equihash asymmetric proof of work based on the
play

Equihash: Asymmetric Proof-of-Work based on the Generalized - PowerPoint PPT Presentation

Jun 26, 2023 •278 likes •550 views

Equihash: Asymmetric Proof-of-Work based on the Generalized Birthday Problem Alex Biryukov Dmitry Khovratovich University of Luxembourg February 22nd, 2016 Proof (Prover) Verifiers Proof of Work in cryptocurrencies PoW certificate of

  1. Equihash: Asymmetric Proof-of-Work based on the Generalized Birthday Problem Alex Biryukov Dmitry Khovratovich University of Luxembourg February 22nd, 2016

  2. Proof (Prover) Verifiers Proof of Work in cryptocurrencies PoW – certificate of certain amount of work. In cryptocurrencies: • Verifier – cryptocurrency users; • Prover – cryptocurrency miner.

  3. Proof of Work as a client puzzle In TLS client puzzles: • Verifier – server that establishes a secure connection; • Prover – client that may want to DoS the server with signature computation.

  4. Asymmetric verification Clearly, the proof search

  5. Asymmetric verification Clearly, the proof search must be more expensive than verification

  6. Asymmetric verification HashCash/Bitcoin Proof-of-Work with hash function H : S – proof, if H ( S ) = 00 . . . 0 . � �� � q zeros 2 q calls to H for prover, 1 call for verifier.

  7. But here come ASICs.. Regular cryptographich hash H is 30,000 less expensive on ASIC due to small custom chip.

  8. Solution Since 2003, memory-intensive computations have been proposed. Computing with a lot of memory would require a very large and expensive chip. Memory Core With large memory on-chip, the ASIC advantage vanishes.

  9. Approach 1. Trivial Hash function with two iterations over memory of size N . • V i = F ( V i − 1 ); • V ′ N = V N ; • V ′ i = F ( V ′ i +1 || V i ). X F F F F F F F F F Y F F F F F F F F

  10. Trivial tradeoff Compute the hash using N m + m memory units and 3 N calls to F (instead of 2 N ): • Store every m -th block; • When entering a new interval, precompute its m inputs. √ Optimal point is m = N . X F F F F F F F F F Y F F F F F F F F

  11. Approach 2. Argon2 Memory-hard hashing function, that won Password Hashing Competition in 2015: 4 slices Password p lanes Salt H H Context Tag • Simple randomized-graph design with high-penalty tradeoffs.

  12. Approach 2. Argon2 Memory-hard hashing function, that won Password Hashing Competition in 2015: 4 slices Password p lanes Salt H H Context Tag • Simple randomized-graph design with high-penalty tradeoffs. • However, no easy verification.

  13. Approach 3. Collision search 1 Verifier sends seed S ; 2 Prover generates 2 k 2 k -bit hashes H ( S || 1) , H ( S || 2) , . . . , H ( S || 2 k ). 3 Prover shows a collision H ( S || i ) = H ( S || j ). Short and efficient.

  14. Approach 3. Collision search 1 Verifier sends seed S ; 2 Prover generates 2 k 2 k -bit hashes H ( S || 1) , H ( S || 2) , . . . , H ( S || 2 k ). 3 Prover shows a collision H ( S || i ) = H ( S || j ). Short and efficient. Problem: the ρ -based collision search finds collisions in the same 2 k time but no memory. f i ( x ) = f j ( x ) f 2 ( x ) f ( x ) x

  15. Generalized birthday problem Original: given 2 k lists L j of n -bit strings { X i } , find distinct { X i j ∈ L j } such that X i 1 ⊕ X i 2 ⊕ · · · ⊕ X i 2 k = 0 .

  16. Solution is found by iterative sorting

  17. Wagner’s algorithm n �� � � � � � � � � � k +1 ) time and memory O (2 � � � � � � � � � � � " - � � � � � n • Sort by first k +1 bits; • Store XOR of collisions; � � � � � � � � � � � � � � n • Repeat for next k +1 bits, � � � � � � etc. � � � � � � � � ���� �� . �� ������ �������� ������ �� ��� ��������� ��� ��� (���� ������� � � �� ���� � � � � �� ����� ��� ����� ���� � � � ���� ����� �� ����� � ����� � � � � � � ����� �� � ����" � � ���� ��� ��� ����� ���� ���� ���� ������ �� ��� �������� ������ ����� � �� ���� ��� # � � � & ! � �� ��� ���� �� ��� # � & ! ��� # � & � � � � � � � � ������ ����� � ����� ����� � � � � �� �� � ����� ����� ��� �� � � ���� � � � � � ���� � � � � ������� � � � � � � � � ��� ��� # � � � & ! � �� ����� ��� ��� �� �� ���� � � � � � � � � � � � ������ ����� � !� � � � ! � � � � ���� � � � � � � � ! � � � � � � � � � � ������ ����� � !� ��� # � � � & ! � ��� ��� # � � � & ! � � ���� �� �� �������� � � � � � � � � ���� ��� # � � � � � � � & ! � � ��� �� ���� ��� <� 1 � � � � � � � ! �℄ ! ) � ) � � � � � � � � � � '���� ���� ������ ������� � ��� ��������� ��� ��� .���� �������" ,����� � � � �%���� ��� ����� � � � � � � � �� ��� ���� �� � �� ���� �� ��� ) ������ ��� ����� � �� � � � ��������� �� � � ���������� � ��� �" '���� � � ����� ������ ����� ) �� �������� � ����� ���� � �� � ����� � � � �� � ���� �� � # � � � & ! �" -�������� � � � �� � � � � � �������� � ����� ���� � �� � ����� � � � ����� �� � # � � � & ! �" ,������ � �� � � � � � � � ���� � ��� ��� ��� � �� � ��� � ��� � " =� ������ ����� 0� �� � �� � ��� � �� �� ���� ������� � � � � � � � ! � ��� ��� � ���� ����� � �������� �� ��� .���� � � � � �������" -�� ,����� ) ��� � ������ ���� ���� �� ���� ���������"

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Property-Based Testing via Proof Reconstruction Work-in-progress Alberto Momigliano joint work

Property-Based Testing via Proof Reconstruction Work-in-progress Alberto Momigliano joint work

Property-Based Testing via Proof Reconstruction Work-in-progress Alberto Momigliano joint work with Rob Blanco and Dale Miller LFMTP17 Sept. 8, 2017 Off the record After almost 20 years of formal verification with Twelf, Isabelle/HOL,

438 views • 25 slides
CS 671 Automated Reasoning Proof Automation in First Order Logic 1. Tactic-based proof search 2.

CS 671 Automated Reasoning Proof Automation in First Order Logic 1. Tactic-based proof search 2.

CS 671 Automated Reasoning Proof Automation in First Order Logic 1. Tactic-based proof search 2. Complete proof search with JProver Tactic-based proof search Sort rule applications by cost of induced proof search let simple prover = Repeat (

562 views • 9 slides
Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of-

SOFSEM 2008 Filtering unwanted Proofs of communication and its application e-mails Proof-of-work for fighting spam Proof-of- communication Location generation Preparing proofs Verifying proof Marek Klonowski Tomasz Strumi nski Open

348 views • 23 slides
PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A

PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A

PoM @ Breaking Bitcoin Kevin Loaec @kloaec kevin@chainsmiths.com The Proof of Work Mechanism A proof: no doubt possible Work: defined in physics, S.I. unit is the Joule. Gaspard-Gustave Coriolis The Proof of Work Mechanism Electrical work

705 views • 16 slides
A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of

A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of

A Mathematical Proof When referring to a proof in logic we usually mean: 1. A sequence of statements. 2. Based on axioms. 3. Each statement is derived via the derivation rules. Zero Knowledge Protocols 4. The proof is fixed, i.e, in any time,

642 views • 14 slides
Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X ,

Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X ,

Proofs for Satisfiability Problems Marijn J.H. Heule Joint work with Armin Biere X . X , July 18, 2014 1/32 Outline Introduction Proof Systems Proof Search Proof Formats Proof Production Proof Consumption Applications Conclusions

574 views • 36 slides
Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor

Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor

Reflection ranks and proof theoretic ordinals (based on joint work with James Walsh) Fedor Pakhomov Steklov Mathematical Institute, Moscow pakhf@mi.ras.ru Logic Colloquium 2018, Udine 24 July 2018 Con -Order def U proves consistence

407 views • 16 slides
N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR EVERYONE N ICOLAS T ABAREAU Not

N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR EVERYONE N ICOLAS T ABAREAU Not

N OT A SINGLE PROOF ASSISTANT FOR ALL BUT PROOF ASSISTANTS FOR EVERYONE N ICOLAS T ABAREAU Not the Work of a Single Man Not a single proof assistant for all but proof assistants for everyone Coq: a success but ... Based on the

1.39k views • 100 slides
Fabrication and performance of asymmetric tubular H 2 membranes based on LWM-LSC composites Zuoan

Fabrication and performance of asymmetric tubular H 2 membranes based on LWM-LSC composites Zuoan

1 Fabrication and performance of asymmetric tubular H 2 membranes based on LWM-LSC composites Zuoan Li, Marie-Laure Fontaine, Jonathan M. Polfus, Christelle Denonville, Wen Xing, Partow P. Henriksen, Rune Bredesen SINTEF Materials and

473 views • 19 slides
Parity The world's fastest and lightest Ethereum client Proof-of-Authority Chains Parity

Parity The world's fastest and lightest Ethereum client Proof-of-Authority Chains Parity

Parity The world's fastest and lightest Ethereum client Proof-of-Authority Chains Parity supports a Proof-of-Authority consensus engine to be used with EVM based chains Secure Green Performant Predictable Proof of Work

478 views • 12 slides
Proof-of-Work? Scenarios Inspired by the Bitcoin Currency Can we Afford Integrity by

Proof-of-Work? Scenarios Inspired by the Bitcoin Currency Can we Afford Integrity by

Can we Afford Integrity by Proof-of-Work? Scenarios Inspired by the Bitcoin Currency Can we Afford Integrity by Proof-of-Work? Jrg Becker, Dominic Breuker, Tobias Heide, Justus Holler, Hans Peter Rauer, Rainer Bhme Motivation Electronic

301 views • 28 slides
Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key

Symmetric and Asymmetric Key Cryptography(Part 2) By Radhika B S Contents Asymmetric Key Cryptography Security Requirements Advantages Modes of Use Diffie-Hellman Key Exchange RSA Cryptosystem ElGamal

584 views • 32 slides
Dynamical Freezing in a Spin Glass with Logarithmic Correlations Based on joint work with A.

Dynamical Freezing in a Spin Glass with Logarithmic Correlations Based on joint work with A.

Setup Motivation Results Proof Idea Dynamical Freezing in a Spin Glass with Logarithmic Correlations Based on joint work with A. Cortines, J. Gold and A. Svejda Weizmann Institute of Science, 18/1/2018 Setup Motivation Results Proof Idea

338 views • 30 slides
Why Beta Priors: Main Result and Its Proof Invariance-Based Proof (cont-d) How to Get a General

Why Beta Priors: Main Result and Its Proof Invariance-Based Proof (cont-d) How to Get a General

Formulation of the . . . Main Idea Let Us Describe This . . . Resulting Definition Why Beta Priors: Main Result and Its Proof Invariance-Based Proof (cont-d) How to Get a General . . . Explanation Acknowledgments Bibliography Olga

606 views • 15 slides
The Effect of Asymmetric Performance on Asynchronous Task Based Runtimes Debashis Ganguly and John

The Effect of Asymmetric Performance on Asynchronous Task Based Runtimes Debashis Ganguly and John

The Effect of Asymmetric Performance on Asynchronous Task Based Runtimes Debashis Ganguly and John R. Lange ROSS 2017 Ch Changi ging g Face ce of HPC Environments Task-based Runtimes: Potential solution Traditional: Dedicated Resources

225 views • 21 slides
Asymmetric regular types Slavko Moconja Joint work with Predrag Tanovi c Faculty of

Asymmetric regular types Slavko Moconja Joint work with Predrag Tanovi c Faculty of

Asymmetric regular types Slavko Moconja Joint work with Predrag Tanovi c Faculty of Mathematics, Belgrade, Serbia Slavko Moconja (Belgrade) Asymmetric regular types 1 / 17 Invariant types Let p ( x ) S 1 (M) be a global type, and small

420 views • 23 slides
Contracts under Asymmetric Information 1 I Aristotle, economy (oiko and nemo) and the idea of

Contracts under Asymmetric Information 1 I Aristotle, economy (oiko and nemo) and the idea of

Contracts under Asymmetric Information 1 I Aristotle, economy (oiko and nemo) and the idea of exchange values , subsequently adapted by Ricardo and Marx. Classical economists. An economy consists of a set of agents each of whom is characterized

493 views • 35 slides
Hybrid All-Pay and Winner-Pay Contests Online Seminar at SSE in Stockholm, June 10, 2020 Johan N.

Hybrid All-Pay and Winner-Pay Contests Online Seminar at SSE in Stockholm, June 10, 2020 Johan N.

Hybrid All-Pay and Winner-Pay Contests Online Seminar at SSE in Stockholm, June 10, 2020 Johan N. M. Lagerl of Dept. of Economics, U. of Copenhagen Email: johan.lagerlof@econ.ku.dk Website: www.johanlagerlof.com June 9, 2020 J. Lagerl of

605 views • 26 slides
Student-Centered Assessment of Mathematical Proficiency Benjamin Braun Associate Professor of

Student-Centered Assessment of Mathematical Proficiency Benjamin Braun Associate Professor of

Student-Centered Assessment of Mathematical Proficiency Benjamin Braun Associate Professor of Mathematics University of Kentucky benjamin.braun@uky.edu 8 October 2019 Note: This talk includes a brief segment about mental health and suicide

776 views • 52 slides
Semantic Workflows and Machine Learning for the Assessment of Carbon Storage by Urban Trees Third

Semantic Workflows and Machine Learning for the Assessment of Carbon Storage by Urban Trees Third

Semantic Workflows and Machine Learning for the Assessment of Carbon Storage by Urban Trees Third International Workshop on Capturing Scientific Knowledge Sciknow 2019 Juan Manuel Carrillo Garcia, Daniel Garijo , Mark Crowley, Rober Carrillo,

346 views • 17 slides
Lepton Number Violation and the Baryon Asymmetry of the Universe Julia Harz ILP / LPTHE Paris

Lepton Number Violation and the Baryon Asymmetry of the Universe Julia Harz ILP / LPTHE Paris

Lepton Number Violation and the Baryon Asymmetry of the Universe Julia Harz ILP / LPTHE Paris ACFI Workshop, 29.03.2018 F . Deppisch, L. Graf, JH, W. Huang, arxiv:1711.10432 F . Deppisch, JH, W. Huang, M. Hirsch, H. Ps, Phys. Rev. D92

531 views • 31 slides
Last Passage Percolation, KPZ, and Competition Interfaces Peter Nejjar avec Patrik Ferrari ENS

Last Passage Percolation, KPZ, and Competition Interfaces Peter Nejjar avec Patrik Ferrari ENS

Last Passage Percolation, KPZ, and Competition Interfaces Peter Nejjar avec Patrik Ferrari ENS Paris DMA CIRM 8. 3. 2016 Totally asymmetric simple exclusion process (TASEP) v 1 v 1 v 1 v 2 v 2 -4 -3 -2 -1 0 1 2 Z Dynamics :

396 views • 36 slides
Asymmetry Helps: Estimation and Inference from Asymmetric and Heteroscedastic Noise Chen Cheng

Asymmetry Helps: Estimation and Inference from Asymmetric and Heteroscedastic Noise Chen Cheng

Asymmetry Helps: Estimation and Inference from Asymmetric and Heteroscedastic Noise Chen Cheng with Yuxin Chen (Princeton), Jianqing Fan (Princeton), Yuting Wei (CMU) Department of Statistics, Stanford University 1/28 C. Cheng, Y. Wei, Y.

1.04k views • 87 slides
From Cliques to Equilibria: From Cliques to Equilibria: The Dominant- -Set Framework for

From Cliques to Equilibria: From Cliques to Equilibria: The Dominant- -Set Framework for

From Cliques to Equilibria: From Cliques to Equilibria: The Dominant- -Set Framework for Pairwise Data Clustering Set Framework for Pairwise Data Clustering The Dominant Marcello Pelillo Marcello Pelillo Department of Computer Science

1.17k views • 99 slides

More recommend