Offline Submission with RSA Time-Lock Puzzles

We introduce a non-interactive RSA time-lock puzzle scheme whose level of difficulty can be arbitrarily chosen by artificially enlarging the public exponent. Solving a puzzle for a message m means for Bob to encrypt m with Alice's public puzzle key by repeated modular squaring. The number of squarings to perform determines the puzzle complexity. This puzzle is non-parallelizable. Thus, the solution time cannot be shortened significantly by employing many machines and it varies only slightly across modern CPUs. Alice can quickly verify the puzzle solution by decrypting the ciphertext with a regular private key operation. Our main contribution is an offline submission protocol which enables an author being currently offline to commit to his document before the deadline by continuously solving an RSA puzzle based on that document. When regaining Internet connectivity, he submits his document along with the puzzle solution which is a proof for the timely completion of the document. We have implemented a platform-independent tool performing all parts of our offline submission protocol: puzzle benchmark, issuing a time-lock RSA certificate, solving a puzzle and finally verifying the solution for a submitted document. Two other applications we propose for RSA time-lock puzzles are trial certificates from a well-known CA and a CEO disclosing the signing private key to his deputy.

[1]  Rafail Ostrovsky,et al.  Conditional Oblivious Transfer and Timed-Release Encryption , 1999, EUROCRYPT.

[2]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[3]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[4]  Wenbo Mao Timed-Release Cryptography , 2001, Selected Areas in Cryptography.

[5]  Markus Jakobsson,et al.  Timed Release of Standard Digital Signatures , 2002, Financial Cryptography.

[6]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 2000, IEEE Trans. Inf. Theory.

[7]  Moni Naor,et al.  Timed Commitments , 2000, CRYPTO.

[8]  Tim Güneysu,et al.  Exploiting the Power of GPUs for Asymmetric Cryptography , 2008, CHES.

[9]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[10]  M. McLoone,et al.  Fast Montgomery modular multiplication and RSA cryptographic processor architectures , 2003, The Thrity-Seventh Asilomar Conference on Signals, Systems & Computers, 2003.

[11]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[12]  Jean-Jacques Quisquater,et al.  Efficient and Non-interactive Timed-Release Encryption , 2005, ICICS.

[13]  Daisuke Suzuki,et al.  How to Maximize the Potential of FPGA Resources for Modular Exponentiation , 2007, CHES.

[14]  Sebastian Fleissner GPU-Accelerated Montgomery Exponentiation , 2007, International Conference on Computational Science.

[15]  Yevgeniy Dodis,et al.  Time Capsule Signature , 2005, Financial Cryptography.

[16]  Kireeti Kompella,et al.  Using smoothness to achieve parallelism , 1988, STOC '88.

[17]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[18]  Ari Juels,et al.  $evwu Dfw , 1998 .

[19]  Evangelos Kranakis Primality and cryptography , 1986, Wiley-Teubner series in computer science.

[20]  J. Sorenson A Sublinear-Time Parallel Algorithm for Integer Modular Exponentiation , 1999 .

[21]  Dimitrios Hristu-Varsakelis,et al.  Improved Anonymous Timed-Release Encryption , 2007, ESORICS.

[22]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[23]  Ian F. Blake,et al.  Scalable, Server-Passive, User-Anonymous Timed Release Public Key Encryption from Bilinear Pairing , 2004, IACR Cryptol. ePrint Arch..