Iterated Search Problems and Blockchain Security under Falsifiable Assumptions

We put forth a new class of search problems, iterated search problems (ISP), and study their relation to the design of secure blockchain protocols. We prove that (i) the Bitcoin blockchain protocol implies a hard ISP problem, but ISP hardness is not by itself su cient to prove its security, and (ii) a suitably enhanced class of ISPs is su cient to imply, via construction, a secure blockchain protocol in the common reference string (CRS) model. We then put forth a speci c proposal for an enhanced ISP based on an underlying cryptographic hash function. The resulting blockchain protocol's security reduces to the ISP hardness of the hash-based scheme and to a computational randomness extraction property of the hash function. As a corollary, we obtain a blockchain protocol secure in the standard model under falsi able assumptions; in contrast, all previous blockchain protocols were shown secure in the random oracle model. *Research partly supported by EU Project No.780477, PRIVILEDGE.

[1]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[2]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[3]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[4]  Yevgeniy Dodis On extractors, error-correction and hiding all partial information , 2005, IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005..

[5]  Yevgeniy Dodis,et al.  Getting the Best Out of Existing Hash Functions; or What if We Are Stuck with SHA? , 2008, ACNS.

[6]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[7]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[8]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[9]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[10]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[11]  Tanja Lange,et al.  Non-uniform cracks in the concrete: the power of free precomputation , 2012, IACR Cryptol. ePrint Arch..

[12]  Aviv Zohar,et al.  Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains , 2013, IACR Cryptol. ePrint Arch..

[13]  Amos Fiat,et al.  How to Prove Yourself: Practical Solutions to Identification and Signature Problems , 1986, CRYPTO.

[14]  Ran Canetti,et al.  The random oracle methodology, revisited , 2000, JACM.

[15]  Craig Gentry,et al.  Separating succinct non-interactive arguments from all falsifiable assumptions , 2011, STOC '11.

[16]  Aggelos Kiayias,et al.  Bootstrapping the Blockchain, with Applications to Consensus and Fast PKI Setup , 2018, Public Key Cryptography.

[17]  Björn Tackmann,et al.  Moderately Hard Functions: Definition, Instantiations, and Applications , 2017, TCC.

[18]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[19]  Pratyay Mukherjee,et al.  Continuous Non-malleable Codes , 2014, IACR Cryptol. ePrint Arch..

[20]  Jesper Buus Nielsen,et al.  Separating Random Oracle Proofs from Complexity Theoretic Proofs: The Non-committing Encryption Case , 2002, CRYPTO.

[21]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[22]  Yael Tauman Kalai,et al.  On the (In)security of the Fiat-Shamir paradigm , 2003, 44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings..

[23]  Prashant Nalini Vasudevan,et al.  Proofs of Work from Worst-Case Assumptions , 2018, IACR Cryptol. ePrint Arch..

[24]  Elaine Shi,et al.  Pseudonymous Secure Computation from Time-Lock Puzzles , 2014, IACR Cryptol. ePrint Arch..

[25]  Hugo Krawczyk,et al.  Randomness Extraction and Key Derivation Using the CBC, Cascade and HMAC Modes , 2004, CRYPTO.

[26]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[27]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[28]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[29]  Manoj Prabhakaran,et al.  Resource Fairness and Composability of Cryptographic Protocols , 2006, Journal of Cryptology.

[30]  Hugo Krawczyk,et al.  Cryptographic Extraction and Key Derivation: The HKDF Scheme , 2010, IACR Cryptol. ePrint Arch..

[31]  Hugo Krawczyk,et al.  Computational Extractors and Pseudorandomness , 2011, IACR Cryptol. ePrint Arch..

[32]  Ron Rothblum,et al.  Fiat-Shamir and Correlation Intractability from Strong KDM-Secure Encryption , 2018, IACR Cryptol. ePrint Arch..

[33]  Nir Bitansky,et al.  Time-Lock Puzzles from Randomized Encodings , 2016, IACR Cryptol. ePrint Arch..

[34]  Aggelos Kiayias,et al.  Consensus from Signatures of Work , 2020, CT-RSA.

[35]  Marcin Andrychowicz,et al.  Distributed Cryptography Based on the Proofs of Work , 2014, IACR Cryptol. ePrint Arch..

[36]  Mihir Bellare,et al.  Better Than Advertised: Improved Collision-Resistance Guarantees for MD-Based Hash Functions , 2017, CCS.

[37]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[38]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[39]  Moni Naor,et al.  On Cryptographic Assumptions and Challenges , 2003, CRYPTO.

[40]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[41]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[42]  Jacques Stern,et al.  Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[43]  Speed-Security Tradeo s in Blockchain Protocols , 2015 .

[44]  Ivan Damgård,et al.  A Design Principle for Hash Functions , 1989, CRYPTO.

[45]  Noam Nisan,et al.  Randomness is Linear in Space , 1996, J. Comput. Syst. Sci..

[46]  Ari Juels,et al.  $evwu Dfw , 1998 .

[47]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[48]  Rafail Ostrovsky,et al.  Robust Non-interactive Zero Knowledge , 2001, CRYPTO.