Performance Trade-offs in Design of MimbleWimble Proofs of Reserves
Suyash Bagad and Saravanan Vijayakumaran
Abstract: Revelio (CVCBT 2019) is a proof of reserves protocol for MimbleWimble-based cryptocurrencies which provides privacy to a cryptocurrency exchange by hiding the exchange-owned outputs in a larger anonymity set of unspent outputs. A drawback of Revelio is that the proof size scales linearly in the size of the anonymity set. To alleviate this, we design RevelioBP, a Bulletproofs-based proof of reserves protocol with proof sizes which scale logarithmically in the size of the anonymity set. This improvement allows us to use the set of all UTXOs as the anonymity set, resulting in better privacy for the exchange. On the downside, the higher proof generation and verification time of RevelioBP than that of Revelio might affect practical deployment of RevelioBP. Through implementation of RevelioBP, we quantitatively analyse trade-offs in design of MimbleWimble proofs of reserves in terms of scalability and performance. We conclude that unless proof size is a concern for exchanges, Revelio is a marginally better choice for proof of reserves. On the other hand, if an exchange is willing to pay in terms of proof generation time, RevelioBP offers proof sizes significantly smaller than Revelio.
Category / Keywords: applications / Cryptocurrency, MimbleWimble, Grin, Proof of Reserves, Zero-knowledge Argument
Original Publication (with minor differences): IEEE Security & Privacy on the Blockchain 2020
Date: received 29 Jul 2020, last revised 4 Sep 2020
Contact author: suyashnbagad1997 at gmail com,sarva@ee iitb ac in
Available format(s): PDF | BibTeX Citation
Note: Added a section on faster verification of the RevelioBP proof of reserves using a single multi-exponentiation check.
Version: 20200904:140314 (All versions of this report)
Short URL: ia.cr/2020/938