From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Tue, 24 Sep 2024 06:34:22 -0700 Received: from mail-qv1-f59.google.com ([209.85.219.59]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1st5gM-0000mv-6M for bitcoindev@gnusha.org; Tue, 24 Sep 2024 06:34:22 -0700 Received: by mail-qv1-f59.google.com with SMTP id 6a1803df08f44-6c528f34ca1sf122061236d6.2 for ; Tue, 24 Sep 2024 06:34:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1727184855; cv=pass; d=google.com; s=arc-20240605; b=ZVYRXBAnavqoG7sx80+mp3SeoGNsLFqvZrKh/d7dqac4JrXw/QTEB0tGTMxZJFKBrN Q9OiZRRv1x2kOjIlwNKhLRGH6Zx/ErCQJQH5wabBonASmbo/R5FDW0PdTM6KkmGLAdF+ BEZLfHmbu/T9jmn/dLTfP2mImbD2fXdDZRxDRl5yCGxzEyecBrr8Kmd9JdmzxNvY0aoj LtpKSoQslOk/fZSo/VdYawlS1zxoCTLrZcLoWSC678xNCX/f4+yqebM/ROHm+vcA03xJ fwwHb8U5LC5eehIJVkQpHt5gUJ1RIUu8CyegfeTmCx9kqFVN66ocZr73W0t4E2hYZ/vS f6YQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:subject:from:to:content-language :user-agent:mime-version:date:message-id:sender:dkim-signature; bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=; fh=RhjfxCFP9rgf3p/HotvciyhKlEHiuDAjsaJl3bMGxHs=; b=ePxxoGi9km00Vcr5BTzualrhQPKV9AwOPweJhpu+bcBfXqnteYjco9AArx2lBBcKHJ qx74IxiKO3HfgonDu66IQBfrduMYX3aZm4SUax12EIdYMvkYkcq10deU2c5vq4W+KQCZ 0hBLBLdegOR3LEv6neFXAitla04VnBg15zfGIMHiOHSwaaS0ZgUtW03lgqs7vVDnMXIm cUi2oimUlWTS9SLsnBz/cDmHnRa24tTYcfXx/RtXDkT5AwDl/FSvm7XV9z947Dmkw4Tx S/ZhBSHSFv2PMrobu18hqjxo0JTBXh/6a3KInHP7eHTS6rWg1SHF0q214KQxQXec0mj2 f9Rg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4; spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1727184855; x=1727789655; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:subject:from:to:content-language:user-agent :mime-version:date:message-id:sender:from:to:cc:subject:date :message-id:reply-to; bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=; b=jHfCq6HX2JvlrBP1XkvBA9bVLjIP8KqXgPiG78pdl1hVdGM0sGBCYW0yT35v53OBaZ NvNpEFgaRjse9Ms2KV+1Lx2Mrp0XB0i98i13IU8IB9axWfgktlCm+45w6yfNyG+O5DAL I6yzx/6FabGG0SonG+T9hVCeiNlr3cda0HjAC68bnIWDDhUA87p1POh+MvQjPwW2l/57 gJiPMLn+mMd/uqEzKDxrMb6JBHCi6fL/LMAKLToFsu5L5b2mjAOFnHfNXH4ZWLj1lrd/ PoA19tGa6Qjui6xyfZFbmEgfYwONh+oFklaEuGVSL4zR1tslKRd3ElanLjbz2H8LLRlq LFyQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727184855; x=1727789655; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:subject:from:to:content-language:user-agent :mime-version:date:message-id:sender:x-beenthere:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Cb8k2rNWFIr20u4mlHRbeur/8COKh75WjjZJ+cEiitk=; b=OEYLKlx/6bbCzm6nprG6YtKMlMcB9+NIZMGSJlKzFf5As0SLOAnh+eoSRTTM8iukw5 W1PtjEmwLCO3EQQNlBNTF8UH+LJgd92YKJfpnZqoRgKAnZqdcvCYGBlJfHcUUUdBWe/8 b4Ap5hlWXzcX6bBohoxT1lC2LgjtRYtPoXG5pvdo7fWjwhUmLQQqapkBgeTKquJ46ZmT o7wSRLLBqjtt5skqopbDJf7Yv1weps+vDUlIyDyz0zT7Mkp+XNfXmsulirUJoEvESbEU M1w/2/XaYzAMqYf1nZfoJ9h2HnDm+ZZaVq/C5LHRrPrK/4AgHpf9UcxJVk2B6cfk//Pz IESA== X-Forwarded-Encrypted: i=2; AJvYcCUfXxjQE1JxQO1tsw/pHBZpbtpw9jDiwogfCkyjYzLJhIdX4PfLa/QCWgKGpyNOsvgHuodIn+ccJ/rW@gnusha.org X-Gm-Message-State: AOJu0Yyob0iZxMpj36A8Qw93RvDzmiofqo8YRkcjOjVhkjt/1BZoOCXW oj/KjJwxVr8c2CFMk7r3pqKchM8dI/7ok3u04ncBKK2xU5S/pzit X-Google-Smtp-Source: AGHT+IHHWONP00xgiObOQzHYB3kC+rVJBiZbuDAn7fTDZk450d9NNi4VdbaPGbY8hRFI4RoNQLeo+A== X-Received: by 2002:a05:6214:3d0a:b0:6c5:e6c:d5f8 with SMTP id 6a1803df08f44-6c7bc71f5c9mr244552756d6.19.1727184855352; Tue, 24 Sep 2024 06:34:15 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com Received: by 2002:a05:6214:1cce:b0:6b7:8ba3:a39a with SMTP id 6a1803df08f44-6c69bbc8ac7ls52818076d6.1.-pod-prod-04-us; Tue, 24 Sep 2024 06:34:13 -0700 (PDT) X-Received: by 2002:a05:620a:4009:b0:7a9:b4c1:e9d1 with SMTP id af79cd13be357-7acb80d1055mr2493622985a.38.1727184853656; Tue, 24 Sep 2024 06:34:13 -0700 (PDT) Received: by 2002:a05:620a:4906:b0:7a1:d643:94b4 with SMTP id af79cd13be357-7acdecc5fc1ms85a; Tue, 24 Sep 2024 06:24:17 -0700 (PDT) X-Received: by 2002:a05:651c:545:b0:2ef:22ed:3824 with SMTP id 38308e7fff4ca-2f7cc355cccmr75250461fa.5.1727184255669; Tue, 24 Sep 2024 06:24:15 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1727184255; cv=none; d=google.com; s=arc-20240605; b=hOZQ0NbmOOC+MGxhiHMnUF+Ex3PhJk+XpEipmsxvepFVDob8xP6sqmFnkTO/Cl8m09 pZmKNzpxprM4+WCYAosZapg+TSBMGc+4HPrHsAppepDDeNdJKCxiUvZ/dZY1lAno9TFz uWU+jSyDn730c2p4L7EU3ssUjTUEltSYKTRoQoWNIOHfpO/bOKkZpARq60ZUZ/P9Q2Xn 2HhSahAJ2kWwGWnxuw6usoiynlDWiFZRWWryh7ToZ8JFGJEtyIXyA1aHYtxDnxW8ZfVd qBS0v0iPFsH39gK7SnmCRGZqMjOYppGwdSL5c3RUyPC3SfJc6AYtoh1MqPqGMpWwlA3c lLzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:subject:from:to:content-language :user-agent:mime-version:date:message-id:sender:dkim-signature; bh=bSJKiT/dnDiTCPYZZ3yuwOTXqFumWoCeC8HR5SsIZDw=; fh=VcGcg+Zjs9gw1uDcHbxsAILhBAcecnbJzZRdxgKVDIc=; b=b/FjGuSaOZKJr3QjZ4hcd8E7por3irLuOghhbZtJYiFFt8kQ6ltanQE7K5pHLcZsGi gyV5AsdmOVYHGhUGEdORo9TSt7cWh5rG8WaW7A+qvVdqvjxq36sL/se0VWeL6+KrlFz1 pOzXBwZaRLjwpfA23yhyBif9BscGNNdQ5ISDH+PesNX8b2aYDndGiggWAyRhKNPSf/gP XiAXUoS/vsoTFX0yUHr3PR5Jd3+Tt4Awf0LjhoZHedZ52ADgwPwqDK4enPm7vzfIO1sX qdpXi5TYF3713lvLN3ThQyP36TTypcLbXEygXwkx/JWdoWQShEU0M4up6k1QXQk2rlcY fSXQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4; spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-wr1-x42b.google.com (mail-wr1-x42b.google.com. [2a00:1450:4864:20::42b]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-2f8d28b43d0si319731fa.7.2024.09.24.06.24.15 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Sep 2024 06:24:15 -0700 (PDT) Received-SPF: pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) client-ip=2a00:1450:4864:20::42b; Received: by mail-wr1-x42b.google.com with SMTP id ffacd0b85a97d-378f600e090so3180958f8f.3 for ; Tue, 24 Sep 2024 06:24:15 -0700 (PDT) X-Received: by 2002:a05:6000:48:b0:374:c1de:7e5e with SMTP id ffacd0b85a97d-37a431a7247mr8787057f8f.54.1727184254772; Tue, 24 Sep 2024 06:24:14 -0700 (PDT) Received: from [10.11.10.42] (p54b84e49.dip0.t-ipconnect.de. [84.184.78.73]) by smtp.googlemail.com with ESMTPSA id ffacd0b85a97d-37cbc2ab52fsm1582747f8f.13.2024.09.24.06.24.13 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 24 Sep 2024 06:24:14 -0700 (PDT) Sender: Jonas Nick Message-ID: Date: Tue, 24 Sep 2024 13:24:13 +0000 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Content-Language: en-US To: bitcoindev@googlegroups.com From: Jonas Nick Subject: [bitcoindev] Shielded CSV: Private and Efficient Client-Side Validation Content-Type: text/plain; charset="UTF-8"; format=flowed X-Original-Sender: jonasdnick@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=CxXYLZa4; spf=pass (google.com: domain of jonasd.nick@gmail.com designates 2a00:1450:4864:20::42b as permitted sender) smtp.mailfrom=jonasd.nick@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) Hello list, We (Liam Eagen, Robin Linus, and I) are pleased to announce the release of the Shielded CSV whitepaper, which describes a private and efficient client-side validation (CSV) protocol. Shielded CSV builds upon previous work proposed on this mailing list, including contributions by Peter Todd [0], RGB [1], Taproot Assets [2], and zkCoins [3]. The whitepaper is available here: https://github.com/ShieldedCSV/ShieldedCSV/releases/latest/download/shieldedcsv.pdf Our work differs from previous approaches in two main aspects: 1. Shielded CSV is defined using the "Proof-Carrying Data" abstraction, which can be instantiated via recursive zkSNARKs or folding schemes. This provides "full" privacy (hiding of the transaction graph) and ensures that coin proofs and verification time are independent of the transaction graph. 2. Instead of using Bitcoin transactions for CSV-payments, a Shielded CSV payment only requires posting 64 bytes of data to the blockchain (regardless of the CSV-transaction size) and a small constant overhead, significantly reducing on-chain cost. The Shielded CSV protocol is currently defined using Rust-based pseudocode. We believe that Shielded CSV is both a promising candidate for implementation and provides an extensible framework for further innovation in the CSV space. We welcome feedback and look forward to discussing and expanding upon this work. [0] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2013-November/003714.html [1] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-April/021554.html [2] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-April/020196.html [3] https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2023-May/021679.html # Abstract Cryptocurrencies allow mutually distrusting users to transact monetary value over the internet without relying on a trusted third party. Bitcoin, the first cryptocurrency, achieved this through a novel protocol used to establish consensus about an ordered transaction history. This requires every transaction to be broadcasted and verified by the network, incurring communication and computational costs. Furthermore, transactions are visible to all nodes of the network, eroding privacy, and are recorded permanently, contributing to increasing storage requirements over time. To limit resource usage of the network, Bitcoin currently supports an average of 11 transactions per second. Most cryptocurrencies today still operate in a substantially similar manner. Private cryptocurrencies like Zcash and Monero address the privacy issue by replacing transactions with proofs of transaction validity. However, this enhanced privacy comes at the cost of increased communication, storage, and computational requirements. Client-Side Validation (CSV) is a paradigm that addresses these issues by removing transaction validation from the blockchain consensus rules. This approach allows sending the coin along with a validity proof directly to its recipient, reducing communication, computation and storage cost. CSV protocols deployed on Bitcoin today~\cite{rgbblackpaper, taprootassets} do not fully leverage the paradigm's potential, as they still necessitate the overhead of publishing ordinary Bitcoin transactions. Moreover, the size of their coin proofs is proportional to the coin's transaction history, and provide limited privacy. A recent improvement is the Intmax2~\cite{rybakken2023intmax2} CSV protocol, which writes significantly less data to the blockchain compared to a blockchain transaction and has succinct coin proofs. In this work, we introduce Shielded CSV, which improves upon state-of-the-art CSV protocols by providing the first construction that offers truly private transactions. It addresses the issues of traditional private cryptocurrency designs by requiring only 64 bytes of data per transaction, called a \emph{nullifier}, to be written to the blockchain. Moreover, for each nullifier in the blockchain, Shielded CSV users only need to perform a single Schnorr signature verification, while non-users can simply ignore this data. The size and verification cost of coin proofs for Shielded CSV receivers is independent of the transaction history. Thus, one application of Shielded CSV is adding privacy to Bitcoin at a rate of 100 transactions per second, provided there is an adequate bridging mechanism to the blockchain. We specify Shielded CSV using the Proof Carrying Data (PCD) abstraction. We then discuss two implementation strategies that we believe to be practical, based on Folding Schemes and Recursive STARKs, respectively. Finally, we propose future extensions, demonstrating the power of the PCD abstraction and the extensibility of Shielded CSV. This highlights the significant potential for further improvements to the Shielded CSV framework and protocols built upon it. -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/bitcoindev/b0afc5f2-4dcc-469d-b952-03eeac6e7d1b%40gmail.com.