Zero-Knowledge Multi-transfer Based on Range Proofs and Homomorphic Encryption

Zero-knowledge proofs are widely adopted in Confidential Transactions (CTs). In particular, with these proofs, it is possible to prove the validity of transactions without revealing sensitive information. This has become an attractive property in public blockchain where transactions must be publicly verifiable. However, several challenges must be addressed in order not to alter important properties of the blockchain, such as not introducing trusted third parties and/or circuit-dependent trusted setups. Moreover, there are limited proposals working on the standard account model and considering extended payment models where multiple payees are involved in one transaction. With this paper, we first present our concept of Multi-Transfer (MT) in CTs settings, i.e., a transfer that involves multiple payees in a single transaction with privacy guarantees for balances and transfer amounts. Inspired by the work of Zether, we design the MT zero-knowledge proof system, named MTproof, by combining the aggregate version of Bulletproofs and several Σ -Protocols to prove that an MT transaction is legit. We provide concrete evaluations of the MTproof in terms of proof size, prover and verifier execution time.