zcash-hackworks
/
pay-to-sudoku
mirror of https://github.com/zcash-hackworks/pay-to-sudoku.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
68 Commits 1 Branch 0 Tags 206 KiB
C++ 45.7%
Rust 42.9%
C 8.8%
Shell 1.5%
Makefile 1.1%
Go to file
ebfull d343241c06 Merge pull request #2 from arielgabizon/master 
modified get-libsnark for successful compiling
 		2017-04-07 10:45:26 -06:00
snark Set up basic client/server interaction. 2016-02-09 00:36:09 -07:00
src Change fee to 0.002 which appears to be better for no-delay right now. 2016-02-26 07:30:45 -07:00
.gitignore Added key caching 2015-12-19 23:17:51 -07:00
Cargo.lock Added confirmation printout / prompt to begin spend for demo purposes. 2016-02-26 06:52:46 -07:00
Cargo.toml Update jsonrpc dependency to avoid ssl linkage 2016-02-26 15:17:01 -07:00
LICENSE Initial commit 2015-12-04 19:40:05 -07:00
Makefile Relocated snark stuff 2016-02-08 22:33:21 -07:00
README.md Update README 2016-02-26 21:42:08 -07:00
get-libsnark modified get-libsnark for successful compiling 2017-04-07 14:45:18 +03:00

README.md

pay-to-sudoku

This is an implementation of a zero-knowledge contingent payment for paying someone to solve a sudoku puzzle.

./get-libsnark
make
cargo run gen 2 # generate circuit for 2^2 x 2^2 puzzle
cargo run test 2 # test the proofs
cargo run serve 2 # run a server on port 25519 for buying solutions
cargo run client 2 # run a client for selling solutions

circuit description for some NxN puzzle:

primary inputs: sodoku puzzle P, key commitment C, encrypted solution E

auxillary inputs: solution S, key K

properties:

  • puzzle subset: S must be a subset of P (the solution must complete the puzzle)
  • solution closure: S must be closed under rows, columns and groups of the solution (the solution must be correct)
  • encryption correctness: E must be S encrypted with K (using a stream cipher produced from SHA256)
  • solution commitment: C must be SHA256(K)

usage:

Alice produces puzzle P and sends Bob P and the zk-SNARK proving key. Bob finds a solution S for the puzzle and constructs K, C, and E. Bob constructs a Proof. Bob sends Alice (Proof, C, E). Alice verifies the proof. Alice sends a CLTV transaction over the blockchain to Bob with the added constraint that Bob must produce the preimage of C (aka K). After Bob redeems the TxOut, Alice uses K to decrypt E, producing S. If Bob does not redeem the TxOut, Alice recovers her value but does not obtain S.