FairSwap: How To Fairly Exchange Digital Goods

We introduce FairSwap -- an efficient protocol for fair exchange of digital goods using smart contracts. A fair exchange protocol allows a sender S to sell a digital commodity x for a fixed price p to a receiver R. The protocol is said to be secure if R only pays if he receives the correct x. Our solution guarantees fairness by relying on smart contracts executed over decentralized cryptocurrencies, where the contract takes the role of an external judge that completes the exchange in case of disagreement. While in the past there have been several proposals for building fair exchange protocols over cryptocurrencies, our solution has two distinctive features that makes it particular attractive when users deal with large commodities. These advantages are: (1) minimizing the cost for running the smart contract on the blockchain, and (2) avoiding expensive cryptographic tools such as zero-knowledge proofs. In addition to our new protocols, we provide formal security definitions for smart contract based fair exchange, and prove security of our construction. Finally, we illustrate several applications of our basic protocol and evaluate practicality of our approach via a prototype implementation for fairly selling large files over the cryptocurrency Ethereum.

[1]  Jesper Madsen,et al.  ZKBoo: Faster Zero-Knowledge for Boolean Circuits , 2016, USENIX Security Symposium.

[2]  Stefan Dziembowski,et al.  Efficient Zero-Knowledge Contingent Payments in Cryptocurrencies Without Scripts , 2016, ESORICS.

[3]  S. Rajsbaum Foundations of Cryptography , 2014 .

[4]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[5]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[6]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[7]  Craig Gentry,et al.  Pinocchio: Nearly Practical Verifiable Computation , 2013, IEEE Symposium on Security and Privacy.

[8]  Jonathan A. Eisen,et al.  BioTorrents: A File Sharing Service for Scientific Data , 2010, PloS one.

[9]  Jan Camenisch,et al.  Optimistic Fair Secure Computation , 2000, CRYPTO.

[10]  Tommaso Gagliardoni,et al.  The Wonderful World of Global Random Oracles , 2018, IACR Cryptol. ePrint Arch..

[11]  Georg Fuchsbauer,et al.  NIZKs with an Untrusted CRS: Security in the Face of Parameter Subversion , 2016, IACR Cryptol. ePrint Arch..

[12]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[13]  Ledger Edinburgh Research Explorer Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016 .

[14]  Lakshmish Ramaswamy,et al.  Free riding: a new challenge to peer-to-peer file sharing systems , 2003, 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the.

[15]  Marc Fischlin,et al.  Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[16]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, IEEE Symposium on Security and Privacy.

[17]  Jason Teutsch,et al.  A scalable verification solution for blockchains , 2019, ArXiv.

[18]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[19]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[20]  Stefan Dziembowski,et al.  Perun: Virtual Payment Hubs over Cryptocurrencies , 2019, 2019 IEEE Symposium on Security and Privacy (SP).

[21]  Andrew Chi-Chih Yao,et al.  How to generate and exchange secrets , 1986, 27th Annual Symposium on Foundations of Computer Science (sfcs 1986).

[22]  Matthias Schunter,et al.  Optimistic fair exchange , 2000 .

[23]  Andrew Miller,et al.  Sprites: Payment Channels that Go Faster than Lightning , 2017, ArXiv.

[24]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[25]  Vinod Vaikuntanathan,et al.  Improvements to Secure Computation with Penalties , 2016, CCS.

[26]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[27]  Florian Kerschbaum,et al.  Zero-knowledge using garbled circuits: how to prove non-algebraic statements efficiently , 2013, IACR Cryptol. ePrint Arch..

[28]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[29]  Henning Pagnia,et al.  On the Impossibility of Fair Exchange without a Trusted Third Party , 1999 .

[30]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[31]  Özgür Ulusoy,et al.  Counteracting free riding in Peer-to-Peer networks , 2008, Comput. Networks.

[32]  Alptekin Küpçü,et al.  Usable optimistic fair exchange , 2010, Comput. Networks.

[33]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[34]  Eran Tromer,et al.  Cluster Computing in Zero Knowledge , 2015, EUROCRYPT.

[35]  Eytan Adar,et al.  Free Riding on Gnutella , 2000, First Monday.

[36]  Rosario Gennaro,et al.  Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services , 2017, IACR Cryptol. ePrint Arch..

[37]  Manuel Blum,et al.  Non-Interactive Zero-Knowledge and Its Applications (Extended Abstract) , 1988, STOC 1988.

[38]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[39]  Muntasir Raihan Rahman A Survey of Incentive Mechanisms in Peer-to-Peer Systems , 2009 .

[40]  Robert Kiel,et al.  Zero-Knowledge Contingent Payments , 2018 .

[41]  Ran Canetti,et al.  Practical delegation of computation using multiple servers , 2011, CCS '11.

[42]  Joseph Paul Cohen,et al.  Academic Torrents: Scalable Data Distribution , 2016, ArXiv.

[43]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.