Namprempre, Pointcheval, Semanko: The one-more-RSA-inversion problems and the security of Chaum’s blind signature scheme. J. Cryptology 16(3), 185–215 (2003). https://doi.org/10.1007/s00145-002-0120-1

  14. Bender, A., Katz, J., Morselli, R.: Ring signatures: stronger definitions, and constructions without random oracles. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 60–79. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_4

    Chapter  Google Scholar 

  15. Bowe, S., Hopwood, D.: Hashed time-locked contract transactions (2017). https://github.com/bitcoin/bips/blob/master/bip-0199.mediawiki

  16. Bünz, B., Bootle, J., Boneh, D., Poelstra, A., Wuille, P., Maxwell, G.: Bulletproofs: short proofs for confidential transactions and more. In: S&P, pp. 315–334 (2018)

    Google Scholar 

  17. Chase, M., et al.: Post-quantum zero-knowledge and signatures from symmetric-key primitives (2017). https://eprint.iacr.org/2017/279

  18. Croman, K., et al.: On scaling decentralized blockchains. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 106–125. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_8

    Chapter  Google Scholar 

  19. Decker, C., Wattenhofer, R.: A fast and scalable payment network with Bitcoin duplex micropayment channels. In: Pelc, A., Schwarzmann, A.A. (eds.) SSS 2015. LNCS, vol. 9212, pp. 3–18. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-21741-3_1

    Chapter  Google Scholar 

  20. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theor. 22(6), 644–654 (2006)

    Article  MathSciNet  Google Scholar 

  21. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  22. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems. JACM 38(3), 691–729 (1991)

    Article  MathSciNet  Google Scholar 

  23. Goodell, B., Noether, S.: Thring signatures and their applications to spender-ambiguous digital currencies. Cryptology ePrint Archive, Report 2018/774, 2018. https://eprint.iacr.org/2018/774

  24. Green, M., Miers, I.: Bolt: Anonymous payment channels for decentralized currencies. In: CCS, pp. 473–489 (2017)

    Google Scholar 

  25. Khalil, R., Gervais, A.: Revive: rebalancing off-blockchain payment networks. In: CCS, pp. 439–453 (2017)

    Google Scholar 

  26. Koshy, P., Koshy, D., McDaniel, P.: An analysis of anonymity in Bitcoin using P2P network traffic. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 469–485. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_30

    Chapter  Google Scholar 

  27. Kumar, A., Fischer, C., Tople, S., Saxena, P.: A traceability analysis of Monero’s blockchain. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 153–173. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_9

    Chapter  Google Scholar 

  28. Libert, B., Peters, T., Qian, C.: Logarithmic-size ring signatures with tight security from the DDH assumption. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 288–308. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_15

    Chapter  Google Scholar 

  29. Liu, J.K., Wei, V.K., Wong, D.S.: Linkable spontaneous anonymous group signature for Ad Hoc groups. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 325–335. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-27800-9_28

    Chapter  Google Scholar 

  30. Malavolta, G., Moreno-Sanchez, P., Kate, A., Maffei, M., Ravi, S.: Concurrency and privacy with payment-channel networks. In: CCS, pp. 455–471 (2017)

    Google Scholar 

  31. Malavolta, G., Moreno-Sanchez, P., Schneidewind, C., Kate, A., Maffei, M.: Anonymous multi-hop locks for blockchain scalability and interoperability. In: NDSS, January 2019

    Google Scholar 

  32. Maxwell, G., Poelstra, A., Seurin, Y., Wuille, P.: Simple schnorr multi-signatures with applications to Bitcoin. Cryptology ePrint Archive, Report 2018/068, 2018. https://eprint.iacr.org/2018/068

  33. Meiklejohn, S., et al.: A fistful of Bitcoins: characterizing payments among men with no names (IMC 2013). In: IMC, pp. 127–140 (2013)

    Google Scholar 

  34. Moreno-Sanchez, P., Randomrun, Le, D.V., Noether, S., Goodell, B., Kate, A.: DLSAG: non-interactive refund transactions for interoperable payment channels in monero. Cryptology ePrint Archive, Report 2019/595, 2019. https://eprint.iacr.org/2019/595

  35. Möser, M., et al.: An empirical analysis of traceability in the Monero blockchain. PETS 2018(3), 143–163 (2018)

    Google Scholar 

  36. Noether, S., Goodel, B.: Dual linkable ring signatures. https://ww.getmonero.org/resources/research-lab/pubs/MRL-0008.pdf

  37. Noether, S., Mackenzie, A.: Ring confidential transactions. Ledger 1, 1–18 (2016)

    Article  Google Scholar 

  38. Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). https://doi.org/10.1007/3-540-46766-1_9

    Chapter  Google Scholar 

  39. Poelstra, A.: Lightning in scriptless scripts (2017). https://lists.launchpad.net/mimblewimble/msg00086.html

  40. Poelstra, A.: Scriptless scripts (2017). https://download.wpsoftware.net/bitcoin/wizardry/mw-slides/2017-03-mit-bitcoin-expo/slides.pdf

  41. Poon, J., Dryja, T.: The Bitcoin Lightning Network. Whitepaper (2016). http://lightning.network/

  42. Reid, F., Harrigan, M.: An analysis of anonymity in the Bitcoin system. In: Altshuler, Y., Elovici, Y., Cremers, A., Aharony, N., Pentland, A. (eds.) Security and Privacy in Social Networks. Springer, New York (2013)

    Google Scholar 

  43. Rusty: Lightning Networks Part II: Hashed Timelock Contracts (HTLCs) (2015). https://rusty.ozlabs.org/?p=462

  44. van Saberhagen, N.: Cryptonote v 2.0. Whitepaper (2013). https://cryptonote.org/whitepaper.pdf

  45. Schnorr, C.P.: Efficient signature generation by smart cards. J. Cryptology 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

  46. Spagnuolo, M., Maggi, F., Zanero, S.: BitIodine: extracting intelligence from the Bitcoin network. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 457–468. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_29

    Chapter  Google Scholar 

Download references

Acknowledgments

This work has been partially supported by the Austrian Science Fund (FWF) through the Lisa Meitner program and by the National Science Foundation under grant CNS-1846316.

Author information

Authors and Affiliations

  1. TU Wien, Vienna, Austria

    Pedro Moreno-Sanchez

  2. West Lafayette, USA

    Arthur Blue

  3. Purdue University, West Lafayette, USA

    Duc V. Le & Aniket Kate

  4. Monero Research Lab, Denver, USA

    Sarang Noether & Brandon Goodell

Authors
  1. Pedro Moreno-Sanchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Arthur Blue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Duc V. Le
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sarang Noether
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Brandon Goodell
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Aniket Kate
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pedro Moreno-Sanchez .

Editor information

Editors and Affiliations

  1. New York University, New York City, NY, USA

    Joseph Bonneau

  2. University of California, La Jolla, CA, USA

    Nadia Heninger

Rights and permissions

Reprints and permissions

Copyright information

© 2020 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Moreno-Sanchez, P., Blue, A., Le, D.V., Noether, S., Goodell, B., Kate, A. (2020). DLSAG: Non-interactive Refund Transactions for Interoperable Payment Channels in Monero. In: Bonneau, J., Heninger, N. (eds) Financial Cryptography and Data Security. FC 2020. Lecture Notes in Computer Science(), vol 12059. Springer, Cham. https://doi.org/10.1007/978-3-030-51280-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-51280-4_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-51279-8

  • Online ISBN: 978-3-030-51280-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics