252 research outputs found
Multi-instance publicly verifiable time-lock puzzle and its applications
Time-lock puzzles are elegant protocols that enable a party to lock a message such that no one else can unlock it until a certain time elapses. Nevertheless, existing schemes are not suitable for the case where a server is given multiple instances of a puzzle scheme at once and it must unlock them at different points in time. If the schemes are naively used in this setting, then the server has to start solving all puzzles as soon as it receives them, that ultimately imposes significant computation cost and demands a high level of parallelisation. We put forth and formally define a primitive called âmulti-instance time-lock puzzleâ which allows composing a puzzleâs instances. We propose a candidate construction: âchained time-lock puzzleâ (C-TLP). It allows the server, given instancesâ composition, to solve puzzles sequentially, without having to run parallel computations on them. C-TLP makes black-box use of a standard time-lock puzzle scheme and is accompanied by a lightweight publicly verifiable algorithm. It is the first time-lock puzzle that offers a combination of the above features. We use C-TLP to build the first âoutsourced proofs of retrievabilityâ that can support real-time detection and fair payment while having lower overhead than the state of the art. As another application of C-TLP, we illustrate in certain cases, one can substitute a âverifiabledelay functionâ with C-TLP, to gain much better efficiency
Fairness and Efficiency in DAG-based Cryptocurrencies
Bitcoin is a decentralised digital currency that serves as an alternative to
existing transaction systems based on an external central authority for
security. Although Bitcoin has many desirable properties, one of its
fundamental shortcomings is its inability to process transactions at high
rates. To address this challenge, many subsequent protocols either modify the
rules of block acceptance (longest chain rule) and reward, or alter the
graphical structure of the public ledger from a tree to a directed acyclic
graph (DAG). Motivated by these approaches, we introduce a new general
framework that captures ledger growth for a large class of DAG-based
implementations. With this in hand, and by assuming honest miner behaviour, we
(experimentally) explore how different DAG-based protocols perform in terms of
fairness, i.e., if the block reward of a miner is proportional to their hash
power, as well as efficiency, i.e. what proportion of user transactions a
ledger deems valid after a certain length of time. Our results demonstrate
fundamental structural limits on how well DAG-based ledger protocols cope with
a high transaction load. More specifically, we show that even in a scenario
where every miner on the system is honest in terms of when they publish blocks,
what they point to, and what transactions each block contains, fairness and
efficiency of the ledger can break down at specific hash rates if miners have
differing levels of connectivity to the P2P network sustaining the protocol
Instantaneous Decentralized Poker
We present efficient protocols for amortized secure multiparty computation
with penalties and secure cash distribution, of which poker is a prime example.
Our protocols have an initial phase where the parties interact with a
cryptocurrency network, that then enables them to interact only among
themselves over the course of playing many poker games in which money changes
hands.
The high efficiency of our protocols is achieved by harnessing the power of
stateful contracts. Compared to the limited expressive power of Bitcoin
scripts, stateful contracts enable richer forms of interaction between standard
secure computation and a cryptocurrency.
We formalize the stateful contract model and the security notions that our
protocols accomplish, and provide proofs using the simulation paradigm.
Moreover, we provide a reference implementation in Ethereum/Solidity for the
stateful contracts that our protocols are based on.
We also adopt our off-chain cash distribution protocols to the special case
of stateful duplex micropayment channels, which are of independent interest. In
comparison to Bitcoin based payment channels, our duplex channel implementation
is more efficient and has additional features
UTxO- vs Account-Based Smart Contract Blockchain Programming Paradigms
We implement two versions of a simple but illustrative smart contract: one in
Solidity on the Ethereum blockchain platform, and one in Plutus on the Cardano
platform, with annotated code excerpts and with source code attached. We get a
clearer view of the Cardano programming model in particular by introducing a
novel mathematical abstraction which we call Idealised EUTxO. For each version
of the contract, we trace how the architectures of the underlying platforms and
their mathematics affects the natural programming styles and natural classes of
errors. We prove some simple but novel results about alpha-conversion and
observational equivalence for Cardano, and explain why Ethereum does not have
them. We conclude with a wide-ranging and detailed discussion in the light of
the examples, mathematical model, and mathematical results so far
Public Evidence from Secret Ballots
Elections seem simple---aren't they just counting? But they have a unique,
challenging combination of security and privacy requirements. The stakes are
high; the context is adversarial; the electorate needs to be convinced that the
results are correct; and the secrecy of the ballot must be ensured. And they
have practical constraints: time is of the essence, and voting systems need to
be affordable and maintainable, and usable by voters, election officials, and
pollworkers. It is thus not surprising that voting is a rich research area
spanning theory, applied cryptography, practical systems analysis, usable
security, and statistics. Election integrity involves two key concepts:
convincing evidence that outcomes are correct and privacy, which amounts to
convincing assurance that there is no evidence about how any given person
voted. These are obviously in tension. We examine how current systems walk this
tightrope.Comment: To appear in E-Vote-Id '1
How Does Nakamoto Set His Clock? Full Analysis of Nakamoto Consensus in Bounded-Delay Networks
Nakamoto consensus, arguably the most exciting development in distributed computing in the last few years, is in a sense a recasting of the traditional state-machine-replication problem in an unauthenticated setting, where furthermore parties come and go without warning. The protocol relies on a cryptographic primitive known as proof of work (PoW) which is used to throttle message passing. Importantly, the PoW difficulty level is appropriately adjusted throughout the course of the protocol execution relying on the blockchainâs timekeeping ability.
While the original formulation was only accompanied by rudimentary analysis, significant and steady progress has been made in abstracting the protocolâs properties and providing a formal analysis under various restrictions and protocol simplifications. Still, a full analysis of the protocol that includes its target recalculation and, notably, the timestamp adjustment mechanismâspecifically, the protocol allows incoming block timestamps in the near future, as determined by a protocol parameter, and rejects blocks that have a timestamp in the past of the median time of a specific number of blocks on-chain (namely, 11)â which equip it to operate in its intended setting of bounded communication delays, imperfect clocks and dynamic participation, has remained open.
The gap is that Nakamotoâs protocol fundamentally depends on the blockchain itself to be a consistent timekeeper that should advance roughly on par with real time. In order to tackle this question we introduce a new analytical tool that we call hot-hand executions, which capture the regular occurrence of high concentration of honestly generated blocks, and correspondingly put forth and prove a new blockchain property called concentrated chain quality, which may be of independent interest. Utilizing these tools and techniques we demonstrate that Nakamotoâs protocol achieves, under suitable conditions, safety, liveness as well as (consistent) timekeeping
The Bitcoin Backbone Protocol with Chains of Variable Difficulty
Bitcoinâs innovative and distributedly maintained blockchain data structure hinges on the adequate degree of difficulty of so-called âproofs of work,â which miners have to produce in order for transactions to be inserted. Importantly, these proofs of work have to be hard enough so that miners have an opportunity to unify their views in the presence of an adversary who interferes but has bounded computational power, but easy enough to be solvable regularly and enable the miners to make progress. As such, as the minersâ population evolves over time, so should the difficulty of these proofs. Bitcoin provides this adjustment mechanism, with empirical evidence of a constant block generation rate against such population changes.
In this paper we provide the first (to our knowledge) formal analysis of Bitcoinâs target (re)calculation function in the cryptographic setting, i.e., against all possible adversaries aiming to subvert the protocolâs properties. We extend the q-bounded synchronous model of the Bitcoin backbone protocol [Eurocrypt 2015], which posed the basic properties of Bitcoinâs underlying blockchain data structure and shows how a robust public transaction ledger can be built on top of them, to environments that may introduce or suspend parties in each round. We provide a set of necessary conditions with respect to the way the population evolves under which the âBitcoin backbone with chains of variable difficultyâ provides a robust transaction ledger in the presence of an actively malicious adversary controlling a fraction of the miners strictly below 50% in each instant of the execution. Our work introduces new analysis techniques and tools to the area of blockchain systems that may prove useful in analyzing other blockchain protocols
Comparing "challenge-based" and "code-based" internet voting verification implementations
Internet-enabled voting introduces an element of invisibility and unfamiliarity into the voting process, which makes it very different from traditional voting. Voters might be concerned about their vote being recorded correctly and included in the final tally. To mitigate mistrust, many Internet-enabled voting systems build verifiability into their systems. This allows voters to verify that their votes have been cast as intended, stored as cast and tallied as stored at the conclusion of the voting period. Verification implementations have not been universally successful, mostly due to voter difficulties using them. Here, we evaluate two cast as intended verification approaches in a lab study: (1) "Challenge-Based" and (2) "Code-Based". We assessed cast-as-intended vote verification efficacy, and identified usability issues related to verifying and/or vote casting. We also explored acceptance issues post-verification, to see whether our participants were willing to engage with Internet voting in a real election. Our study revealed the superiority of the code-based approach, in terms of ability to verify effectively. In terms of real-life Internet voting acceptance, convenience encourages acceptance, while security concerns and complexity might lead to rejection
Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake
Decentralized cryptocurrencies have pushed deployments of distributed consensus to more stringent environments than ever before. Most existing protocols rely on proofs-of-work which require expensive computational puzzles to enforce, imprecisely speaking, âone vote per unit of computationâ. The enormous amount of energy wasted by these protocols has been a topic of central debate, and well-known cryptocurrencies have announced it a top priority to alternative
paradigms. Among the proposed alternative solutions, proofs-of-stake protocols have been of particular interest, where roughly speaking, the idea is to enforce âone vote per unit of stakeâ.
Although the community have rushed to propose numerous candidates for proofs-of-stake, no existing protocol has offered formal proofs of security, which we believe to be a critical, indispensible ingredient of a distributed consensus protocol, particularly one that is to underly a high-value cryptocurrency system.
In this work, we seek to address the following basic questions:
âą What kind of functionalities and robustness requirements should a consensus candidate offer
to be suitable in a proof-of-stake application?
âą Can we design a provably secure protocol that satisfies these requirements?
To the best of our knowledge, we are the first to formally articulate a set of requirements for consensus candidates for proofs-of-stake. We argue that any consensus protocol satisfying these properties can be used for proofs-of-stake, as long as money does not switch hands too quickly. Moreover, we provide the first consensus candidate that provably satisfies the desired robustness properties
uMine: A Blockchain Based on Human Miners
Blockchain technology like Bitcoin is a rapidly growing field of research which has found a wide array of applications. However, the power consumption of the mining process in the Bitcoin blockchain alone is estimated to be at least as high as the electricity consumption of Ireland which constitutes a serious liability to the widespread adoption of blockchain technology.
We propose a novel instantiation of a proof of human-work which is a cryptographic proof that an amount of human work has been exercised, and show its use in the mining process of a blockchain. Next to our instantiation there is only one other instantiation known which relies on indistinguishability obfuscation, a cryptographic primitive whose existence is only conjectured.
In contrast, our construction is based on the cryptographic principle of multiparty computation (which we use in a black box manner) and thus is the first known feasible proof of human-work scheme.
Our blockchain mining algorithm called uMine, can be regarded as an alternative energy-efficient approach to mining
- âŠ