Tight Proofs of Space and Replication

  • Ben FischEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11477)


We construct a concretely practical proof-of-space (PoS) with arbitrarily tight security based on stacked depth robust graphs and constant-degree expander graphs. A proof-of-space (PoS) is an interactive proof system where a prover demonstrates that it is persistently using space to store information. A PoS is arbitrarily tight if the honest prover uses exactly N space and for any \(\epsilon > 0\) the construction can be tuned such that no adversary can pass verification using less than \((1-\epsilon ) N\) space. Most notably, the degree of the graphs in our construction are independent of \(\epsilon \), and the number of layers is only \(O(\log (1/\epsilon ))\). The proof size is \(O(d/\epsilon )\). The degree d depends on the depth robust graphs, which are only required to maintain \(\varOmega (N)\) depth in subgraphs on 80% of the nodes. Our tight PoS is also secure against parallel attacks.

Tight proofs of space are necessary for proof-of-replication (PoRep), which is a publicly verifiable proof that the prover is dedicating unique resources to storing one or more retrievable replicas of a specified file. Our main PoS construction can be used as a PoRep, but data extraction is as inefficient as replica generation. We present a second variant of our construction called ZigZag PoRep that has fast/parallelizable data extraction compared to replica generation and maintains the same space tightness while only increasing the number of levels by roughly a factor two.



This research was generously supported by an NSF Graduate Fellowship. Joseph Bonneau, Nicola Greco, and Juan Benet provided critical input throughout the development of this work and are coauthors on a related systems project prototyping practical implementations of PoReps, including the constructions presented at BPASE 2018 and discussed in further detail in this work. Many others have contributed through helpful comments and conversations, including Dan Boneh, Rafael Pass, Ethan Cecchetti, Benedikt Bünz, and Florian Tramer.


  1. 1.
    Proof of replication. Protocol Labs (2017).
  2. 2.
    Abusalah, H., Alwen, J., Cohen, B., Khilko, D., Pietrzak, K., Reyzin, L.: Beyond Hellman’s time-memory trade-offs with applications to proofs of space. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 357–379. Springer, Cham (2017). Scholar
  3. 3.
    Alwen, J., Blocki, J., Harsha, B.: Practical graphs for optimal side-channel resistant memory-hard functions. In: CCS (2017)Google Scholar
  4. 4.
    Alwen, J., Blocki, J., Pietrzak, K.: Sustained space complexity. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 99–130. Springer, Cham (2018). Scholar
  5. 5.
    Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). Scholar
  6. 6.
    Chung, F.R.K.: On concentrators, superconcentrators, generalizers, and nonblocking networks. Bell Syst. Tech. J. 58, 1765–1777 (1979)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Dwork, C., Naor, M., Wee, H.: Pebbling and proofs of work. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 37–54. Springer, Heidelberg (2005). Scholar
  8. 8.
    Dziembowski, S., Faust, S., Kolmogorov, V., Pietrzak, K.: Proofs of space. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 585–605. Springer, Heidelberg (2015). Scholar
  9. 9.
    Fisch, B.: Poreps: proofs of space on useful data. Cryptology ePrint Archive, Report 2018/678 (2018).
  10. 10.
    Fisch, B., Bonneau, J., Benet, J., Greco, N.: Proofs of replication using depth robust graphs. In: Presentation at Blockchain Protocol Analysis and Security Engineering (2018).
  11. 11.
    Ateniese, G., Bonacina, I., Faonio, A., Galesi, N.: Proofs of space: when space is of the essence. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 538–557. Springer, Cham (2014). Scholar
  12. 12.
    Boneh, D., Corrigan-Gibbs, H., Schechter, S.: Balloon hashing: a provably memory-hard function with a data-independent access pattern. In: Asiacrypt (2016)Google Scholar
  13. 13.
    Lerner, S.D.: Proof of unique blockchain storage (2014).
  14. 14.
    Mahmoody, M., Moran, T., Vadhan, S.P.: Time-lock puzzles in the random oracle model. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 39–50. Springer, Heidelberg (2011). Scholar
  15. 15.
    Vadhan, S., Reingold, O., Wigderson, A.: Entropy waves, the zig-zag graph product, and new constant-degree expanders and extractors. In: FOCS (2000)Google Scholar
  16. 16.
    Park, S., Pietrzak, K., Kwon, A., Alwen, J., Fuchsbauer, G., Gžai, P.: Spacemint: a cryptocurrency based on proofs of space. Cryptology ePrint Archive, Report 2015/528 (2015).
  17. 17.
    Graham, R.L., Erdös, P., Szemeredi, E.: On sparse graphs with dense long paths. In: Computers & Mathematics with Applications (1975)Google Scholar
  18. 18.
    Pietrzak, K.: Proofs of catalytic space. Cryptology ePrint Archive # 2018/194 (2018)Google Scholar
  19. 19.
    Ren, L., Devadas, S.: Proof of space from stacked expanders. In: Hirt, M., Smith, A. (eds.) TCC 2016. LNCS, vol. 9985, pp. 262–285. Springer, Heidelberg (2016). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Stanford UniversityStanfordUSA

Personalised recommendations