TY - GEN
T1 - Time-lock puzzles from randomized encodings
AU - Bitansky, Nir
AU - Goldwasser, Shafi
AU - Jain, Abhishek
AU - Paneth, Omer
AU - Vaikuntanathan, Vinod
PY - 2016/1/14
Y1 - 2016/1/14
N2 - Time-lock puzzles are a mechanism for sending messages \to the future". A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors. While the notion of time-lock puzzles has been around for 22 years, there has only been a single candidate proposed. Fifteen years ago, Rivest, Shamir and Wagner suggested a beautiful candidate time-lock puzzle based on the assump-Tion that exponentiation modulo an RSA integer is an \in-herently sequential" computation. We show that various avors of randomized encodings give rise to time-lock puzzles of varying strengths, whose se-curity can be shown assuming the mere existence of non-parallelizing languages, which are languages that require cir-cuits of depth at least t to decide, in the worst-case. The existence of such languages is necessary for the existence of time-lock puzzles. We instantiate the construction with dif-ferent randomized encodings from the literature, where in-creasingly better efficiency is obtained based on increasingly stronger cryptographic assumptions, ranging from one-way functions to indistinguishability obfuscation. We also ob-serve that time-lock puzzles imply one-way functions, and thus the reliance on some cryptographic assumption is nec-essary. Finally, generalizing the above, we construct other types of puzzles such as proofs of work from randomized encod-ings and a suitable worst-case hardness assumption (that is necessary for such puzzles to exist.
AB - Time-lock puzzles are a mechanism for sending messages \to the future". A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors. While the notion of time-lock puzzles has been around for 22 years, there has only been a single candidate proposed. Fifteen years ago, Rivest, Shamir and Wagner suggested a beautiful candidate time-lock puzzle based on the assump-Tion that exponentiation modulo an RSA integer is an \in-herently sequential" computation. We show that various avors of randomized encodings give rise to time-lock puzzles of varying strengths, whose se-curity can be shown assuming the mere existence of non-parallelizing languages, which are languages that require cir-cuits of depth at least t to decide, in the worst-case. The existence of such languages is necessary for the existence of time-lock puzzles. We instantiate the construction with dif-ferent randomized encodings from the literature, where in-creasingly better efficiency is obtained based on increasingly stronger cryptographic assumptions, ranging from one-way functions to indistinguishability obfuscation. We also ob-serve that time-lock puzzles imply one-way functions, and thus the reliance on some cryptographic assumption is nec-essary. Finally, generalizing the above, we construct other types of puzzles such as proofs of work from randomized encod-ings and a suitable worst-case hardness assumption (that is necessary for such puzzles to exist.
UR - http://www.scopus.com/inward/record.url?scp=84966587836&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84966587836&partnerID=8YFLogxK
U2 - 10.1145/2840728.2840745
DO - 10.1145/2840728.2840745
M3 - Conference contribution
AN - SCOPUS:84966587836
T3 - ITCS 2016 - Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science
SP - 345
EP - 356
BT - ITCS 2016 - Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science
PB - Association for Computing Machinery, Inc
T2 - 7th ACM Conference on Innovations in Theoretical Computer Science, ITCS 2016
Y2 - 14 January 2016 through 16 January 2016
ER -