Paper 2022/719

Contingent payments from two-party signing and verification for abelian groups

Sergiu Bursuc, University of Luxembourg
Sjouke Mauw, University of Luxembourg

The fair exchange problem has faced for a long time the bottleneck of a required trusted third party. The recent development of blockchains introduces a new type of party to this problem, whose trustworthiness relies on a public ledger and distributed computation. The challenge in this setting is to reconcile the minimalistic and public nature of blockchains with elaborate fair exchange requirements, from functionality to privacy. Zero-knowledge contingent payments (ZKCP) are a class of protocols that are promising in this direction, allowing the fair exchange of data for payment. We propose a new ZKCP protocol that, when compared to others, requires less computation from the blockchain and less interaction between parties. The protocol is based on two-party (weak) adaptor signatures, which we show how to instantiate from state of the art multiparty signing protocols. We improve the symbolic definition of ZKCP security and, for automated verification with Tamarin, we propose a general security reduction from the theory of abelian groups to the theory of exclusive or.

Available format(s)
Cryptographic protocols
Publication info
Published elsewhere. Computer Security Foundations Symposium (CSF 2022)
blockchain fair-exchange formal verification
Contact author(s)
sergiu bursuc @ uni lu
sjouke mauw @ uni lu
2022-08-21: last of 3 revisions
2022-06-06: received
See all versions
Short URL
Creative Commons Attribution


      author = {Sergiu Bursuc and Sjouke Mauw},
      title = {Contingent payments from two-party signing and verification for abelian groups},
      howpublished = {Cryptology ePrint Archive, Paper 2022/719},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.