This project provides a suite of cryptographic and networking components for enabling efficient zero-knowledge contingent payments (ZKCP).
ZKCP is a transaction protocol that was first proposed by Gregory Maxwell as a means of making conditional payments on the Bitcoin network. More specifically, it allows a buyer to purchase information from a seller in a manner that is private, fair and doesn’t require trusting anyone: the expected information is transferred if and only if the payment is made.
ZKCP was first put into use to buy solved Sudoku for 0.10 BTC. Since then the underlying cryptography matured and thereby the idea of fully trust-less conditional payments become much more practical.
The innovation of Contangle goes from employing multiple novel cryptographic protocols such as Adaptor Signatures [Fourn'19, EEE'20] for scriptless conditional payments, Recursive ZK-SNARKs [BCTV'14] for efficient proofs generation without trusted setup [BGH'19], which proved to be especially problematic in the context of real-world ZKCP protocols [CGGN'17].
The high-level flow of ZKCP protocols is as such:
- Alice generates a key pair
$(sk, pk)$ and encrypts data with$pk$ inside the circuit to generate Proof of Encryption (PoE) and Proof(s) of Property (PoPRP). She then sends proofs, and ciphertext to Bob. - Bob verifies given proofs and signs the transaction
$tx$ that transfers coins to Alice’s address - Bob sends
$tx$ into a special fair-exchange channel$C_{FE}$ . Alice sends$sk$ into$C_{FE}$ .$C_{FE}$ ensures that either both parties receive desired or no one at all. - Bob uses
$sk$ and decrypt purchased data from the ciphertext, while Alice broadcasts signed transaction$tx$ on Bob's behalf, thereby gets paid.
Please see the protocol documentation for more details on how Contangle implements the above framework.
MIT