Proofs of Work for Blockchain Protocols

One of the most impactful applications of proofs of work (POW) currently is in the design of blockchain protocols such as Bitcoin. Yet, despite the wide recognition of POWs as the fundamental cryptographic tool in this context, there is no known cryptographic formulation that implies the security of the Bitcoin blockchain protocol. Indeed, all previous works formally arguing the security of the Bitcoin protocol relied on direct proofs in the random oracle model, thus circumventing the di culty of isolating the required properties of the core POW primitive. In this work we ll this gap by providing a formulation of the POW primitive that implies the security of the Bitcoin blockchain protocol in the standard model. Our primitive entails a number of properties that parallel an e cient non-interactive proof system: completeness and fast veri cation, security against malicious provers (termed hardness against tampering and chosen message attacks ) and security for honest provers (termed uniquely successful under chosen key and message attacks ). Interestingly, our formulation is incomparable with previous formulations of POWs that applied the primitive to contexts other than the blockchain. Our result paves the way for proving the security of blockchain protocols in the standard model assuming our primitive can be realized from computational assumptions.

[1]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[2]  A. Poelstra,et al.  On Stake and Consensus , 2015 .

[3]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[4]  Prashant Nalini Vasudevan,et al.  Proofs of Useful Work , 2017, IACR Cryptol. ePrint Arch..

[5]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[6]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[8]  Aggelos Kiayias,et al.  Indistinguishable Proofs of Work or Knowledge , 2015, ASIACRYPT.

[9]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[10]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[11]  Speed-Security Tradeo s in Blockchain Protocols , 2015 .

[12]  Aggelos Kiayias,et al.  Bootstrapping the Blockchain - Directly , 2016, IACR Cryptol. ePrint Arch..

[13]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[14]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[15]  Aggelos Kiayias,et al.  Resource-based corruptions and the combinatorics of hidden diversity , 2013, ITCS '13.

[16]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[17]  Adam Back,et al.  Hashcash - Amortizable Publicly Auditable Cost-Functions , 2002 .

[18]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[19]  Elaine Shi,et al.  Pseudonymous Secure Computation from Time-Lock Puzzles , 2014, IACR Cryptol. ePrint Arch..

[20]  Marcin Andrychowicz,et al.  Distributed Cryptography Based on the Proofs of Work , 2014, IACR Cryptol. ePrint Arch..

[21]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[22]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[23]  Mihir Bellare,et al.  Hash-Function Based PRFs: AMAC and Its Multi-User Security , 2016, EUROCRYPT.

[24]  Ari Juels,et al.  $evwu Dfw , 1998 .

[25]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[26]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.