Proof of Space from Stacked Expanders

Recently, proof of space PoS has been suggested as a more egalitarian alternative to the traditional hash-based proof of work. In PoS, a prover proves to a verifier that it has dedicated some specified amount of space. A closely related notion is memory-hard functions MHF, functions that require a lot of memory/space to compute. While making promising progress, existing PoS and MHF have several problems. First, there are large gaps between the desired space-hardness and what can be proven. Second, it has been pointed out that PoS and MHF should require a lot of space not just at some point, but throughout the entire computation/protocol; few proposals considered this issue. Third, the two existing PoS constructions are both based on a class of graphs called superconcentrators, which are either hard to construct or add a logarithmic factor overhead to efficiency. In this paper, we construct PoS from stacked expander graphs. Our constructions are simpler, more efficient and have tighter provable space-hardness than prior works. Our results also apply to a recent MHF called Balloon hash. We show Balloon hash has tighter space-hardness than previously believed and consistent space-hardness throughout its computation.

[1]  Samuel Neves yescrypt - a Password Hashing Competition submission , 2015 .

[2]  Salil P. Vadhan,et al.  Publicly verifiable proofs of sequential work , 2013, ITCS '13.

[3]  F. Chung On concentrators, superconcentrators, generalizers, and nonblocking networks , 1979, The Bell System Technical Journal.

[4]  Noga Alon,et al.  Smaller Explicit Superconcentrators , 2003, Internet Math..

[5]  Alex Biryukov,et al.  Tradeoff Cryptanalysis of Memory-Hard Functions , 2015, ASIACRYPT.

[6]  Jeremiah Blocki,et al.  Towards Practical Attacks on Argon2i and Balloon Hashing , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[7]  Paulo S. L. M. Barreto,et al.  Lyra: password-based key derivation with tunable memory and processing costs , 2014, Journal of Cryptographic Engineering.

[8]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[9]  Robert E. Tarjan,et al.  Asymptotically tight bounds on time-space trade-offs in a pebble game , 1982, JACM.

[10]  Aggelos Kiayias,et al.  Efficient Proofs of Secure Erasure , 2014, SCN.

[11]  Ye Zhang,et al.  Near-linear time, Leakage-resilient Key Evolution Schemes from Expander Graphs , 2013, IACR Cryptol. ePrint Arch..

[12]  Jeremiah Blocki,et al.  Efficiently Computing Data-Independent Memory-Hard Functions , 2016, CRYPTO.

[13]  Stuart E. Schechter,et al.  Balloon Hashing : a Provably Memory-Hard Function with a Data-Independent Access Pattern , 2016 .

[14]  Alex Biryukov,et al.  Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem , 2016, NDSS.

[15]  Vladimir Kolmogorov,et al.  On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model , 2016, EUROCRYPT.

[16]  Ari Juels,et al.  Pors: proofs of retrievability for large files , 2007, CCS '07.

[17]  Peter Kulchyski and , 2015 .

[18]  Ted Wobber,et al.  Moderately hard, memory-bound functions , 2005, TOIT.

[19]  Stefan Dziembowski,et al.  One-Time Computable Self-erasing Functions , 2011, TCC.

[20]  Samuel Williams,et al.  The Landscape of Parallel Computing Research: A View from Berkeley , 2006 .

[21]  Alex Biryukov,et al.  Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing , 2015, IACR Cryptol. ePrint Arch..

[22]  Stefan Dziembowski,et al.  Key-Evolution Schemes Resilient to Space-Bounded Leakage , 2011, CRYPTO.

[23]  Moni Naor,et al.  Pebbling and Proofs of Work , 2005, CRYPTO.

[24]  Robert E. Tarjan,et al.  Space bounds for a game on graphs , 1976, STOC '76.

[25]  S. Lucks,et al.  Catena : A Memory-Consuming Password-Scrambling Framework , 2014 .

[26]  M. Pinsker,et al.  On the complexity of a concentrator , 1973 .

[27]  Dan Boneh,et al.  Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns , 2016, IACR Cryptol. ePrint Arch..

[28]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[29]  Stefan Lucks,et al.  Catena: A Memory-Consuming Password Scrambler , 2013, IACR Cryptol. ePrint Arch..

[30]  Ilan Orlov,et al.  Proofs of Space-Time and Rational Proofs of Storage , 2019, IACR Cryptol. ePrint Arch..

[31]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[32]  H. Robbins A Remark on Stirling’s Formula , 1955 .

[33]  Stephen A. Cook,et al.  An observation on time-storage trade off , 1973, J. Comput. Syst. Sci..

[34]  Reza Curtmola,et al.  Provable data possession at untrusted stores , 2007, CCS '07.

[35]  Stefan Lucks,et al.  Overview of the Candidates for the Password Hashing Competition - And Their Resistance Against Garbage-Collector Attacks , 2014, PASSWORDS.

[36]  Ravi Sethi,et al.  Complete register allocation problems , 1973, SIAM J. Comput..

[37]  Robert E. Tarjan,et al.  Time-space trade-offs in a pebble game , 1977, JACM.

[38]  John Tromp,et al.  Cuckoo Cycle: a memory-hard proof-of-work system , 2014, IACR Cryptol. ePrint Arch..

[39]  Uwe Schöning Smaller superconcentrators of density 28 , 2006, Inf. Process. Lett..

[40]  Gene Tsudik,et al.  Secure Code Update for Embedded Devices via Proofs of Secure Erasure , 2010, ESORICS.

[41]  Leslie G. Valiant,et al.  On time versus space and related problems , 1975, 16th Annual Symposium on Foundations of Computer Science (sfcs 1975).

[42]  David G. Andersen Exploiting Time-Memory Tradeoffs in Cuckoo Cycle , 2014 .

[43]  Giuseppe Ateniese,et al.  Proofs of Space: When Space Is of the Essence , 2014, SCN.

[44]  Sergio Demián STRICT MEMORY HARD HASHING FUNCTIONS (PRELIMINARY V0.3, 01-19-14) , 2014 .

[45]  Joël Alwen,et al.  High Parallel Complexity Graphs and Memory-Hard Functions , 2015, IACR Cryptol. ePrint Arch..

[46]  Uwe Schöning Better Expanders and Superconcentrators by Kolmogorov Complexity , 1997, SIROCCO.

[47]  Srinivas Devadas,et al.  Proof of Space from Stacked Bipartite Graphs , 2016, IACR Cryptol. ePrint Arch..

[48]  Stefan Dziembowski,et al.  Proofs of Space , 2015, CRYPTO.

[49]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .