Homomorphic Encryption-based Vaults for Anonymous Balances on VM-enabled Blockchains
Xavier Salleras
TL;DR
This paper tackles the privacy challenge of on-chain balances and transaction amounts in VM-enabled blockchains by introducing Haults, a privacy-preserving wallet protocol that keeps balances and transfers confidential while keeping sender/recipient identities visible for compliance. Haults combines ElGamal encryption over elliptic curves with additive homomorphism and zero-knowledge proofs to ensure correct transfers and balance integrity, plus an auditable channel enabling a designated auditor to decrypt transaction amounts. The protocol supports minting, deposits, withdrawals, and force transfers, and includes a modular security analysis against a realistic threat model, as well as a proof-of-concept implementation with benchmarks demonstrating practical performance on consumer hardware. The work provides a practical, privacy-aware foundation for confidential assets in permissioned smart contract environments and offers pathways to extend privacy to external assets like Ether or ERC20 tokens, balancing regulatory requirements with user confidentiality.
Abstract
In this work, we present homomorphic encryption-based vaults (Haults), a permissioned privacy-preserving smart wallet protocol for VM-enabled blockchains that keeps users' balances confidential, as well as the amounts transacted to other parties. To comply with regulations, we include optional compliance features that allow specific entities (the auditors) to retrieve transaction amounts or execute force transfers when necessary. Our solution uses ElGamal over elliptic curves to encrypt balances, combined with zero-knowledge proofs to verify the correctness of transaction amounts and the integrity of the sender's updated balance, among other security checks. We provide a detailed explanation of the protocol, including a security discussion and benchmarks from our proof-of-concept implementation, which yield great results. Beyond in-contract issued tokens, we also provide a thorough explanation on how our solution can be compatible with external ones (e.g., Ether or any ERC20).