Blockchains from Non-idealized Hash Functions

The formalization of concrete, non-idealized hash function properties sufficient to prove the security of Bitcoin and related protocols has been elusive, as all previous security analyses of blockchain protocols have been performed in the random oracle model. In this paper we identify three such properties, and then construct a blockchain protocol whose security can be reduced to them in the standard model assuming a common reference string (CRS). The three properties are: collision resistance, computational randomness extraction and iterated hardness. While the first two properties have been extensively studied, iterated hardness has been empirically stress-tested since the rise of Bitcoin; in fact, as we demonstrate in this paper, any attack against it (assuming the other two properties hold) results in an attack against Bitcoin. In addition, iterated hardness puts forth a new class of search problems which we term iterated search problems (ISP). ISPs enable the concise and modular specification of blockchain protocols, and may be of independent interest.

[1]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[2]  Ivan Damgård,et al.  Collision Free Hash Functions and Public Key Signature Schemes , 1987, EUROCRYPT.

[3]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[4]  Oded Goldreich Foundations of Cryptography: Volume 1 , 2006 .

[5]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[6]  Aggelos Kiayias,et al.  Speed-Security Tradeoffs in Blockchain Protocols , 2015, IACR Cryptol. ePrint Arch..

[7]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[8]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[9]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[10]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[11]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[12]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[13]  Aggelos Kiayias,et al.  Consensus from Signatures of Work , 2020, CT-RSA.

[14]  Elaine Shi,et al.  Pseudonymous Secure Computation from Time-Lock Puzzles , 2014, IACR Cryptol. ePrint Arch..

[15]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[16]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[17]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[18]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[19]  S. Rajsbaum Foundations of Cryptography , 2014 .

[20]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[21]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[22]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[23]  Aggelos Kiayias,et al.  SoK: A Consensus Taxonomy in the Blockchain Era , 2020, IACR Cryptol. ePrint Arch..

[24]  Espagne Eurocrypt. . Saragosse Advances in cryptology, EUROCRYPT '96 : International Conference on the Theory and Application of Cryptographic Techniques, Saragossa, Spain, May 12-16, 1996 : proceedings , 1996 .

[25]  Aggelos Kiayias,et al.  Bootstrapping the Blockchain, with Applications to Consensus and Fast PKI Setup , 2018, Public Key Cryptography.

[26]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[27]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.

[28]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[29]  Speed-Security Tradeo s in Blockchain Protocols , 2015 .

[30]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[31]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[32]  Hugo Krawczyk,et al.  Computational Extractors and Pseudorandomness , 2011, IACR Cryptol. ePrint Arch..

[33]  Mihir Bellare,et al.  Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions , 2017, CCS.

[34]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[35]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[36]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[37]  Ari Juels,et al.  $evwu Dfw , 1998 .

[38]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[39]  Prashant Nalini Vasudevan,et al.  Proofs of Work from Worst-Case Assumptions , 2018, IACR Cryptol. ePrint Arch..

[40]  Hugo Krawczyk,et al.  Pseudorandom functions revisited: the cascade construction and its concrete security , 1996, Proceedings of 37th Conference on Foundations of Computer Science.

[41]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[42]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[43]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[44]  Marcin Andrychowicz,et al.  PoW-Based Distributed Cryptography with No Trusted Setup , 2015, CRYPTO.

[45]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[46]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[47]  Björn Tackmann,et al.  Moderately Hard Functions: Definition, Instantiations, and Applications , 2017, TCC.

[48]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[49]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[50]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[51]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[52]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[53]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[54]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.