Anonymous Proof-of-Asset Transactions Using Designated Blind Signatures

Abstract

We propose a scheme to preserve the anonymity of users in proof-of-asset transactions. We assume bitcoin-like cryptocurrency systems in which a user must prove the strength of its assets (i.e., solvency), prior conducting further transactions. The traditional way of addressing such a problem is the use of blind signatures, i.e., a kind of digital signature whose properties satisfy the anonymity of the signer. Our work focuses on the use of a designated verifier signature scheme that limits to only a single authorized party (within a group of signature requesters) to verify the correctness of the transaction.

A Identity-Based Cryptography Preliminaries

A probabilistic polynomial time (PPT) algorithm is a probabilistic random algorithm that runs in time polynomial in the length of input. denotes a randomized algorithm A(x) with input x and output y. For X being a set stands for a random selection of v from X. A function \(f: N \rightarrow [0,1]\) is said to be negligible in n if for any polynomial p and for sufficiently large n, the relation \(f(n) < 1/p(n)\) holds. Elements \(g\in G\), where G is a set, denote the group \(G=\langle g \rangle \) if g spans G.

Definition 4 (Bilinear Map)

Let \(G_{1}\) and \(G_{2}\) be two cyclic groups with a prime order q, where \(G_{1}\) is additive and \(G_{2}\) is multiplicative. Let P be the generator of \(G_{1}\). Then a map \(e:G_1\times G_1\rightarrow G_2\) is said to be a cryptographic bilinear map if it fulfils the below conditions.

• Bilinearity: For all integers \(x, y \in \mathbb {Z}_{q}^{*}\), \(e(xA, yA) = e(A,A)^{xy}\), or equivalently, for all \(A,B,C \in G_{1}\), \(e(A+B,C)=e(A, C)e(B, C)\) and \(e(A, B+C)=e(A, B)e(A, C)\).

• Non-Degeneracy: The points \(A, B \in G_{1}\) with \(e(A, B)\ne 1\). As \(G_{1}\) and \(G_{2}\) are prime ordered groups this property is equivalent to have \(g:=e(A,A) \ne 1\), or in other words \(g:=e(A,A)\) is a generator of \(G_{2}\).

• Computability: The map \(e(A, B)\in G_2\) can be computes efficiently for all \(A,B \in G_{1}\).

Further definitions, such as Bilinear Map Parameter Generator, Bilinear Diffie-Hellman Problem, the Bilinear Diffie-Hellman problem (BDHP), BDHP Parameter Generator, Bilinear Diffie-Hellman Assumption, the Decisional BDHP, and the DBDHP Parameter Generator are available in the full version of this paper [13].