>How would the smart contract confirm the decryption works... without having access to the key and data (and therefor making it all public?)
The encryption is symmetric, and a sample of the encrypted blob is included with the smart contract, eg the first 2048 bytes. The 2048 bytes and hash of the decrypted original are included in the smart contract. The encryption key is the parameter supplied to the contract. This ensures that the key used to solve the contract is valid to decrypt the encrypted payload sent to the client. IE...if the contract can be solved, then the payer can use the same key sent to the smart contract to decrypt the blob you sent him.
> How does this protect against meaningless data being sent - all you've confirmed is that something can be decrypted... but says nothing about what is being decrypted.
See above. If the person who stored the data retained a checksum of the first 2048 bytes, they can compare the decrypted 2048 byte hash to the hash they have stored. Now they can be assured that key will decrypt the entire blob you sent them. You could mix it up, and use an arbitrary offset of a 2048 byte block size if paranoid.
> What use case do you have for this. What situation is there where you need data from someone, but so little trust exists you can't pay them before or after the data is sent?
To incentivize one or more peers to store encrypted data, with the expectation they would be paid for supplying it later. The peers would have no knowledge of the payload. A use-case could be that I have _very_ sensitive data, and I want to make sure it is available in the future, but do not trust anyone to store it in plaintext. I could encrypt the data, and ask peer(s) to store it for me. When I request the data back in the future, any peer that has a copy would be incentivized to under-bid other peers(if there are any) to set a price we agree upon to transmit the data back to me. The end result is my data is resilient, and the people storing it are doing it with some expectation of payment at a point in the future.
disclaimer: this is a contrived example....but do you remember the wikileaks "insurance file" in the past? If that insurance file was stored in the manner above, it would be even more likely to exist far in the future when the people storing it have the possibility of being paid for storing it. It also gives them plausible deniability of _what_ exactly they were storing if it is encrypted.
>How would the smart contract confirm the decryption works... without having access to the key and data (and therefor making it all public?)
The encryption is symmetric, and a sample of the encrypted blob is included with the smart contract, eg the first 2048 bytes. The 2048 bytes and hash of the decrypted original are included in the smart contract. The encryption key is the parameter supplied to the contract. This ensures that the key used to solve the contract is valid to decrypt the encrypted payload sent to the client. IE...if the contract can be solved, then the payer can use the same key sent to the smart contract to decrypt the blob you sent him.
> How does this protect against meaningless data being sent - all you've confirmed is that something can be decrypted... but says nothing about what is being decrypted.
See above. If the person who stored the data retained a checksum of the first 2048 bytes, they can compare the decrypted 2048 byte hash to the hash they have stored. Now they can be assured that key will decrypt the entire blob you sent them. You could mix it up, and use an arbitrary offset of a 2048 byte block size if paranoid.
> What use case do you have for this. What situation is there where you need data from someone, but so little trust exists you can't pay them before or after the data is sent?
To incentivize one or more peers to store encrypted data, with the expectation they would be paid for supplying it later. The peers would have no knowledge of the payload. A use-case could be that I have _very_ sensitive data, and I want to make sure it is available in the future, but do not trust anyone to store it in plaintext. I could encrypt the data, and ask peer(s) to store it for me. When I request the data back in the future, any peer that has a copy would be incentivized to under-bid other peers(if there are any) to set a price we agree upon to transmit the data back to me. The end result is my data is resilient, and the people storing it are doing it with some expectation of payment at a point in the future.
disclaimer: this is a contrived example....but do you remember the wikileaks "insurance file" in the past? If that insurance file was stored in the manner above, it would be even more likely to exist far in the future when the people storing it have the possibility of being paid for storing it. It also gives them plausible deniability of _what_ exactly they were storing if it is encrypted.