BEGIN:VCALENDAR
VERSION:2.0
PRODID:icalendar-ruby
CALSCALE:GREGORIAN
METHOD:PUBLISH
BEGIN:VTIMEZONE
TZID:Europe/Vienna
BEGIN:DAYLIGHT
DTSTART:20170326T030000
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
END:DAYLIGHT
BEGIN:STANDARD
DTSTART:20171029T020000
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTAMP:20260427T115913Z
UID:59ecb72dbc325600963443@ist.ac.at
DTSTART:20171025T140000
DTEND:20171025T153000
DESCRIPTION:Speaker: Rossario Gennaro\nhosted by Krzysztof Pietrzak\nAbstra
 ct: Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for
  ServicesRosario Gennaro  The City College of New YorkAbstract: Zero Knowl
 edge Contingent Payment (ZKCP) protocols allowfair exchange of sold goods 
 and payments over the Bitcoin network. Inthis paper we point out two main 
 shortcomings of current proposals forZKCP.First we show an attack that all
 ows a buyer to learn partialinformation about the digital good being sold\
 , without paying for it.This break in the zero-knowledge condition of ZKCP
  is due to the factthat in the protocols we attack\, the buyer is allowed 
 to choose commonparameters that normally should be selected by a trusted t
 hird party.We present ways to fix this attack that do not require a truste
 d third party.Second\, we show that ZKCP are not suited for the purchase o
 f digitalservices rather than goods. Current constructions of ZKCP do not 
 allowa seller to receive payments after proving that a certain service has
 been rendered\, but only for the sale of a specific digital good. Wedefine
  the notion of Zero-Knowledge Contingent Service Payment (ZKCSP)protocols 
 and construct two new protocols\, for either public orprivate verification
 .We implemented and tested the attack on ZKCP\, and our two new ZKCSPproto
 cols\, showing their feasibility for very realistic examples. Wepresent co
 de that learns\, without paying\, the value of a Sudoku cellin the origina
 l "Pay-to-Sudoku" ZKCP implementation. We also implementZKCSP protocols fo
 r the case of Proof of Retrievability\, where aclient pays the server for 
 providing a proof that the client's data iscorrectly stored by the server.
  A side product of our implementationeffort is a new optimized circuit for
  SHA256 with less than a quarterthan the number of AND gates of the best p
 reviously publicly availableone. Our new SHA256 circuit may be of independ
 ent use forcircuit-based MPC and FHE protocols that require SHA256 circuit
 s.Joint work with Matteo Campanelli\, Steven Goldfeder and Luca Nizzardo.T
 o appear at ACM CCS 2017
LOCATION:Mondi Seminar Room 1\, Central Building\, ISTA
ORGANIZER:pietrzak@ist.ac.at
SUMMARY:Rossario Gennaro: Rossario Gennaro\; Zero-Knowledge Contingent Paym
 ents Revisited
URL:https://talks-calendar.ista.ac.at/events/891
END:VEVENT
END:VCALENDAR