Time-Lock Puzzles in the Random Oracle Model

A time-lock puzzle is a mechanism for sending messages "to the future". The sender publishes a puzzle whose solution is the message to be sent, thus hiding it until enough time has elapsed for the puzzle to be solved. For time-lock puzzles to be useful, generating a puzzle should take less time than solving it. Since adversaries may have access to many more computers than honest solvers, massively parallel solvers should not be able to produce a solution much faster than serial ones. To date, we know of only one mechanism that is believed to satisfy these properties: the one proposed by Rivest, Shamir and Wagner (1996), who originally introduced the notion of time-lock puzzles. Their puzzle is based on the serial nature of exponentiation and the hardness of factoring, and is therefore vulnerable to advances in factoring techniques (as well as to quantum attacks). In this work, we study the possibility of constructing time-lock puzzles in the random-oracle model. Our main result is negative, ruling out time-lock puzzles that require more parallel time to solve than the total work required to generate a puzzle. In particular, this should rule out black-box constructions of such timelock puzzles from one-way permutations and collision-resistant hash-functions. On the positive side, we construct a time-lock puzzle with a linear gap in parallel time: a new puzzle can be generated with one round of n parallel queries to the random oracle, but n rounds of serial queries are required to solve it (even for massively parallel adversaries).

[1]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[2]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[3]  Boaz Barak,et al.  Merkle Puzzles are Optimal , 2008, IACR Cryptol. ePrint Arch..

[4]  Boaz Barak,et al.  Lower Bounds on Signatures From Symmetric Primitives , 2008, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[5]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[6]  Jianying Zhou,et al.  Information and Communications Security , 2013, Lecture Notes in Computer Science.

[7]  Lov K. Grover A fast quantum mechanical algorithm for database search , 1996, STOC '96.

[8]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[9]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[10]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[11]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[12]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[13]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[14]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[15]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[16]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[17]  Mark Zhandry,et al.  Random Oracles in a Quantum World , 2010, ASIACRYPT.

[18]  Mihir Bellare Advances in Cryptology — CRYPTO 2000 , 2000, Lecture Notes in Computer Science.

[19]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[20]  Ernest F. Brickell,et al.  Advances in Cryptology — CRYPTO’ 92 , 2001, Lecture Notes in Computer Science.

[21]  Jean-Jacques Quisquater,et al.  Efficient and Non-interactive Timed-Release Encryption , 2005, ICICS.

[22]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[23]  Gilles Brassard,et al.  Quantum Merkle Puzzles , 2008, Second International Conference on Quantum, Nano and Micro Technologies (ICQNM 2008).

[24]  Moni Naor,et al.  Pebbling and Proofs of Work , 2005, CRYPTO.

[25]  Dan Boneh,et al.  Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[26]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[27]  Yuval Ishai,et al.  Basing Weak Public-Key Cryptography on Strong One-Way Functions , 2008, TCC.

[28]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[29]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[30]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[31]  Russell Impagliazzo,et al.  Limits on the provable consequences of one-way permutations , 1988, STOC '89.

[32]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.