skip to main content


Title: Quantum Multi-Solution Bernoulli Search with Applications to Bitcoin's Post-Quantum Security
A proof of work (PoW) is an important cryptographic construct enabling a party to convince others that they invested some effort in solving a computational task. Arguably, its main impact has been in the setting of cryptocurrencies such as Bitcoin and its underlying blockchain protocol, which received significant attention in recent years due to its potential for various applications as well as for solving fundamental distributed computing questions in novel threat models. PoWs enable the linking of blocks in the blockchain data structure and thus the problem of interest is the feasibility of obtaining a sequence (chain) of such proofs. In this work, we examine the hardness of finding such chain of PoWs against quantum strategies. We prove that the chain of PoWs problem reduces to a problem we call multi-solution Bernoulli search, for which we establish its quantum query complexity. Effectively, this is an extension of a threshold direct product theorem to an average-case unstructured search problem. Our proof, adding to active recent efforts, simplifies and generalizes the recording technique of Zhandry (Crypto'19). As an application, we revisit the formal treatment of security of the core of the Bitcoin consensus protocol, the Bitcoin backbone (Eurocrypt'15), against quantum adversaries, while honest parties are classical and show that protocol's security holds under a quantum analogue of the classical “honest majority'' assumption. Our analysis indicates that the security of Bitcoin backbone is guaranteed provided the number of adversarial quantum queries is bounded so that each quantum query is worth O ( p − 1 / 2 ) classical ones, where p is the success probability of a single classical query to the protocol's underlying hash function. Somewhat surprisingly, the wait time for safe settlement in the case of quantum adversaries matches the safe settlement time in the classical case.  more » « less
Award ID(s):
2054758
NSF-PAR ID:
10407048
Author(s) / Creator(s):
; ; ; ;
Date Published:
Journal Name:
Quantum
Volume:
7
ISSN:
2521-327X
Page Range / eLocation ID:
944
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. The concept of a blockchain was invented by Satoshi Nakamoto to maintain a distributed ledger. In addition to its security, important performance measures of a blockchain protocol are its transaction throughput and confirmation latency. In a decentralized setting, these measures are limited by two underlying physical network attributes: communication capacity and speed-of-light propagation delay. In this work we introduce Prism, a new proof-of-work blockchain protocol, which can achieve 1) security against up to 50% adversarial hashing power; 2) optimal throughput up to the capacity C of the network; 3) confirmation latency for honest transactions proportional to the propagation delay D, with confirmation error probability exponentially small in the bandwidth-delay product CD; 4) eventual total ordering of all transactions. Our approach to the design of this protocol is based on deconstructing Nakamoto’s blockchain into its basic functionalities and systematically scaling up these functionalities to approach their physical limits. 
    more » « less
  2. Nakamoto proof-of-work ledger consensus currently underlies the majority of deployed cryptocurrencies and smart-contract blockchains. While a long and fruitful line of work has succeeded to identify its exact security region---that is, the set of parametrizations under which it possesses asymptotic security---the existing theory does not provide concrete settlement time guarantees that are tight enough to inform practice. In this work we provide a new approach for obtaining concrete and practical settlement time guarantees suitable for reasoning about deployed systems. We give an efficient method for computing explicit upper bounds on settlement time as a function of primary system parameters: honest and adversarial computational power and a bound on network delays. We implement this computational method and provide a comprehensive sample of concrete bounds for several settings of interest. We also analyze a well-known attack strategy to provide lower bounds on the settlement times. For Bitcoin, for example, our upper and lower bounds are within 90 seconds of each other for 1-hour settlement assuming 10 second network delays and a 10% adversary. In comparison, the best prior result has a gap of 2 hours in the upper and lower bounds with the same parameters. 
    more » « less
  3. Near-field communication (NFC) is one of the essential technologies in the Internet of Things (IoT) that has facilitated mobile payment across different services. The technology has become increasingly popular, as cryptocurrencies like Bitcoin have revolutionized how payment systems can be designed. However, this technology is subject to security problems, such as man-in-the-middle attacks, double-spending, and replay attacks, raising the need to incorporate other solutions such as blockchain technology. Concerns about the security and privacy of payments using NFC technology raise the need to adopt blockchain-based cryptocurrency payment. For instance, NFC payment has been criticized for a lack of measures to counter potential attacks, such as brute force or double-spending. Thus, incorporating blockchain technology is expected to improve the security features of the NFC mobile payment protocol and improve user experience. Blockchain technology has been praised for enabling fair payment, as it permits direct transactions without engaging a third party. Therefore, integrating blockchain cryptocurrency in IoT devices will revolutionize the NFC payment method and provide value transfer using IoT devices. Combining NFC with blockchain technology and cryptocurrencies is necessary to address security and privacy problems. The purpose of this paper is to explore the potential behind incorporating blockchain technology and cryptocurrencies like Bitcoin in the NFC payment protocol. 
    more » « less
  4. In a key-agreement protocol whose security is proven in the random oracle model (ROM), the parties and the eavesdropper can make bounded number of queries to a shared random function (an “oracle”). Such protocol are the alternative to key-agreement protocols whose security is based on “public-key assumptions”, assumptions that being more structured are presumingly more vulnerable to attacks. Barak and Mahmoody [Crypto ’09] (following Impagliazzo and Rudich [STOC ’89]) have shown the ROM key-agreement protocols can only guarantee limited secrecy: the key of any `l-query protocol can be revealed by an O(l^2 )-query adversary, a bound that matches the gap obtained by the Merkle’s Puzzles two-message protocol of Merkle [CACM ’78]. While this quadratic gap might not seem like much, if the honest parties are willing to work “hard enough” and given continuousness improvement in common hash functions evaluation time, this gap yields a good enough advantage (assuming the security of the protocol holds when initiating the random function with a fixed hash function). In this work we consider the communication complexity of ROM key-agreement protocols. In Merkle’s Puzzles, the honest parties need to exchange Ω(l) bits (ignoring logarithmic factors) to obtain secrecy against an eavesdropper that makes roughly l^2 queries, which makes the protocol unrealizable in many settings. We show that for protocols with certain natural properties, such high communication is unavoidable. Specifically, this is the case if the honest parties’ queries are independent and uniformly random, or alternatively if the protocol uses non-adaptive queries and has only two rounds. Since two-round key-agreement protocol are equivalent to public-key encryption scheme (seeing the first message as the public-key), the latter result bounds the public-key and encryption size of public-key encryption scheme whose security is proven in the ROM. 
    more » « less
  5. Tran, Duc ; Thai, My ; Krishnamachari, Bhaskar (Ed.)
    The security and performance of blockchain systems such as Bitcoin critically rely on the P2P network. This paper aims to investigate blockchain P2P networks. We explore the topologies, peer discovery, and data forwarding and examine the security and performance of the P2P network. Further, we formulate an optimization problem to study the theoretical limit of the performance and provide a solution to achieve optimal performance in a blockchain P2P network. 
    more » « less