PoReps: Proofs of Space on Useful Data

A proof-of-replication (PoRep) is an interactive proof system in which a prover defends a publicly verifiable claim that it is dedicating unique resources to storing one or more retrievable replicas of a data file. In this sense a PoRep is both a proof of space (PoS) and a proof of retrievability (PoR). This paper establishes a foundation for PoReps, exploring both their capabilities and their limitations. While PoReps may unconditionally demonstrate possession of data, they fundamentally cannot guarantee that the data is stored redundantly. Furthermore, as PoReps are proofs of space, they must rely either on rational time/space tradeoffs or timing bounds on the online prover’s runtime. We introduce a rational security notion for PoReps called -rational replication based on the notion of an -Nash equilibrium, which captures the property that a server does not gain any significant advantage by storing its data in any other (non-redundant) format. We apply our definitions to formally analyze two recently proposed PoRep constructions based on verifiable delay functions and depth robust graphs. Lastly, we reflect on a notable application of PoReps—its unique suitability as a Nakamoto consensus mechanism that replaces proof-of-work with PoReps on real data, simultaneously incentivizing and subsidizing the cost of file storage.

[1]  Ivan Damgård,et al.  Proofs of Replicated Storage Without Timing Assumptions , 2019, IACR Cryptol. ePrint Arch..

[2]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[3]  Trond Hønsi SpaceMint - A Cryptocurrency Based on Proofs of Space , 2017 .

[4]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[5]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[6]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[7]  Avi Wigderson,et al.  Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[8]  Amos Fiat,et al.  Zero-knowledge proofs of identity , 1987, Journal of Cryptology.

[9]  Jonathan Katz,et al.  Proofs of Storage from Homomorphic Identification Protocols , 2009, ASIACRYPT.

[10]  Jan Camenisch,et al.  Dynamic Accumulators and Application to Efficient Revocation of Anonymous Credentials , 2002, CRYPTO.

[11]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[12]  Stanislaw Jarecki,et al.  Cryptographic Primitives Enforcing Communication and Storage Complexity , 2002, Financial Cryptography.

[13]  Birgit Pfitzmann,et al.  Collision-Free Accumulators and Fail-Stop Signature Schemes Without Trees , 1997, EUROCRYPT.

[14]  Jeremiah Blocki,et al.  Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions , 2017, IACR Cryptol. ePrint Arch..

[15]  Luca Trevisan,et al.  Compression of Samplable Sources , 2004, Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004..

[16]  Dario Fiore,et al.  Vector Commitments and Their Applications , 2013, Public Key Cryptography.

[17]  Yevgeniy Dodis,et al.  Proofs of Retrievability via Hardness Amplification , 2009, IACR Cryptol. ePrint Arch..

[18]  Madhur Tulsiani,et al.  Time Space Tradeoffs for Attacks against One-Way Functions and PRGs , 2010, CRYPTO.

[19]  Moti Yung,et al.  Concise Mercurial Vector Commitments and Independent Zero-Knowledge Sets with Short Proofs , 2010, TCC.

[20]  Srinivas Devadas,et al.  Proof of Space from Stacked Expanders , 2016, TCC.

[21]  Moti Yung,et al.  Functional Commitment Schemes: From Polynomial Commitments to Pairing-Based Accumulators from Simple Assumptions , 2016, ICALP.

[22]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[23]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[24]  P. Erdoes,et al.  On sparse graphs with dense long paths. , 1975 .

[25]  Leonid Reyzin,et al.  Beyond Hellman's Time-Memory Trade-Offs with Applications to Proofs of Space , 2017, ASIACRYPT.

[26]  Reza Curtmola,et al.  MR-PDP: Multiple-Replica Provable Data Possession , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[27]  Leslie G. Valiant,et al.  Graph-Theoretic Arguments in Low-Level Complexity , 1977, MFCS.

[28]  Eli Ben-Sasson,et al.  SNARKs for C: Verifying Program Executions Succinctly and in Zero Knowledge , 2013, CRYPTO.

[29]  Hovav Shacham,et al.  Compact Proofs of Retrievability , 2008, Journal of Cryptology.

[30]  Ari Juels,et al.  Proofs of retrievability: theory and implementation , 2009, CCSW '09.

[31]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[32]  Ronald L. Rivest,et al.  Hourglass schemes: how to prove that cloud files are encrypted , 2012, CCS.

[33]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[34]  S. Vadhan,et al.  Time-Lock Puzzles in the Random Oracle , 2011 .

[35]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[36]  F. Chung On concentrators, superconcentrators, generalizers, and nonblocking networks , 1979, The Bell System Technical Journal.

[37]  Vladimir Kolmogorov,et al.  On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model , 2016, EUROCRYPT.

[38]  Krzysztof Pietrzak Proofs of Catalytic Space , 2018, IACR Cryptol. ePrint Arch..

[39]  Ghassan O. Karame,et al.  Mirror: Enabling Proofs of Data Replication and Retrievability in the Cloud , 2016, USENIX Security Symposium.

[40]  Moni Naor,et al.  Pebbling and Proofs of Work , 2005, CRYPTO.

[41]  Shashwat Silas,et al.  Weak Compression and (In)security of Rational Proofs of Storage , 2018, IACR Cryptol. ePrint Arch..

[42]  Jeremiah Blocki,et al.  Sustained Space Complexity , 2017, IACR Cryptol. ePrint Arch..

[43]  T. Moran,et al.  Rational Proofs of Space-Time , 2017 .