Founding Secure Computation on Blockchains

We study the foundations of secure computation in the blockchain-hybrid model, where a blockchain – modeled as a global functionality – is available as an Oracle to all the participants of a cryptographic protocol. We demonstrate both destructive and constructive applications of blockchains: We show that classical rewinding-based simulation techniques used in many security proofs fail against blockchain-active adversaries that have read and post access to a global blockchain. In particular, we show that zero-knowledge (ZK) proofs with black-box simulation are impossible against blockchain-active adversaries. Nevertheless, we show that achieving security against blockchain-active adversaries is possible if the honest parties are also blockchain active. We construct an \(\omega (1)\)-round ZK protocol with black-box simulation. We show that this result is tight by proving the impossibility of constant-round ZK with black-box simulation. Finally, we demonstrate a novel application of blockchains to overcome the known impossibility results for concurrent secure computation in the plain model. We construct a concurrent self-composable secure computation protocol for general functionalities in the blockchain-hybrid model based on standard cryptographic assumptions.

[1]  Amit Sahai,et al.  New Impossibility Results for Concurrent Composition and a Non-Interactive Completeness Theorem for Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[2]  Amit Sahai,et al.  New Constructions for UC Secure Computation Using Tamper-Proof Hardware , 2008, EUROCRYPT.

[3]  Yehuda Lindell,et al.  Universally composable two-party and multi-party secure computation , 2002, STOC '02.

[4]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[5]  Silvio Micali,et al.  How to play any mental game, or a completeness theorem for protocols with honest majority , 2019, Providing Sound Foundations for Cryptography.

[6]  Vipul Goyal Positive Results for Concurrently Secure Computation in the Plain Model , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[7]  Carmit Hazay,et al.  Composable Security in the Tamper-Proof Hardware Model Under Minimal Complexity , 2016, TCC.

[8]  J. Kilian,et al.  Concurrent and Resettable Zero-Knowledge in Poly-logarithmic Rounds [ Extended Abstract ] , 2001 .

[9]  Hugo Krawczyk,et al.  On the Composition of Zero-Knowledge Proof Systems , 1990, ICALP.

[10]  Stefan Katzenbeisser,et al.  Physically Uncloneable Functions in the Universal Composition Framework , 2011, CRYPTO.

[11]  Amit Sahai,et al.  Round-Efficient Concurrently Composable Secure Computation via a Robust Extraction Lemma , 2015, TCC.

[12]  Matthew Green,et al.  Fairness in an Unfair World: Fair Multiparty Computation from Public Bulletin Boards , 2017, CCS.

[13]  Yehuda Lindell,et al.  Lower Bounds and Impossibility Results for Concurrent Self Composition , 2008, Journal of Cryptology.

[14]  Rafail Ostrovsky,et al.  Impossibility Results for Static Input Secure Computation , 2012, IACR Cryptol. ePrint Arch..

[15]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[16]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[17]  Andrew Chi-Chih Yao,et al.  How to Generate and Exchange Secrets (Extended Abstract) , 1986, FOCS.

[18]  Dana Dachman-Soled,et al.  Feasibility and Infeasibility of Secure Computation with Malicious PUFs , 2014, CRYPTO.

[19]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[20]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[21]  Yehuda Lindell,et al.  Strict polynomial-time in simulation and extraction , 2002, STOC '02.

[22]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[23]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[24]  Joe Kilian,et al.  Founding crytpography on oblivious transfer , 1988, STOC '88.

[25]  Yehuda Lindell,et al.  Concurrent general composition of secure protocols in the timing model , 2005, STOC '05.

[26]  Vipul Goyal,et al.  What Information is Leaked under Concurrent Composition? , 2013, IACR Cryptol. ePrint Arch..

[27]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[28]  Markus Jakobsson,et al.  Round-Optimal Zero-Knowledge Arguments Based on any One-Way Function , 1997, EUROCRYPT.

[29]  Rafail Ostrovsky,et al.  Perfect Zero-Knowledge Arguments for NP Using Any One-Way Permutation , 1998, Journal of Cryptology.

[30]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[31]  Yuval Ishai,et al.  Founding Cryptography on Tamper-Proof Hardware Tokens , 2010, IACR Cryptol. ePrint Arch..

[32]  Rafail Ostrovsky,et al.  Unconditional UC-Secure Computation with (Stronger-Malicious) PUFs , 2017, EUROCRYPT.

[33]  Adi Shamir,et al.  Witness indistinguishable and witness hiding protocols , 1990, STOC '90.

[34]  Jonathan Katz,et al.  Reducing Complexity Assumptions for Statistically-Hiding Commitment , 2009, Journal of Cryptology.

[35]  Manuel Blum,et al.  How to Prove a Theorem So No One Else Can Claim It , 2010 .

[36]  Ran Canetti,et al.  Adaptive Hardness and Composable Security in the Plain Model from Standard Assumptions , 2010, FOCS.

[37]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[38]  Yehuda Lindell,et al.  On the Limitations of Universally Composable Two-Party Computation without Set-up Assumptions , 2003, EUROCRYPT.

[39]  Ran Canetti,et al.  Concurrent Secure Computation with Optimal Query Complexity , 2015, CRYPTO.

[40]  Yehuda Lindell,et al.  Lower Bounds for Concurrent Self Composition , 2004, TCC.

[41]  Ledger Edinburgh Research Explorer Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016 .

[42]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[43]  Vipul Goyal,et al.  Overcoming Cryptographic Impossibility Results Using Blockchains , 2017, TCC.

[44]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, 2014 IEEE Symposium on Security and Privacy.

[45]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[46]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[47]  Yuval Ishai,et al.  Founding Cryptography on Oblivious Transfer - Efficiently , 2008, CRYPTO.

[48]  Silvio Micali,et al.  Local zero knowledge , 2006, STOC '06.

[49]  Amit Sahai,et al.  Concurrent zero knowledge with logarithmic round-complexity , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[50]  Moni Naor,et al.  Bit commitment using pseudorandomness , 1989, Journal of Cryptology.

[51]  Amit Sahai,et al.  Concurrent Non-Malleable Zero Knowledge , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[52]  Yehuda Lindell,et al.  General Composition and Universal Composability in Secure Multiparty Computation , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[53]  Joe Kilian,et al.  On the Concurrent Composition of Zero-Knowledge Proofs , 1999, EUROCRYPT.

[54]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[55]  Moni Naor,et al.  Non-Malleable Cryptography (Extended Abstract) , 1991, STOC 1991.

[56]  Rafail Ostrovsky,et al.  Password-Authenticated Session-Key Generation on the Internet in the Plain Model , 2010, CRYPTO.

[57]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[58]  Moni Naor,et al.  Concurrent zero-knowledge , 2004, JACM.

[59]  Ran Canetti,et al.  Universally composable protocols with relaxed set-up assumptions , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[60]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[61]  Moni Naor,et al.  Non-malleable cryptography , 1991, STOC '91.