Time-Lock Puzzles in the Random Oracle Model

  • Mohammad Mahmoody
  • Tal Moran
  • Salil Vadhan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)

Abstract

A time-lock puzzle is a mechanism for sending messages “to the future”. The sender publishes a puzzle whose solution is the message to be sent, thus hiding it until enough time has elapsed for the puzzle to be solved. For time-lock puzzles to be useful, generating a puzzle should take less time than solving it. Since adversaries may have access to many more computers than honest solvers, massively parallel solvers should not be able to produce a solution much faster than serial ones.

To date, we know of only one mechanism that is believed to satisfy these properties: the one proposed by Rivest, Shamir and Wagner (1996), who originally introduced the notion of time-lock puzzles. Their puzzle is based on the serial nature of exponentiation and the hardness of factoring, and is therefore vulnerable to advances in factoring techniques (as well as to quantum attacks).

In this work, we study the possibility of constructing time-lock puzzles in the random-oracle model. Our main result is negative, ruling out time-lock puzzles that require more parallel time to solve than the total work required to generate a puzzle. In particular, this should rule out black-box constructions of such time-lock puzzles from one-way permutations and collision-resistant hash-functions. On the positive side, we construct a time-lock puzzle with a linear gap in parallel time: a new puzzle can be generated with one round of n parallel queries to the random oracle, but n rounds of serial queries are required to solve it (even for massively parallel adversaries).

References

  1. 1.
    Abadi, M., Burrows, M., Manasse, M.S., Wobber, T.: Moderately hard, memory-bound functions. ACM Trans. Internet Techn. 5(2), 299–327 (2005)CrossRefGoogle Scholar
  2. 2.
    Back, A.: Hashcash — a denial of service counter-measure (2002), http://www.hashcash.org/papers/hashcash.pdf
  3. 3.
    Barak, B., Mahmoody, M.: Lower bounds on signatures from symmetric primitives. In: FOCS 2007, pp. 680–688. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  4. 4.
    Barak, B., Mahmoody-Ghidary, M.: Merkle puzzles are optimal — an o(n 2)-query attack on any key exchange from a random oracle. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 374–390. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  5. 5.
    Biham, E., Goren, Y.J., Ishai, Y.: Basing weak public-key cryptography on strong one-way functions. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 55–72. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Boyen, X.: Efficient selective-id secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Boyen, X.: Secure identity based encryption without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 443–459. Springer, Heidelberg (2004)Google Scholar
  8. 8.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. SIAM J. Comput. 32(3), 586–615 (2003)MathSciNetMATHCrossRefGoogle Scholar
  9. 9.
    Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  10. 10.
    Brassard, G., Salvail, L.: Quantum merkle puzzles. In: ICQNM, pp. 76–79. IEEE Computer Society, Los Alamitos (2008)Google Scholar
  11. 11.
    Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. J. ACM 51(4), 557–594 (2004)MathSciNetMATHCrossRefGoogle Scholar
  12. 12.
    Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 255–271. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  13. 13.
    Cathalo, J., Libert, B., Quisquater, J.-J.: Efficient and non-interactive timed-release encryption. In: Qing, S., Mao, W., López, J., Wang, G. (eds.) ICICS 2005. LNCS, vol. 3783, pp. 291–303. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Di Crescenzo, G., Ostrovsky, R., Rajagopalan, S.: Conditional oblivious transfer and timed-release encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 74–89. Springer, Heidelberg (1999)Google Scholar
  15. 15.
    Dagdelen, O., Fischlin, M., Lehmann, A., Schaffner, C.: Random oracles in a quantum world. Cryptology ePrint Archive, Report 2010/428 (2010), http://eprint.iacr.org/2010/428.pdf
  16. 16.
    Dwork, C., Goldberg, A., Naor, M.: On memory-bound functions for fighting spam. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 426–444. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993)Google Scholar
  18. 18.
    Dwork, C., Naor, M., Wee, H.: Pebbling and proofs of work. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 37–54. Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Gennaro, R., Gertner, Y., Katz, J., Trevisan, L.: Bounds on the efficiency of generic cryptographic constructions. SIAM J. Comput. 35(1), 217–246 (2005)MathSciNetMATHCrossRefGoogle Scholar
  20. 20.
    Grover, L.K.: A fast quantum mechanical algorithm for database search. In: STOC 1996, pp. 212–219. ACM, New York (1996)CrossRefGoogle Scholar
  21. 21.
    Impagliazzo, R., Rudich, S.: Limits on the provable consequences of one-way permutations. In: STOC 1989, pp. 44–61. ACM, New York (1989)CrossRefGoogle Scholar
  22. 22.
    May, T.C.: Timed-release crypto (February 1993), http://www.hks.net/cpunks/cpunks-0/1460.html
  23. 23.
    Merkle, R.C.: Secure communications over insecure channels. Commun. ACM 21(4), 294–299 (1978)CrossRefGoogle Scholar
  24. 24.
    Rivest, R.L., Shamir, A.: Payword and micromint: Two simple micropayment schemes. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189, pp. 69–87. Springer, Heidelberg (1997)Google Scholar
  25. 25.
    Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto. Technical Report MIT/LCS/TR-684, MIT (February 1996)Google Scholar

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Mohammad Mahmoody
    • 1
  • Tal Moran
    • 2
  • Salil Vadhan
    • 2
  1. 1.Department of Computer ScienceCornell UniversityUSA
  2. 2.School of Engineering and Applied Sciences and, Center for Research on Computation and SocietyHarvard UniversityUSA

Personalised recommendations