A Lattice-Based Anonymous Distributed E-Cash from Bitcoin

Although Bitcoin was the first widely adopted cryptographic currency system, it provides a limited form of anonymity and privacy. To protect the anonymity and privacy of Bitcoin transactions, many Bitcoin-based cryptocurrency extensions were proposed. However, most of the systems with anonymity and privacy are based on traditional cryptographic algorithms, which may become insecure in the next decades due to the attack of quantum computing. In this paper, we propose a lattice-based distributed e-cash scheme protecting payer's anonymity, which is built upon the framework of Zerocoin and lattice-based zero-knowledge argument. Firstly, payer who owes a transaction redeems it to a newly-minted coin. Secondly, to pay for the next transaction, he/she collects a set of such coins to hide his owns, which can further hide his/her identity. Thirdly, to prove that the payer has one of the coins and no attempts to double-spend have occurred, we adapt a zero-knowledge argument of membership based on a lattice-based accumulator and a commitment protocol. Finally, the security proof of the scheme are given.