Show simple item record

dc.contributor.authorJain, Abhishek
dc.contributor.authorPaneth, Omer
dc.contributor.authorWaters, Brent
dc.contributor.authorBitansky, Nir
dc.contributor.authorGoldwasser, Shafrira
dc.contributor.authorVaikuntanathan, Vinod
dc.date.accessioned2017-12-29T20:42:53Z
dc.date.available2017-12-29T20:42:53Z
dc.date.issued2016-01
dc.identifier.issn978-1-4503-4057-1
dc.identifier.urihttp://hdl.handle.net/1721.1/112999
dc.description.abstractTime-lock puzzles are a mechanism for sending messages "to the future". A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors. While the notion of time-lock puzzles has been around for 22 years, there has only been a single candidate proposed. Fifteen years ago, Rivest, Shamir and Wagner suggested a beautiful candidate time-lock puzzle based on the assumption that exponentiation modulo an RSA integer is an "inherently sequential" computation. We show that various flavors of randomized encodings give rise to time-lock puzzles of varying strengths, whose security can be shown assuming the mere existence of non-parallelizing languages, which are languages that require circuits of depth at least t to decide, in the worst-case. The existence of such languages is necessary for the existence of time-lock puzzles. We instantiate the construction with different randomized encodings from the literature, where increasingly better efficiency is obtained based on increasingly stronger cryptographic assumptions, ranging from one-way functions to indistinguishability obfuscation. We also observe that time-lock puzzles imply one-way functions, and thus the reliance on some cryptographic assumption is necessary. Finally, generalizing the above, we construct other types of puzzles such as proofs of work from randomized encodings and a suitable worst-case hardness assumption (that is necessary for such puzzles to exist).en_US
dc.language.isoen_US
dc.publisherAssociation for Computing Machineryen_US
dc.relation.isversionofhttp://dx.doi.org/10.1145/2840728.2840745en_US
dc.rightsCreative Commons Attribution-Noncommercial-Share Alikeen_US
dc.rights.urihttp://creativecommons.org/licenses/by-nc-sa/4.0/en_US
dc.sourceMIT Web Domainen_US
dc.titleTime-Lock Puzzles from Randomized Encodingsen_US
dc.typeArticleen_US
dc.identifier.citationBitansky, Nir, et al. "Time-Lock Puzzles from Randomized Encodings." Proceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science, ITCS '16, 14-17 January, 2016, Cambridge, MA, ACM Press, 2016, pp. 345–56.en_US
dc.contributor.departmentMassachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratoryen_US
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Scienceen_US
dc.contributor.mitauthorBitansky, Nir
dc.contributor.mitauthorGoldwasser, Shafrira
dc.contributor.mitauthorVaikuntanathan, Vinod
dc.relation.journalProceedings of the 2016 ACM Conference on Innovations in Theoretical Computer Science - ITCS '16en_US
dc.eprint.versionAuthor's final manuscripten_US
dc.type.urihttp://purl.org/eprint/type/ConferencePaperen_US
eprint.statushttp://purl.org/eprint/status/NonPeerRevieweden_US
dspace.orderedauthorsBitansky, Nir; Goldwasser, Shafi; Jain, Abhishek; Paneth, Omer; Vaikuntanathan, Vinod; Waters, Brenten_US
dspace.embargo.termsNen_US
dc.identifier.orcidhttps://orcid.org/0000-0001-8361-6035
dc.identifier.orcidhttps://orcid.org/0000-0003-4728-1535
dc.identifier.orcidhttps://orcid.org/0000-0002-2666-0045
mit.licenseOPEN_ACCESS_POLICYen_US


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record