Distributed Cryptography Based on the Proofs of Work

Motivated by the recent success of Bitcoin we study the question of constructing distributed crypto- graphic protocols in a fully peer-to-peer scenario (without any trusted setup) under the assumption that the adver- sary has limited computing power. We propose a formal model for this scenario and then we construct the following protocols working in it: (i) a broadcast protocol secure under the assumption that the honest parties have computing power that is some non-negligible fraction of computing power of the adversary (this fraction can be small, in particular it can be much less than 1=2), (ii) a protocol for identifying a set of parties such that the majority of them is honest, and every honest party belongs to this set (this protocol works under the assumption that the majority of computing power is controlled by the honest parties). Our broadcast protocol can be used to generate an unpredictable beacon (that can later serve, e.g., as a genesis block for a new cryptocurrency). The protocol from Point (ii) can be used to construct arbitrary multiparty computation protocols. Our main tool for checking the computing power of the parties are the Proofs of Work (Dwork and Naor, CRYPTO 92). Our broadcast protocol is built on top of the classical protocol of Dolev and Strong (SIAM J. on Comp. 1983). Although our motivation is mostly theoretic, we believe that our ideas can lead to practical imple- mentations (probably after some optimizations and simplifications). We discuss some possible applications of our protocols at the end of the paper. We stress however that the goal of this paper is not to propose new cryptocurrencies or to analyze the existing ones.

[1]  Lear Bahack,et al.  Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft) , 2013, IACR Cryptol. ePrint Arch..

[2]  Yael Tauman Kalai,et al.  Multiparty computation secure against continual memory leakage , 2012, STOC '12.

[3]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[4]  Andrew Chi-Chih Yao,et al.  Protocols for Secure Computations (Extended Abstract) , 1982, FOCS.

[5]  Giuseppe Ateniese,et al.  Proofs of Space: When Space Is of the Essence , 2014, SCN.

[6]  Elaine Shi,et al.  Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[7]  Moni Naor,et al.  Pebbling and Proofs of Work , 2005, CRYPTO.

[8]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[9]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[10]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[11]  Avi Wigderson,et al.  Completeness theorems for non-cryptographic fault-tolerant distributed computation , 1988, STOC '88.

[12]  Oded Goldreich,et al.  A randomized protocol for signing contracts , 1985, CACM.

[13]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[14]  Ivan Damgård,et al.  Secure Multiparty Computation Goes Live , 2009, Financial Cryptography.

[15]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[16]  Sergei Izmalkov,et al.  Rational secure computation and ideal mechanism design , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[17]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[18]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[19]  Peter Kulchyski and , 2015 .

[20]  Jeffrey Considine,et al.  Byzantine Agreement Given Partial Broadcast , 2005, Journal of Cryptology.

[21]  Nicolas Courtois,et al.  On Subversive Miner Strategies and Block Withholding Attack in Bitcoin Digital Currency , 2014, ArXiv.

[22]  Nir Bitansky,et al.  Leakage-Tolerant Interactive Protocols , 2012, TCC.

[23]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[24]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[25]  Ueli Maurer,et al.  Rational Protocol Design: Cryptography against Incentive-Driven Adversaries , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[26]  David Chaum,et al.  Multiparty unconditionally secure protocols , 1988, STOC '88.

[27]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[28]  Shafi Goldwasser,et al.  Private coins versus public coins in interactive proof systems , 1986, STOC '86.

[29]  Dragos Velicanu,et al.  A Decentralized Public Key Infrastructure with Identity Retention , 2014, IACR Cryptol. ePrint Arch..

[30]  Jonathan Katz,et al.  Rational Secret Sharing, Revisited , 2006, SCN.

[31]  Ivan Damgård,et al.  Leakage Resilient Secure Two-Party Computation , 2011, IACR Cryptol. ePrint Arch..

[32]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[33]  Fabien Coelho,et al.  An (Almost) Constant-Effort Solution-Verification Proof-of-Work Protocol Based on Merkle Trees , 2008, AFRICACRYPT.

[34]  Nicolas Courtois,et al.  On The Longest Chain Rule and Programmed Self-Destruction of Crypto Currencies , 2014, ArXiv.

[35]  Matthew Green,et al.  Decentralized Anonymous Credentials , 2014, NDSS.

[36]  Jeremy Clark,et al.  On the Use of Financial Data as a Random Beacon , 2010, EVT/WOTE.

[37]  Stefan Dziembowski,et al.  Proofs of Space , 2015, CRYPTO.

[38]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[39]  Elaine Shi,et al.  Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions , 2015, CCS.

[40]  Amos Fiat,et al.  Untraceable Electronic Cash , 1990, CRYPTO.

[41]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[42]  Moni Naor,et al.  Split-ballot voting: Everlasting privacy with distributed trust , 2007, TSEC.

[43]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.