research-article

Open access

WI is Almost Enough: Contingent Payment All Over Again

Authors:

Miguel Ambrona,

Masayuki AbeAuthors Info & Claims

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

Pages 641 - 656

https://doi.org/10.1145/3372297.3417888

Published: 02 November 2020 Publication History

Abstract

The problem of fair exchange consists of interchanging goods between two parties that do not trust each other. Despite known impossibility results, recent works leverage the block-chain and zero-knowledge proofs to implement zero-knowledge contingent payment (zkCP) systems that make fair exchange of digital goods possible. Implementing these systems in a secure and efficient way is a big challenge, as evidenced by several unsuccessful attempts from the literature. Campanelli et al. (ACM CCS 2017) discovered a vulnerability on an existing zkCP proposal based on SNARKs (succinct non-interactive arguments of knowledge) and suggested several repairs. Fuchsbauer (ACM CCS 2019) found a flaw in the mentioned countermeasures. In particular, he showed that witness-indistinguishability (WI) is not sufficient for the zkCP schemes proposed by Campanelli et al. to be secure. In this work, we observe that a slightly stronger notion of WI, that we coin trapdoor subversion WI (tS-WI), rules out Fuchsbauer's attack. We formally define security properties for CP systems and show that, under tS-WI, Campanelli et al.'s proposal indeed satisfies these properties. Additionally, we explore alternative approaches to implement ZK (other than SNARKs) and develop a prototype, using it to demonstrate their potential. Our new ideas result in a protocol to sell ECDSA signatures with contingent payment that can be executed in less than $150$ milliseconds over a LAN network.

Supplementary Material

MOV File (Copy of CCS2020_fpc486_KyNguyenNgoc - Brian Hollendyke.mov)

Presentation video

Download
241.72 MB

References

[1]

Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, and Lukasz Mazurek. 2014. Fair Two-Party Computations via Bitcoin Deposits. In FC 2014 Workshops (LNCS, Vol. 8438), Rainer Böhme, Michael Brenner, Tyler Moore, and Matthew Smith (Eds.). Springer, Heidelberg, 105--121. https://doi.org/10.1007/978--3--662--44774--1_8

[2]

Marcin Andrychowicz, Stefan Dziembowski, Daniel Malinowski, and Lukasz Mazurek. 2015. On the Malleability of Bitcoin Transactions. In FC 2015 Workshops (LNCS, Vol. 8976), Michael Brenner, Nicolas Christin, Benjamin Johnson, and Kurt Rohloff (Eds.). Springer, Heidelberg, 1--18. https://doi.org/10.1007/978--3--662--48051--9_1

[3]

D. F. Aranha et al. [n.d.]. RELIC is an Efficient LIbrary for Cryptography. https://github.com/relic-toolkit/relic.

[4]

Gilad Asharov, Yehuda Lindell, Thomas Schneider, and Michael Zohner. 2013. More efficient oblivious transfer and extensions for faster secure computation. In ACM CCS 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 535--548. https://doi.org/10.1145/2508859.2516738

Digital Library

[5]

Gilad Asharov, Yehuda Lindell, Thomas Schneider, and Michael Zohner. 2017. More Efficient Oblivious Transfer Extensions. Journal of Cryptology, Vol. 30, 3 (July 2017), 805--858. https://doi.org/10.1007/s00145-016--9236--6

Digital Library

[6]

Waclaw Banasik, Stefan Dziembowski, and Daniel Malinowski. 2016. Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts. In ESORICS 2016, Part II (LNCS, Vol. 9879), Ioannis G. Askoxylakis, Sotiris Ioannidis, Sokratis K. Katsikas, and Catherine A. Meadows (Eds.). Springer, Heidelberg, 261--280. https://doi.org/10.1007/978--3--319--45741--3_14

[7]

Mihir Bellare, Georg Fuchsbauer, and Alessandra Scafuro. 2016. NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion. In ASIACRYPT 2016, Part II (LNCS, Vol. 10032), Jung Hee Cheon and Tsuyoshi Takagi (Eds.). Springer, Heidelberg, 777--804. https://doi.org/10.1007/978--3--662--53890--6_26

Digital Library

[8]

Mihir Bellare, Viet Tung Hoang, and Phillip Rogaway. 2012. Foundations of garbled circuits. In ACM CCS 2012, Ting Yu, George Danezis, and Virgil D. Gligor (Eds.). ACM Press, 784--796. https://doi.org/10.1145/2382196.2382279

Digital Library

[9]

Mihir Bellare and Gregory Neven. 2006. Multi-signatures in the plain public-Key model and a general forking lemma. In ACM CCS 2006, Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati (Eds.). ACM Press, 390--399. https://doi.org/10.1145/1180405.1180453

Digital Library

[10]

Mihir Bellare and Phillip Rogaway. 1993. Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In ACM CCS 93, Dorothy E. Denning, Raymond Pyle, Ravi Ganesan, Ravi S. Sandhu, and Victoria Ashby (Eds.). ACM Press, 62--73. https://doi.org/10.1145/168588.168596

Digital Library

[11]

Eli Ben-Sasson, Alessandro Chiesa, Matthew Green, Eran Tromer, and Madars Virza. 2015. Secure Sampling of Public Parameters for Succinct Zero Knowledge Proofs. In 2015 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 287--304. https://doi.org/10.1109/SP.2015.25

[12]

Eli Ben-Sasson, Alessandro Chiesa, Eran Tromer, and Madars Virza. 2014. Scalable Zero Knowledge via Cycles of Elliptic Curves. In CRYPTO 2014, Part II (LNCS, Vol. 8617), Juan A. Garay and Rosario Gennaro (Eds.). Springer, Heidelberg, 276--294. https://doi.org/10.1007/978--3--662--44381--1_16

[13]

Manuel Blum, Paul Feldman, and Silvio Micali. 1988. Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract). In 20th ACM STOC. ACM Press, 103--112. https://doi.org/10.1145/62212.62222

Digital Library

[14]

Sean Bowe. 2016. Pay-to-sudoku. https://github.com/zcash-hackworks/pay-to-sudoku.

[15]

Sean Bowe, Ariel Gabizon, and Matthew D. Green. 2019. A Multi-party Protocol for Constructing the Public Parameters of the Pinocchio zk-SNARK. In FC 2018 Workshops (LNCS, Vol. 10958), Aviv Zohar, Ittay Eyal, Vanessa Teague, Jeremy Clark, Andrea Bracciali, Federico Pintore, and Massimiliano Sala (Eds.). Springer, Heidelberg, 64--77. https://doi.org/10.1007/978--3--662--58820--8_5

[16]

Vitalik Buterin. 2013. A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper. White Paper, Vol. 3 (2013). Issue 37.

[17]

Jan Camenisch and Markus Stadler. 1997. Proof Systems for General Statements about Discrete Logarithms.

[18]

Matteo Campanelli, Rosario Gennaro, Steven Goldfeder, and Luca Nizzardo. 2017. Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services. In ACM CCS 2017, Bhavani M. Thuraisingham, David Evans, Tal Malkin, and Dongyan Xu (Eds.). ACM Press, 229--243. https://doi.org/10.1145/3133956.3134060

Digital Library

[19]

Melissa Chase, Chaya Ganesh, and Payman Mohassel. 2016. Efficient Zero-Knowledge Proof of Algebraic and Non-Algebraic Statements with Applications to Privacy Preserving Credentials. In CRYPTO 2016, Part III (LNCS, Vol. 9816), Matthew Robshaw and Jonathan Katz (Eds.). Springer, Heidelberg, 499--530. https://doi.org/10.1007/978--3--662--53015--3_18

Digital Library

[20]

Tung Chou and Claudio Orlandi. 2015. The Simplest Protocol for Oblivious Transfer. In LATINCRYPT 2015 (LNCS, Vol. 9230), Kristin E. Lauter and Francisco Rodr'iguez-Henr'iquez (Eds.). Springer, Heidelberg, 40--58. https://doi.org/10.1007/978--3--319--22174--8_3

[21]

Richard Cleve. 1986. Limits on the Security of Coin Flips when Half the Processors Are Faulty (Extended Abstract). In 18th ACM STOC. ACM Press, 364--369. https://doi.org/10.1145/12130.12168

Digital Library

[22]

Ronald Cramer. 1997. Modular Design of Secure yet Practical Cryptographic Protocols. Ph.D. Dissertation. University of Amsterdam.

[23]

George Danezis, Cédric Fournet, Jens Groth, and Markulf Kohlweiss. 2014. Square Span Programs with Applications to Succinct NIZK Arguments. In ASIACRYPT 2014, Part I (LNCS, Vol. 8873), Palash Sarkar and Tetsu Iwata (Eds.). Springer, Heidelberg, 532--550. https://doi.org/10.1007/978--3--662--45611--8_28

[24]

Alex Escala, Gottfried Herold, Eike Kiltz, Carla Ràfols, and Jorge Villar. 2013. An Algebraic Framework for Diffie-Hellman Assumptions. In CRYPTO 2013, Part II (LNCS, Vol. 8043), Ran Canetti and Juan A. Garay (Eds.). Springer, Heidelberg, 129--147. https://doi.org/10.1007/978--3--642--40084--1_8

[25]

Uriel Feige and Adi Shamir. 1990. Witness Indistinguishable and Witness Hiding Protocols. In 22nd ACM STOC. ACM Press, 416--426. https://doi.org/10.1145/100216.100272

[26]

Georg Fuchsbauer. 2018. Subversion-Zero-Knowledge SNARKs. In PKC 2018, Part I (LNCS, Vol. 10769), Michel Abdalla and Ricardo Dahab (Eds.). Springer, Heidelberg, 315--347. https://doi.org/10.1007/978--3--319--76578--5_11

[27]

Georg Fuchsbauer. 2019. WI Is Not Enough: Zero-Knowledge Contingent (Service) Payments Revisited. In ACM CCS 2019, Lorenzo Cavallaro, Johannes Kinder, XiaoFeng Wang, and Jonathan Katz (Eds.). ACM Press, 49--62. https://doi.org/10.1145/3319535.3354234

Digital Library

[28]

Ariel Gabizon. 2019. On the security of the BCTV Pinocchio zk-SNARK variant. Cryptology ePrint Archive, Report 2019/119. https://eprint.iacr.org/2019/119.

[29]

Rosario Gennaro, Craig Gentry, Bryan Parno, and Mariana Raykova. 2013. Quadratic Span Programs and Succinct NIZKs without PCPs. In EUROCRYPT 2013 (LNCS, Vol. 7881), Thomas Johansson and Phong Q. Nguyen (Eds.). Springer, Heidelberg, 626--645. https://doi.org/10.1007/978--3--642--38348--9_37

[30]

Oded Goldreich and Yair Oren. 1994. Definitions and Properties of Zero-Knowledge Proof Systems. Journal of Cryptology, Vol. 7, 1 (Dec. 1994), 1--32. https://doi.org/10.1007/BF00195207

Digital Library

[31]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1985. The Knowledge Complexity of Interactive Proof-Systems (Extended Abstract). In 17th ACM STOC. ACM Press, 291--304. https://doi.org/10.1145/22145.22178

Digital Library

[32]

Shafi Goldwasser, Silvio Micali, and Charles Rackoff. 1989. The Knowledge Complexity of Interactive Proof Systems. SIAM J. Comput., Vol. 18, 1 (1989), 186--208.

Digital Library

[33]

Jens Groth. 2016. On the Size of Pairing-Based Non-interactive Arguments. In EUROCRYPT 2016, Part II (LNCS, Vol. 9666), Marc Fischlin and Jean-Sébastien Coron (Eds.). Springer, Heidelberg, 305--326. https://doi.org/10.1007/978--3--662--49896--5_11

[34]

Jens Groth and Markulf Kohlweiss. 2015. One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin. In EUROCRYPT 2015, Part II (LNCS, Vol. 9057), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 253--280. https://doi.org/10.1007/978--3--662--46803--6_9

[35]

Marek Jawurek, Florian Kerschbaum, and Claudio Orlandi. 2013. Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently. In ACM CCS 2013, Ahmad-Reza Sadeghi, Virgil D. Gligor, and Moti Yung (Eds.). ACM Press, 955--966. https://doi.org/10.1145/2508859.2516662

Digital Library

[36]

Gregory Maxwell. 2011. Zero Knowledge Contingent Payment. https://en.bitcoin.it/wiki/Zero_Knowledge_Contingent_Payment.

[37]

Satoshi Nakamoto. 2009. Bitcoin: A Peer-to-Peer Electronic Cash System. Cryptography Mailing list at https://metzdowd.com (03 2009).

[38]

Bryan Parno, Jon Howell, Craig Gentry, and Mariana Raykova. 2013. Pinocchio: Nearly Practical Verifiable Computation. In 2013 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 238--252. https://doi.org/10.1109/SP.2013.47

[39]

David Pointcheval and Jacques Stern. 2000. Security Arguments for Digital Signatures and Blind Signatures. Journal of Cryptology, Vol. 13, 3 (June 2000), 361--396. https://doi.org/10.1007/s001450010003

Digital Library

[40]

Claus-Peter Schnorr. 1991. Efficient Signature Generation by Smart Cards. Journal of Cryptology, Vol. 4, 3 (Jan. 1991), 161--174. https://doi.org/10.1007/BF00196725

Digital Library

[41]

Nick Szabo. 1997. Formalizing and Securing Relationships on Public Networks. https://firstmonday.org/ojs/index.php/fm/article/view/548. First Monday, Vol. 2, 9 (Sep. 1997). https://doi.org/10.5210/fm.v2i9.548

[42]

Florian Tramer, Fan Zhang, Huang Lin, Jean-Pierre Hubaux, Ari Juels, and Elaine Shi. 2016. Sealed-Glass Proofs: Using Transparent Enclaves to Prove and Sell Knowledge. Cryptology ePrint Archive, Report 2016/635. http://eprint.iacr.org/2016/635.

[43]

Xiao Wang, Alex J. Malozemoff, and Jonathan Katz. 2016. EMP-toolkit: Efficient MultiParty computation toolkit. https://github.com/emp-toolkit.

[44]

The Bitcoin Wiki. 2019. Hashlock. https://en.bitcoin.it/wiki/Hashlock.

[45]

Gavin Wood. 2014. Ethereum: A secure decentralized generalized transaction ledger. https://gavwood.com/paper.pdf.

[46]

Samee Zahur, Mike Rosulek, and David Evans. 2015. Two Halves Make a Whole - Reducing Data Transfer in Garbled Circuits Using Half Gates. In EUROCRYPT 2015, Part II (LNCS, Vol. 9057), Elisabeth Oswald and Marc Fischlin (Eds.). Springer, Heidelberg, 220--250. https://doi.org/10.1007/978--3--662--46803--6_8

Cited By

Deng JWu B(2024)A Practical Data Trading Protocol for Sudoku SolutionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341970219(6935-6948)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3419702
Abe MAmbrona MOhkubo M(2024)Hybrid Zero-Knowledge from Garbled Circuits and Circuit-Based Composition of $$\Sigma $$-ProtocolsSecurity and Cryptography for Networks10.1007/978-3-031-71070-4_4(73-95)Online publication date: 10-Sep-2024
https://doi.org/10.1007/978-3-031-71070-4_4
Qin XPan SMirzaei ASui ZErsoy OSakzad AEsgin MLiu JYu JYuen T(2023)BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179427(2462-2480)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179427
Show More Cited By

Index Terms

WI is Almost Enough: Contingent Payment All Over Again
1. Security and privacy

Recommendations

GRUZ: Practical Resource Fair Exchange Without Blockchain
Information Security
Abstract
A fair exchange protocol allows two parties to exchange their secret messages fairly. The protocol is said to be fair if either both parties receive secrets from each other or neither of them does. However, complete fairness was proven not always ...
Is the Classical GMW Paradigm Practical? The Case of Non-Interactive Actively Secure 2PC
CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

One of the most challenging aspects in secure computation is offering protection against active adversaries, who may arbitrarily alter the behavior of corrupted parties. A powerful paradigm due to Goldreich, Micali, and Wigderson (GMW), is to follow a ...
Reduction zero-knowledge
SCN'02: Proceedings of the 3rd international conference on Security in communication networks

In this paper we re-examine the nature of zero-knowledge. We show evidences that the classic simulation based definitions of zero-knowledge (simulation zero-knowledge) may be somewhat too strong to include some "nice" protocols in which the malicious ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '20: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

October 2020

2180 pages

ISBN:9781450370899

DOI:10.1145/3372297

General Chairs:
Jay Ligatti
University of South Florida, USA
,
Xinming Ou
University of South Florida, USA
,
Program Chairs:
Jonathan Katz
University of Maryland, USA
,
Giovanni Vigna
University of California-Santa Barbara, USA

Copyright © 2020 Owner/Author.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2020

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '20

Sponsor:

SIGSAC

CCS '20: 2020 ACM SIGSAC Conference on Computer and Communications Security

November 9 - 13, 2020

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
1,334
Total Downloads

Downloads (Last 12 months)220
Downloads (Last 6 weeks)22

Reflects downloads up to 04 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Deng JWu B(2024)A Practical Data Trading Protocol for Sudoku SolutionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341970219(6935-6948)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3419702
Abe MAmbrona MOhkubo M(2024)Hybrid Zero-Knowledge from Garbled Circuits and Circuit-Based Composition of $$\Sigma $$-ProtocolsSecurity and Cryptography for Networks10.1007/978-3-031-71070-4_4(73-95)Online publication date: 10-Sep-2024
https://doi.org/10.1007/978-3-031-71070-4_4
Qin XPan SMirzaei ASui ZErsoy OSakzad AEsgin MLiu JYu JYuen T(2023)BlindHub: Bitcoin-Compatible Privacy-Preserving Payment Channel Hubs Supporting Variable Amounts2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179427(2462-2480)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179427
Abadi AMurdoch SZacharias T(2023)Recurring Contingent Service Payment2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP57164.2023.00049(724-756)Online publication date: Jul-2023
https://doi.org/10.1109/EuroSP57164.2023.00049
Bursuc SMauw S(2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919674(195-210)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919674
Bursuc SMauw S(2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919654(195-210)Online publication date: Aug-2022
https://doi.org/10.1109/CSF54842.2022.9919654

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents