[darawk]

Is there another system that allows you to implement an anonymous assurance contract without a trusted third party?

[gouggoug]

How do I know that the encrypted payload actually contains the exploit and not the picture of a cat?

[MaxBorsch228]

I agree with you, but hackers sell exploits to others all the time? One can never be sure that hackers gonna send the actual exploit. You're right the scheme does not protect from that, my initial shower thought was more about the "release to the public" part, so the public can be certain about they will get something when the amount on the crypto wallet hits the threshold.

[darawk]

You don't. You have to rely on reputation for that piece. Blockchain solves the problem of the assurance contract.

[gouggoug]

So, whether a blockchain is used or not, there's no way to know that I'll get what I paid for or an empty text file.

So the blockchain serves no purpose in this instance.

Asking people to send you money, and them trusting you'll send them the exploit is exactly the same and no blockchain is needed (except maybe the bitcoin one, since of course you don't want to use paypal)

[darawk]

It's pretty obvious that you can't implement a trustless assurance anonymous assurance contract without a blockchain.

[laurent92]

So, a simple RSA or any asymetric key encryption works too?

[jimmydorry]

Assuming you can establish a zero trust, publicly declared swap of crypto for said key... A smart contract could be established to act like a bounty program for this purpose and could be re-used for sharing other secrets.

[foobiekr]

The point people have been making is that the smart contract actually does not remove trust as a requirement and so is extraneous.

[darawk]

It removes trust from several components of the system. It does not, in this case, remove trust from all components.