Proofs of Work and Bread Pudding Protocols

The bread pudding protocol of the present invention represents a novel use of proofs of work and is based upon the same principle as the dish from which it takes its name, namely, that of reuse to minimize waste. Whereas the traditional bread pudding recipe recycles stale bread, our bread pudding protocol recycles the “stale” computations in a POW to perform a separate and useful task, while also maintaining privacy in the task. In one advantageous embodiment of our bread pudding protocol, we consider the computationally intensive operation of minting coins in the MicroMint scheme of Rivest and Shamir and demonstrate how the minting operation can be partitioned into a collection of POWs, which are then used to shift the burden of the minting operation onto a large group of untrusted computational devices. Thus, the computational effort invested in the POWs is recycled to accomplish the minting operation.

[1]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[2]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[3]  Manuel Blum,et al.  Program result-checking: a theory of testing meets a test of theory , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[4]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[5]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[6]  Yi Mu,et al.  Micro-digital money for electronic commerce , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[7]  Yi Mu,et al.  Secure and efficient digital coins , 1997, Proceedings 13th Annual Computer Security Applications Conference.

[8]  Markus Jakobsson,et al.  Curbing Junk E-Mail via Secure Classification , 1998, Financial Cryptography.

[9]  Stuart G. Stubblebine,et al.  Publicly Verifiable Lotteries: Applications of Delaying Functions , 1998, Financial Cryptography.

[10]  Moti Yung,et al.  Robust efficient distributed RSA-key generation , 1998, STOC '98.

[11]  Matthew K. Franklin,et al.  Auditable Metering with Lightweight Security , 1997, J. Comput. Secur..

[12]  Ari Juels,et al.  Client puzzles: A cryptographic defense against connection depletion , 1999 .