The Fair Data Exchange (FDE) protocol (CCS '24) provides atomic pay-per-file transfers with constant-size proofs, yet existing implementations remain unscalably slow (about 1 second per 4 KiB) and inflate ciphertexts by 10--50x. We introduce an FDE implementation that achieves near-plaintext speeds and sizes, making fair exchange practical even for gigabyte-scale files.Our approach leverages two key insights. First, we observe that a KZG commitment to polynomial evaluations implicitly (and without modification) also binds to the Reed--Solomon (RS) codeword of its coefficients, enabling sound and efficient randomized verification. Second, while heavyweight encryption schemes such as exponential ElGamal enable compact proofs linking ciphertexts to the commitment, they are unnecessary for direct data recovery.Exploiting these insights, we apply a lightweight hash-derived mask to the entire RS-extended codeword, and perform ElGamal encryption only on a pseudorandom \Theta(lambda) subset of symbols, where lambda is the security parameter (e.g., 128). Data recovery occurs by simply removing the lightweight masks, with ElGamal ciphertexts serving exclusively for verification proofs. A heavyweight (but constant-time) zk-SNARK ensures consistency between these two encryption layers at sampled positions, sharply reducing bandwidth overhead and computational cost.In addition, we show how a constant-time (and precomputable) zk-SNARK linking a BLS12-381 secret key to a secp256k1 hash pre-image resolves Bitcoin's elliptic-curve mismatch, enabling fully off-chain execution via the Lightning Network. This can reduce transaction fees from roughly 0.01 and shortens transaction latency from tens of seconds on Ethereum down to about a second or less.
View on arXiv@article{khabbazian2025_2506.14944,
title={ Fair Data Exchange at Near-Plaintext Efficiency },
author={ Majid Khabbazian },
journal={arXiv preprint arXiv:2506.14944},
year={ 2025 }
}