[bitcoin-dev] Fwd: The first successful Zero-Knowledge Contingent Payment

Gregory Maxwell greg at xiph.org
Fri Feb 26 23:23:09 UTC 2016

On Fri, Feb 26, 2016 at 11:06 PM, Sergio Demian Lerner
<sergio.d.lerner at gmail.com> wrote:
> Congratulations!
> It a property of the SKCP system that the person who performed the trusted
> setup cannot extract any information from a proof?
> In other words, is it proven hard to obtain information from a proof by the
> buyer?

Yes, the secrecy is information theoretic (assuming no implementation
bugs); beyond the truth of the outcome. This holds even if the
initialization is malicious.

The soundness of this scheme is computational-- we're trusting a deep
stack of cryptographic assumptions that the proofs cannot be forged.

More information about the bitcoin-dev mailing list