Tight Proofs of Space and Replication
We construct a concretely practical proof-of-space (PoS) with arbitrarily tight security based on stacked depth robust graphs and constant-degree expander graphs. A proof-of-space (PoS) is an interactive proof system where a prover demonstrates that it is persistently using space to store information. A PoS is arbitrarily tight if the honest prover uses exactly N space and for any \(\epsilon > 0\) the construction can be tuned such that no adversary can pass verification using less than \((1-\epsilon ) N\) space. Most notably, the degree of the graphs in our construction are independent of \(\epsilon \), and the number of layers is only \(O(\log (1/\epsilon ))\). The proof size is \(O(d/\epsilon )\). The degree d depends on the depth robust graphs, which are only required to maintain \(\varOmega (N)\) depth in subgraphs on 80% of the nodes. Our tight PoS is also secure against parallel attacks.
Tight proofs of space are necessary for proof-of-replication (PoRep), which is a publicly verifiable proof that the prover is dedicating unique resources to storing one or more retrievable replicas of a specified file. Our main PoS construction can be used as a PoRep, but data extraction is as inefficient as replica generation. We present a second variant of our construction called ZigZag PoRep that has fast/parallelizable data extraction compared to replica generation and maintains the same space tightness while only increasing the number of levels by roughly a factor two.
This research was generously supported by an NSF Graduate Fellowship. Joseph Bonneau, Nicola Greco, and Juan Benet provided critical input throughout the development of this work and are coauthors on a related systems project prototyping practical implementations of PoReps, including the constructions presented at BPASE 2018 and discussed in further detail in this work. Many others have contributed through helpful comments and conversations, including Dan Boneh, Rafael Pass, Ethan Cecchetti, Benedikt Bünz, and Florian Tramer.
- 1.Proof of replication. Protocol Labs (2017). https://filecoin.io/proof-of-replication.pdf
- 2.Abusalah, H., Alwen, J., Cohen, B., Khilko, D., Pietrzak, K., Reyzin, L.: Beyond Hellman’s time-memory trade-offs with applications to proofs of space. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 357–379. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_13CrossRefGoogle Scholar
- 3.Alwen, J., Blocki, J., Harsha, B.: Practical graphs for optimal side-channel resistant memory-hard functions. In: CCS (2017)Google Scholar
- 9.Fisch, B.: Poreps: proofs of space on useful data. Cryptology ePrint Archive, Report 2018/678 (2018). https://eprint.iacr.org/2018/678
- 10.Fisch, B., Bonneau, J., Benet, J., Greco, N.: Proofs of replication using depth robust graphs. In: Presentation at Blockchain Protocol Analysis and Security Engineering (2018). https://cyber.stanford.edu/bpase2018
- 12.Boneh, D., Corrigan-Gibbs, H., Schechter, S.: Balloon hashing: a provably memory-hard function with a data-independent access pattern. In: Asiacrypt (2016)Google Scholar
- 13.Lerner, S.D.: Proof of unique blockchain storage (2014). https://bitslog.wordpress.com/2014/11/03/proof-of-local-blockchain-storage/
- 15.Vadhan, S., Reingold, O., Wigderson, A.: Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors. In: FOCS (2000)Google Scholar
- 16.Park, S., Pietrzak, K., Kwon, A., Alwen, J., Fuchsbauer, G., Gžai, P.: Spacemint: a cryptocurrency based on proofs of space. Cryptology ePrint Archive, Report 2015/528 (2015). http://eprint.iacr.org/2015/528
- 17.Graham, R.L., Erdös, P., Szemeredi, E.: On sparse graphs with dense long paths. In: Computers & Mathematics with Applications (1975)Google Scholar
- 18.Pietrzak, K.: Proofs of catalytic space. Cryptology ePrint Archive # 2018/194 (2018)Google Scholar