Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Matthews Lab
Search
Search
Appearance
Log in
Personal tools
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Exploit markets
(section)
Page
Discussion
British English
Read
Edit
Edit source
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
Edit source
View history
General
What links here
Related changes
Special pages
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
= Private exploit sales = In theory zero-knowledge proofs can be used to prove that a person has produced a valid exploit for a buyer. This satisfies the requirement of doing trustless '''private''' purchases for an exploit (as the existing contract requires the exploit to be revealed for the reward to be given.) The ZK proof approach means that after you encrypt the exploit your proof is given in zero knowledge. If you try to get smart and produce a valid proof but encrypt an invalid exploit the vendor can always release what you provided as the encrypted exploit to prove to the network that you are cheating. This requires a clearing phase for security. Thus autonomous private exploit markets are possible in theory. Btw: Something else I just realized is that this protocol has its place within the bug bounties too. The use-case would be to reward researchers for their work much earlier on without having to wait for the the patch time-frame set forth within the contract to elapse before doing a disclosure.<span id="why-does-this-matter"></span>
Summary:
Please note that all contributions to Matthews Lab may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Matthews Lab:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
