Non-Malleable Time-Lock Puzzles and Applications

Time-lock puzzles are a mechanism for sending messages “to the future”, by allowing a sender to quickly generate a puzzle with an underlying message that remains hidden until a receiver spends a moderately large amount of time solving it. We introduce and construct a variant of a time-lock puzzle which is non-malleable. A nonmalleable time-lock puzzle guarantees, roughly, that it is impossible to “maul” a puzzle into one for a related message without solving it. The security of this construction relies on the existence of any (plain) time-lock puzzle and it is proven secure in the auxiliary-input random oracle model. We show that our construction satisfies bounded concurrency and prove that it is impossible to obtain full concurrency. We additionally introduce a more general non-malleability notion, termed functional non-malleability, which protects against tampering attacks that affect a specific function of the related messages. We show that in many (useful) cases, our construction satisfies fully concurrent functional non-malleability. We use our (functional) non-malleable time-lock puzzles to give efficient multi-party protocols for desirable tasks such as coin flipping and auctions. Our protocols are (1) fair, meaning that no malicious party can influence the output, (2) optimistically efficient, meaning that if all parties are honest, then the protocol terminates within two message rounds, and (3) publicly verifiable, meaning that from the transcript of the protocol anyone can quickly infer the outcome, without the need to perform a long computation phase. Our protocols support an unbounded number of participants and require no adversary-independent trusted setup. Our protocol is the first protocol that satisfies all of the above properties under any assumption. Security is proven assuming the repeated squaring assumption and in the auxiliary-input random oracle model. Along the way, we introduce a publicly verifiable notion of time-lock puzzles which is of independent interest. This notion allows the solver of the puzzle to compute the solution together with a proof which can be quickly verified by anyone. ∗Cornell Tech, nephraim@cs.cornell.edu †Cornell Tech, cfreitag@cs.cornell.edu ‡NTT Research, ilan.komargodski@ntt-research.com §Cornell Tech, rafael@cs.cornell.edu

[1]  Dakshita Khurana,et al.  Round Optimal Concurrent Non-malleability from Polynomial Hardness , 2017, TCC.

[2]  Luca De Feo,et al.  Verifiable Delay Functions from Supersingular Isogenies and Pairings , 2019, IACR Cryptol. ePrint Arch..

[3]  Hoeteck Wee,et al.  Constant-Round Non-malleable Commitments from Sub-exponential One-Way Functions , 2010, EUROCRYPT.

[4]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[5]  Rafail Ostrovsky,et al.  Concurrent Non-Malleable Commitments (and More) in 3 Rounds , 2016, CRYPTO.

[6]  John P. Steinberger,et al.  Random Oracles and Non-Uniformity , 2018, IACR Cryptol. ePrint Arch..

[7]  Rafail Ostrovsky,et al.  Constructing Non-malleable Commitments: A Black-Box Approach , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[8]  Richard Cleve,et al.  Limits on the security of coin flips when half the processors are faulty , 1986, STOC '86.

[9]  Giulio Malavolta,et al.  Homomorphic Time-Lock Puzzles and Applications , 2019, IACR Cryptol. ePrint Arch..

[10]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[11]  Vinod Vaikuntanathan,et al.  Adaptive One-Way Functions and Applications , 2008, CRYPTO.

[12]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[13]  Silas Richelson,et al.  Textbook non-malleable commitments , 2016, STOC.

[14]  Ilan Komargodski,et al.  Continuous Verifiable Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[15]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[16]  Rafael Dowsley,et al.  CRAFT: Composable Randomness and Almost Fairness from Time , 2020, IACR Cryptol. ePrint Arch..

[17]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[18]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[19]  Boaz Barak,et al.  Constant-round coin-tossing with a man in the middle or realizing the shared random string model , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[20]  Rafael Pass,et al.  New and improved constructions of non-malleable cryptographic protocols , 2005, STOC '05.

[21]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[22]  Dominique Unruh,et al.  Random Oracles and Auxiliary Input , 2007, CRYPTO.

[23]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[24]  Rafael Pass,et al.  Concurrent Nonmalleable Commitments , 2008, SIAM J. Comput..

[25]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[26]  Jiayu Xu,et al.  On the Security of Time-Locked Puzzles and Timed Commitments , 2020, IACR Cryptol. ePrint Arch..

[27]  Igor E. Shparlinski,et al.  Generating safe primes , 2013, J. Math. Cryptol..

[28]  Yael Tauman Kalai,et al.  Non-Interactive Non-Malleability from Quantum Supremacy , 2019, Electron. Colloquium Comput. Complex..

[29]  Rafael Dowsley,et al.  TARDIS: Time And Relative Delays In Simulation , 2020, IACR Cryptol. ePrint Arch..

[30]  Rafael Pass,et al.  Concurrent Non-Malleable Zero Knowledge Proofs , 2010, CRYPTO.

[31]  Rafael Pass,et al.  Concurrent non-malleable commitments , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[32]  Rafael Pass,et al.  Constant-round non-malleable commitments from any one-way function , 2011, STOC '11.

[33]  Steven Myers,et al.  An Overview of ANONIZE: A Large-Scale Anonymous Survey System , 2015, IEEE Security & Privacy.

[34]  Vipul Goyal,et al.  Constant round non-malleable protocols using one way functions , 2011, STOC '11.

[35]  Rafail Ostrovsky,et al.  Efficiency Preserving Transformations for Concurrent Non-malleable Zero Knowledge , 2010, TCC.

[36]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[37]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[38]  Gil Segev,et al.  Generically Speeding-Up Repeated Squaring is Equivalent to Factoring: Sharp Thresholds for All Generic-Ring Delay Functions , 2020, IACR Cryptol. ePrint Arch..

[39]  Ilan Komargodski,et al.  Non-Malleable Codes for Bounded Polynomial Depth Tampering , 2020, IACR Cryptol. ePrint Arch..

[40]  Rafael Pass,et al.  Two-Round and Non-Interactive Concurrent Non-Malleable Commitments from Time-Lock Puzzles , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[41]  Dan Boneh,et al.  A Survey of Two Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[42]  Amit Sahai,et al.  Concurrent Non-Malleable Zero Knowledge , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[43]  Rafael Pass,et al.  Concurrent Non-malleable Commitments from Any One-Way Function , 2008, TCC.

[44]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[45]  Rafail Ostrovsky,et al.  Cryptography in the Multi-string Model , 2007, Journal of Cryptology.

[46]  Amit Sahai,et al.  How to Achieve Non-Malleability in One or Two Rounds , 2017, 2017 IEEE 58th Annual Symposium on Foundations of Computer Science (FOCS).

[47]  Rafael Pass,et al.  Non-malleability amplification , 2009, STOC '09.

[48]  Hoeteck Wee,et al.  Black-Box, Round-Efficient Secure Computation via Non-malleability Amplification , 2010, 2010 IEEE 51st Annual Symposium on Foundations of Computer Science.

[49]  Rafail Ostrovsky,et al.  Edinburgh Research Explorer Four-Round Concurrent Non-Malleable Commitments from One-Way Functions , 2016 .

[50]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[51]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..