Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 76C4ACC6 for ; Fri, 26 Feb 2016 23:07:21 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-ig0-f179.google.com (mail-ig0-f179.google.com [209.85.213.179]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 65E3CE5 for ; Fri, 26 Feb 2016 23:07:20 +0000 (UTC) Received: by mail-ig0-f179.google.com with SMTP id z8so45560010ige.0 for ; Fri, 26 Feb 2016 15:07:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=2FwcvntuvneZAzlAL6gvtrO7L5xDmnZ8iPD7tcqS6I4=; b=TnYUczZA18cmvP1JyvJ6OqzlvCvh9kZrzce7quD2qPnpRBN0IA2pfbMzWEhJQhv86o Lyu6fba3f5j3+f07Ob+8dr9t+j6n8oKmeVENlSGrHP2D7zUOiA8MwOFE/ih0Xa8THbPG jesOq+vXbJjE788xGQw2+5BOLmwg3rJ6rgh05R3SNvn7IjQPiWwPFlty5gbrJPvcN+Qu E4yzpzjN3+NA0PLlew0OHAc7bX2Zs01cWCoWsVSQz1iM5KCJWVdz6q6um1hALFBAgnCj 0tUGf8mhSntxO+VZIovpwaJ1Ee1vK4RTwAtcedPgsAR9V0Miorhn578gH1UaVkxpTft3 xyKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=2FwcvntuvneZAzlAL6gvtrO7L5xDmnZ8iPD7tcqS6I4=; b=k7nHzqpI5obkA9BxC13QkyAzGxsRhONfD+x0zTCFnwIyT43H+YR2FZNWf4qTtdSLKL 2r9GQ/mmEUFZJ8ohRYboWcuowngMxdBgbOj6I67E+OPljqqoDesEAyjBMLLta3v/Cx/Z B4adR9wb8qpe4i8sGAirp01xaIPSsRuTu9Mx4cqMQmwbnqwgHseHJl6doYyQWoLyvXIL t/eeHtuFoZaUrpnnfO5xpbBunL3Bt1sVpLG9VDJjSUMLbuB2SgsKO44a2fVbtUNMDx78 PB7iGKV3PkIFi95edngBVvLu19eD5KMZgAWOMgOakE9HD6iCC/gDl4k11AkZZSSvFXcC DWAQ== X-Gm-Message-State: AD7BkJLKjcE9IcRaSe79JFSvGd4Oxk+4TQgd8whxZ5ysI4wvhQq6eWimzXKCxz89tH2oUeOeEahgxIkwB6quRg== X-Received: by 10.50.29.48 with SMTP id g16mr425934igh.4.1456528039781; Fri, 26 Feb 2016 15:07:19 -0800 (PST) MIME-Version: 1.0 Received: by 10.107.12.216 with HTTP; Fri, 26 Feb 2016 15:06:40 -0800 (PST) In-Reply-To: References: From: Sergio Demian Lerner Date: Fri, 26 Feb 2016 20:06:40 -0300 Message-ID: To: Gregory Maxwell Content-Type: multipart/alternative; boundary=047d7bd756306aac23052cb45ce4 X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org X-Mailman-Approved-At: Fri, 26 Feb 2016 23:16:06 +0000 Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] The first successful Zero-Knowledge Contingent Payment X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Feb 2016 23:07:21 -0000 --047d7bd756306aac23052cb45ce4 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Congratulations! It a property of the SKCP system that the person who performed the trusted setup cannot extract any information from a proof? In other words, is it proven hard to obtain information from a proof by the buyer? On Fri, Feb 26, 2016 at 6:42 PM, Gregory Maxwell via bitcoin-dev < bitcoin-dev@lists.linuxfoundation.org> wrote: > I am happy to announce the first successful Zero-Knowledge Contingent > Payment (ZKCP) on the Bitcoin network. > > ZKCP is a transaction protocol that allows a buyer to purchase > information from a seller using Bitcoin in a manner which is private, > scalable, secure, and which doesn=E2=80=99t require trusting anyone: the > expected information is transferred if and only if the payment is > made. The buyer and seller do not need to trust each other or depend > on arbitration by a third party. > > Imagine a movie-style =E2=80=9Cbriefcase swap=E2=80=9D (one party with a = briefcase > full of cash, another containing secret documents), but without the > potential scenario of one of the cases being filled with shredded > newspaper and the resulting exciting chase scene. > > An example application would be the owners of a particular make of > e-book reader cooperating to purchase the DRM master keys from a > failing manufacturer, so that they could load their own documents on > their readers after the vendor=E2=80=99s servers go offline. This type of= sale > is inherently irreversible, potentially crosses multiple > jurisdictions, and involves parties whose financial stability is > uncertain=E2=80=93meaning that both parties either take a great deal of r= isk > or have to make difficult arrangement. Using a ZKCP avoids the > significant transactional costs involved in a sale which can otherwise > easily go wrong. > > In today=E2=80=99s transaction I purchased a solution to a 16x16 Sudoku p= uzzle > for 0.10 BTC from Sean Bowe, a member of the Zcash team, as part of a > demonstration performed live at Financial Cryptography 2016 in > Barbados. I played my part in the transaction remotely from > California. > > The transfer involved two transactions: > > 8e5df5f792ac4e98cca87f10aba7947337684a5a0a7333ab897fb9c9d616ba9e > 200554139d1e3fe6e499f6ffb0b6e01e706eb8c897293a7f6a26d25e39623fae > > Almost all of the engineering work behind this ZKCP implementation was > done by Sean Bowe, with support from Pieter Wuille, myself, and Madars > Virza. > > > Read more, including technical details at > > https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-= announcement/ > > [I hope to have a ZKCP sudoku buying faucet up shortly. :) ] > _______________________________________________ > bitcoin-dev mailing list > bitcoin-dev@lists.linuxfoundation.org > https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev > --047d7bd756306aac23052cb45ce4 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Congratulations!

It a pr= operty of the SKCP system that the person who performed the trusted setup c= annot extract any information from a proof?

In other words, is= it proven hard to obtain information from a proof by the buyer?
=

On Fri, Feb 26, 2= 016 at 6:42 PM, Gregory Maxwell via bitcoin-dev <bitco= in-dev@lists.linuxfoundation.org> wrote:
I am happy to announce the first successful Zero-Knowledge Co= ntingent
Payment (ZKCP) on the Bitcoin network.

ZKCP is a transaction protocol that allows a buyer to purchase
information from a seller using Bitcoin in a manner which is private,
scalable, secure, and which doesn=E2=80=99t require trusting anyone: the expected information is transferred if and only if the payment is
made. The buyer and seller do not need to trust each other or depend
on arbitration by a third party.

Imagine a movie-style =E2=80=9Cbriefcase swap=E2=80=9D (one party with a br= iefcase
full of cash, another containing secret documents), but without the
potential scenario of one of the cases being filled with shredded
newspaper and the resulting exciting chase scene.

An example application would be the owners of a particular make of
e-book reader cooperating to purchase the DRM master keys from a
failing manufacturer, so that they could load their own documents on
their readers after the vendor=E2=80=99s servers go offline. This type of s= ale
is inherently irreversible, potentially crosses multiple
jurisdictions, and involves parties whose financial stability is
uncertain=E2=80=93meaning that both parties either take a great deal of ris= k
or have to make difficult arrangement. Using a ZKCP avoids the
significant transactional costs involved in a sale which can otherwise
easily go wrong.

In today=E2=80=99s transaction I purchased a solution to a 16x16 Sudoku puz= zle
for 0.10 BTC from Sean Bowe, a member of the Zcash team, as part of a
demonstration performed live at Financial Cryptography 2016 in
Barbados. I played my part in the transaction remotely from
California.

The transfer involved two transactions:

8e5df5f792ac4e98cca87f10aba7947337684a5a0a7333ab897fb9c9d616ba9e
200554139d1e3fe6e499f6ffb0b6e01e706eb8c897293a7f6a26d25e39623fae

Almost all of the engineering work behind this ZKCP implementation was
done by Sean Bowe, with support from Pieter Wuille, myself, and Madars
Virza.


Read more, including technical details at
https://bitcoi= ncore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/

[I hope to have a ZKCP sudoku buying faucet up shortly. :) ]
_______________________________________________
bitcoin-dev mailing list
bitcoin-dev@lists.= linuxfoundation.org
https://lists.linuxfoundation.org/mail= man/listinfo/bitcoin-dev

--047d7bd756306aac23052cb45ce4--