


























Florian Lugstein, Graz University of Technology
Christian Rechberger, Graz University of Technology, TACEO
Verena Schröppel, Graz University of Technology, TACEO
Fungible tokens on public blockchains expose all balances and transfer amounts in the clear, which is incompatible with the financial privacy required by many real-world applications. We present Merces a confidential token contract that hides user balances and transaction amounts while preserving on-chain verifiability. The core idea is to store secret shares of balances within a decentralized MPC network, while only commitments are published to a smart contract. Thereby, Merces is capable of translating any existing token (e.g., any ERC20 token) into a confidential version. Deposits, withdrawals, and transfers are computed privately within the MPC network, which generates a collaborative SNARK (CoSNARK) to prove the validity of each state transition. In particular, the proof ensures that on-chain commitments are updated consistently and that the sender has sufficient funds. In this paper we give a full formalization of our construction in the Universal Composability (UC) framework, provide rigorous security proofs, and describe a concrete instantiation using Groth16 over BN254 with Poseidon2-based commitments. We further provide a complete end-to-end implementation, accompanied by extensive benchmarks and discussion of a working demo: our system achieves over 300 transactions per second, including proof generation, while requiring only minimal client-side computation.
BibTeX
@misc{cryptoeprint:2026/850,
author = {Daniel Escudero and Florian Lugstein and Christian Rechberger and Verena Schröppel and Roman Walch},
title = {Merces: Confidential Token Transfers via {MPC} and {CoSNARKs}},
howpublished = {Cryptology {ePrint} Archive, Paper 2026/850},
year = {2026},
url = {https://eprint.iacr.org/2026/850}
}
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。