1 / 7

Verifiable Mixing Protocol

Verifiable Mixing Protocol. How can a mixer prove its integrity?. VMP allows the mixer to prove that it paid the address specified by the user. It provides a way for mixing services to: Build trust quickly Resist fraudulent claims of failure to pay VMP does NOT improve anonymity. Basics.

williamlshaw
Download Presentation

Verifiable Mixing Protocol

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Verifiable Mixing Protocol How can a mixer prove its integrity?

  2. VMP allows the mixer to prove that it paid the address specified by the user. It provides a way for mixing services to: Build trust quickly Resist fraudulent claims of failure to pay VMP does NOT improve anonymity. Basics

  3. The mixer has to give up some info: Input addresses the mixer uses Output addresses (T) paid by the mixer Signatures of T: Φ Keys g, h 1. User sends coins to mixer, specifies address m 2. Mixer picks random r (prevents exploitation) 3. Transaction includes commitment C = gmhr Setup

  4. User's choice of m should be unique Protocol gets more complicated otherwise If user fails to follow protocol, return money Protects mixer from intentionally unverifiable payments Caveats

  5. Verifier wants to check that the address specified in input transaction i was paid. Public knowledge: g, h, C, T, Φ Mixer knows: m, r Prove: m ϵ Tand C commits to m Don't need to reveal m Verify

  6. Verify Zero-knowledge set membership proof By Camenisch, Chaabouni, and Abhi Shelat

  7. How do we know that the mixer payed enough? Have Tonly include transactions in correct range. This would require outrageous volume to be safe. Traditional mixing solutions still apply. Confirming Value

More Related