Posted by: koe
December 22, 2021
Seraphis is a 'transaction protocol abstraction' that I have been working on (WIP draft paper available here). As an 'abstraction', Seraphis defines rules about how you can design a real (privacy-focused) transaction protocol without specifying concrete algorithms. For example, RingCT is another protocol abstraction (more or less), and there are different 'real' versions corresponding to signature schemes MLSAG and CLSAG. Seraphis is a candidate model for Monero's next transaction protocol.
Privacy-focused transaction protocols have two core structural rules.How are amounts represented? How are key images (a.k.a. 'linking tags') constructed?
Ever since RingCT was introduced, transaction protocols have had 'hidden amounts' by adopting the Confidential Transactions technique (the CT in RingCT). Key images, however, have seen recent innovations.
Triptych is a fourth-generation privacy-focused transaction protocol (following the Bitcoin, CryptoNote, and then RingCT models) with a new key image construction that permits 'one-of-many proofs' (which behave the same as ring signatures) with significantly better performance for large reference sets (large numbers of decoys) compared to what is possible with CryptoNote/RingCT-style key images. Note that, while the Triptych paper doesn't make a distinction between a 'transaction protocol' and a 'transaction protocol abstraction', Triptych represents a new abstract model following after RingCT.
Seraphis is, similarly, a fourth-generation privacy-focused transaction protocol (abstraction). Also like Triptych, it defines a new key image construction that permits efficient one-of-many proofs. However, there are a number of notable differences between Triptych and Seraphis.<...