Cryptology ePrint Archive: Report 2016/451

Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts

Wacław Banasik and Stefan Dziembowski and Daniel Malinowski

Abstract: One of the most promising innovations offered by the cryptographic currencies (like Bitcoin) are the so-called \emph{smart contracts}, which can be viewed as financial agreements between mutually distrusting participants. Their execution is enforced by the mechanics of the currency, and typically has monetary consequences for the parties. The rules of these contracts are written in the form of so-called ``scripts'', which are pieces of code in some ``scripting language''. Although smart contracts are believed to have a huge potential, for the moment they are not widely used in practice. In particular, most of Bitcoin miners allow only to post standard transactions (i.e.: those without the non-trivial scripts) on the blockchain. As a result, it is currently very hard to create non-trivial smart contracts in Bitcoin.

Motivated by this, we address the following question: ``is it possible to create non-trivial efficient smart contracts using the standard transactions only?'' We answer this question affirmatively, by constructing efficient Zero-Knowledge Contingent Payment protocol for a large class of NP-relations. This includes the relations for which efficient sigma protocols exist. In particular, our protocol can be used to sell a factorization $(p,q)$ of an RSA modulus $n=pq$, which is an example that we implemented and tested its efficiency in practice.

As another example of the ``smart contract without scripts'' we show how our techniques can be used to implement the contract called ``trading across chains''.

Category / Keywords: bitcoin, smart contracts, cryptocurrencies

Date: received 9 May 2016, last revised 13 Jul 2016

Contact author: daniel malinowski at crypto edu pl

Available format(s): PDF | BibTeX Citation

Version: 20160713:125952 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]