This blog is about my musings and thoughts. I hope you find it useful, at most, and entertaining, at least.

Quotes

Presence Elsewhere

jim@jimkeener.com

GitHub

BitBucket

Proposal for a Escrow for Digital Data

Date: 2013-12-20
Tags: P2pox crypto P2P escrow

Problem: Party A and Party B would like to perform two mutual transactions (Transaction 1: A -> B ; Transaction 2: B -> A). The parties require that neither Transaction 1 or Transaction 2 be completed without the other also being completed.

Solution: If the mutual transactions take place in a Bitcoin-like system, the transactions could be split such that:

• Transaction 1α: A -> P1
• Transaction 2α: B -> P2
• Transaction 1β: P1 -> B
• Transaction 2β: P2 -> A

Where P1 and P2 are address computer by:

• A chooses a1 and a2 randomly
• B chooses b1 and b2 randomly
• Using a Secure Multiparty Function Evaluation, A and B compute the public address and key from a private key of a1*b1, without revealing the private key. This is P1.
• Using a Secure Multiparty Function Evaluation, A and B compute the public address and key from a private key of a2*b2, without revealing the private key. This is P2.

Once both parties are satisfied that the transaction has been completed, a Multi-Party Fair Exchange Protocol is used to allow A and B to swap a2 and b1. This will only succeed if both parties end with the swapped values.

At this point, B has the private key for P1 and A has the private key for P2, allowing them to perform Transaction 1β and Transaction 2β, respectively.

The problem then comes if the swap isn’t performed, leading to a state where what is paid into Transaction 1α and 2α are lost forever. To remedy this situation, two more transactions are created and published:

• Transaction 1α*: P1 -> A
• Transaction 2α*: P2 -> B

which are locked for a pre-determined amount of time. When the time comes, if the transactions haven’t been withdrawn by the entity with the private key, the transaction will be (should be) invalid because P1 and P2 should have no funds in them.

If the swap hasn’t happened, and noöne has the private keys, how can Transaction 1α\* and 2α\* be formed? A Secure Multi-Party Function evaluation! The SMFE can compute the signature needed without revealing the private keys to A or B.