How is this different than the zero knowledge proof kind of thing that comes with public+private key cryptography? With DSA schemes (such as the ECDSA which is used in Bitcoin) you put a signature with your private key on things, without actually revealing the private key. So you prove you have the key, without revealing it.
Also, something I don't understand about your metaphore: why is there a 50% chance (instead of 100%) that Jake has to use the password if Alice tells him to exit through room B? Why can't she just verify if Jake does indeed come out of room B? That would suffice, she doesn't actually have to see him entering the password.
hi, the way zero knowledge proof is applied in ZCoin is that it sits on top of bitcoin core to provide anonymity.
So the bitcoin public and private key system is the same.
Only when a coin enters the zero knowledge proof module, the bitcoin is transformed into zerocoin.
the public key of Jake is given to Alice to generate the encrypted message - this is to generate (or mint) the zerocoin and destroy the bitcoin
And Jake keeps the private key to decrypt the message - this is to destroy (spend) the zerocoin in order to generate a fresh bitcoin with no transaction history
Your suggestion is very good.
I think the reason for the house and 2 room model is because someone else always have a chance to guess private key without knowing it. This is very small probability and not like the 50% shown in the example. This is why there is a chance of failure and the process must be repeated many times to be sure.