Author: Tier Nolan 2016-02-26 23:33:51
Published on: 2016-02-26T23:33:51+00:00
Recently, discussions have been taking place regarding atomic cross-chain transfers between Bitcoin and legacy altcoins. A legacy altcoin is one that has strict IsStandard() rules and none of the advanced script opcodes. For this purpose, Bob has to send Alice a pair [hash_of_bob_private_key, bob_public_key], and prove that the hash is actually the result of hashing the private key that matches bob_public_key. This can be achieved with a cut-and-choose scheme, which uses a fee so that an attacker loses money on average. However, it is vulnerable to an attacker who doesn't mind losing money as long as the target loses money too. It is required that Bob proves that he has an x such that xG = hash(x) = hash_of_bob_private_key. It is questioned whether the scheme is fast enough such that an elliptic curve multiply would be feasible. The discussion took place via Bitcoin-dev mailing list. A Zero-Knowledge Contingent Payment (ZKCP) on the Bitcoin network was successfully demonstrated by Gregory Maxwell, wherein a transaction protocol allowed a buyer to purchase information from a seller using Bitcoin in a manner that is private, scalable, secure, and doesn’t require trusting anyone; the expected information is transferred if and only if the payment is made. The buyer and seller do not need to trust each other or depend on arbitration by a third party. ZKCP avoids significant transactional costs involved in a sale which can otherwise easily go wrong. In this demonstration, Gregory purchased a solution to a 16x16 Sudoku puzzle for 0.10 BTC from Sean Bowe, a member of the Zcash team, performed live at Financial Cryptography 2016 in Barbados. The transfer involved two transactions. Almost all of the engineering work behind this ZKCP implementation was done by Sean Bowe, with support from Pieter Wuille, Gregory Maxwell, and Madars Virza.
Updated on: 2023-06-11T04:11:25.106855+00:00