The HyperCash development team has completed and released code for the implementation of Post-Quantum Linkable Ring Signatures in HC, and is now entering the deployment testing phase. This algorithm is based on a publication written by HCASH Chief Scientist, Dr Joseph Liu and his colleagues “Post-Quantum One-Time Linkable Ring Signature and Application to Ring Confidential Transactions in Blockchain”, which was published by the International Association for Cryptologic Research.
Last November, Dr Joseph was announced as the Australian Computer Society’s ICT Researcher of the Year, at the 2018 Digital Disruptor Awards, recognising his ground-breaking research in advancing blockchain technology as a legitimate way to create new economic and social systems. These new developments, based on research conducted by some of the brightest minds in the industry, brings users of HC benefits from its high level of privacy and security.
About ring signatures
In cryptography, a ring signature is a type of digital signature that can be performed by any member of a group of users with cryptographic keys. A transaction message signed with a ring signature is verified by someone in a particular group of people, without revealing the public key (or identity) of the sender, receiver, the signatory or any of the other members of the group, while also withholding the transaction amount.
The first cryptocurrency which successfully implemented an algorithm using ring signatures was Monero. In 2015, Dr Shen Noether published an article entitled “Ring Confidential Transactions”, which laid the foundation for the ring signature algorithm implemented in Monero.
Much like Bitcoin, this implementation of the signature algorithm uses a “hash-based public key + private key” approach. The difference is, that the addition of the ring signature technology mixes the transaction sender’s public key with other public keys, and only then does it sign the information. When the receiver receives the transaction, they use their own private key to verify the signature. As such, other people (including potential malicious parties) are not able to tell which one of the public keys belongs to the sender. This gives Monero the capability of hiding the sender’s address information, making it impossible for external attackers to target the sender.
In September 2017, Monero implemented a hard fork, and integrated RCT (Ring Signature Technology) to encrypt the transaction amount when making transactions, meaning that no one, except the sender and receiver can track any transaction details (including sender’s address and value of the inputs). After this, the new RCT address became the only address format for Monero.
Blockchain security and privacy protection
At the beginning of this year, blockchain analysis firm Chainalysis announced that it had received $30 million in Round B financing, led by Silicon Valley VC firm, Accel. In April last year, Chainalysis completed $16 million of Round A financing.
Accel has invested in well-known companies such as Facebook, Dropbox, and Spotify, and has also shown interest blockchain technology. They believe that cryptocurrencies will achieve growth and will be subject to stricter supervision, leading them to their investment in Chainalysis.
However, there are also concerns in the industry that blockchain data analysis companies such as Chainalysis, have played a role in promoting the compliance of blockchain companies, at the risk of user privacy. Foregoing user privacy systems can allow third parties to see balances in other users’ hot and cold wallets by simply transferring small amounts of funds to their target’s wallet address and observing the transaction’s UTXO dynamics.
This type of analysis is generally based on probabilistic guessing, and associated wallets can be flagged as a risk — this is problematic when unwitting and legitimate users are considered a risk by compliance agencies. Given that regulation in the blockchain industry is not yet mature, users mistakenly deemed as a risk have no way to combat their classification. Because of this, privacy protection and blockchain security have become important considerations for the design of many new blockchain projects. More and more projects are improving the privacy and security of transactions through various methods to help users “blur” their wallet balance and transaction records, preventing their normal wallet activities from being tracked.
A brief comparison of privacy protection technologies
When blockchain technology was first introduced, privacy was one of its core characteristics. For example, when Bitcoin is used as a payment method, all that is needed is an electronic address consisting of a string of alphanumeric characters, rather than a bank account that is connected to a personal identity, and is therefore at risk of privacy breaches. However, this level of privacy is called “pseudo-privacy”, which is similar to using a pseudonym to hide a real identity when writing a letter. Once an electronic address is obtained (or our analog “pseudonym”) and is associated with any real identity, privacy is breached. In the current information age, the cost of obtaining this information is not high. Therefore, some blockchain technology researchers have been focusing on exploring higher levels of privacy and security protection technologies.
There are two main metrics used in privacy protection to evaluate a technology; relevance and traceability. For example, although Bitcoin replaces the identity information with an electronic address, we can still trace back to a certain transaction, and then find out the owner’s identity by analysing relevant information. In order to achieve a higher level of privacy and security, this relevance and traceability must be removed. Currently, the most widely used technologies to achieve this goal are ring signatures and zero-knowledge proof.
Some examples of privacy protection technologies in well-known blockchains:
When you spend Monero, the value of the inputs and outputs you are sending are encrypted and disguised to everyone except the receiver of each of those outputs. Pedersen commitments allow you to send Monero without revealing the value of the transactions. They also use RingCT, which allows for hidden amounts, origins and destinations of transactions with reasonable efficiency, and verifiable, trustless coin generation. In this case, people can prove that the signer (who is also the token sender) belongs to a certain “signature ring”, but cannot correspond the sender’s address and signature to any one of them.
We take ZCASH as an example to explain zero-knowledge proof. Zcash addresses are either private (z-addresses) or transparent (t-addresses). Z-addresses start with a “z,” and t-addresses start with a “t.” A Z-to-Z transaction appears on the public blockchain, so it is known to have occurred and that the fee was paid. However, addresses, transaction amounts, and the memo field are all encrypted and not publicly visible. Third parties who are neither the sender nor the receiver of a transaction will not be able to obtain any information about the encrypted transaction — even the miner responsible for recording the transaction is not be able to obtain the encrypted address and the transaction amount. When an encrypted transaction is recorded, the miner is only allowed to record that “there is an unspent balance, and a transaction is generated”, and not allowed to record the blocked address and the transaction amount itself.
We can see that both RingCT and zero-knowledge proof are higher-level privacy protection technologies. Zero-knowledge proof is highly dependent on a blockchain’s initial parameters. In current implementations of zero-knowledge proof technology, it is difficult to implement mobile payment methods because the signature is very large and highly affected by the network. It is worth mentioning that the HCASH development team is working on improving zero-knowledge proof tehnology to enable mobile payment methods.
HCASH community member Ryan Xu also wrote, that for privacy protection and blockchain security, ring signature technology is still the best choice in the present, and pereceivable future.
HCASH post-quantum linkable ring signatures
The HyperCash team has adapted and improved current RingCT technology. Dr Joseph Liu and his team present a lattice-based post-quantum secure Ring CT protocol, that supports multi-input-multi-output transactions. It is a comprehensive Ring CT protocol, such that it contains all necessary parts including a linkable ring signature (for user anonymity), commitment scheme (for hiding the transaction amount) and range proof (to ensure the hidden value is a positive amount). All parts are in a lattice-based setting, meaning that the overall protocol is post-quantum secure.
The release of this code enables other projects and users to gain access to HCASH’s version of post-quantum signature application and privacy protection. In future, the HCASH development team will continue to conduct more in-depth research in the direction of post-quantum signatures and ring signatures. Dr Joseph Liu will post an improved version of the current linkable ring signature scheme paper based on the present Monero ring signature. The upcoming paper is proposing to allow higher number of signatures by an order of magnitude three to four times greater than that of the current version of Monero. According to the HyperCash technology yellow paper, HC will continue to implement lattice-based post-quantum signature code, and become an industry leader in the protection of privacy.
See HCASH’s Post-Quantum Linkable Ring Signature code at：