Skip to main content
SpringerLink
Log in

Escrow Protocols for Cryptocurrencies: How to Buy Physical Goods Using Bitcoin

  • Conference paper
Financial Cryptography and Data Security (FC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10322))

Included in the following conference series:

Abstract

We consider the problem of buying physical goods with cryptocurrencies. There is an inherent circular dependency: should be the buyer trust the seller and pay before receiving the goods or should the seller trust the buyer and ship the goods before receiving payment? This dilemma is addressed in practice using a third party escrow service. However, we show that naive escrow protocols introduce both privacy and security issues. We formalize the escrow problem and present a suite of schemes with improved security and privacy properties. Our schemes are compatible with Bitcoin and similar blockchain-based cryptocurrencies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    There may be other desirable features that can be categorized as security properties that are out of the scope of this work.

  2. 2.

    See for example https://escrowmybits.com/.

  3. 3.

    The zero knowledge proof proves that a ciphertext encrypts the discrete log of a known value for a known base. For details of how to construct this proof see Camenisch et al. [21]. Gennaro et al. demonstrates that these proofs work with ECDSA and Bitcoin keys [26].

References

  1. Bitcoin wiki: Atomic cross-chain trading. https://en.bitcoin.it/wiki/Atomic_cross-chain_trading. Accessed 14 Nov 2016

  2. Bitcoin wiki: Elliptic Curve Digital Signature Algorithm. https://en.bitcoin.it/wiki/Elliptic_Curve_Digital_Signature_Algorithm. Accessed 11 Feb 2014

  3. Bitcoin wiki: Secp265k1. https://en.bitcoin.it/wiki/Secp256k1. Accessed 01 Nov 2016

  4. Bitcoin wiki: Transactions. https://en.bitcoin.it/wiki/Transactions. Accessed 01 Nov 2016

  5. Monero Loses Darknet Market in Apparent Exit Scam. https://cointelegraph.com/news/monero-loses-darknet-market-in-apparent-exit-scam. Accessed 14 Nov 2016

  6. Stealth payments. http://sx.dyne.org/stealth.html. Accessed 14 Nov 2016

  7. Open bazaar protocol (2016). https://docs.openbazaar.org/

  8. Andresen, G.: Github: Proposal: open up IsStandard for P2SH transactions. https://gist.github.com/gavinandresen/88be40c141bc67acb247. Accessed 16 Feb 2017

  9. Andrew, M.: Bitcoin forum post: Alt chains and atomic transfers

    Google Scholar 

  10. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_8

    Chapter  Google Scholar 

  11. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multi-party computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy, pp. 443–458. IEEE (2014)

    Google Scholar 

  12. Asokan, N., Schunter, M., Waidner, M.: Optimistic protocols for fair exchange. In: Proceedings of the 4th ACM Conference on Computer and Communications Security, pp. 7–17. ACM (1997)

    Google Scholar 

  13. Asokan, N., Shoup, V., Waidner, M.: Optimistic fair exchange of digital signatures. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 591–606. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054156

    Chapter  Google Scholar 

  14. Zhou, J., Gollmann, D.: Certified electronic mail. In: Bertino, E., Kurth, H., Martella, G., Montolivo, E. (eds.) ESORICS 1996. LNCS, vol. 1146, pp. 160–171. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61770-1_35

    Chapter  Google Scholar 

  15. Banasik, W., Dziembowski, S., Malinowski, D.: Efficient zero-knowledge contingent payments in cryptocurrencies without scripts. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 261–280. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_14

    Chapter  Google Scholar 

  16. Bao, F., Deng, R.H., Mao, W.: Efficient and practical fair exchange protocols with off-line TTP. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 77–85. IEEE (1998)

    Google Scholar 

  17. Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_24

    Chapter  Google Scholar 

  18. Blum, M.: Three Applications of the Oblivious Transfer: Part I: Coin Flipping by Telephone; Part II: How to Exchange Secrets; Part III: How to Send Certified Electronic Mail. University of California, Berkeley (1981)

    Google Scholar 

  19. Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J.A., Felten, E.W.: Sok: research perspectives and challenges for bitcoin and cryptocurrencies. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 104–121. IEEE (2015)

    Google Scholar 

  20. Cachin, C., Camenisch, J.: Optimistic fair secure computation. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 93–111. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_6

    Chapter  Google Scholar 

  21. Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45146-4_8

    Chapter  Google Scholar 

  22. Christin, N.: Traveling the silk road: a measurement analysis of a large anonymous online marketplace. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 213–224. International World Wide Web Conferences Steering Committee (2013)

    Google Scholar 

  23. Danezis, G., Meiklejohn, S.: Centrally banked cryptocurrencies. arXiv preprint arXiv:1505.06895 (2015)

  24. Feldman, P.: A practical scheme for non-interactive verifiable secret sharing. In: 28th Annual Symposium on Foundations of Computer Science, pp. 427–438. IEEE (1987)

    Google Scholar 

  25. Garay, J.A., Jakobsson, M., MacKenzie, P.: Abuse-free optimistic contract signing. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 449–466. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_29

    Chapter  Google Scholar 

  26. Gennaro, R., Goldfeder, S., Narayanan, A.: Threshold-optimal DSA/ECDSA signatures and an application to bitcoin wallet security. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 156–174. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-39555-5_9

    Chapter  MATH  Google Scholar 

  27. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Robust threshold DSS signatures. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 354–371. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_31

    Chapter  Google Scholar 

  28. Gennaro, R., Jarecki, S., Krawczyk, H., Rabin, T.: Secure distributed key generation for discrete-log based cryptosystems. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 295–310. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48910-X_21

    Chapter  Google Scholar 

  29. Goldreich, O.: Secure multi-party computation. Manuscript. Preliminary version (1998)

    Google Scholar 

  30. Jakobsson, M.: Ripping Coins for a Fair Exchange. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 220–230. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_18

    Chapter  Google Scholar 

  31. Juels, A., Kosba, A., Shi, E.: The ring of gyges: using smart contracts for crime. Aries 40, 54 (2015)

    Google Scholar 

  32. Küpçü, A., Lysyanskaya, A.: Usable optimistic fair exchange. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol. 5985, pp. 252–267. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11925-5_18

    Chapter  Google Scholar 

  33. Lindell, A.Y.: Legally-enforceable fairness in secure two-party computation. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 121–137. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-79263-5_8

    Chapter  Google Scholar 

  34. MacKenzie, P., Reiter, M.K.: Two-party generation of DSA signatures. Int. J. Inf. Secur. 2(3–4), 218–239 (2004)

    Article  MATH  Google Scholar 

  35. Maxwell, G.: The first successful zero-knowledge contingent payment

    Google Scholar 

  36. Maxwell, G.: Zero knowledge contingent payment

    Google Scholar 

  37. Micali, S.: Simple and fast optimistic protocols for fair electronic exchange. In: Proceedings of the Twenty-second Annual Symposium on Principles of Distributed Computing, pp. 12–19

    Google Scholar 

  38. Moore, T., Christin, N.: Beware the middleman: empirical analysis of bitcoin-exchange risk. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 25–33. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39884-1_3

    Chapter  Google Scholar 

  39. Poon, J., Dryja, T.: The bitcoin lightning network: scalable off-chain instant payments. Technical report

    Google Scholar 

  40. Shamir, A.: How to share a secret. Commun. ACM 22(11), 612–613 (1979)

    Article  MathSciNet  MATH  Google Scholar 

  41. Wuille, P.: Bip 32: Hierarchical deterministic wallets. https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki. Accessed 14 Nov 2016

Download references

Acknowledgements

We would like to thank Andrew Miler and Washington Sanchez for useful discussions and feedback.

Steven Goldfeder is supported by the NSF Graduate Research Fellowship under grant number DGE 1148900. Rosario Gennaro is supported by NSF Grant 1545759. Arvind Narayanan is supported by NSF Grant CNS-1421689.

Author information

Authors and Affiliations

  1. Princeton University, Princeton, USA

    Steven Goldfeder & Arvind Narayanan

  2. Stanford University, Stanford, USA

    Joseph Bonneau

  3. EFF, San Francisco, USA

    Joseph Bonneau

  4. City College, City University of New York, New York, USA

    Rosario Gennaro

Authors
  1. Steven Goldfeder
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joseph Bonneau
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Rosario Gennaro
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Arvind Narayanan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven Goldfeder .

Editor information

Editors and Affiliations

  1. University of Edinburgh, Edinburgh, UK

    Aggelos Kiayias

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Cite this paper

Goldfeder, S., Bonneau, J., Gennaro, R., Narayanan, A. (2017). Escrow Protocols for Cryptocurrencies: How to Buy Physical Goods Using Bitcoin. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70972-7_18

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70971-0

  • Online ISBN: 978-3-319-70972-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation