Hacker News new | comments | show | ask | jobs | submit login

Sounds like it can only catch some % of double-spends, which might be good enough (assuming the coins are small enough, odds of missing anything important are tiny).

Now I'm interested in how step 1 is accomplished, but that's probably too involved for a comment - I have the paper, I'll see if I can figure it out.

Thanks! That was very helpful. A quick skim of the paper backs up what I could find, so it looks like you remembered well enough :)

I believe the paper specifies the challenge from the merchant as possibly random or based on the merchant's identity. Random most likely means that n becomes a bit-security parameter that has to become reasonably large so the chance of collision is extremely low (as I think the spender can always walk away after receiving the challenge).

I think setting n = log_2(maximumNumberOfMerchants) and hardcoding which merchants ask for which pieces is a straightforward way of preventing all unpunished double spends while keeping n relatively small. BTW, with general progress of zero-knowledge techniques I'd be surprised if there weren't a more modern and concise paper in the same vein.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact