Exactly right, this is why a market for assassination is unlikely to ever really emerge as a result of blockchain tech. People seem to forget that the only reason it works is because of the structured aligning of potentially competing objectives. There really isn't a way to decentralize an escrow service... I mean, you could try to leverage all the participant's competing interests - but that is a massive presumption and it doesn't even address the question of how. Not through PoW, because turtles all the way down, and not through PoS, because lol Ripple.

Is there another system that allows you to implement an anonymous assurance contract without a trusted third party?

How do I know that the encrypted payload actually contains the exploit and not the picture of a cat?

I agree with you, but hackers sell exploits to others all the time? One can never be sure that hackers gonna send the actual exploit. You're right the scheme does not protect from that, my initial shower thought was more about the "release to the public" part, so the public can be certain about they will get something when the amount on the crypto wallet hits the threshold.

You don't. You have to rely on reputation for that piece. Blockchain solves the problem of the assurance contract.

So, whether a blockchain is used or not, there's no way to know that I'll get what I paid for or an empty text file.

So the blockchain serves no purpose in this instance.

Asking people to send you money, and them trusting you'll send them the exploit is exactly the same and no blockchain is needed (except maybe the bitcoin one, since of course you don't want to use paypal)

It's pretty obvious that you can't implement a trustless assurance anonymous assurance contract without a blockchain.

So, a simple RSA or any asymetric key encryption works too?

Assuming you can establish a zero trust, publicly declared swap of crypto for said key... A smart contract could be established to act like a bounty program for this purpose and could be re-used for sharing other secrets.

The point people have been making is that the smart contract actually does not remove trust as a requirement and so is extraneous.

It removes trust from several components of the system. It does not, in this case, remove trust from all components.

You are missing the point.

You are basically asking me to send you $5M for a car (the exploit) supposedly parked into a garage (the encrypted exploit) whose location is stored on the blockchain (the encryption key).

At the time of me sending you $5M, I do not know whether or not there actually is a car in this garage.

All I can do is trust your words that there is a car in this garage.

Now that I sent you $5M, the blockchain contract reveals the location of the garage.

Now that I have the location of the garage, I make my way there; 2 things can happen:

- I open the garage, there is a car inside

- I open the garage, there is no car inside

At what point in this whole transaction did putting the location of the garage on the blockchain help me (the buyer) in any way? What matters to me as a buyer is getting a car, not the assurance of _maybe getting a car_.

You could have sent me the location by email, fax, pigeon, blockchain contract, facebook messenger, telegram, signal, whatsapp, the outcome would be the same.

You have confirmed that the garage exists and that it will be opened when certain conditions are met without further human intervention. The alternative would not come with a guarentee of the above. Just because the entire process is not zero-trust, does not mean it is not an improvement of the status quo.

If this were to become a recurring endeavour, you can introduce reputation into the system and a refund mechanism if X of Y funds required to unlock the payload are not happy with the contents.

It guarantees that the group will receive the money and the exploit will be released if the fundraising is successful.

What guarantees me that I’m getting an exploit and not an empty text file?

Trust. I know a blockchain is a zero trust network and all that, but if it is a trustworthy group that can prove ownership of an address/the exploit, then I'd think it could work.

I'm a blockchain hater as well, but I'm interested. What is a better platform for something like this, assuming that you trust the actor who owns the address?

> I'm a blockchain hater as well, but I'm interested.

This seems to imply I'm one. I'm not.

However, in this specific instance it doesn't make sense. See my comment above. (https://news.ycombinator.com/item?id=30775834)

Reputation, I suppose. It's a bit like how IRA bomb warnings used to work.