Limits on the provable consequences of one-way permutations
STOC '89 Proceedings of the twenty-first annual ACM symposium on Theory of computing
A fast quantum mechanical algorithm for database search
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Secure communications over insecure channels
Communications of the ACM
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Pricing via Processing or Combatting Junk Mail
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
PayWord and MicroMint: Two Simple Micropayment Schemes
Proceedings of the International Workshop on Security Protocols
Time-lock Puzzles and Timed-release Crypto
Time-lock Puzzles and Timed-release Crypto
The random oracle methodology, revisited
Journal of the ACM (JACM)
Moderately hard, memory-bound functions
ACM Transactions on Internet Technology (TOIT)
Bounds on the Efficiency of Generic Cryptographic Constructions
SIAM Journal on Computing
Lower Bounds on Signatures From Symmetric Primitives
FOCS '07 Proceedings of the 48th Annual IEEE Symposium on Foundations of Computer Science
ICQNM '08 Proceedings of the Second International Conference on Quantum, Nano and Micro Technologies (ICQNM 2008)
Merkle Puzzles Are Optimal -- An O(n2)-Query Attack on Any Key Exchange from a Random Oracle
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Conditional oblivious transfer and timed-release encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
A forward-secure public-key encryption scheme
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
Basing weak public-key cryptography on strong one-way functions
TCC'08 Proceedings of the 5th conference on Theory of cryptography
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Efficient and non-interactive timed-release encryption
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
Publicly verifiable proofs of sequential work
Proceedings of the 4th conference on Innovations in Theoretical Computer Science
Hi-index | 0.00 |
A time-lock puzzle is a mechanism for sending messages "to the future". The sender publishes a puzzle whose solution is the message to be sent, thus hiding it until enough time has elapsed for the puzzle to be solved. For time-lock puzzles to be useful, generating a puzzle should take less time than solving it. Since adversaries may have access to many more computers than honest solvers, massively parallel solvers should not be able to produce a solution much faster than serial ones. To date, we know of only one mechanism that is believed to satisfy these properties: the one proposed by Rivest, Shamir and Wagner (1996), who originally introduced the notion of time-lock puzzles. Their puzzle is based on the serial nature of exponentiation and the hardness of factoring, and is therefore vulnerable to advances in factoring techniques (as well as to quantum attacks). In this work, we study the possibility of constructing time-lock puzzles in the random-oracle model. Our main result is negative, ruling out time-lock puzzles that require more parallel time to solve than the total work required to generate a puzzle. In particular, this should rule out black-box constructions of such timelock puzzles from one-way permutations and collision-resistant hash-functions. On the positive side, we construct a time-lock puzzle with a linear gap in parallel time: a new puzzle can be generated with one round of n parallel queries to the random oracle, but n rounds of serial queries are required to solve it (even for massively parallel adversaries).