Proof-of-Burn

被引:80
作者
Karantias, Kostis [1 ]
Kiayias, Aggelos [3 ,4 ]
Zindros, Dionysis [1 ,2 ]
机构
[1] IOHK, Athens, Greece
[2] Univ Athens, Athens, Greece
[3] Univ Edinburgh, Edinburgh, Midlothian, Scotland
[4] IOHK, Edinburgh, Midlothian, Scotland
来源
FINANCIAL CRYPTOGRAPHY AND DATA SECURITY, FC 2020 | 2020年 / 12059卷
关键词
D O I
10.1007/978-3-030-51280-4_28
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Proof-of-burn has been used as a mechanism to destroy cryptocurrency in a verifiable manner. Despite its well known use, the mechanism has not been previously formally studied as a primitive. In this paper, we put forth the first cryptographic definition of what a proof-of-burn protocol is. It consists of two functions: First, a function which generates a cryptocurrency address. When a user sends money to this address, the money is irrevocably destroyed. Second, a verification function which checks that an address is really unspendable. We propose the following properties for burn protocols. Unspendability, which mandates that an address which verifies correctly as a burn address cannot be used for spending; binding, which allows associating metadata with a particular burn; and uncensorability, which mandates that a burn address is indistinguishable from a regular cryptocurrency address. Our definition captures all previously known proof-of-burn protocols. Next, we design a novel construction for burning which is simple and flexible, making it compatible with all existing popular cryptocurrencies. We prove our scheme is secure in the Random Oracle model. We explore the application of destroying value in a legacy cryptocurrency to bootstrap a new one. The user burns coins in the source blockchain and subsequently creates a proof-of-burn, a short string proving that the burn took place, which she then submits to the destination blockchain to be rewarded with a corresponding amount. The user can use a standard wallet to conduct the burn without requiring specialized software, making our scheme user friendly. We propose burn verification mechanisms with different security guarantees, noting that the target blockchain miners do not necessarily need to monitor the source blockchain. Finally, we implement the verification of Bitcoin burns as an Ethereum smart contract and experimentally measure that the gas costs needed for verification are as low as standard Bitcoin transaction fees, illustrating that our scheme is practical.
引用
收藏
页码:523 / 540
页数:18
相关论文
共 29 条
[1]  
Andresen G., 2012, BIP 0016 PAY SCRIPT
[2]  
[Anonymous], 2013, BITCOIN FORUM POST
[3]  
Bartoletti Massimo, 2017, Financial Cryptography and Data Security. FC 2017 International Workshops WAHC, BITCOIN, VOTING, WTSC, and TA. Revised Selected Papers: LNCS 10323, P218, DOI 10.1007/978-3-319-70278-0_14
[4]  
Bellare M., 1993, P ACM C COMPUTER COM, P62, DOI 10.1145/168588.168596
[5]   SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies [J].
Bonneau, Joseph ;
Miller, Andrew ;
Clark, Jeremy ;
Narayanan, Arvind ;
Kroll, Joshua A. ;
Felten, Edward W. .
2015 IEEE SYMPOSIUM ON SECURITY AND PRIVACY SP 2015, 2015, :104-121
[6]  
Brook C., 1997, K FDN BURN MILLION Q
[7]  
Bunz B., 2019, P IEEE S SECUR PRIV, V2019, P226
[8]  
Buterin Vitalik, 2014, White Paper, V3, P37
[9]  
Cicero Marcus Tullius., DE INVENTIONE
[10]  
Clark J, 2012, LNCS, P390, DOI DOI 10.1007/978-3-642-32946-3
123