„Verifiable Timed Linkable Ring Signatures For Scalable Payments for Monero“ Accepted to ESORICS 2022

Symbolic picture for the article. The link opens the image in a large view.

The paper „Verifiable Timed Linkable Ring Signatures For Scalable Payments for Monero“ has been accepted to 27th European Symposium on Research in Computer Security. This is a joint work of Sri Aravindakrishnan Thyagarajan, Giulio Malavolta, Fritz Schmidt and Dominique Schröder.

Decentralized cryptocurrencies still suffer from three interrelated weaknesses: Low transaction rates, high transaction fees, and long confirmation times. Payment Channels promise to be a solution to these issues, and many constructions for real-life cryptocurrencies, such as Bitcoin, are known. Somewhat surprisingly, no such solution is known for Monero, the largest privacy-preserving cryptocurrency, without requiring system-wide changes like a hard-fork of its blockchain.
In this work, we close this gap by presenting PayMo, the first payment channel protocol that is fully compatible with Monero. PayMo does not require any modification of Monero and can be readily used to perform off-chain payments. Notably, transactions in PayMo are identical to standard transactions in Monero, therefore not hampering the coins’ fungibility. Using PayMo, we also construct the first fully compatible secure atomic-swap protocol for Monero: One can now securely swap a token of Monero with a token of several major cryptocurrencies such as Bitcoin, Ethereum, Ripple, Cardano, etc. Before our work, it was not known how to implement secure atomic swaps protocols for Monero without forcing a hard fork.
Our main technical contribution is a new construction of an efficient verifiable timed linkable ring signature, where signatures can be hidden for a pre-determined amount of time, in a verifiable way. Our scheme is fully compatible with the transaction scheme of Monero and it might be of independent interest.
We implemented PayMo and our results show that, even with high network latency and with a single CPU core, two regular users can perform up to 93500 payments over a span of 2 minutes (the block production rate of Monero). This is approximately five orders of magnitude improvement over the current payment rate of Monero.