Computer-implemented system and method suitable for increasing the security of instant off-line blockchain transactions

The invention claimed is: 1. A computer-implemented method for a prover to implement a cryptographic protocol, the computer-implemented method comprising: generating a first cryptographic key pair comprising a first public key (PK 1 ) and a first private key (sk 1 ); generating a second cryptographic key pair comprising a second public key (PK 2 ) and a second private key (sk 2 ); constructing a compensation key (ck) from the first and second private keys (sk 1 ; sk 2 ), the compensation key (ck) enabling the second private key (sk 2 ) to be computed in an event that the first private key (sk 1 ) is revealed; constructing a cryptographic proof that the compensation key (ck) enables the second private key (sk 2 ) to be computed in the event that the first private key (sk 1 ) is revealed, the cryptographic proof not requiring the first and second private keys (sk 1 ; sk 2 ) to be revealed; and sending the first and second public keys (PK 1 ; PK 2 ), the compensation key (ck), and the cryptographic proof to a verifier in order for the verifier to authenticate the cryptographic proof that the compensation key (ck) enables the second private key (sk 2 ) to be computed in the event that the first private key (sk 1 ) is revealed; wherein the compensation key is calculated by: ck=sk 2 ·sk 1 −1 mod n where ck is the compensation key, sk 1 is the first private key, sk 2 is the second private key, and n is an order of an elliptic curve generator point G used to generate the first and second public keys from the first and second private keys, generation of the first and second public keys including an elliptic curve point multiplication of the elliptic curve generator point G; and wherein the cryptographic proof is constructed by: generating a secure random number r; computing a commitment R=r×G, R x being an x-coordinate of a point R; computing a hash H(R x ), set x being left-most l n bits of H(R) where l n is a bit length of n; and computing z=sk 1 x+r; where the cryptographic proof is a tuple π=(ck,R,x,z). 2. The computer-implemented method for a verifier to implement a cryptographic protocol, the computer-implemented method comprising: receiving, from the prover, the first and second public keys (PK 1 ; PK 2 ), the compensation key (ck), and the cryptographic proof constructed using the computer-implemented method according to claim 1 ; and checking that the cryptographic proof validates the compensation key (ck) such that the second private key (sk 2 ) can be computed in the event that the first private key (sk 1 ) is revealed; whereby, in response to disclosure of information revealing the first private key (sk 1 ), the verifier: calculates the second private key (sk 2 ) from the first private key (sk 1 ) and the compensation key (ck); and utilizes the second private key (sk 2 ) to access cryptographic assets associated with the second public key (PK 2 ). 3. The computer-implemented method according to claim 1 , wherein cryptographic assets associated with the second public key (PK 2 ) are time-locked for a lock-time T whereby the cryptographic assets can only be accessed after the lock-time T expires. 4. The computer-implemented method according to claim 1 , wherein the cryptographic proof is a non-interactive zero knowledge proof. 5. The computer-implemented method according to claim 4 , wherein the non-interactive zero knowledge proof is based on a zero-knowledge sigma (Σ) protocol converted to a non-interactive zero knowledge proof through application of a Fiat-Shamir heuristic. 6. The computer-implemented method according to claim 1 , wherein the verifier authenticates the tuple as follows: computing C =ck× G verifying that: x =left-most of l n H ( R x ) z×G=x ×PK 1 +R z×C=x ×PK 2 +ck× R in response to confirmation, then accept value ck as valid. 7. The computer-implemented method according to claim 1 , wherein the prover: constructs a funding transaction comprising: a spend output associated with the first public key (PK 1 ) and the first private key (sk 1 ); and a deposit output associated with the second public key (PK 2 ) and the second private key (sk 2 ), the deposit output being time-locked for a lock-time T; broadcasts the funding transaction to a blockchain network for incorporation in a blockchain; constructs a purchase transaction to transfer funds from the spend output of the funding transaction to a payment address of the verifier over the blockchain network, the purchase transaction being signed using the first private key (sk 1 ); and sends the purchase transaction, the first and second public keys (PK 1 ; PK 2 ), the compensation key (ck), and the cryptographic proof to the verifier. 8. The computer-implemented method according to claim 7 , wherein the verifier: receives, from the prover, the purchase transaction, the first and second public keys (PK 1 ; PK 2 ), the compensation key (ck), and the cryptographic proof; checks that the purchase transaction correctly specifies the funds to be transferred from the spend output associated with the first public key (PK 1 ) to the payment address; checks that the deposit output associated with the second public key (PK 2 ) contains a required deposit amount; checks that the cryptographic proof validates the compensation key (ck) such that the second private key (sk 2 ) can be computed in the event that the first private key (sk 1 ) is revealed; and authorizes the purchase transaction and broadcasts the purchase transaction to the blockchain network, whereby as a result of a second competing purchase transaction being broadcasted to the blockchain network to spend funds from the spend output of the funding transaction prior to the lock-time T expiring, the verifier: calculates the first private key (sk 1 ) from signatures of the purchase transaction and second purchase transaction; calculates the second private key (sk 2 ) from the first private key (sk 1 ) and the compensation key (ck); constructs a transaction to transfer funds from the deposit output of the funding transaction to an address on the blockchain; signs the transaction with the second private key (sk 2 ); and broadcasts the transaction to the blockchain network such that the funds in the deposit output of the funding transaction can be obtained by a vendor after the lock-time T expires. 9. The computer-implemented method according to claim 7 , wherein the spend output is configured such that to transfer funds from the spend output requires a transaction signature based on a fixed ephemeral key (k). 10. The computer-implemented method according to claim 9 , wherein the spend output is a fixed-r-pay-to-public-key (FR-P2PK) output such that to transfer funds from the spend output requires a transaction signature utilizing a pre-specified r value. 11. The computer-implemented method according to claim 7 , wherein the deposit output is larger than the spend output. 12. A non-transitory computer-readable storage medium comprising computer-executable instructions which, when executed, configure one or more processors to perform the method of claim 1 . 13. An electronic device comprising: one or more processor(s); and a memory coupled to the one or more processor(s), the memory having stored thereon computer executable instructions which, when executed, configure the one or more processor(s) to perform the method of claim 1 . 14. A node of a blockchain network, the node configured to perform the method of claim 1 . 15. A non-transitory computer-readable storage medium c