passerby, and other users and some people that visited my blog post (http://bitslog.wordpress.com/2011/09/17/total-anonymization-vs-bitcoin-pseudonymous/
) have asked me how a peer to peer system with total anonymization may actually work.
Since I have very little time to finish the paper now I will publish the key design points. The system is called APPECoin
(Anonymous Peer-to-Peer electronic Coin). Anonymization is based on these premises:
1) Untraceable tokens
: When user A sends a token X to user B, he just publish the fact in a signed transaction, as in Bitcoin. The miners, at periodic intervals, shuffle all (or a sub-set of) the existent tokens by re-encryption. The shuffle protocol (and encryption algorithm) has a designed "backdoor" so each owner knows exactly which are the re-encryption tokens of his own original tokens, but not the tokens from the other users. Miners shuffle are proven by Zero knowledge proofs, so no token can be added or removed by the miner. After shuffles, all token identifiers change, but still no cheating can occur. A user can have a high confidence his tokens have been anonymized after several rounds of shuffles (like confirmations) and the shuffling by at least one honest miner.
Suppose that after the shuffle, token X is now token Y. If B sends the token Y (ex-X) to C, then nobody knows that is the same token X that was given by A.
2) Unlikeable user accounts
: Destinations addresses are re-encyrpted in each transaction (a crypto masking) so when A sends a token to B, nobody knows he is using B's public key, but still B can identify he is the destination of the transaction and accept the token.
3) Private transaction amounts
: The value hidden in each token in the network is unknown until you receive the token and open it. Only tokens created by coinbase have publicly known value, until they are shuffled for the first time.
4) Private account balances
: You cannot group tokens by signature address, nor you can infer how much money or how many tokens a certain user has. Tokens can be divided or combined by a special transaction without disclosing the tokens amounts (division/combination is done using Zero knowledge proofs). You can re-combine tokens securely so you have enough "change".
The system uses an accounting system similar to the txout tracing system that Bitcoin use. Also users can shuffle their own tokens securely publishing a ZNP or use a shuffling service, as in Bitcoin. The advantage is that, as amounts are unknown, the shuffling service leaks very few information about the permutation.
Nevertheless there are a few disadvantages of the system:
- In the long term transaction fees will be higher than in Bitcoin, since messages tend to be larger and the system demands more CPU from nodes to verify miners shuffles.
- As a result, the maximum transaction rate could be lower than in Bitcoin. This is not necessary so, because many other factors alter transaction rate, such as the performance of the signature algorithm chosen.
These design key points [not the full design]
were also published in my blog (http://bitslog.wordpress.com/2012/07/27/appecoin-anonymous-peer-to-peer-electronic-coin-design/
PS: If you like APPECoin and want me to keep on working it, I accept donations or funding, since I don't have much spare time now!