zcash-hackworks
/
pay-to-sudoku
mirror of https://github.com/zcash-hackworks/pay-to-sudoku.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
71 Commits 1 Branch 0 Tags 206 KiB
C++ 45.7%
Rust 42.9%
C 8.8%
Shell 1.5%
Makefile 1.1%
Go to file
Sean Bowe e80e165ab5 credit greg for zkcp! 2017-06-08 17:07:40 -06:00
snark Set up basic client/server interaction. 2016-02-09 00:36:09 -07:00
src Change fee to 0.002 which appears to be better for no-delay right now. 2016-02-26 07:30:45 -07:00
.gitignore Added key caching 2015-12-19 23:17:51 -07:00
Cargo.lock Added confirmation printout / prompt to begin spend for demo purposes. 2016-02-26 06:52:46 -07:00
Cargo.toml Update jsonrpc dependency to avoid ssl linkage 2016-02-26 15:17:01 -07:00
LICENSE Initial commit 2015-12-04 19:40:05 -07:00
Makefile Relocated snark stuff 2016-02-08 22:33:21 -07:00
README.md credit greg for zkcp! 2017-06-08 17:07:40 -06:00
get-libsnark modified get-libsnark for successful compiling 2017-04-07 14:45:18 +03:00

README.md

pay-to-sudoku

Author: Sean Bowe

This work was presented at Financial Cryptography 2016 and at https://bitcoincore.org/en/2016/02/26/zero-knowledge-contingent-payments-announcement/. We thank Gregory Maxwell for the idea of ZKCPs, and for useful feedback and for participating in our demonstration. We also thank Pieter Wuille, Andrew Poelstra, and Madars Virza for helping with the demonstration.

This is an implementation of a zero-knowledge contingent payment for paying someone to solve a sudoku puzzle.

./get-libsnark
make
cargo run gen 2 # generate circuit for 2^2 x 2^2 puzzle
cargo run test 2 # test the proofs
cargo run serve 2 # run a server on port 25519 for buying solutions
cargo run client 2 # run a client for selling solutions

circuit description for some NxN puzzle:

primary inputs: sodoku puzzle P, key commitment C, encrypted solution E

auxillary inputs: solution S, key K

properties:

  • puzzle subset: S must be a subset of P (the solution must complete the puzzle)
  • solution closure: S must be closed under rows, columns and groups of the solution (the solution must be correct)
  • encryption correctness: E must be S encrypted with K (using a stream cipher produced from SHA256)
  • solution commitment: C must be SHA256(K)

usage:

Alice produces puzzle P and sends Bob P and the zk-SNARK proving key. Bob finds a solution S for the puzzle and constructs K, C, and E. Bob constructs a Proof. Bob sends Alice (Proof, C, E). Alice verifies the proof. Alice sends a CLTV transaction over the blockchain to Bob with the added constraint that Bob must produce the preimage of C (aka K). After Bob redeems the TxOut, Alice uses K to decrypt E, producing S. If Bob does not redeem the TxOut, Alice recovers her value but does not obtain S.