Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson...
-
Upload
dulcie-tate -
Category
Documents
-
view
216 -
download
0
Transcript of Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson...
![Page 1: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/1.jpg)
Ari Juels RSA Laboratories
Proofs of Work (POWs) and Bread Pudding Protocols
with Markus Jakobsson Bell Laboratories
![Page 2: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/2.jpg)
Cryptography: About proofs of mathematical relations
w = ge
c
s = cx +egs=ycw?
Prover Verifier
![Page 3: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/3.jpg)
Some proofs
Proof of Identity
= Cryptographic Authentication Protocol
![Page 4: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/4.jpg)
Some proofs
Proof of Authorization (Signed Document)
= Digital signature
![Page 5: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/5.jpg)
Proof of work?
We can make precise in cryptographic world
1 ounce sweat = 1 hour of work
![Page 6: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/6.jpg)
Proof of work (POW)
Prover Verifier
Query
Response
Prover did at least
106 cycles of work
![Page 7: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/7.jpg)
Example of a POW (Hash inversion)
Prover Verifier
t = h(s) [k bits]
Prover computed an
expected 2k-1 hashes
random secret s
s
![Page 8: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/8.jpg)
What are POWs good for? Spam deterrent (DN94), “Hash cash”
Defense against denial-of-service attacks (JB99)
Service Request
![Page 9: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/9.jpg)
What are POWs good for? Benchmarking
Server
Query
ResponseClient
![Page 10: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/10.jpg)
Formal notion of POW
![Page 11: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/11.jpg)
Breadpudding
Idea: Re-use the ``stale’’ computation in a POW to perform useful task
Achieve privacy in useful task Example: Hash inversion POW for distributed MicroMint
![Page 12: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/12.jpg)
![Page 13: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/13.jpg)
MicroMint
Want a scheme that mimics economics of physical mint
Verifying validity of a coin is easy Base minting cost is high so... Forgery is expensive
![Page 14: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/14.jpg)
The minting process
. Throw balls into bins using “random” function h
. Any bin with two balls is a coin
![Page 15: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/15.jpg)
Minting in MicroMint
Bin 1 Bin 2 Bin 3 Bin 4 Bin 5 Bin 6 Bin 7 Bin 8 Bin 9
Collision = Coin
h
![Page 16: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/16.jpg)
Checking a coin
Bin 2
h
Valid coin?
![Page 17: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/17.jpg)
Features
Many bins, so need to throw many balls to mint successfully
Minting requires very intensive computation
![Page 18: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/18.jpg)
Minting requires special, e.g., $250,000 computer
“Deep Crack”
![Page 19: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/19.jpg)
Another characteristic: Most balls are invalid
Bin 1 Bin 2 Bin 3 Bin 4 Bin 5 Bin 6 Bin 7 Bin 8 Bin 9
h
In fact, >99% of work goes to missed balls!
![Page 20: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/20.jpg)
Idea: Make three stage process
. Create “valid” balls, i.e., balls that won’t miss (>99% of work)
. Throw balls into bins using “random” function h (<1% of work)
. Any bin with two balls is a coin
![Page 21: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/21.jpg)
Have many other (untrusted) people do Step 1
![Page 22: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/22.jpg)
Now...
99%+ of work is done for minter No participant will get enough balls
to do minting himself/herself (or else participants know “validity” h but not
“throwing” h) Minting is cheap for minter!
![Page 23: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/23.jpg)
Minter can use ordinary server
![Page 24: Ari Juels RSA Laboratories Proofs of Work (POWs) and Bread Pudding Protocols with Markus Jakobsson Bell Laboratories.](https://reader035.fdocuments.us/reader035/viewer/2022062421/56649da65503460f94a92495/html5/thumbnails/24.jpg)
Questions?
+?