Privacy-Preserving Payment Splitting

TL;DR

This paper introduces a privacy-preserving payment splitting app that ensures user transaction confidentiality, integrity, and efficiency, using minimal cryptography and providing practical performance on mobile devices.

Contribution

It presents a novel protocol that maintains privacy and integrity in group payments without server-side cryptography, suitable for real-world mobile applications.

Findings

Fewer than 50 ms per round on user devices

Less than 300 microseconds per round on the server

Achieves privacy, integrity, and scalability in payment splitting

Abstract

Widely used payment splitting apps allow members of a group to keep track of debts between members by sending charges for expenses paid by one member on behalf of others. While offering a great deal of convenience, these apps gain access to sensitive data on users' financial transactions. In this paper, we present a payment splitting app that hides all transaction data within a group from the service provider, provides privacy protections between users in a group, and provides integrity against malicious users or even a malicious server. The core protocol proceeds in a series of rounds in which users either submit real data or cover traffic, and the server blindly updates balances, informs users of charges, and computes integrity checks on user-submitted data. Our protocol requires no cryptographic operations on the server, and after a group's initial setup, the only cryptographic tool users need is AES. We implement the payment splitting protocol as an Android app and the accompanying server. We find that, for realistic group sizes, it requires fewer than 50 milliseconds per round of computation on a user's phone and the server requires fewer than 300 microseconds per round for each group, meaning that our protocol enjoys excellent performance and scalability properties.