	US 11,797,984 B2
	Computer-implemented system and method for exchange of data
Thomas Trevethan, London (GB)
Assigned to nChain Licensing AG, Zug (CH)
Appl. No. 17/40,484
Filed by nChain Licensing AG, Zug (CH)
PCT Filed Mar. 18, 2019, PCT No. PCT/IB2019/052186 § 371(c)(1), (2) Date Sep. 22, 2020, PCT Pub. No. WO2019/180590, PCT Pub. Date Sep. 26, 2019.
Claims priority of application No. 1804739 (GB), filed on Mar. 23, 2018; application No. 1804740 (GB), filed on Mar. 23, 2018; and application No. 1804742 (GB), filed on Mar. 23, 2018.
Prior Publication US 2021/0119769 A1, Apr. 22, 2021
Int. Cl. H04L 29/06 (2006.01); G06Q 20/38 (2012.01); G06F 16/2458 (2019.01); G06Q 20/06 (2012.01); G06Q 20/12 (2012.01); G06Q 20/40 (2012.01); G06Q 30/018 (2023.01); G06Q 30/0207 (2023.01); G06Q 40/04 (2012.01); H04L 9/06 (2006.01); H04L 9/08 (2006.01); H04L 9/30 (2006.01); H04L 9/32 (2006.01); G06F 16/23 (2019.01); H04L 9/00 (2022.01); G06F 7/72 (2006.01)

CPC G06Q 20/3829 (2013.01) [G06F 16/2365 (2019.01); G06F 16/2379 (2019.01); G06F 16/2465 (2019.01); G06Q 20/0655 (2013.01); G06Q 20/1235 (2013.01); G06Q 20/389 (2013.01); G06Q 20/3825 (2013.01); G06Q 20/3827 (2013.01); G06Q 20/38215 (2013.01); G06Q 20/401 (2013.01); G06Q 30/0185 (2013.01); G06Q 30/0215 (2013.01); G06Q 40/04 (2013.01); H04L 9/008 (2013.01); H04L 9/0637 (2013.01); H04L 9/0819 (2013.01); H04L 9/0869 (2013.01); H04L 9/3066 (2013.01); H04L 9/3073 (2013.01); H04L 9/3221 (2013.01); G06F 7/725 (2013.01); G06F 2216/03 (2013.01); G06Q 2220/00 (2013.01); H04L 9/50 (2022.05)]

23 Claims

1. A computer-implemented method for enabling zero-knowledge proof or verification of a statement (S) for enabling exchange of data between a prover and a verifier, wherein the prover has access to first data on a first blockchain, and the verifier has access to second data on a second blockchain, the method including:

the prover generating a key-pair for the second blockchain, sending a public key (P_A) of said pair to the verifier, and retaining a private key (s_A) of said pair;

the prover receiving a verifier's public key (P_B) for the first blockchain, said verifier having generated a key-pair for the first blockchain and retaining a private key (s_B) of said pair;

the prover sending a data set to the verifier, said data set including a zero-knowledge proof statement (S), one or more commitments, an input (P_X) and a function circuit output (h);

the prover creating a first blockchain transaction Tx_Athat transfers access to the first data to a common public key address (P_c), and broadcasts said transaction on a first blockchain network, said address defined by a sum of the input (P_X) and the verifier's public key (P_B)

P_C=P_B+P_x

the prover verifying a second blockchain transaction Tx_B, said transaction created and broadcast on a second blockchain network by the verifier after confirming the inclusion of the first blockchain transaction Tx_Ain the first blockchain, said transaction transferring access to the second data to a prover's public key address (P_A) that is accessible by the prover using:

a valid signature (s_A)for the prover's public key address (P_A), and

a function circuit input value (x) that determines the function circuit output (h);

the prover confirming the second blockchain transaction Tx_Bis included on the second blockchain and accessing the second data by providing their signature (s_A) and the value (x) that is the function circuit input of the function circuit output (h);

thus enabling the verifier to observe the value (x) that is the function circuit input that determines the function circuit output (h) and access the first data by providing a signature using a private key corresponding to the common public key address P_c, which is s_B+x from the homomorphic properties of elliptic curve point multiplication.