Whitepaper

Technical details of our implementation

Introduction:

Hurricash implements a PulseChain ring signature privacy solution: a smart contract that accepts transactions in Pulse (in future also in ERC-20 tokens) so that the amount can be later withdrawn with no reference to the original owner address.

Protocol description:

The protocol has the following functionality:

Insert/deposit money to the smart contract. This can be done in a single transaction with a fixed amount (denoted by N) of Pulse. The destination address is predetermined and a N-PLS note is collected by the protocol user and saved for a later date.

Remove/withdraw money from the smart contract can be done in 2 ways:

1. The N PLS is withdrawn through a Relayer with f PLS sent as a fee to the Relayer address t and (N - f) to the designated recipient. The value f and t is decided by the sender. In this case the withdraw transaction is initiated by the Relayer and it pays the gas fee that is supposed to be covered by f.

2. The N PLS is withdrawn to the predetermined recipient, the transaction is initiated by the recipient. The recipient should have enough GAS to pay for the withdrawal fees.

Setup:

Hurricash utilizes parts of CryptoNote to enable zero-knowledge proof transactions. This process requires the use of a public key signature by the receiver address in order to withdraw the funds maximizing security while maintaining anonymity and protecting the protocol from double spend attacks.

The protocol utilizes Ring Signatures using the following mathematic algorithm:

$V(1k,L,m,S(1k, ˆs,L,m)) = 1$

For more specific information please refer to the following documentation here.

Additionally pseudo-stealth addresses are used to achieve its zero-knowledge properties. The deployed smart contract handles the signature verification, while the client is responsible for generating the pseudo-stealth address.

Diagram representing anonymous ring signature protocol. Signature verification is processed by smart contracts. 1/N chance of guessing the receiver where N is the number of ring participants.

Users are given a note which must be saved and match the corresponding receiver wallet address.

Loss of the token/note will result in permanent loss of funds. User assumes full responsibility and should use the protocol with caution and at their own risk.

Security Claims:

Hurricash claims the following security properties:

• Only tokens deposited into the contract can be withdrawn

• No coin can be withdrawn twice

• Any coin can be withdrawn once if the matching parameters are met

• The proof is binding, one cannot use the same proof with a different nullifier hash

• The cryptographic primitives used by Hurricash have at least 100-bit security

• Hurricash does not rely on any outside infrastructure making the core protocol impossible to go down or be tampered with. Users can host and use their own relayers.