Advertisement

Short Paper: The Proof is in the Pudding

Proofs of Work for Solving Discrete Logarithms
  • Marcella HastingsEmail author
  • Nadia Heninger
  • Eric Wustrow
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11598)

Abstract

We propose a proof of work protocol that computes the discrete logarithm of an element in a cyclic group. Individual provers generating proofs of work perform a distributed version of the Pollard rho algorithm. Such a protocol could capture the computational power expended to construct proof-of-work-based blockchains for a more useful purpose, as well as incentivize advances in hardware, software, or algorithms for an important cryptographic problem. We describe our proposed construction and elaborate on challenges and potential trade-offs that arise in designing a practical proof of work.

Keywords

Proofs of work Discrete log Pollard rho 

Notes

Acknowledgement

Joseph Bonneau, Brett Hemenway, Michael Rudow, Terry Sun, and Luke Valenta contributed to early versions of this work. Nadia Heninger carried out this research while at the University of Pennsylvania. This work was supported by the National Science Foundation under grants no. CNS-1651344 and CNS-1513671 and by the Office of Naval Research under grant no. 568751.

References

  1. 1.
    Back, A.: Hashcash-a denial of service counter-measure (2002)Google Scholar
  2. 2.
    Ball, M., Rosen, A., Sabin, M., Vasudevan, P.N.: Proofs of work from worst-case assumptions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 789–819. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_26CrossRefGoogle Scholar
  3. 3.
    Barbulescu, R., Gaudry, P., Joux, A., Thomé, E.: A heuristic quasi-polynomial algorithm for discrete logarithm in finite fields of small characteristic. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 1–16. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-55220-5_1CrossRefzbMATHGoogle Scholar
  4. 4.
    Barker, E., Chen, L., Roginsky, A., Vassilev, A., Davis, R.: SP 800–56A Revision 3. Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography. National Institute of Standards & Technology (2018)Google Scholar
  5. 5.
    Ben-Sasson, E., Bentov, I., Horesh, Y., Riabzev, M.: Scalable, transparent, and post-quantum secure computational integrity. Cryptology ePrint Archive (2018)Google Scholar
  6. 6.
    Biryukov, A., Pustogarov, I.: Proof-of-Work as anonymous micropayment: rewarding a tor relay. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 445–455. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47854-7_27CrossRefGoogle Scholar
  7. 7.
    Bitansky, N., et al.: The hunting of the SNARK. J. Cryptol. 30(4) (2017)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Bloom, B.H.: Space/time trade-offs in hash coding with allowable errors. Commun. ACM 13(7), 422–426 (1970).  https://doi.org/10.1145/362686.362692CrossRefzbMATHGoogle Scholar
  9. 9.
    Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-96884-1_25CrossRefGoogle Scholar
  10. 10.
    Bos, J.W., Kaihara, M.E., Kleinjung, T., Lenstra, A.K., Montgomery, P.L.: Solving a 112-bit prime elliptic curve discrete logarithm problem on game consoles using sloppy reduction. Int. J. Appl. Crypt. 2(3) (2012)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Certicom ECC challenge (1997). http://certicom.com/images/pdfs/challenge-2009.pdf. Accessed 10 Nov 2009
  12. 12.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993).  https://doi.org/10.1007/3-540-48071-4_10CrossRefGoogle Scholar
  14. 14.
  15. 15.
    Gordon, D.M.: Discrete logarithms in GF(P) using the number field sieve. SIAM J. Discret. Math. 6(1), 124–138 (1993).  https://doi.org/10.1137/0406010MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Jakobsson, M., Juels, A.: Proofs of work and bread pudding protocols (Extended Abstract). In: Preneel, B. (ed.) Secure Information Networks. ITIFIP, vol. 23, pp. 258–272. Springer, Boston, MA (1999).  https://doi.org/10.1007/978-0-387-35568-9_18CrossRefGoogle Scholar
  17. 17.
    King, S.: Primecoin: cryptocurrency with prime number proof-of-work (2013)Google Scholar
  18. 18.
    Lochter, M.: Blockchain as cryptanalytic tool. Cryptology ePrint Archive, Report 2018/893 (2018). https://eprint.iacr.org/2018/893.pdf
  19. 19.
    Nakamoto, S.: Bitcoin: A Peer-to-Peer Electronic Cash System. White paper (2008)Google Scholar
  20. 20.
    National Institute of Standards and Technology: FIPS PUB 186–4: Digital Signature Standard (DSS). National Institute of Standards and Technology, July 2013Google Scholar
  21. 21.
    Percival, C., Josefsson, S.: The scrypt password-based key derivation function. RFC 7914, RFC Editor, August 2016. http://rfc-editor.org/rfc/rfc7914.txt
  22. 22.
    Pollard, J.M.: Monte carlo methods for index computation (mod \(p\)). In: Mathematics of Computation, vol. 32 (1978)Google Scholar
  23. 23.
    Poon, J., Buterin, V.: Plasma: scalable autonomous smart contracts (2017)Google Scholar
  24. 24.
    Shanks, D.: Class number, a theory of factorization, and genera. In: Proceedings of Symposium Mathematical Society, vol. 20, pp. 41–440 (1971)Google Scholar
  25. 25.
    Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 507–527. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-47854-7_32CrossRefGoogle Scholar
  26. 26.
    Teske, E.: Speeding up Pollard’s rho method for computing discrete logarithms. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 541–554. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0054891CrossRefGoogle Scholar
  27. 27.
    Valenta, L., Sullivan, N., Sanso, A., Heninger, N.: In search of CurveSwap: measuring elliptic curve implementations in the wild. In: EuroS&P. IEEE (2018)Google Scholar
  28. 28.
    Van Oorschot, P.C., Wiener, M.J.: Parallel collision search with cryptanalytic applications. J. Cryptol. 12(1), 1–28 (1999)MathSciNetCrossRefGoogle Scholar
  29. 29.
    de Vries, A.: Bitcoin’s growing energy problem. Joule 2(5), 801–805 (2018)CrossRefGoogle Scholar
  30. 30.
    Wenger, E., Wolfger, P.: Harder, better, faster, stronger: elliptic curve discrete logarithm computations on FPGAs. J. Crypt. Eng. (2016)Google Scholar
  31. 31.
    Wustrow, E., VanderSloot, B.: DDoSCoin: cryptocurrency with a malicious proof-of-work. In: WOOT (2016)Google Scholar

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Marcella Hastings
    • 1
    Email author
  • Nadia Heninger
    • 2
  • Eric Wustrow
    • 3
  1. 1.University of PennsylvaniaPhiladelphiaUSA
  2. 2.University of California, San DiegoSan DiegoUSA
  3. 3.University of Colorado BoulderBoulderUSA

Personalised recommendations