Abstract
We introduce a new cryptographic primitive: Proofs of Space-Time (PoSTs) and construct an extremely simple, practical protocol for implementing these proofs. A PoST allows a prover to convince a verifier that she spent a “space-time” resource (storing data—space—over a period of time). Formally, we define the PoST resource as a trade-off between CPU work and space-time (under reasonable cost assumptions, a rational user will prefer to use the lower-cost space-time resource over CPU work).
Compared to a proof-of-work, a PoST requires less energy use, as the “difficulty” can be increased by extending the time period over which data is stored without increasing computation costs. Our definition is very similar to “Proofs of Space” [ePrint 2013/796, 2013/805] but, unlike the previous definitions, takes into account amortization attacks and storage duration. Moreover, our protocol uses a very different (and much simpler) technique, making use of the fact that we explicitly allow a space-time tradeoff, and doesn’t require any non-standard assumptions (beyond random oracles). Unlike previous constructions, our protocol allows incremental difficulty adjustment, which can gracefully handle increases in the price of storage compared to CPU work. In addition, we show how, in a crypto-currency context, the parameters of the scheme can be adjusted using a market-based mechanism, similar in spirit to the difficulty adjustment for PoW protocols.
T. Moran—Supported by ISF grant no. 1790/13 and the Bar-Ilan Cyber-center.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
For the purposes of this paper, we use the formal definitions of [10].
- 2.
Of course, this is also true for a local disk; during the interval in which we are using the disk to store data A, we can’t use it to store anything else, so our “cost” is the utility we could have gained over the same period (e.g., by renting out the disk to a cloud-storage company).
- 3.
We note that the our PoST definitions precede theirs.
- 4.
Although the definition allows general interaction, in our construction the first phase is non-interactive (the prover sends a single message) and the second consists of a single round.
- 5.
Each of the verifiers runs a copy of the honest verifier code with independent random coins;
, however, can correlate its sessions with the verifiers. - 6.
This is just for convenience of notation, we can implement them all using a single oracle by assigning a unique prefix to the oracle queries (e.g.,
.). - 7.
These can be chosen by hardwiring a seed in the code of both
and 
, and computing \(\textit{ch}_i\) using the Merkle oracle, which is not counted against the query budget of 
. - 8.
We note that this computation can be performed by the prover instead, but it will simplify our analysis to assume the verifier performs the checks.
- 9.
Thanks to the anonymous reviewer who suggested this idea!
, however, can correlate its sessions with the verifiers.
.).
and 
, and computing 
.References
The chia network. https://chia.net/
Spacemesh. https://spacemesh.io/
Abusalah, H., Alwen, J., Cohen, B., Khilko, D., Pietrzak, K., Reyzin, L.: Beyond Hellman’s time-memory trade-offs with applications to proofs of space. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017, Part II. LNCS, vol. 10625, pp. 357–379. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_13
Alwen, J., Serbinenko, V.: High parallel complexity graphs and memory-hard functions. In: Servedio, R.A., Rubinfeld, R. (eds.) Proceedings of the Forty-Seventh Annual ACM on Symposium on Theory of Computing, STOC 2015, Portland, OR, USA, 14–17 June 2015, pp. 595–603. ACM (2015). https://doi.org/10.1145/2746539.2746622. http://doi.acm.org/10.1145/2746539.2746622
Ateniese, G., Bonacina, I., Faonio, A., Galesi, N.: Proofs of space: when space is of the essence. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 538–557. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-10879-7_31
Ateniese, G., et al.: Provable data possession at untrusted stores. IACR Cryptology ePrint Archive 2007:202 (2007)
Bowers, K.D., Juels, A., Oprea, A.: Proofs of retrievability: theory and implementation. In: Sion, R., Song, D. (eds.) CCSW, pp. 43–54. ACM (2009)
Cohen, B., Pietrzak, K.: Simple proofs of sequential work. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 451–467. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_15
Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_10
Dziembowski, S., Faust, S., Kolmogorov, V., Pietrzak, K.: Proofs of space. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 585–605. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_29
Fisch, B.: PoReps: proofs of space on useful data. IACR Cryptology ePrint Archive, 2018:678 (2018). https://eprint.iacr.org/2018/678
Fisch, B.: Tight proofs of space and replication. Cryptology ePrint Archive, Report 2018/702 (2018). https://eprint.iacr.org/2018/702
Golle, P., Jarecki, S., Mironov, I.: Cryptographic primitives enforcing communication and storage complexity. In: Blaze, M. (ed.) FC 2002. LNCS, vol. 2357, pp. 120–135. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36504-4_9
Juels, A., Kaliski Jr., B.S.: Pors: proofs of retrievability for large files. In: Ning, P., di Vimercati, S.D.C., Syverson, P.F. (eds.) ACM Conference on Computer and Communications Security, pp. 584–597. ACM (2007)
Protocol Labs: Filecoin: a decentralized storage network (2017). https://filecoin.io/filecoin.pdf
Miller, A., Juels, A., Shi, E., Parno, B., Katz, J.: Permacoin: repurposing bitcoin work for data preservation. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014, pp. 475–490. IEEE Computer Society (2014). https://doi.org/10.1109/SP.2014.37
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf
Park, S., Kwon, A., Fuchbauer, G., Gazi, P., Alwen, J., Pietrzak, K.: SpaceMint: a cryptocurrency based on proofs of space. In: Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC). Springer, Heidelberg (2018). http://fc18.ifca.ai/preproceedings/78.pdf
Percival, C.: Stronger key derivation via sequential memory-hard functions. In: BSDCan 2009 (2009)
Pietro, R.D., Mancini, L.V., Law, Y.W., Etalle, S., Havinga, P.J.M.: LKHW: a directed diffusion-based secure multicast scheme for wireless sensor networks. In: ICPP Workshops, p. 397. IEEE Computer Society (2003)
Pietrzak, K.: Proofs of catalytic space. In: Blum, A. (ed.) 10th Innovations in Theoretical Computer Science Conference, ITCS 2019. LIPIcs, San Diego, California, USA, 10–12 January 2019, vol. 124, pp. 59:1–59:25. Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik (2019). https://doi.org/10.4230/LIPIcs.ITCS.2019.59
Ren, L., Devadas, S.: Proof of space from stacked expanders. In: Hirt, M., Smith, A. (eds.) TCC 2016-B, Part I. LNCS, vol. 9985, pp. 262–285. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53641-4_11
Waters, B., Juels, A., Halderman, J.A., Felten, E.W.: New client puzzle outsourcing techniques for dos resistance. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) ACM Conference on Computer and Communications Security, pp. 246–256. ACM (2004)
Acknowledgements
The authors would like to thank Siyao Guo for some very helpful discussions on compression arguments.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 International Association for Cryptologic Research
About this paper
Cite this paper
Moran, T., Orlov, I. (2019). Simple Proofs of Space-Time and Rational Proofs of Storage. In: Boldyreva, A., Micciancio, D. (eds) Advances in Cryptology – CRYPTO 2019. CRYPTO 2019. Lecture Notes in Computer Science(), vol 11692. Springer, Cham. https://doi.org/10.1007/978-3-030-26948-7_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-26948-7_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-26947-0
Online ISBN: 978-3-030-26948-7
eBook Packages: Computer ScienceComputer Science (R0)
