Lattice RingCT V2.0 with Multiple Input and Multiple Output Wallets

Abstract

This paper presents the Lattice-based Ring Confidential Transactions “Lattice RingCT v2.0” protocol. Unlike the previous Lattice RingCT v1.0 (LRCT v1.0) protocol, the new protocol supports Multiple-Input and Multiple-Output (MIMO) wallets in transactions, and it is a fully functional protocol construction for cryptocurrency applications such as Hcash. Since the MIMO cryptocurrency setting introduces new balance security requirements (and in particular, security against out-of-range amount attacks), we give a refined balance security model to capture such attacks, as well as a refined anonymity model to capture amount privacy attacks. Our protocol extends a previously proposed ring signature scheme in the LRCT v1.0 protocol, to support the MIMO requirements while preserving the post-quantum security guarantees, and uses a lattice-based zero-knowledge range proof to achieve security against out-of-range attacks. Preliminary parameter estimates and signature sizes are proposed as a point of reference for future studies.