[MaxBorsch228]

Suppose a hacker group get their hands on a valuable exploit. They are like LAPSUS$ and are going to make the exploit public access, but also want to make some $. I wonder if the following scheme is theoretically possible:

1. Put the encrypted exploit file into some kind of Blockchain 2. Create a crypto wallet and announce a fundraising 3. As soon as the sum on the wallet reaches, say, $5M, the exploit is automatically and consensually decrypted by the Blockchain system and released to the public.

[gouggoug]

And what purpose does the blockchain serve in your example?

[sennight]

Exactly right, this is why a market for assassination is unlikely to ever really emerge as a result of blockchain tech. People seem to forget that the only reason it works is because of the structured aligning of potentially competing objectives. There really isn't a way to decentralize an escrow service... I mean, you could try to leverage all the participant's competing interests - but that is a massive presumption and it doesn't even address the question of how. Not through PoW, because turtles all the way down, and not through PoS, because lol Ripple.

[darawk]

Is there another system that allows you to implement an anonymous assurance contract without a trusted third party?

[gouggoug]

How do I know that the encrypted payload actually contains the exploit and not the picture of a cat?

[MaxBorsch228]

I agree with you, but hackers sell exploits to others all the time? One can never be sure that hackers gonna send the actual exploit. You're right the scheme does not protect from that, my initial shower thought was more about the "release to the public" part, so the public can be certain about they will get something when the amount on the crypto wallet hits the threshold.

[darawk]

You don't. You have to rely on reputation for that piece. Blockchain solves the problem of the assurance contract.

[gouggoug]

So, whether a blockchain is used or not, there's no way to know that I'll get what I paid for or an empty text file.

So the blockchain serves no purpose in this instance.

Asking people to send you money, and them trusting you'll send them the exploit is exactly the same and no blockchain is needed (except maybe the bitcoin one, since of course you don't want to use paypal)

[darawk]

It's pretty obvious that you can't implement a trustless assurance anonymous assurance contract without a blockchain.

[laurent92]

So, a simple RSA or any asymetric key encryption works too?

[jimmydorry]

Assuming you can establish a zero trust, publicly declared swap of crypto for said key... A smart contract could be established to act like a bounty program for this purpose and could be re-used for sharing other secrets.

[MaxBorsch228]

It guarantees that the group will receive the money and the exploit will be released if the fundraising is successful.

[gouggoug]

What guarantees me that I’m getting an exploit and not an empty text file?

[cheeze]

Trust. I know a blockchain is a zero trust network and all that, but if it is a trustworthy group that can prove ownership of an address/the exploit, then I'd think it could work.

I'm a blockchain hater as well, but I'm interested. What is a better platform for something like this, assuming that you trust the actor who owns the address?

[gouggoug]

> I'm a blockchain hater as well, but I'm interested.

This seems to imply I'm one. I'm not.

However, in this specific instance it doesn't make sense. See my comment above. (https://news.ycombinator.com/item?id=30775834)

[bencollier49]

Reputation, I suppose. It's a bit like how IRA bomb warnings used to work.

[mschuster91]

> As soon as the sum on the wallet reaches, say, $5M, the exploit is automatically and consensually decrypted by the Blockchain system and released to the public.

For that, all nodes in the blockchain would need to be in possession of the decryption key - which would allow anyone to decrypt the secret as well.

[mdoms]

Stop trying to make Blockchain a thing.

[laboratorymice]

> consensually decrypted by the Blockchain system

how would this work in practice? if the contract is to guarantee decryption, wouldn't the key(s) also need to be on chain? how do you keep the secret?