Augmented Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies without Scripts

Abstract

Zero-Knowledge Contingent Payment presents how Bitcoin contracts can provide a solution for the so-called fair exchange problem.Banasik, W. et al. first presented an efficient ZeroKnowledge Contingent Payment protocol for a large class of NP-relations, which is a protocol for selling witness. It obtains fairness in the following sense: if the seller aborts the protocol without broadcasting the final message then the buyer finally gets his payment back. However, we find that the seller in the protocol could refuse to broadcast the final signature of the transaction without any compensation for the buyer. As a result, the buyer cannot get the witness from the final signature of the transaction and has the payment for the witness locked until finishing the large computation for a secret signing key. In this paper, we fix this problem by augmenting the efficient Zero-Knowledge Contingent Payment protocol. We present a new protocol where the seller needs to provide the deposit before the zero-knowledge proof of knowledge of the witness being sold. And then the buyer could obtain the seller's witness if the seller broadcasts the final signature of the transaction and gets the payment and his deposit. Otherwise, the buyer could get back the payment and obtain the seller's deposit. This new augmented protocol is constructed without any new assumptions.