您所在的位置: 首页 >> 学术活动 >> 正文

学术活动

Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services
发布时间:2017-10-21     来源:太阳成集团tyc4633   分享到:

报告题目: Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services

报告人: Rosario Gennaro 教授

时间: 2017年10月21日 14:00-15:30

地点: 文津楼三段 622报告厅

摘要: Zero Knowledge Contingent Payment (ZKCP) protocols allow fair exchange of sold goods and payments over the Bitcoin network. In this talk we point out two main shortcomings of current proposals for ZKCP.

First we show an attack that allows a buyer to learn partial information about the digital good being sold, without paying for it. This break in the zero-knowledge condition of ZKCP is due to the fact that in the protocols we attack, the buyer is allowed to choose common parameters that normally should be selected by a trusted third party. We present ways to fix this attack that do not require a trusted third party. Second, we show that ZKCP are not suited for the purchase of digital services rather than goods. Current constructions of ZKCP do not allow a seller to receive payments after proving that a certain service has been rendered, but only for the sale of a specific digital good. We define the notion of Zero-Knowledge Contingent Service Payment (ZKCSP) protocols and construct two new protocols, for either public or private verification.

We implemented and tested the attack on ZKCP, and our two new ZKCSP protocols, showing their feasibility for very realistic examples. We present code that learns, without paying, the value of a Sudoku cell in the "Pay-to-Sudoku" ZKCP implementation. We also implement ZKCSP protocols for the case of Proof of Retrievability, where a client pays the server for providing a proof that the client's data is correctly stored by the server. A side product of our implementation effort is a new optimized circuit for SHA256 with less than a quarter than the number of AND gates of the best previously publicly available one. Our new SHA256 circuit may be of independent use for circuit-based MPC and FHE protocols that require SHA256 circuits.

Paper to appear at ACM CCS 2017. Joint work with Matteo Campanelli, Steven Goldfeder and Luca Nizzardo

 

个人介绍: Rosario Gennaro is the Director at the Center for Algorithms and Interactive Scientific Software at The City College of New York. He has a 20 year career in cryptography and security. His research focuses on verifiable computation, threshold and proactive security and distributed cryptographic protocols.