Privacy Notions

WIP

A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management (Version v0.34 Aug. 10, 2010)

Andreas Pfitzmann (TU Dresden), Marit Hansen (ULD, Kiel)

Zexe: Enabling Decentralized Private Computation

S&P'20, SBC'19 Video, GitHub

• Execution correctness. Malicious parties cannot create valid transactions if the death predicate of some consumed record or the birth predicate of some created record is not satisfied.

• Execution privacy. Transactions reveal only the information revealed in the memorandum field, a bound on the number of consumed records, and a bound on the number of created records.6 All other information is hidden, including the payloads and predicates of all involved records. For example, putting aside the information revealed in the memorandum (which is arbitrary), one cannot link a transaction that consumes a record with the prior transaction that created it.

• Consumability. Every record can be consumed at least once and at most once by parties that know its secrets. Thus, a malicious party cannot create two valid records for another party such that only one of them can be consumed. (This captures security against “faerie-gold” attacks HBHW18.)

• Transaction non-malleability. Malicious parties cannot modify a transaction “in flight” to the ledger

Anonymous Multi-Hop Locks for Blockchain Scalability and Interoperability

NDSS'19

Section D. Comparison of Privacy Notions and Guarantees for payment channel networks

Quisquis: A New Design for Anonymous Cryptocurrencies

ASIACRYPTO'19, SBC'19 Slide Video

Denition 4. Anonymity holds if no PPT A has non-negligible advantage in the anonymity game.