Transferring ethers with privacy protection based on precompiled cont… #701
Conversation
…racts for ring signature verification.
| @@ -0,0 +1,72 @@ | |||
| ## Preamble | |||
|
|
|||
| EIP: | |||
There was a problem hiding this comment.
Please use 701 and move this file to EIPS/eip-701.md
|
|
||
| **Ring signature verification** | ||
|
|
||
| Signature σ consists of a set of public keys, two arrays of random numbers selected by signer and a point I called key image. |
There was a problem hiding this comment.
The Franklin, Zhang signature algorithm and its relation to coin tumbling is described in the following IACR paper: https://eprint.iacr.org/2017/881.pdf
Implementations in Solidity and Go for the Ethereum alt_bn128 curve are located at https://github.com/clearmatics/mobius and https://github.com/clearmatics/orbital
| This EIP suggests implementing a special precompiled contract for ring signature verification and adding one-time account mechanism on Ethereum. This can in turn be combined with *#eip-draft\_Precompiled contracts for ring signature verification on the elliptic curve alt\_bn128.* to provide privacy protection for ether transactions without affecting the in-protocol mechanisms. In each transaction, a one-time account is created for the receiver, of which no one can figure out the very owner without the corresponding scan key. Ring signature is verified by precompiled contracts and helps the receiver transfer ethers to his/her main account from one-time account, which is hidden in a set of one-time accounts to keep untraceable. | ||
|
|
||
| ## Motivation | ||
| Currently, ether transactions on Ethereum are fully transparent, which makes them unsuitable for several use-cases where users’ privacy is of concern and the link between sender and receiver should not be retrieved by anyone else. #196 and #197 suggest adding precompiled contracts for addition and scalar multiplication on a specific pairing-friendly elliptic curve to verify zkSNARKs in Ethereum smart contract, thus increasing the privacy for users. But it has high computation complexity. Monero solves this problem by using Cryptonote under UTXO model. However, this technology cannot be directly used in Ethereum under account model. Considering all of the above, this EIP forgoes zero knowledge proof and proposes to implement a special precompiled contract for ring signature verification and add one-time account mechanism on Ethereum to provide privacy protection for ether transactions. Note that, with this smart contract, users can choose regular transactions or transactions with privacy protection depending on their needs for privacy and anonymity. |
There was a problem hiding this comment.
Account abstraction discussed in #678 hopes to provide a mechanism to address these problems, I hope that this precompiled contract will be a useful building block to solve problems like this.
|
This is a courtesy notice to let you know that the format for EIPs has been modified slightly. If you want your draft merged, you will need to make some small changes to how your EIP is formatted:
If your PR is editing an existing EIP rather than creating a new one, this has already been done for you, and you need only rebase your PR. In addition, a continuous build has been setup, which will check your PR against the rules for EIP formatting automatically once you update your PR. This build ensures all required headers are present, as well as performing a number of other checks. Please rebase your PR against the latest master, and edit your PR to use the above format for frontmatter. For convenience, here's a sample header you can copy and adapt: |
| @@ -0,0 +1,78 @@ | |||
| ## Preamble | |||
|
|
|||
| EIP: | |||
There was a problem hiding this comment.
This file needs to go into a separate PR to have a number allocated.
|
@JackXLu are you still pursuing these EIPs? |
|
There has been no activity on this pull request for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
|
This pull request was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
Transferring ethers with privacy protection based on precompiled contracts for ring signature verification.