Skip to content
ShareLock: mixing for cryptocurrencies from multiparty ECDSA
JavaScript Solidity
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
build/contracts Bugs fixed spotted by Harry May 24, 2019
contracts Bugs fixed spotted by Harry May 24, 2019
migrations Proof of concept contract implementation added May 22, 2019
th-ECDSA @ 769358d
.gitmodules adding th-ecdsa May 22, 2019 Update Jun 9, 2019
package.json Proof of concept contract implementation added May 22, 2019
truffle-config.js Proof of concept contract implementation added May 22, 2019


Mixing for Cryptocurrencies from Multiparty ECDSA (

Privacy issues on blockchains

On blockchains all transaction data is public. If any of one's unique identifier (name, e-mail, Twitter handle) is linked to one of her on-chain addresses, then financial privacy is permanently lost. The loss of financial privacy allows an attacker to assess the wealth of an individual, company or organization. Moreover, also the consumption behaviour of an individiual or company might be revealed this way: how much they pay to suppliers, employees etc.

ShareLock protocol

Participants deposit to a contract, then they run off-chain a distributed key generation (DKG) protocol and threshold sign the list of the addresses derived from the threshold public keys. Any of the participants, or say a wallet company, we call this party an activator could poke the contract with the threshold signed transaction to make the contract sending out the mixed coins to the addresses yielded from the DKG.

If parties are unable to threshold sign the “poke” transaction, then after a time-out they are able to withdraw their dirty coins (unmixed) back to their original addresses.

Since security is proven in the UC framework one could just pick her favourite threshold ECDSA protocol. In the paper we sticked to the GG’19 paper. However one could also use threshold BLS in order to avoid interactivity in the off-chain signing phase.

Advantages over other constructions

Most of other constructions, Miximus and Vitalik's proposal, use zkSNARK proofs, therefore they rely on a trusted setup. All of the other constructions use tremendous amount of gas: Miximus requires cca. 2M gas for the withdrawal tx, Möbius needs 350,000n gas for the witdhrawal tx, where n is cardinality of the anonymity set. On the other hand ShareLock uses minimal resources of the blockchain, while not relying on a trusted setup.

Contact us!

Feel free to reach out or join the KZen Research Telegram for discussions on code and research.

You can’t perform that action at this time.