Toxic Decoys: A Path to Scaling Privacy-Preserving Cryptocurrencies
Authors: Christian Cachin (University of Bern), François-Xavier Wicht (University of Bern)
Volume: 2025
Issue: 4
Pages: 926–943
DOI: https://doi.org/10.56553/popets-2025-0165
Abstract: Anonymous cryptocurrencies attracted much attention over the past decade, yet ensuring both integrity and privacy in an open system remains challenging. Their transactions preserve privacy because they do not reveal on which earlier transaction they depend, specifically which outputs of previous transactions are spent. However, achieving privacy imposes a significant storage overhead due to two current limitations. First, the set of potentially unspent outputs of transactions grows indefinitely because the design hides cryptographically which one have been consumed; and, second, additional data must be stored for each spent output to ensure integrity, that is, to prevent that it can be spent again. We introduce a privacy-preserving payment scheme that mitigates these issues by randomly partitioning unspent outputs into fixed-size bins. Once a bin has been referenced in as many transactions as its size, it is pruned from the ledger. This approach reduces storage overhead while preserving privacy. We first highlight the scalability benefits of using smaller untraceability sets instead of considering the entire set of outputs, as done in several privacy-preserving cryptocurrencies. We then formalize the security and privacy notions required for a scalable, privacy-preserving payment system and analyze how randomized partitioning plays a key role in both untraceability and scalability. To instantiate our approach, we provide a construction based on Merkle trees, which ensures efficient argument systems and easy pruning of the state. We finally show the storage benefits of our scheme and analyze its resilience against large-scale flooding attacks using empirical transaction data.
Keywords: Privacy-preserving, Cryptocurrency, Untrceability, Unpredictability, Confidentiality, Blockchain, Randomized, Partitioning, Anonymous
Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.
