Puncturable Signatures and Applications in Proof-of-Stake Blockchain Protocols

Proof-of-stake blockchain protocols are becoming one of the most promising alternatives to the energy-consuming proof-of-work protocols. However, one particularly critical threat in the PoS setting is the well-known long-range attacks caused by secret key leakage (LRSL attack). Specifically, an adversary can attempt to control/compromise accounts possessing substantial stake at some past moment such that double-spend or erase past transactions, violating the fundamental persistence property of blockchain. Puncturable signatures provide a satisfying solution to construct practical proof-of-stake blockchain resilient to LRSL attack, despite of the fact that existent constructions are not efficient enough for practical deployments. In this paper, we provide an in-depth study of puncturable signatures and explore its applications in the proof-of-stake blockchain. We formalize a security model that allows the adversary for adaptive signing and puncturing queries, and show a construction with efficient puncturing operations based on the Bloom filter data structure and strong Diffie-Hellman assumption. The puncturing functionality we desire is for a particular part of message, like prefix, instead of the whole message. Furthermore, we use puncturable signatures to construct practical proof-of-stake blockchain protocols that are resilient to LRSL attack, while previously the forward-secure signature is used to immunize this attack. We implement our scheme and provide experimental results showing that in comparison with the forward-secure signature, our construction performs substantially better on signature size, signing and verification efficiency, significantly on key update efficiency.

[1]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[2]  Paulo S. L. M. Barreto,et al.  Efficient and Provably-Secure Identity-Based Signatures and Signcryption from Bilinear Maps , 2005, ASIACRYPT.

[3]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[4]  Hugo Krawczyk,et al.  Simple forward-secure signatures from any signature scheme , 2000, IACR Cryptol. ePrint Arch..

[5]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[6]  Michael Mitzenmacher,et al.  Less hashing, same performance: Building a better Bloom filter , 2006, Random Struct. Algorithms.

[7]  Ran Canetti,et al.  Universally composable signature, certification, and authentication , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[8]  Aggelos Kiayias,et al.  Speed-Security Tradeoffs in Blockchain Protocols , 2015, IACR Cryptol. ePrint Arch..

[9]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[10]  Jung Hee Cheon,et al.  An Identity-Based Signature from Gap Diffie-Hellman Groups , 2003, Public Key Cryptography.

[11]  Shafi Goldwasser,et al.  Functional Signatures and Pseudorandom Functions , 2014, Public Key Cryptography.

[12]  Andrew Y. Lindell Adaptively Secure Two-Party Computation with Erasures , 2009, CT-RSA.

[13]  Daniel Slamanig,et al.  Generic Double-Authentication Preventing Signatures and a Post-Quantum Instantiation , 2018, IACR Cryptol. ePrint Arch..

[14]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[15]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[16]  Leonid Reyzin,et al.  A New Forward-Secure Digital Signature Scheme , 2000, ASIACRYPT.

[17]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[18]  Tal Malkin,et al.  Efficient Generic Forward-Secure Signatures with an Unbounded Number Of Time Periods , 2002, EUROCRYPT.

[19]  Michael Backes,et al.  Delegatable Functional Signatures , 2016, Public Key Cryptography.

[20]  Dan Boneh,et al.  Short Signatures Without Random Oracles , 2004, EUROCRYPT.

[21]  Yehuda Lindell,et al.  Adaptively Secure Computation with Partial Erasures , 2015, IACR Cryptol. ePrint Arch..

[22]  Constantinos Patsakis,et al.  A Survey on Long-Range Attacks for Proof of Stake Protocols , 2019, IEEE Access.

[23]  Brent Waters,et al.  Candidate Indistinguishability Obfuscation and Functional Encryption for all Circuits , 2013, 2013 IEEE 54th Annual Symposium on Foundations of Computer Science.

[24]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[25]  Siu-Ming Yiu,et al.  Secure Hierarchical Identity Based Signature and Its Application , 2004, ICICS.

[26]  Daniel Slamanig,et al.  Bloom Filter Encryption and Applications to Efficient Forward-Secret 0-RTT Key Exchange , 2018, Journal of Cryptology.

[27]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[28]  R. Nicoll,et al.  Invited lecture , 1997, Neuroscience Research.

[29]  Hong Jingxin A New Forward-Secure Digital Signature Scheme , 2007, 2007 International Workshop on Anti-Counterfeiting, Security and Identification (ASID).

[30]  Ross J. Anderson,et al.  Two remarks on public key cryptology , 2002 .

[31]  Brent Waters,et al.  New Negative Results on Differing-Inputs Obfuscation , 2016, EUROCRYPT.

[32]  M. Kasahara,et al.  A New Traitor Tracing , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[33]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[34]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[35]  Matthew Green,et al.  Forward Secure Asynchronous Messaging from Puncturable Encryption , 2015, 2015 IEEE Symposium on Security and Privacy.

[36]  Georg Fuchsbauer,et al.  Policy-Based Signatures , 2013, IACR Cryptol. ePrint Arch..

[37]  Eike Kiltz,et al.  Append-Only Signatures , 2005, ICALP.

[38]  Jacques Stern,et al.  Security Arguments for Digital Signatures and Blind Signatures , 2015, Journal of Cryptology.

[39]  Yuval Ishai,et al.  Non-Interactive Multiparty Computation Without Correlated Randomness , 2017, ASIACRYPT.

[40]  Ghassan O. Karame,et al.  Securing Proof-of-Stake Blockchain Protocols , 2017, DPM/CBT@ESORICS.

[41]  Razvan Barbulescu,et al.  Updating Key Size Estimations for Pairings , 2018, Journal of Cryptology.

[42]  Britta Hale,et al.  0-RTT Key Exchange with Full Forward Secrecy , 2017, EUROCRYPT.