Blockchain, a distributed ledger technology, can potentially be deployed in a wide range of applications. Among these applications, decentralized payment systems (e.g. Bitcoin) have been one of the most mature blockchain applications with widespread adoption. While the early designs (e.g. Bitcoin) are often the currency of choice by cybercriminals (e.g., in ransomware incidents), they only provide pseudo-anonymity, in the sense that anyone can deanonymize Bitcoin transactions by using information in the blockchain. To strengthen the privacy protection of decentralized payment systems, a number of solutions such as Monero and Zerocash have been proposed. However, completely Decentralized Anonymous Payment (DAP) systems can be criminally exploited, for example in online extortion and money laundering activities. Recognizing the importance of regulation, we present a novel definition of Decentralized Conditional Anonymous Payment (DCAP) and describe the corresponding security requirements. In order to construct a concrete DCAP system, we first design a Condition Anonymous Payment (CAP) scheme (based on our proposed signature of knowledge), whose security can be demonstrated under the defined formal semantic and security models. To demonstrate utility, we compare the performance of our proposal with that of Zerocash under the same parameters and testing environment.

中文翻译：

---

DCAP：基于区块链的安全高效的去中心化条件匿名支付系统


区块链是一种分布式账本技术，可以部署在广泛的应用程序中。在这些应用中，去中心化支付系统（例如比特币）已成为最成熟且广泛采用的区块链应用之一。虽然早期的设计（例如比特币）通常是网络犯罪分子（例如在勒索软件事件中）选择的货币，但它们仅提供伪匿名，即任何人都可以通过使用区块链中的信息来对比特币交易进行去匿名化。为了加强去中心化支付系统的隐私保护，门罗币、Zerocash等多种解决方案被提出。然而，完全去中心化的匿名支付（DAP）系统可能会被犯罪分子利用，例如在线勒索和洗钱活动。认识到监管的重要性，我们提出了去中心化有条件匿名支付（DCAP）的新颖定义，并描述了相应的安全要求。为了构建一个具体的DCAP系统，我们首先设计了一个条件匿名支付（CAP）方案（基于我们提出的知识签名），其安全性可以在定义的形式语义和安全模型下得到证明。为了证明实用性，我们在相同的参数和测试环境下将我们的提案的性能与 Zerocash 的性能进行了比较。