Unlinkable Policy-Compliant Signatures for Compliant and Decentralized Anonymous Payments

• Flagship cryptocurrencies like Bitcoin and Ethereum do not preserve users’ privacy.
• Privacy-preserving cryptocurrencies like Monero and Zcash hide transaction details and protect the anonymity of involved parties.
• As we have seen before in Tornado cash, such schemes fail to enforce accountability, making them a suitable platform for illicit activities such as money laundering and terrorist funding.
• A natural question then arises: how can we ensure that regulations are imposed without compromising the privacy of users?
• We propose an advanced signature scheme that enables joint policy (both sender and receiver attributes are important) without tracing.
• A signature is valid only if the signer knows the secret key and the policy is fulfilled.
• Unforgeability of this signature guarantees no adversary can come up with a valid signature without satisfying both of these conditions.
• To make these signatures compatible with Decentralized Anonymous Payments (DAP), any signature must be unlinkable from past or future signatures.

Download