隨著加密貨幣系統對隱私保護的日益重視，一次性地址已被 Monero 等平台廣泛採用以保護用戶匿名性。然而，現有的可追蹤一次性地址方案（如 Zhao 等人提出的方案）仍然容易受到提權攻擊，當一次性密鑰洩露時，攻擊者能夠重建長期密鑰，進而危及所有相關地址和資金。

為解決此問題，我們提出了一個增強型可追蹤一次性地址方案，該方案能夠容忍衍生密鑰洩露。我們的方案消除了地址生成過程中對安全通道的需求，並提高了用戶端地址識別的效率。我們在隨機預言模型下，基於標準密碼學假設，正式證明了構造的安全性，並通過與現有方法的實驗比較評估其性能。儘管我們的方案在地址生成方面產生了略高的成本，但考慮到其提供的改進安全性和可追蹤性，整體計算開銷仍在可接受範圍內。

With the growing emphasis on privacy in cryptocurrency systems, one-time addresses have been widely adopted by platforms such as Monero to protect user anonymity. However, existing traceable one-time address schemes—such as the one by Zhao et al.—remain vulnerable to privilege escalation attacks, where the leakage of a one-time secret key enables adversaries to reconstruct the long-term secret key, compromising all associated addresses and funds.

To address this problem, we propose an enhanced traceable one-time address scheme that tolerates derived secret key leakage. Our scheme removes the requirement for secure channels during address generation and improves the efficiency of user-side address recognition. We formally prove the security of our construction in the random oracle model under standard cryptographic assumptions, and evaluate its performance through experimental comparison with existing approaches. Although our scheme incurs slightly higher cost in address generation, the overall computational overhead remains acceptable given the improved security and traceability it offers.

[1] Nicolas Van Saberhagen. Cryptonote v 2.0, 2013.

[2] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. Decentralized business review, 2008.

[3] Liutao Zhao, Lin Zhong, and Jiawan Zhang. Traceable one-time address solution to the interactive blockchain for digital museum assets. Information Sciences, 625: 157–174, 2023.

[4] Yu Chen, Xuecheng Ma, Cong Tang, and Man Ho Au. Pgc: Decentralized confidential payment system with auditability. In Computer Security–ESORICS 2020: 25th European Symposium on Research in Computer Security, ESORICS 2020, Guildford, UK, September 14–18, 2020, Proceedings, Part I 25, pages 591–610. Springer, 2020.

[5] Fergal Reid and Martin Harrigan. An analysis of anonymity in the bitcoin system. Springer, 2013.

[6] Dorit Ron and Adi Shamir. Quantitative analysis of the full bitcoin transaction graph. In Financial Cryptography and Data Security: 17th International Conference, FC 2013, Okinawa, Japan, April 1-5, 2013, Revised Selected Papers 17, pages 6–24. Springer, 2013.

[7] Ian Miers, Christina Garman, Matthew Green, and Aviel D Rubin. Zerocoin: Anonymous distributed e-cash from bitcoin. In 2013 IEEE Symposium on Security and Privacy, pages 397–411. IEEE, 2013.

[8] Eli Ben Sasson, Alessandro Chiesa, Christina Garman, Matthew Green, Ian Miers, Eran Tromer, and Madars Virza. Zerocash: Decentralized anonymous payments from bitcoin. In 2014 IEEE symposium on security and privacy, pages 459–474. IEEE, 2014.

[9] Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. Succinct {Non-Interactive} zero knowledge for a von neumann architecture. In 23rd USENIX Security Symposium (USENIX Security 14), pages 781–796, 2014.

[10] Joseph K Liu and Duncan S Wong. Linkable ring signatures: Security models and new schemes. In Computational Science and Its Applications–ICCSA 2005: International Conference, Singapore, May 9-12, 2005, Proceedings, Part II 5, pages 614–623. Springer, 2005.

[11] Shen Noether, Adam Mackenzie, et al. Ring confidential transactions. Ledger, 1: 1–18, 2016.

[12] Shi-Feng Sun, Man Ho Au, Joseph K Liu, and Tsz Hon Yuen. Ringct 2.0: A compact accumulator-based (linkable ring signature) protocol for blockchain cryptocurrency monero. In Computer Security–ESORICS 2017: 22nd European Symposium on Research in Computer Security, Oslo, Norway, September 11-15, 2017, Proceedings, Part II 22, pages 456–474. Springer, 2017.

[13] Chao Lin, Debiao He, Xinyi Huang, Muhammad Khurram Khan, and Kim-Kwang Raymond Choo. Dcap: A secure and efficient decentralized conditional anonymous payment system based on blockchain. IEEE Transactions on Information Forensics and Security, 15:2440–2452, 2020.

[14] Xin Yin, Zhen Liu, Guomin Yang, Guoxing Chen, and Haojin Zhu. Secure hierarchical deterministic wallet supporting stealth address. In European Symposium on Research in Computer Security, pages 89–109. Springer, 2022.

[15] Zhen Liu, Guomin Yang, Duncan S Wong, Khoa Nguyen, Huaxiong Wang, Xiaorong Ke, and Yining Liu. Secure deterministic wallet and stealth address: Key-insulated and privacy-preserving signature scheme with publicly derived public key. IEEE Transactions on Dependable and Secure Computing, 19(5):2934–2951, 2021.

[16] Dan Boneh and Matt Franklin. Identity-based encryption from the weil pairing. In Annual international cryptology conference, pages 213–229. Springer, 2001.

[17] Whitfield Diffie and Martin Hellman. New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, 1976.

[18] Brent Waters. Efficient identity-based encryption without random oracles. In Annual international conference on the theory and applications of cryptographic techniques, pages 114–127. Springer, 2005.

[19] Mihir Bellare and Gregory Neven. Multi-signatures in the plain public-key model and a general forking lemma. In Proceedings of the 13th ACM conference on Computer and communications security, pages 390–399, 2006.

[20] Junke Duan, Licheng Wang, Wei Wang, and Lize Gu. Trct: A traceable anonymous transaction protocol for blockchain. IEEE Transactions on Information Forensics and Security, 18:4391–4405, 2023.