Pseudonymous Secure Computation from Time-Lock Puzzles

In standard models of secure computation, point-to-point channels between parties are assumed to be authenticated by some pre-existing means. In other cases, even stronger pre-existing setup—e.g., a public-key infrastructure (PKI)—is assumed. These assumptions are too strong for open, peer-to-peer networks, where parties do not necessarily have any prior relationships and can come and go as they please. Nevertheless, these assumptions are made due to the prevailing belief that nothing “interesting” can be achieved without them. Taking inspiration from Bitcoin, we show that precise bounds on computational power can be used in place of pre-existing setup to achieve weaker (but nontrivial) notions of security. Specifically, under the assumptions that digital signatures exist and each party can solve cryptographic “time-lock” puzzles only at a bounded rate, we show that without prior setup and with no bound on the number of corruptions, a group of parties can agree on a PKI with which they can then realize pseudonymous notions of authenticated communication, broadcast, and secure computation. Roughly, “pseudonymous” here means that inputs/outputs are (effectively) bound to pseudonyms rather than parties’ true identities.

[1]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[2]  Yehuda Lindell,et al.  On the composition of authenticated byzantine agreement , 2002, STOC '02.

[3]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[4]  Ari Juels,et al.  $evwu Dfw , 1998 .

[5]  Rachid Guerraoui,et al.  Byzantine agreement with homonyms , 2011, PODC '11.

[6]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[7]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[8]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[9]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[10]  Fabien Coelho,et al.  An (Almost) Constant-Effort Solution-Verification Proof-of-Work Protocol Based on Merkle Trees , 2008, AFRICACRYPT.

[11]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[12]  Jeffrey Considine,et al.  Byzantine Agreement Given Partial Broadcast , 2005, Journal of Cryptology.

[13]  Bogdan Warinschi,et al.  Cryptographic puzzles and DoS resilience, revisited , 2014, Des. Codes Cryptogr..

[14]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[15]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[16]  Ben Laurie,et al.  \Proof-of-Work" Proves Not to Work , 2004 .

[17]  Yehuda Lindell,et al.  A Full Proof of the BGW Protocol for Perfectly Secure Multiparty Computation , 2015, Journal of Cryptology.

[18]  Nikita Borisov,et al.  Computational Puzzles as Sybil Defenses , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[19]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, CRYPTO.

[20]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[21]  Yehuda Lindell,et al.  Secure Multi-Party Computation without Agreement , 2005, Journal of Cryptology.

[22]  Salil P. Vadhan,et al.  Publicly verifiable proofs of sequential work , 2013, ITCS '13.

[23]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[24]  Matthias Fitzi,et al.  Detectable byzantine agreement secure against faulty majorities , 2002, PODC '02.

[25]  Marcos K. Aguilera,et al.  A Simple Bivalency Proof that t-Resilient Consensus Requires t + 1 Rounds , 1998, Inf. Process. Lett..

[26]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[27]  Matthias Fitzi,et al.  Unconditional Byzantine Agreement and Multi-party Computation Secure against Dishonest Minorities from Scratch , 2002, EUROCRYPT.

[28]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.