Overcoming Cryptographic Impossibility Results using Blockchains

Blockchain technology has the potential to disrupt how cryptography is done. In this work, we propose to view blockchains as an enabler , much like indistinguishability obfuscation (Barak et al., CRYPTO 2001, Garg et al., FOCS 2013, and Sahai and Waters, STOC 2014) or one-way functions, for building a variety of cryptographic systems. Our contributions in this work are as follows: 1. A Framework for Proof-of-Stake based Blockchains: We provide an abstract framework for formally analyzing and defining useful security properties for Proof-of-Stake (POS) based blockchain protocols. Interestingly, for some of our applications, POS based protocols are more suitable. We believe our framework and assumptions would be useful in building applications on top of POS based blockchain protocols even in the future. 2. Blockchains as an Alternative to Trusted Setup Assumptions in Cryptography: A trusted setup, such as a common reference string (CRS) has been used to realize numerous systems in cryptography. The paragon example of a primitive requiring trusted setup is a non-interactive zero-knowledge (NIZK) system. We show that already existing blockchains systems including Bitcoin, Ethereum etc. can be used as a foundation (instead of a CRS) to realize NIZK systems. The novel aspect of our work is that it allows for utilizing an already existing (and widely trusted) setup rather than proposing a new one. Our construction does not require any additional functionality from the miners over the already existing ones, nor do we need to modify the underlying blockchain protocol. If an adversary can violate the security of our NIZK, it could potentially also take over billions of dollars worth of coins in the Bitcoin, Ethereum or any such cryptocurrency! We believe that such a trusted setup represents significant progress over using CRS published by a central trusted party. Indeed, NIZKs could further serve as a foundation for a variety of other cryptographic applications such as round efficient secure computation (Katz and Ostrovsky, CRYPTO 2004 and Horvitz and Katz, CRYPTO 2007). 3. One-time programs and pay-per use programs: Goldwasser et al. (CRYPTO 2008) introduced the notion of one time program and presented a construction using tamper-proof hardware. As noted by Goldwasser et al., clearly a one-time program cannot be solely software based, as software can always be copied and run again. While there have been a number of follow up works (Goyal et al., TCC 2010, Bellare et al., ASIACRYPT 2012, and Applebaum et al., SIAM Journal on Computing 2015), there are indeed no known constructions of one-time programs which do not rely on self destructing tamper-proof hardware (even if one uses trusted setup or random oracles). Somewhat surprisingly, we show that it is possible to base one-time programs on POS based blockchain systems without relying on trusted hardware. Our ideas do not seem to translate over to Proof-of-Work (POW) based blockchains. We also introduce the notion of pay-per-use programs which is simply a contract between two parties --- service provider and customer. A service provider supplies a program such that if the customer transfers a specific amount of coins to the provider, it can evaluate the program on any input of its choice once, even if the provider is offline. This is naturally useful in a subscription based model where your payment is based on your usage

Time-Traveling Simulators Using Blockchains and Their Applications

Blockchain technology has the potential of transforming cryptography. We study the problem of round-complexity of zero-knowledge, and more broadly, of secure computation in the blockchain-hybrid model, where all parties can access the blockchain as an oracle. We study zero-knowledge and secure computation through the lens of a new security notion where the simulator is given the ability to ``time-travel” or more accurately, to look into the future states of the blockchain and use this information to perform simulation. Such a time-traveling simulator gives a novel security guarantee of the following form: whatever the adversary could have learnt from an interaction, it could have computed on its own shortly into the future (e.g., a few hours from now). We exhibit the power of time-traveling simulators by constructing round-efficient protocols in the blockchain-hybrid model. In particular, we construct: 1. Three-round zero-knowledge (ZK) argument for NP with a polynomial-time black-box time-traveling simulator. 2. Three-round secure two-party computation (2PC) for any functionality with a polynomial-time black-box time-traveling simulator for both parties. In addition to standard cryptographic assumptions, we rely on natural hardness assumptions for Proof-of-Work based blockchains. In comparison, in the plain model, three-round protocols with black-box simulation are impossible, and constructions with non-black-box simulation for ZK require novel cryptographic assumptions while no construction for three-round 2PC is known. Our three-round 2PC result relies on a new, two-round extractable commitment that admits a time-traveling extractor

Trustless communication across distributed ledgers: impossibility and practical solutions

Since the advent of Bitcoin as the first decentralized digital currency in 2008, a plethora of distributed ledgers has been created, differing in design and purpose. Considering the heterogeneous nature of these systems, it is safe to say there shall not be ``one coin to rule them all". However, despite the growing and thriving ecosystem, blockchains continue to operate almost exclusively in complete isolation from one another: by design, blockchain protocols provide no means by which to communicate or exchange data with external systems. To this date, centralized providers hence remain the preferred route to exchange assets and information across blockchains~-- undermining the very nature of decentralized currencies. The contribution of this thesis is threefold. First, we critically evaluate the (im)possibilty, requirements, and challenges of cross-chain communication by contributing the first systematization of this field. We formalize the problem of Cross-Chain Communication (CCC) and show it is impossible without a trusted third party by relating CCC to the Fair Exchange problem. With this impossibility result in mind, we develop a framework to design new and evaluate existing CCC protocols, focusing on the inherent trust assumptions thereof, and derive a classification covering the field of cross-chain communication to date. We then present XCLAIM, the first generic framework for transferring assets and information across permissionless distributed ledgers without relying on a centralized third party. XCLAIM leverages so-called cryptocurrency-backed assets, blockchain-based assets one-to-one backed by other cryptocurrencies, such as Bitcoin-backed tokens on Ethereum. Through the secure issuance, transfer, and redemption of these assets, users can perform cross-chain exchanges in a financially trustless and non-interactive manner, overcoming the limitations of existing solutions. To ensure the security of user funds, XCLAIM relies on collateralization of intermediaries and a proof-or-punishment approach, enforced via smart contracts equipped with cross-chain light clients, so-called chain relays. XCLAIM has been adopted in practice, among others by the Polkadot blockchain, as a bridge to Bitcoin and other cryptocurrencies. Finally, we contribute to advancing the state of the art in cross-chain light clients. We develop TxChain, a novel mechanism to significantly reduce storage and bandwidth costs of modern blockchain light clients using contingent transaction aggregation, and apply our scheme to Bitcoin and Ethereum individually, as well as in the cross-chain setting.Open Acces

Zero-Knowledge Proof-of-Identity: Sybil-Resistant, Anonymous Authentication on Permissionless Blockchains and Incentive Compatible, Strictly Dominant Cryptocurrencies

Zero-Knowledge Proof-of-Identity from trusted public certificates (e.g., national identity cards and/or ePassports; eSIM) is introduced here to permissionless blockchains in order to remove the inefficiencies of Sybil-resistant mechanisms such as Proof-of-Work (i.e., high energy and environmental costs) and Proof-of-Stake (i.e., capital hoarding and lower transaction volume). The proposed solution effectively limits the number of mining nodes a single individual would be able to run while keeping membership open to everyone, circumventing the impossibility of full decentralization and the blockchain scalability trilemma when instantiated on a blockchain with a consensus protocol based on the cryptographic random selection of nodes. Resistance to collusion is also considered. Solving one of the most pressing problems in blockchains, a zk-PoI cryptocurrency is proved to have the following advantageous properties: - an incentive-compatible protocol for the issuing of cryptocurrency rewards based on a unique Nash equilibrium - strict domination of mining over all other PoW/PoS cryptocurrencies, thus the zk-PoI cryptocurrency becoming the preferred choice by miners is proved to be a Nash equilibrium and the Evolutionarily Stable Strategy - PoW/PoS cryptocurrencies are condemned to pay the Price of Crypto-Anarchy, redeemed by the optimal efficiency of zk-PoI as it implements the social optimum - the circulation of a zk-PoI cryptocurrency Pareto dominates other PoW/PoS cryptocurrencies - the network effects arising from the social networks inherent to national identity cards and ePassports dominate PoW/PoS cryptocurrencies - the lower costs of its infrastructure imply the existence of a unique equilibrium where it dominates other forms of paymentComment: 2.1: Proof-of-Personhood Considered Harmful (and Illegal); 4.1.5: Absence of Active Authentication; 4.2.6: Absence of Active Authentication; 4.2.7: Removing Single-Points of Failure; 4.3.2: Combining with Non-Zero-Knowledge Authentication; 4.4: Circumventing the Impossibility of Full Decentralizatio

Blockchain and Freedom to Conduct a Business: Between Myth and Reality

Recent advances in technology have demonstrated the enormous flexibility of Distributed Ledger Technology (DLT), whose potential goes well beyond the cryptocurrency trading. This article explores the potential impact that the utilization of a permissioned blockchain could have on listed companies and how this could be an appropriate instrument for a more effective implementation of the provisions of the Shareholder Rights Directive II. This technological infrastructure could attest the correct formation of will within the shareholders’ meeting and contribute to the creation of a truly democratic space for the meeting and discussion among shareholders, thus allowing achievement of freedom to conduct a business. However, the most advanced use of blockchain technology has a disruptive effect and exposes us to the great danger of an “algocratic” drift. Therefore, this article analyses the main critical issues from both a technical and legal viewpoint of Decentralized Autonomous Organizations (DAOs)

Energy efficient mining on a quantum-enabled blockchain using light

We outline a quantum-enabled blockchain architecture based on a consortium of quantum servers. The network is hybridised, utilising digital systems for sharing and processing classical information combined with a fibre--optic infrastructure and quantum devices for transmitting and processing quantum information. We deliver an energy efficient interactive mining protocol enacted between clients and servers which uses quantum information encoded in light and removes the need for trust in network infrastructure. Instead, clients on the network need only trust the transparent network code, and that their devices adhere to the rules of quantum physics. To demonstrate the energy efficiency of the mining protocol, we elaborate upon the results of two previous experiments (one performed over 1km of optical fibre) as applied to this work. Finally, we address some key vulnerabilities, explore open questions, and observe forward--compatibility with the quantum internet and quantum computing technologies.Comment: 25 pages, 5 figure