Security


RSA (1024bit) keys

Deposits are secured by a public/private key pair and can only be claimed by the owner of the correct combination of passphrase and receiver account

Ring Signatures

A well known cryptographic technique which allows to sign transactions without revealing which key was used to sign

Truly decentralized

TheĀ EOSIO-LockĀ system ensures that no-one can alter the smart contract for a given period of time. The contract’s keys are returned to developers only at specified dates to allow for software upgrades

Introduction

eosBlender’s model is based on Ring Signatures, a well-known cryptographic digital signature scheme already used by many privacy related projects and privacy-preserving cryptocurrencies as Monero.
Users send a given amount to the contract and provide a public key to be assigned to the deposit. The public-private key pairs are generated based on a combination of a passphrase and the receiver’s account name, both specified by the user .
In order to enhance the mixing ability of the protocol, the tool accepts only transfers of amounts limited to a restricted set as {1, 5, 10, 50, 100}.
This setting is aimed at maximizing the number of users transferring the same token quantity. Thus, it avoids any need to obfuscate quantities as transactions are mixed within groups of transfers with the same amount.
Note that the eosBlender service will also provide a functionality to create anonymous EOSIO accounts. Therefore, a user wanting to transfer a different amount of money could initially create an anonymous account and make one or more transfers of the allowed quantities, then use that anonymous account to make payments of the desired amount. This process might leave some change to be added up in next payments, as it often happens when we use cash in our every day lives.

Model

Ring signature schemes allow one single individual to cryptographically sign a given message without disclosing its identity but being able to prove that he’s indeed part of a given group.
In other words, if we take a group of N individuals (ring members), each of whom has its own pair of cryptographic public/private keys, any participant in the group can produce a ring signature such that a verifier can easily prove that it was signed by one of the group members. The verifier will still not be able to tell who the signer is, among the N individuals.

In our setting, a dapp frontend is implemented to assist the user in creating the required ring signature, while a smart contract acts as the verifier. The fact that signatures are verified within a smart contract ensures that the transaction will be conducted according to the specified protocol, that deposits from the senders cannot be diverted without knowing the corresponding private key and that users will not be allowed to double spend their tokens.

To avoid double spending of a given deposit, the model employs a particular kind of ring signatures for which it is possible to publicly link signatures. The property of linkability allows the verifier contract to determine whether any two signatures have been signed with the same private key. The identity of the signer is nevertheless preserved and no additional information is revealed regarding which private/public key pair was used to produce the signature.

The mixing protocol

1. Users send/deposit a token quantity to the smart contract together with a public key.

This is done with a token transfer action:

eosio.token::transfer(from, to, quantity, memo)

In our setting, the memo field will be used to specify the user/deposit’s public key. The contract records each public key in the multi-index table associated to the given amount. For example, if the user deposits 5 EOS, then its public key will be recorded in a table row containing all the public keys for deposits equal to 5 EOS. Within this table, the smart contract will be constructing groups of N ring members. Each group will be assigned a given ring ID. Once a group of N deposits is completed and thus a set of N public keys is available, then the corresponding deposits can be claimed.

2. Users can send a linkable ring signature to claim a given deposit.

To send the signature using one of the ring member’s key together with the receiver account’s name, an apposite action is called on the smart contract:

eosioblender::claim( receiver, ring, … signature …)

This action will not require any particular authority as the signature itself will be sufficient to prove the ownership of a ring member’s private key. The action may therefore be called by the receiver’s account or, alternatively, through an ad-hoc permission available through the frontend so that a sender can indirectly claim the tokens to the receiver’s account without exposing his identity.

3. The smart contract’s claim action verifies the signature and pays the corresponding quantity to the receiver.

Verify that the eosioblender contract is locked and check out the lock-up date on the accountlock1 contract table.