summaryrefslogtreecommitdiff
path: root/0b/780978f60b0306ee832c797d902b3648b08d16
blob: 15ac093068850598e643d9f8801802fdd7b6d34f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
Delivery-date: Tue, 24 Sep 2024 06:34:22 -0700
Received: from mail-qv1-f59.google.com ([209.85.219.59])
	by mail.fairlystable.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <bitcoindev+bncBDD5RM5R7QJRBVP7ZK3QMGQE4JUQBAA@googlegroups.com>)
	id 1st5gM-0000mv-6M
	for bitcoindev@gnusha.org; Tue, 24 Sep 2024 06:34:22 -0700
Received: by mail-qv1-f59.google.com with SMTP id 6a1803df08f44-6c528f34ca1sf122061236d6.2
        for <bitcoindev@gnusha.org>; Tue, 24 Sep 2024 06:34:21 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1727184855; cv=pass;
        d=google.com; s=arc-20240605;
        b=ZVYRXBAnavqoG7sx80+mp3SeoGNsLFqvZrKh/d7dqac4JrXw/QTEB0tGTMxZJFKBrN
         Q9OiZRRv1x2kOjIlwNKhLRGH6Zx/ErCQJQH5wabBonASmbo/R5FDW0PdTM6KkmGLAdF+
         BEZLfHmbu/T9jmn/dLTfP2mImbD2fXdDZRxDRl5yCGxzEyecBrr8Kmd9JdmzxNvY0aoj
         LtpKSoQslOk/fZSo/VdYawlS1zxoCTLrZcLoWSC678xNCX/f4+yqebM/ROHm+vcA03xJ
         fwwHb8U5LC5eehIJVkQpHt5gUJ1RIUu8CyegfeTmCx9kqFVN66ocZr73W0t4E2hYZ/vS
         f6YQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:sender:dkim-signature;
        bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=;
        fh=RhjfxCFP9rgf3p/HotvciyhKlEHiuDAjsaJl3bMGxHs=;
        b=ePxxoGi9km00Vcr5BTzualrhQPKV9AwOPweJhpu+bcBfXqnteYjco9AArx2lBBcKHJ
         qx74IxiKO3HfgonDu66IQBfrduMYX3aZm4SUax12EIdYMvkYkcq10deU2c5vq4W+KQCZ
         0hBLBLdegOR3LEv6neFXAitla04VnBg15zfGIMHiOHSwaaS0ZgUtW03lgqs7vVDnMXIm
         cUi2oimUlWTS9SLsnBz/cDmHnRa24tTYcfXx/RtXDkT5AwDl/FSvm7XV9z947Dmkw4Tx
         S/ZhBSHSFv2PMrobu18hqjxo0JTBXh/6a3KInHP7eHTS6rWg1SHF0q214KQxQXec0mj2
         f9Rg==;
        darn=gnusha.org
ARC-Authentication-Results: i=2; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4;
       spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1727184855; x=1727789655; darn=gnusha.org;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:subject:from:to:content-language:user-agent
         :mime-version:date:message-id:sender:from:to:cc:subject:date
         :message-id:reply-to;
        bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=;
        b=jHfCq6HX2JvlrBP1XkvBA9bVLjIP8KqXgPiG78pdl1hVdGM0sGBCYW0yT35v53OBaZ
         NvNpEFgaRjse9Ms2KV+1Lx2Mrp0XB0i98i13IU8IB9axWfgktlCm+45w6yfNyG+O5DAL
         I6yzx/6FabGG0SonG+T9hVCeiNlr3cda0HjAC68bnIWDDhUA87p1POh+MvQjPwW2l/57
         gJiPMLn+mMd/uqEzKDxrMb6JBHCi6fL/LMAKLToFsu5L5b2mjAOFnHfNXH4ZWLj1lrd/
         PoA19tGa6Qjui6xyfZFbmEgfYwONh+oFklaEuGVSL4zR1tslKRd3ElanLjbz2H8LLRlq
         LFyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1727184855; x=1727789655;
        h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post
         :list-id:mailing-list:precedence:x-original-authentication-results
         :x-original-sender:subject:from:to:content-language:user-agent
         :mime-version:date:message-id:sender:x-beenthere:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=;
        b=OEYLKlx/6bbCzm6nprG6YtKMlMcB9+NIZMGSJlKzFf5As0SLOAnh+eoSRTTM8iukw5
         W1PtjEmwLCO3EQQNlBNTF8UH+LJgd92YKJfpnZqoRgKAnZqdcvCYGBlJfHcUUUdBWe/8
         b4Ap5hlWXzcX6bBohoxT1lC2LgjtRYtPoXG5pvdo7fWjwhUmLQQqapkBgeTKquJ46ZmT
         o7wSRLLBqjtt5skqopbDJf7Yv1weps+vDUlIyDyz0zT7Mkp+XNfXmsulirUJoEvESbEU
         M1w/2/XaYzAMqYf1nZfoJ9h2HnDm+ZZaVq/C5LHRrPrK/4AgHpf9UcxJVk2B6cfk//Pz
         IESA==
X-Forwarded-Encrypted: i=2; AJvYcCUfXxjQE1JxQO1tsw/pHBZpbtpw9jDiwogfCkyjYzLJhIdX4PfLa/QCWgKGpyNOsvgHuodIn+ccJ/rW@gnusha.org
X-Gm-Message-State: AOJu0Yyob0iZxMpj36A8Qw93RvDzmiofqo8YRkcjOjVhkjt/1BZoOCXW
	oj/KjJwxVr8c2CFMk7r3pqKchM8dI/7ok3u04ncBKK2xU5S/pzit
X-Google-Smtp-Source: AGHT+IHHWONP00xgiObOQzHYB3kC+rVJBiZbuDAn7fTDZk450d9NNi4VdbaPGbY8hRFI4RoNQLeo+A==
X-Received: by 2002:a05:6214:3d0a:b0:6c5:e6c:d5f8 with SMTP id 6a1803df08f44-6c7bc71f5c9mr244552756d6.19.1727184855352;
        Tue, 24 Sep 2024 06:34:15 -0700 (PDT)
X-BeenThere: bitcoindev@googlegroups.com
Received: by 2002:a05:6214:1cce:b0:6b7:8ba3:a39a with SMTP id
 6a1803df08f44-6c69bbc8ac7ls52818076d6.1.-pod-prod-04-us; Tue, 24 Sep 2024
 06:34:13 -0700 (PDT)
X-Received: by 2002:a05:620a:4009:b0:7a9:b4c1:e9d1 with SMTP id af79cd13be357-7acb80d1055mr2493622985a.38.1727184853656;
        Tue, 24 Sep 2024 06:34:13 -0700 (PDT)
Received: by 2002:a05:620a:4906:b0:7a1:d643:94b4 with SMTP id af79cd13be357-7acdecc5fc1ms85a;
        Tue, 24 Sep 2024 06:24:17 -0700 (PDT)
X-Received: by 2002:a05:651c:545:b0:2ef:22ed:3824 with SMTP id 38308e7fff4ca-2f7cc355cccmr75250461fa.5.1727184255669;
        Tue, 24 Sep 2024 06:24:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1727184255; cv=none;
        d=google.com; s=arc-20240605;
        b=hOZQ0NbmOOC+MGxhiHMnUF+Ex3PhJk+XpEipmsxvepFVDob8xP6sqmFnkTO/Cl8m09
         pZmKNzpxprM4+WCYAosZapg+TSBMGc+4HPrHsAppepDDeNdJKCxiUvZ/dZY1lAno9TFz
         uWU+jSyDn730c2p4L7EU3ssUjTUEltSYKTRoQoWNIOHfpO/bOKkZpARq60ZUZ/P9Q2Xn
         2HhSahAJ2kWwGWnxuw6usoiynlDWiFZRWWryh7ToZ8JFGJEtyIXyA1aHYtxDnxW8ZfVd
         qBS0v0iPFsH39gK7SnmCRGZqMjOYppGwdSL5c3RUyPC3SfJc6AYtoh1MqPqGMpWwlA3c
         lLzQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
        h=content-transfer-encoding:subject:from:to:content-language
         :user-agent:mime-version:date:message-id:sender:dkim-signature;
        bh=bSJKiT/dnDiTCPYZZ3yuwOTXqFumWoCeC8HR5SsIZDw=;
        fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=;
        b=b/FjGuSaOZKJr3QjZ4hcd8E7por3irLuOghhbZtJYiFFt8kQ6ltanQE7K5pHLcZsGi
         gyV5AsdmOVYHGhUGEdORo9TSt7cWh5rG8WaW7A+qvVdqvjxq36sL/se0VWeL6+KrlFz1
         pOzXBwZaRLjwpfA23yhyBif9BscGNNdQ5ISDH+PesNX8b2aYDndGiggWAyRhKNPSf/gP
         XiAXUoS/vsoTFX0yUHr3PR5Jd3+Tt4Awf0LjhoZHedZ52ADgwPwqDK4enPm7vzfIO1sX
         qdpXi5TYF3713lvLN3ThQyP36TTypcLbXEygXwkx/JWdoWQShEU0M4up6k1QXQk2rlcY
         fSXQ==;
        dara=google.com
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4;
       spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;
       dara=pass header.i=@googlegroups.com
Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com. [2a00:1450:4864:20::42b])
        by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-2f8d28b43d0si319731fa.7.2024.09.24.06.24.15
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 24 Sep 2024 06:24:15 -0700 (PDT)
Received-SPF: pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) client-ip=2a00:1450:4864:20::42b;
Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-378f600e090so3180958f8f.3
        for <bitcoindev@googlegroups.com>; Tue, 24 Sep 2024 06:24:15 -0700 (PDT)
X-Received: by 2002:a05:6000:48:b0:374:c1de:7e5e with SMTP id ffacd0b85a97d-37a431a7247mr8787057f8f.54.1727184254772;
        Tue, 24 Sep 2024 06:24:14 -0700 (PDT)
Received: from [10.11.10.42] (p54b84e49.dip0.t-ipconnect.de. [84.184.78.73])
        by smtp.googlemail.com with ESMTPSA id ffacd0b85a97d-37cbc2ab52fsm1582747f8f.13.2024.09.24.06.24.13
        for <bitcoindev@googlegroups.com>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Tue, 24 Sep 2024 06:24:14 -0700 (PDT)
Sender: Jonas Nick <jonasdnick@gmail.com>
Message-ID: <b0afc5f2-4dcc-469d-b952-03eeac6e7d1b@gmail.com>
Date: Tue, 24 Sep 2024 13:24:13 +0000
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: bitcoindev@googlegroups.com
From: Jonas Nick <jonasd.nick@gmail.com>
Subject: [bitcoindev] Shielded CSV: Private and Efficient Client-Side Validation
Content-Type: text/plain; charset="UTF-8"; format=flowed
X-Original-Sender: jonasdnick@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;       dkim=pass
 header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4;       spf=pass
 (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b
 as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com;       dmarc=pass
 (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;       dara=pass header.i=@googlegroups.com
Precedence: list
Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com
List-ID: <bitcoindev.googlegroups.com>
X-Google-Group-Id: 786775582512
List-Post: <https://groups.google.com/group/bitcoindev/post>, <mailto:bitcoindev@googlegroups.com>
List-Help: <https://groups.google.com/support/>, <mailto:bitcoindev+help@googlegroups.com>
List-Archive: <https://groups.google.com/group/bitcoindev
List-Subscribe: <https://groups.google.com/group/bitcoindev/subscribe>, <mailto:bitcoindev+subscribe@googlegroups.com>
List-Unsubscribe: <mailto:googlegroups-manage+786775582512+unsubscribe@googlegroups.com>,
 <https://groups.google.com/group/bitcoindev/subscribe>
X-Spam-Score: -0.5 (/)

Hello list,

We (Liam Eagen, Robin Linus, and I) are pleased to announce the release of the
Shielded CSV whitepaper, which describes a private and efficient client-side
validation (CSV) protocol. Shielded CSV builds upon previous work proposed on
this mailing list, including contributions by Peter Todd [0], RGB [1], Taproot
Assets [2], and zkCoins [3].

The whitepaper is available here:
https://github.com/ShieldedCSV/ShieldedCSV/releases/latest/download/shieldedcsv.pdf

Our work differs from previous approaches in two main aspects:
1. Shielded CSV is defined using the "Proof-Carrying Data" abstraction, which
    can be instantiated via recursive zkSNARKs or folding schemes. This provides
    "full" privacy (hiding of the transaction graph) and ensures that coin proofs
    and verification time are independent of the transaction graph.
2. Instead of using Bitcoin transactions for CSV-payments, a Shielded CSV
    payment only requires posting 64 bytes of data to the blockchain (regardless
    of the CSV-transaction size) and a small constant overhead, significantly
    reducing on-chain cost.

The Shielded CSV protocol is currently defined using Rust-based pseudocode. We
believe that Shielded CSV is both a promising candidate for implementation and
provides an extensible framework for further innovation in the CSV space. We
welcome feedback and look forward to discussing and expanding upon this work.

[0] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-November/003714.html
[1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-April/021554.html
[2] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020196.html
[3] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-May/021679.html


# Abstract

Cryptocurrencies allow mutually distrusting users to transact monetary value
over the internet without relying on a trusted third party.

Bitcoin, the first cryptocurrency, achieved this through a novel protocol used
to establish consensus about an ordered transaction history. This requires every
transaction to be broadcasted and verified by the network, incurring
communication and computational costs. Furthermore, transactions are visible to
all nodes of the network, eroding privacy, and are recorded permanently,
contributing to increasing storage requirements over time. To limit resource
usage of the network, Bitcoin currently supports an average of 11 transactions
per second.

Most cryptocurrencies today still operate in a substantially similar manner.
Private cryptocurrencies like Zcash and Monero address the privacy issue by
replacing transactions with proofs of transaction validity. However, this
enhanced privacy comes at the cost of increased communication, storage, and
computational requirements.

Client-Side Validation (CSV) is a paradigm that addresses these issues by
removing transaction validation from the blockchain consensus rules. This
approach allows sending the coin along with a validity proof directly to its
recipient, reducing communication, computation and storage cost. CSV protocols
deployed on Bitcoin today~\cite{rgbblackpaper, taprootassets} do not fully
leverage the paradigm's potential, as they still necessitate the overhead of
publishing ordinary Bitcoin transactions. Moreover, the size of their coin
proofs is proportional to the coin's transaction history, and provide limited
privacy. A recent improvement is the Intmax2~\cite{rybakken2023intmax2} CSV
protocol, which writes significantly less data to the blockchain compared to a
blockchain transaction and has succinct coin proofs.

In this work, we introduce Shielded CSV, which improves upon state-of-the-art
CSV protocols by providing the first construction that offers truly private
transactions. It addresses the issues of traditional private cryptocurrency
designs by requiring only 64 bytes of data per transaction, called a
\emph{nullifier}, to be written to the blockchain. Moreover, for each nullifier
in the blockchain, Shielded CSV users only need to perform a single Schnorr
signature verification, while non-users can simply ignore this data. The size
and verification cost of coin proofs for Shielded CSV receivers is independent
of the transaction history. Thus, one application of Shielded CSV is adding
privacy to Bitcoin at a rate of 100 transactions per second, provided there is
an adequate bridging mechanism to the blockchain.

We specify Shielded CSV using the Proof Carrying Data (PCD) abstraction. We then
discuss two implementation strategies that we believe to be practical, based on
Folding Schemes and Recursive STARKs, respectively. Finally, we propose future
extensions, demonstrating the power of the PCD abstraction and the extensibility
of Shielded CSV. This highlights the significant potential for further
improvements to the Shielded CSV framework and protocols built upon it.

-- 
You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group.
To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/b0afc5f2-4dcc-469d-b952-03eeac6e7d1b%40gmail.com.