Who wants to be a millionaire

Nomen Nescio nobody at dizum.com
Fri Oct 5 10:30:19 PDT 2001


David Honig wrote:
> At 06:10 PM 10/4/01 +0200, Nomen Nescio wrote:
> > It would be necessary to reduce the criteria used by the purchaser into
> > algorithmic form.  Write a program which would take the data and produce
> > a yes/no answer. 
>
> I don't think this is possible --the inputs (e.g., scan
> newsfeeds for "bin Laden" and "funeral"; or require
> a weekly warm-biometric check from the dude) could always be spoofed.

Assuming that a human trusted third party could check the data if he
had access to it, a program could do so as well.

Perhaps the assumption is that the TTP has some secret information that
will allow him to check the seller's data for validity.  For example,
if the seller is providing floor plans of a building, the TTP may have
some partial information about the floor plans which he can compare for
consistency.  If the seller doesn't know what information the TTP has,
it is hard for him to spoof.

This can be simulated by using a secure multi-party computation in
place of the TTP.  The seller inputs his data, the buyer inputs his
secret partial information, and they jointly run a calculation to see
if the seller's data is internally consistent and matches the partial
information of the buyer.  The only output is a single boolean yes/no.

Steve Furlong writes:
> But BLD would still be able to cheat the seller, wouldn't they? The
> account number might be valid but unfunded, or any variation on that.
> I'm looking for a way for each party to be sure he gets what he wants,
> with no trusted third party and no recourse to government.

Providing guaranteed payment can be done but will ultimately require
trusting the bank, as any payment system does.

The buyer and seller could jointly create a sequestered account,
funded by the buyer, such that each party privately gives the bank a
password for access and both passwords must be supplied for withdrawal.
Then the buyer can give the password to the seller as his payment.
The account can be such that if it is not accessed within a specified
time, the contents revert to the buyer's account.

The buyer can't cheat and access the account without the password
belonging to the seller.  The buyer can reveal a hash of his password
in advance and the seller can get the bank to verify that it is correct.
As the buyer's password is revealed a bit at a time during the exchange
of secrets, he uses a ZK proof to show that it corresponds to the
committed hash, as is standard in exchange of secrets protocols.

They are trusting the bank, but it is not involved in verifying the
conditions for successful completion of the transaction.  Its sole
responsibility is managing transfers of money in a reliable and
trustworthy way, and that degree of mutual trust will always be necessary
for any electronic payment system.





More information about the cypherpunks-legacy mailing list