Article

TARDIS: A Foundation of Time-Lock Puzzles in UC

Authors:

Bernardo David,

Rafael Dowsley,

Jesper Buus Nielsen,

Sabine OechsnerAuthors Info & Claims

Advances in Cryptology – EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part III

Pages 429 - 459

https://doi.org/10.1007/978-3-030-77883-5_15

Published: 17 October 2021 Publication History

Abstract

Time-based primitives like time-lock puzzles (TLP) are finding widespread use in practical protocols, partially due to the surge of interest in the blockchain space where TLPs and related primitives are perceived to solve many problems. Unfortunately, the security claims are often shaky or plainly wrong since these primitives are used under composition. One reason is that TLPs are inherently not UC secure and time is tricky to model and use in the UC model. On the other hand, just specifying standalone notions of the intended task, left alone correctly using standalone notions like non-malleable TLPs only, might be hard or impossible for the given task. And even when possible a standalone secure primitive is harder to apply securely in practice afterwards as its behavior under composition is unclear. The ideal solution would be a model of TLPs in the UC framework to allow simple modular proofs. In this paper we provide a foundation for proving composable security of practical protocols using time-lock puzzles and related timed primitives in the UC model. We construct UC-secure TLPs based on random oracles and show that using random oracles is necessary. In order to prove security, we provide a simple and abstract way to reason about time in UC protocols. Finally, we demonstrate the usefulness of this foundation by constructing applications that are interesting in their own right, such as UC-secure two-party computation with output-independent abort.

References

[1]

Andrychowicz M, Dziembowski S, Malinowski D, and Mazurek Ł Böhme R, Brenner M, Moore T, and Smith M Fair two-party computations via bitcoin deposits Financial Cryptography and Data Security 2014 Heidelberg Springer 105-121

[2]

Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, L.: Secure multiparty computations on bitcoin. In: 2014 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2014

[3]

Backes, M., Hofheinz, D., Müller-Quade, J., Unruh, D.: On fairness in simulatability-based cryptographic systems. In: FMSE 2005, pp. 13–22. ACM (2005)

[4]

Backes, M., Manoharan, P., Mohammadi, E.: TUC: time-sensitive and modular analysis of anonymous communication. In: Computer Security Foundations Symposium, CSF 2014. IEEE Computer Society Press (2014)

[5]

Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: ACM CCS 2018. ACM Press, October 2018

[6]

Baum C, David B, and Dowsley R Bonneau J and Heninger N Insured MPC: efficient secure computation with financial penalties Financial Cryptography and Data Security 2020 Cham Springer 404-420

Digital Library

[7]

Baum, C., David, B., Dowsley, R., Nielsen, J.B., Oechsner, S.: Craft: composable randomness and almost fairness from time. Cryptology ePrint Archive, Report 2020/784 (2020). https://eprint.iacr.org/2020/784

[8]

Baum, C., David, B., Dowsley, R., Nielsen, J.B., Oechsner, S.: TARDIS: time and relative delays in simulation. Cryptology ePrint Archive, Report 2020/537 (2020). https://eprint.iacr.org/2020/537

[9]

Baum C, Orsini E, and Scholl P Hirt M and Smith A Efficient secure multiparty computation with identifiable abort Theory of Cryptography 2016 Heidelberg Springer 461-490

Digital Library

[10]

Baum C, Orsini E, Scholl P, and Soria-Vazquez E Micciancio D and Ristenpart T Efficient constant-round MPC with identifiable abort and public verifiability Advances in Cryptology – CRYPTO 2020 2020 Cham Springer 562-592

Digital Library

[11]

Bellare M, Dowsley R, Waters B, and Yilek S Pointcheval D and Johansson T Standard security does not imply security against selective-opening Advances in Cryptology – EUROCRYPT 2012 2012 Heidelberg Springer 645-662

Digital Library

[12]

Bentov I and Kumaresan R Garay JA and Gennaro R How to use bitcoin to design fair protocols Advances in Cryptology – CRYPTO 2014 2014 Heidelberg Springer 421-439

[13]

Bitansky, N., Goldwasser, S., Jain, A., Paneth, O., Vaikuntanathan, V., Waters, B.: Time-lock puzzles from randomized encodings. In: ITCS 2016. ACM, January 2016

[14]

Boneh D, Bonneau J, Bünz B, and Fisch B Shacham H and Boldyreva A Verifiable delay functions Advances in Cryptology – CRYPTO 2018 2018 Cham Springer 757-788

Digital Library

[15]

Boneh D and Naor M Bellare M Timed commitments Advances in Cryptology — CRYPTO 2000 2000 Heidelberg Springer 236-254

[16]

Camenisch J, Drijvers M, Gagliardoni T, Lehmann A, and Neven G Nielsen JB and Rijmen V The wonderful world of global random oracles Advances in Cryptology – EUROCRYPT 2018 2018 Cham Springer 280-312

[17]

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). http://eprint.iacr.org/2000/067

[18]

Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS. IEEE Computer Society Press, October 2001

[19]

Canetti R, Dodis Y, Pass R, and Walfish S Vadhan SP Universally composable security with global setup Theory of Cryptography 2007 Heidelberg Springer 61-85

[20]

Cascudo I, Damgård I, David B, Döttling N, Dowsley R, and Giacomelli I Galbraith SD and Moriai S Efficient UC commitment extension with homomorphism for free (and applications) Advances in Cryptology – ASIACRYPT 2019 2019 Cham Springer 606-635

Digital Library

[21]

Cleve, R.: Limits on the security of coin flips when half the processors are faulty (extended abstract). In: 18th ACM STOC. ACM Press, May 1986

[22]

Couteau, G., Roscoe, B., Ryan, P.: Partially-fair computation from timed-release encryption and oblivious transfer. Cryptology ePrint Archive, Report 2019/1281 (2019). https://eprint.iacr.org/2019/1281

[23]

Damgård, I., Groth, J.: Non-interactive and reusable non-malleable commitment schemes. In: 35th ACM STOC. ACM Press, June 2003

[24]

David B, Gaži P, Kiayias A, and Russell A Nielsen JB and Rijmen V Ouroboros Praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain Advances in Cryptology – EUROCRYPT 2018 2018 Cham Springer 66-98

[25]

Dwork, C., Naor, M., Sahai, A.: Concurrent zero-knowledge. In: 30th ACM STOC. ACM Press, May 1998

[26]

Ephraim, N., Freitag, C., Komargodski, I., Pass, R.: Non-malleable time-lock puzzles and applications. Cryptology ePrint Archive, Report 2020/779 (2020). https://eprint.iacr.org/2020/779

[27]

Fischlin M, Lehmann A, Ristenpart T, Shrimpton T, Stam M, and Tessaro S Abe M Random oracles with(out) programmability Advances in Cryptology - ASIACRYPT 2010 2010 Heidelberg Springer 303-320

[28]

Garay J, MacKenzie P, Prabhakaran M, and Yang K Halevi S and Rabin T Resource fairness and composability of cryptographic protocols Theory of Cryptography 2006 Heidelberg Springer 404-428

Digital Library

[29]

Goldreich, O.: Concurrent zero-knowledge with timing, revisited. In: 34th ACM STOC. ACM Press, May 2002

[30]

Hazay C, Scholl P, and Soria-Vazquez E Takagi T and Peyrin T Low cost constant round MPC combining BMR and oblivious transfer Advances in Cryptology – ASIACRYPT 2017 2017 Cham Springer 598-628

[31]

Hofheinz D and Shoup V GNUC: a new universal composability framework J. Cryptol. 2015 28 3 423-508

Digital Library

[32]

Ishai Y, Ostrovsky R, and Zikas V Garay JA and Gennaro R Secure multi-party computation with identifiable abort Advances in Cryptology – CRYPTO 2014 2014 Heidelberg Springer 369-386

[33]

Kalai, Y.T., Lindell, Y., Prabhakaran, M.: Concurrent general composition of secure protocols in the timing model. In: 37th ACM STOC. ACM Press, May 2005

[34]

Katz J, Loss J, and Xu J Pass R and Pietrzak K On the security of time-lock puzzles and timed commitments Theory of Cryptography 2020 Cham Springer 390-413

Digital Library

[35]

Katz J, Maurer U, Tackmann B, and Zikas V Sahai A Universally composable synchronous computation Theory of Cryptography 2013 Heidelberg Springer 477-498

Digital Library

[36]

Kiayias A, Zhou H-S, and Zikas V Fischlin M and Coron J-S Fair and robust multi-party computation using a global transaction ledger Advances in Cryptology – EUROCRYPT 2016 2016 Heidelberg Springer 705-734

[37]

Kumaresan, R., Bentov, I.: How to use bitcoin to incentivize correct computations. In: ACM CCS 2014. ACM Press, November 2014

[38]

Kumaresan, R., Moran, T., Bentov, I.: How to use bitcoin to play decentralized poker. In: ACM CCS 2015. ACM Press, October 2015

[39]

Maurer U Mödersheim S and Palamidessi C Constructive cryptography – a new paradigm for security definitions and proofs Theory of Security and Applications 2012 Heidelberg Springer 33-56

Digital Library

[40]

Nielsen JB Yung M Separating random oracle proofs from complexity theoretic proofs: the non-committing encryption case Advances in Cryptology — CRYPTO 2002 2002 Heidelberg Springer 111-126

[41]

Nielsen JB, Nordholt PS, Orlandi C, and Burra SS Safavi-Naini R and Canetti R A new approach to practical active-secure two-party computation Advances in Cryptology – CRYPTO 2012 2012 Heidelberg Springer 681-700

Digital Library

[42]

Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: 2001 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, May 2001

[43]

Pietrzak, K.: Simple verifiable delay functions. In: ITCS 2019. LIPIcs, January 2019

[44]

Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto (1996)

[45]

Rotem L, Segev G, and Shahaf I Canteaut A and Ishai Y Generic-group delay functions require hidden-order groups Advances in Cryptology – EUROCRYPT 2020 2020 Cham Springer 155-180

Digital Library

[46]

Shoup V Fumy W Lower bounds for discrete logarithms and related problems Advances in Cryptology — EUROCRYPT ’97 1997 Heidelberg Springer 256-266

[47]

Wee H Matsui M Zero knowledge in the random oracle model, revisited Advances in Cryptology – ASIACRYPT 2009 2009 Heidelberg Springer 417-434

Digital Library

[48]

Wesolowski B Ishai Y and Rijmen V Efficient verifiable delay functions Advances in Cryptology – EUROCRYPT 2019 2019 Cham Springer 379-407

Digital Library

Cited By

Liu-Zhang CMatt CThomsen S(2024)Asymptotically Optimal Message Dissemination with Applications to BlockchainsAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58734-4_3(64-95)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58734-4_3
Golob SPentyala SDowsley RDavid BLarangeira MDe Cock MNascimento A(2023)A Decentralized Information Marketplace Preserving Input and Output PrivacyProceedings of the Second ACM Data Economy Workshop10.1145/3600046.3600047(1-6)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1145/3600046.3600047
Arapinis MKocsis ÁLamprou NMedley LZacharias TOshman RNolin AHalldorsson MBalliu A(2023)Universally Composable Simultaneous Broadcast against a Dishonest Majority and ApplicationsProceedings of the 2023 ACM Symposium on Principles of Distributed Computing10.1145/3583668.3594591(200-210)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1145/3583668.3594591
Show More Cited By

Recommendations

Non-malleable Time-Lock Puzzles and Applications
Theory of Cryptography
Abstract
Time-lock puzzles are a mechanism for sending messages “to the future”, by allowing a sender to quickly generate a puzzle with an underlying message that remains hidden until a receiver spends a moderately large amount of time solving it. We ...
An efficient fair UC-secure protocol for two-party computation

With the development of modern Internet and mobile networks, there is an increasing need for collaborative privacy-preserving applications. Secure multi-party computation SMPC gives a general solution to these applications and has become a hot topic. ...
Two-Round and Non-Interactive Concurrent Non-Malleable Commitments from Time-Lock Puzzles

Non-malleable commitments are a fundamental cryptographic tool for preventing (concurrent) man-in-the-middle attacks. Since their invention by Dolev, Dwork, and Naor in 1991, their round-complexity has been extensively studied, leading up to constant-round ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

Advances in Cryptology – EUROCRYPT 2021: 40th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Zagreb, Croatia, October 17–21, 2021, Proceedings, Part III

Oct 2021

589 pages

ISBN:978-3-030-77882-8

DOI:10.1007/978-3-030-77883-5

Editors:
Anne Canteaut
Inria, Paris, France
,
François-Xavier Standaert
UCLouvain, Louvain-la-Neuve, Belgium

© International Association for Cryptologic Research 2021.

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 17 October 2021

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

16
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to

Other Metrics

View Author Metrics

Citations

Cited By

Liu-Zhang CMatt CThomsen S(2024)Asymptotically Optimal Message Dissemination with Applications to BlockchainsAdvances in Cryptology – EUROCRYPT 202410.1007/978-3-031-58734-4_3(64-95)Online publication date: 26-May-2024
https://dl.acm.org/doi/10.1007/978-3-031-58734-4_3
Golob SPentyala SDowsley RDavid BLarangeira MDe Cock MNascimento A(2023)A Decentralized Information Marketplace Preserving Input and Output PrivacyProceedings of the Second ACM Data Economy Workshop10.1145/3600046.3600047(1-6)Online publication date: 18-Jun-2023
https://dl.acm.org/doi/10.1145/3600046.3600047
Arapinis MKocsis ÁLamprou NMedley LZacharias TOshman RNolin AHalldorsson MBalliu A(2023)Universally Composable Simultaneous Broadcast against a Dishonest Majority and ApplicationsProceedings of the 2023 ACM Symposium on Principles of Distributed Computing10.1145/3583668.3594591(200-210)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1145/3583668.3594591
Cohen RGaray JZikas V(2023)Completeness Theorems for Adaptively Secure BroadcastAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38557-5_1(3-38)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38557-5_1
Komargodski ITamir Y(2023)On Distributed Randomness Generation in BlockchainsCyber Security, Cryptology, and Machine Learning10.1007/978-3-031-34671-2_4(49-64)Online publication date: 29-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-34671-2_4
Kamphuis FMagri BLamberty RFaust S(2023)Revisiting Transaction Ledger Robustness in the Miner Extractable Value EraApplied Cryptography and Network Security10.1007/978-3-031-33491-7_25(675-698)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-33491-7_25
Cascudo IDavid BShlomovits OVarlakov D(2023)Mt. Random: Multi-tiered Randomness BeaconsApplied Cryptography and Network Security10.1007/978-3-031-33491-7_24(645-674)Online publication date: 19-Jun-2023
https://dl.acm.org/doi/10.1007/978-3-031-33491-7_24
Chvojka PJager T(2023)Simple, Fast, Efficient, and Tightly-Secure Non-malleable Non-interactive Timed CommitmentsPublic-Key Cryptography – PKC 202310.1007/978-3-031-31368-4_18(500-529)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-31368-4_18
Baum CDavid BDowsley RKishore RNielsen JOechsner S(2023)CRAFT: Composable Randomness Beacons and Output-Independent Abort MPC From TimePublic-Key Cryptography – PKC 202310.1007/978-3-031-31368-4_16(439-470)Online publication date: 7-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-31368-4_16
Zawia AHasan M(2022)A New Class of Trapdoor Verifiable Delay FunctionsFoundations and Practice of Security10.1007/978-3-031-30122-3_5(71-87)Online publication date: 12-Dec-2022
https://dl.acm.org/doi/10.1007/978-3-031-30122-3_5
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents