Verifiable Capacity-bound Functions: A New Primitive from Kolmogorov Complexity

We initiate the study of verifiable capacity-bound function (VCBF). The main VCBF property imposes a lower bound on the number of bits read from memory during evaluation (referred to as minimum capacity). No adversary, even with unbounded resources, should produce an output without spending this minimum memory capacity. Moreover, a VCBF allows for an efficient public verification process: Given a proof-of-correctness, checking the validity of the output takes significantly fewer memory resources, sublinear in the target minimum capacity. Finally, it achieves soundness, i.e., no computationally bounded adversary can produce a proof that passes verification for a false output. With these properties, we believe a VCBF can be viewed as a “space” analog of a verifiable delay function. We then propose the first VCBF construction relying on evaluating a degree-d polynomial f from Fp[x] at a random point. We leverage ideas from Kolmogorov complexity to prove that sampling f from a large set (i.e., for high-enough d) ensures that evaluation must entail reading a number of bits proportional to the size of its coefficients. Moreover, our construction benefits from existing verifiable polynomial evaluation schemes to realize our efficient verification requirements. In practice, for a field of order O(2) our VCBF achieves O((d+1)λ) minimum capacity, whereas verification requires just O(λ). The minimum capacity of our VCBF construction holds against adversaries that perform a constant number of random memory accesses. This poses the natural question of whether a VCBF with high minimum capacity guarantees exists when dealing with adversaries that perform non-constant (e.g., polynomial) number of random accesses.

[1]  Vyas Sekar,et al.  Making Peer-Assisted Content Distribution Robust to Collusion Using Bandwidth Puzzles , 2009, ICISS.

[2]  Anna Gál,et al.  The cell probe complexity of succinct data structures , 2007, Theor. Comput. Sci..

[3]  Giuseppe Ateniese,et al.  Proofs of Space: When Space Is of the Essence , 2014, SCN.

[4]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[5]  Ben Fisch,et al.  Tight Proofs of Space and Replication , 2019, IACR Cryptol. ePrint Arch..

[6]  Ilan Komargodski,et al.  SPARKs: Succinct Parallelizable Arguments of Knowledge , 2020, EUROCRYPT.

[7]  Adam Stubblefield,et al.  Using Client Puzzles to Protect TLS , 2001, USENIX Security Symposium.

[8]  Andrej Muchnik Kolmogorov complexity and cryptography , 2011, ArXiv.

[9]  Mihir Bellare,et al.  Big-Key Symmetric Encryption: Resisting Key Exfiltration , 2016, CRYPTO.

[10]  Brice Minaud,et al.  Efficient and Provable White-Box Primitives , 2016, ASIACRYPT.

[11]  Samson Zhou,et al.  Bandwidth-Hard Functions: Reductions and Lower Bounds , 2018, IACR Cryptol. ePrint Arch..

[12]  Nico Döttling,et al.  Incremental Proofs of Sequential Work , 2019, EUROCRYPT.

[13]  Refik Molva,et al.  Efficient Techniques for Publicly Verifiable Delegation of Computation , 2016, AsiaCCS.

[14]  Ashrujit Ghoshal,et al.  The Memory-Tightness of Authenticated Encryption , 2020, IACR Cryptol. ePrint Arch..

[15]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[16]  Srinivas Devadas,et al.  Bandwidth Hard Functions for ASIC Resistance , 2017, TCC.

[17]  Jeremiah Blocki,et al.  Efficiently Computing Data-Independent Memory-Hard Functions , 2016, CRYPTO.

[18]  Benjamin Wesolowski,et al.  Efficient Verifiable Delay Functions , 2019, Journal of Cryptology.

[19]  Salil P. Vadhan,et al.  Publicly verifiable proofs of sequential work , 2013, ITCS '13.

[20]  Ran Canetti,et al.  Hardness Amplification of Weakly Verifiable Puzzles , 2005, TCC.

[21]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[22]  Krzysztof Pietrzak,et al.  Simple Proofs of Sequential Work , 2018, IACR Cryptol. ePrint Arch..

[23]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[24]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[25]  Stefano Tessaro,et al.  Scrypt Is Maximally Memory-Hard , 2017, EUROCRYPT.

[26]  Paul M. B. Vitányi,et al.  An Introduction to Kolmogorov Complexity and Its Applications , 1993, Graduate Texts in Computer Science.

[27]  David Mazières,et al.  The Advanced Computing Systems Association a Future-adaptable Password Scheme a Future-adaptable Password Scheme , 2022 .

[28]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[29]  Alex Biryukov,et al.  Cryptographic Schemes Based on the ASASA Structure: Black-Box, White-Box, and Public-Key (Extended Abstract) , 2014, ASIACRYPT.

[30]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[31]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[32]  Alex Biryukov,et al.  Egalitarian Computing , 2016, USENIX Security Symposium.

[33]  Jeremiah Blocki,et al.  Sustained Space Complexity , 2017, IACR Cryptol. ePrint Arch..

[34]  Andrey Bogdanov,et al.  Towards Practical Whitebox Cryptography: Optimizing Efficiency and Space Hardness , 2016, ASIACRYPT.

[35]  Andrey Bogdanov,et al.  White-Box Cryptography Revisited: Space-Hard Ciphers , 2015, CCS.

[36]  Bogdan Warinschi,et al.  Security Notions and Generic Constructions for Client Puzzles , 2009, ASIACRYPT.

[37]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, IACR Cryptol. ePrint Arch..

[38]  Kasper Green Larsen Higher Cell Probe Lower Bounds for Evaluating Polynomials , 2012, 2012 IEEE 53rd Annual Symposium on Foundations of Computer Science.

[39]  Colin Boyd,et al.  Stronger Difficulty Notions for Client Puzzles and Denial-of-Service-Resistant Protocols , 2011, CT-RSA.

[40]  Ilan Orlov,et al.  Proofs of Space-Time and Rational Proofs of Storage , 2019, IACR Cryptol. ePrint Arch..

[41]  Joël Alwen,et al.  High Parallel Complexity Graphs and Memory-Hard Functions , 2015, IACR Cryptol. ePrint Arch..

[42]  Moni Naor,et al.  Pebbling and Proofs of Work , 2005, CRYPTO.

[43]  Rosario Gennaro,et al.  Publicly verifiable delegation of large polynomials and matrix computations, with applications , 2012, IACR Cryptol. ePrint Arch..

[44]  Rafael Pass,et al.  On One-way Functions and Kolmogorov Complexity , 2020, 2020 IEEE 61st Annual Symposium on Foundations of Computer Science (FOCS).

[45]  Stefano Tessaro,et al.  Memory-Hard Functions from Cryptographic Primitives , 2019, CRYPTO.

[46]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[47]  Stefano Tessaro,et al.  Provable Time-Memory Trade-Offs: Symmetric Cryptography Against Memory-Bounded Adversaries , 2018, TCC.

[48]  Turlough Neary,et al.  The complexity of small universal Turing machines: A survey , 2009, Theor. Comput. Sci..

[49]  Turlough Neary,et al.  Four Small Universal Turing Machines , 2007, Fundam. Informaticae.

[50]  Elaine Shi,et al.  Signatures of Correct Computation , 2013, TCC.

[51]  Jeremiah Blocki,et al.  Practical Graphs for Optimal Side-Channel Resistant Memory-Hard Functions , 2017, IACR Cryptol. ePrint Arch..

[52]  Christopher Umans,et al.  Fast Modular Composition in any Characteristic , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[53]  Vinod Vaikuntanathan,et al.  How to Delegate and Verify in Public: Verifiable Computation from Attribute-based Encryption , 2012, IACR Cryptol. ePrint Arch..

[54]  Itai Dinur,et al.  On the Streaming Indistinguishability of a Random Permutation and a Random Function , 2020, IACR Cryptol. ePrint Arch..

[55]  Dan Boneh,et al.  Balloon Hashing: A Memory-Hard Function Providing Provable Protection Against Sequential Attacks , 2016, ASIACRYPT.

[56]  Nir Bitansky,et al.  From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again , 2012, ITCS '12.

[57]  Jonathan Katz,et al.  vSQL: Verifying Arbitrary SQL Queries over Dynamic Outsourced Databases , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[58]  Peter Bro Miltersen On the Cell Probe Complexity of Polynomial Evaluation , 1995, Theor. Comput. Sci..

[59]  Stefan Dziembowski,et al.  Proofs of Space , 2015, CRYPTO.

[60]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[61]  Ashrujit Ghoshal,et al.  On the Memory-Tightness of Hashed ElGamal , 2020, EUROCRYPT.

[62]  Srinivas Devadas,et al.  Proof of Space from Stacked Expanders , 2016, TCC.

[63]  Stefano Tessaro,et al.  Tight Time-Memory Trade-offs for Symmetric Encryption , 2019, IACR Cryptol. ePrint Arch..

[64]  Alex Biryukov,et al.  Symmetrically and Asymmetrically Hard Cryptography , 2017, ASIACRYPT.

[65]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.