David Honig wrote:
At 06:10 PM 10/4/01 +0200, Nomen Nescio wrote:
It would be necessary to reduce the criteria used by the purchaser into algorithmic form. Write a program which would take the data and produce a yes/no answer.
I don't think this is possible --the inputs (e.g., scan newsfeeds for "bin Laden" and "funeral"; or require a weekly warm-biometric check from the dude) could always be spoofed.
Assuming that a human trusted third party could check the data if he had access to it, a program could do so as well. Perhaps the assumption is that the TTP has some secret information that will allow him to check the seller's data for validity. For example, if the seller is providing floor plans of a building, the TTP may have some partial information about the floor plans which he can compare for consistency. If the seller doesn't know what information the TTP has, it is hard for him to spoof. This can be simulated by using a secure multi-party computation in place of the TTP. The seller inputs his data, the buyer inputs his secret partial information, and they jointly run a calculation to see if the seller's data is internally consistent and matches the partial information of the buyer. The only output is a single boolean yes/no. Steve Furlong writes:
But BLD would still be able to cheat the seller, wouldn't they? The account number might be valid but unfunded, or any variation on that. I'm looking for a way for each party to be sure he gets what he wants, with no trusted third party and no recourse to government.
Providing guaranteed payment can be done but will ultimately require trusting the bank, as any payment system does. The buyer and seller could jointly create a sequestered account, funded by the buyer, such that each party privately gives the bank a password for access and both passwords must be supplied for withdrawal. Then the buyer can give the password to the seller as his payment. The account can be such that if it is not accessed within a specified time, the contents revert to the buyer's account. The buyer can't cheat and access the account without the password belonging to the seller. The buyer can reveal a hash of his password in advance and the seller can get the bank to verify that it is correct. As the buyer's password is revealed a bit at a time during the exchange of secrets, he uses a ZK proof to show that it corresponds to the committed hash, as is standard in exchange of secrets protocols. They are trusting the bank, but it is not involved in verifying the conditions for successful completion of the transaction. Its sole responsibility is managing transfers of money in a reliable and trustworthy way, and that degree of mutual trust will always be necessary for any electronic payment system.