Skip to Main content Skip to Navigation
Conference papers

WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited

Georg Fuchsbauer 1, 2
1 CASCADE - Construction and Analysis of Systems for Confidentiality and Authenticity of Data and Entities
DI-ENS - Département d'informatique - ENS Paris, CNRS - Centre National de la Recherche Scientifique : UMR 8548, Inria de Paris
Abstract : While fair exchange of goods is known to be impossible without assuming a trusted party, smart contracts in cryptocurrencies forgo such parties by assuming trust in the currency system. They allow a seller to sell a digital good, which the buyer will obtain if and only if she pays. Zero-knowledge contingent payments(zkCP) show that, despite the limited expressiveness of its scripting language,this is even possible in Bitcoin by using zero-knowledge proofs. At CCS’17, Campanelli, Gennaro, Goldfeder and Nizzardo showed that the zkCP protocol was flawed, in that the buyer could obtain information about the good without paying. They proposed counter-measures to repair zkCP and moreover observed that zkCP cannot be used when a service is sold. They introduce the notion of ZK contingent payments for services and give an instantiation based on a witness-indistinguishable (WI) proof system. We show that the main countermeasures they proposed are not sufficient and present an attack against their fixed zkCP scheme. We also show that their realization of zkCP for services is insecure,as the buyer could learn the desired information (i.e., whether the service was provided) without paying; in particular, we show that WI of the used proof system is not enough
Document type :
Conference papers
Complete list of metadata
Contributor : Georg Fuchsbauer Connect in order to contact the contributor
Submitted on : Thursday, December 5, 2019 - 9:51:15 PM
Last modification on : Friday, January 21, 2022 - 3:19:47 AM




Georg Fuchsbauer. WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited. ACM CCS 2019 - 26th ACM Conference on Computer and Communications Security, Nov 2019, London, United Kingdom. pp.49-62, ⟨10.1145/3319535.3354234⟩. ⟨hal-02396308⟩



Les métriques sont temporairement indisponibles