Aggregable Confidential Transactions for Efficient Quantum-Safe Cryptocurrencies

Confidential Transactions (CT) hide coin amounts even from verifiers without the help of trusted third parties. Aggregable CTs are a scalable category with “spent record trimming”. For example, if Alice sends coins to Bob, who had sent similar Charles, aggregated transaction shows only that Charles by deleting Bob’s records. Since number spent records grows linearly transactions, faster than accounts, cash systems based on aggregable highly scalable. However, existing quantum-safe CT protocols have large unspent records, and efficient vulnerable quantum attacks. We introduce two protocols, new homomorphic zero-knowledge proofs, either plain or Module Short Integer Solution (SIS MSIS) problems, both believed be secure against adversaries. further implement MSIS-based protocol as C library. Our experiments 10 4 transactions show aggregation reduces system’s size 40%–54% when output/input rate is in range 1/1–2/1. system 1.73 GB can reduced 0.98 1.5, which has been historical real-world average rate.