I have a decentralized coin system that I am trying to develop.
Each coin can be split up into 1,000,000 units.
I've been looking for a quantum-safe and practical (efficient) algorithm to send fractions of a coin between peers, so that other than the two peers that participate in the transaction, nobody could tell the amount of the transaction (i.e. a third party could not tell if it was 0.1, 0.4, 0.55874, etc being sent).
Pay attention that the amount in the transactions that I want to hide is always a fraction of a coin, i.e. less than 1.
Fractions of one coin are not all sent at the same time. This means, for example, that we don't send 0.6, 0.25, 0.15 of one coin in 3 different transactions at about the same time. Instead, there may pass a long time before we create a new transaction to send the next fraction out of the remaining value of the coin that we still own.
(If all the fractions of one coin were sent in one or several transactions at the same time, I think that there is a simple way to hide the amounts information).
Also, the algorithm should guarantee that no new amount of money is created by the transaction.
The algorithm should also not expose the identity of the peers participating in the transaction, if possible.
I have read about several systems that can do such a thing, however it seems like the algorithms they are using are not quantum-safe.
Any ideas how to do something like this?
More details:
I was asked to specify quantum-unsafe systems, and other ideas, that I had looked into.
Here is a summary of those systems and ideas:
I've looked into the family of privacy coins, particularly Monero. Often each coin uses different techniques, but usually they are not quantum-safe. Please correct me if I have overlooked anything in this area.
On the side "Related" column you can see a related question, Is it possible to create a zero-knowledge proof that a number is more than zero, and less than x?, which links to other related answers and resources. Of course, many of these ideas are used in the various privacy coins that I referred to in (1).
I've also looked into homomorphic encryption (it seems like all the fully homomorphic implementations known today are quantum-safe -- correct me if I am wrong), but I've found it complicated to use, especially with large numbers. Also I am not sure it can resist an attack in this case, e.g. by brute-force -- because I was not able to make it work with numbers that are large enough.
Pay attention that if I try the "homomorphic encryption" way to hide the amounts, then I also need to find a quantum-safe ZKP to prove that all the (hidden) output amounts are non-negative. In Monero (for example), this is done by bulletproofs, which seems to be quantum-unsafe.
If you think you know how to solve my question by using homomorphic encryption, please let me know.
