[bitcoin-dev] Fwd: The first successful Zero-Knowledge Contingent Payment
greg at xiph.org
Fri Feb 26 23:23:09 UTC 2016
On Fri, Feb 26, 2016 at 11:06 PM, Sergio Demian Lerner
<sergio.d.lerner at gmail.com> wrote:
> It a property of the SKCP system that the person who performed the trusted
> setup cannot extract any information from a proof?
> In other words, is it proven hard to obtain information from a proof by the
Yes, the secrecy is information theoretic (assuming no implementation
bugs); beyond the truth of the outcome. This holds even if the
initialization is malicious.
The soundness of this scheme is computational-- we're trusting a deep
stack of cryptographic assumptions that the proofs cannot be forged.
More information about the bitcoin-dev