tl;dr: UTT is Chaumiam ecash done the right way: efficiently, decentralized and with sensible-anonymity: a user can only send (say) $\$L$ coins per month (assuming a Sybil-resistant proof-of-humanity system). UTT is academic work that started in 2018 at VMware, was rebooted in 2021 and now lives as an eprint1. UTT did see deployment in a testing pilot with Israel’s central bank2$^,$3. Below, I’ll post some links to some slides and talks. Hopefully this will become a full blog post later.
Talks & slides
- SBC’23 slides here
- Stanford Security Seminar slides here
Blogposts
UTT relies on many cryptographic building blocks. Here are relevant blog posts:
Cryptographic primitives at the core of UTT:
- Pedersen commitments — coins are represented as Pedersen commitments to (pid, sn, value)
- Blind and threshold signatures — Chaum’s blind signatures are the foundation of ecash
- Pointcheval-Sanders (PS) signatures — used as the rerandomizable signature scheme for signing coins
- Sigma protocols — used for proving correctness of nullifiers and authorizing spends
- Zero-knowledge proofs — the foundation for transaction privacy
- Anonymous credentials — UTT’s registration credentials are a form of anonymous credential
- Range proofs from polynomial commitments — an alternative approach to range proofs
- DeKART range proofs — used to prove value preservation (no money creation)
- Identity-based encryption (IBE) — used to encrypt coin values to recipients using user-friendly identifiers (e.g., phone numbers)
- ElGamal encryption — related encryption primitive
- Polynomial secret sharing — background on Shamir secret sharing used in threshold cryptography
Relevant blog posts from decentralizedthoughts.github.io:
- A simple zero-knowledge proof — introductory ZK proof concepts
- Simple anonymous payments — a simplified model of anonymous payment systems
Code
There is actually an old public implementation of UTT as a library, initially written by me, which was integrated in VMware’s Concord BFT engine: see https://github.com/vmware/concord-bft/tree/master/utt/libutt
References
For cited works, see below 👇👇
-
UTT: Decentralized Ecash with Accountable Privacy, by Alin Tomescu and Adithya Bhat and Benny Applebaum and Ittai Abraham and Guy Gueta and Benny Pinkas and Avishay Yanai, in Cryptology ePrint Archive, Paper 2022/452, 2022, [URL] ↩
-
Digital Shekel: The Bank of Israel Steering Committee on a Potential Issuance of a Digital Shekel ↩