|
| 1 | +# RIW2021 | RFC: ZKCP with Fair Exchanges of 1 bit |
| 2 | + |
| 3 | +_Status:_ **draft**; **~~ready for review~~**; **ready to publish** |
| 4 | + |
| 5 | +_Area of Improvement:_ Data Delivery Metering |
| 6 | + |
| 7 | +_Estimated Effort Needed:_ <?> |
| 8 | + |
| 9 | +_Prerequisite(s):_ <?> |
| 10 | + |
| 11 | +_Priority:_ <? P0, P1, P2> |
| 12 | + |
| 13 | +### Abstract |
| 14 | + |
| 15 | +In a ZKCP and ZKCSP, there are (at least) two events might happen that will lead to value loss, these are: |
| 16 | + |
| 17 | +* The client doesn’t deliver the payment to get access to the key, creating a grieving attack on the provider of the data and/or service |
| 18 | +* The provider vanishes before it sells the key to the client, leaving the client with unusable cyphertext |
| 19 | + |
| 20 | +In order to solve this, we propose a continuously running Fair Exchanges of \ |
| 21 | +1 bit of the key throughout the delivery of the file. Giving the provider some assurance of the payment and giving the client an option to only have to brute force a few bits (O(2^k)) of the key in case the provider disappears (simpler than brute forcing the whole key) |
| 22 | + |
| 23 | +### **Proposal/Construction** |
| 24 | + |
| 25 | +In a ZKCP for a file, it is agreed that at each n blocks out of m total blocks, a Fair Exchange for 1 bit of the key happens. The flow goes as follows: |
| 26 | + |
| 27 | +* Incremental fair exchanges |
| 28 | +* Exchange 1 bit of the file decryption key for 1 bit of a redeemable payment ticket/signature of the same size. |
| 29 | +* For both of these, all bits are necessary to make any use |
| 30 | +* However, if k bits are missing, the remaining bits can be brute-forced in O(2^k) |
| 31 | +* If either party aborts, at any round, they only have one more bit than the other party. |
| 32 | +* That means the malicious party only gains an advantage of 2x the compute needed to get the resource they wanted (the decryption key or the payment) |
| 33 | + |
| 34 | +**Impact** |
| 35 | + |
| 36 | +Saves RTT at the end for selling the key, gives assurance to both parties. Somewhat similar to pay-per-packet |
| 37 | + |
| 38 | +### Pros and Cons |
| 39 | + |
| 40 | +Pros |
| 41 | +* Reduce an additional RTT at the end, piggybacking the fair exchange on the File Transfer itself |
| 42 | +* Enables the client to signal satisfaction to the provider in case the provider is not delivering on the right bandwidth (e.g. not meeting the SLA, client stops paying for more bits) |
| 43 | + |
| 44 | +Cons |
| 45 | +* Added complexity and overhead and proving each 1 bit for each key |
| 46 | + |
| 47 | +### **Implementation **notes** |
| 48 | + |
| 49 | +TBWRITTEN |
| 50 | + |
| 51 | +### **Evaluation** |
| 52 | + |
| 53 | +TBWRITTEN |
| 54 | + |
| 55 | +### Prior work |
| 56 | + |
| 57 | +ZKCP |
0 commit comments