Authors
Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, Luca Nizzardo
Publication date
2017/10/30
Book
Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
Pages
229-243
Description
Zero Knowledge Contingent Payment (ZKCP) protocols allow fair exchange of sold goods and payments over the Bitcoin network. In this paper we point out two main shortcomings of current proposals for ZKCP, and propose ways to address them.
First we show an attack that allows a buyer to learn partial information about the digital good being sold, without paying for it. This break in the zero-knowledge condition of ZKCP is due to the fact that in the protocols we attack, the buyer is allowed to choose common parameters that normally should be selected by a trusted third party. We implemented and tested this attack: we present code that learns, without paying, the value of a Sudoku cell in the "Pay-to-Sudoku" ZKCP implementation. We also present ways to fix this attack that do not require a trusted third party.
Second, we show that ZKCP are not suited for the purchase of digital services} rather than goods. Current …
Scholar articles
M Campanelli, R Gennaro, S Goldfeder, L Nizzardo - Proceedings of the 2017 ACM SIGSAC Conference on …, 2017