# Proof of Space from Stacked Expanders

@inproceedings{Ren2016ProofOS, title={Proof of Space from Stacked Expanders}, author={Ling Ren and Srinivas Devadas}, booktitle={TCC}, year={2016} }

Recently, proof of space PoS has been suggested as a more egalitarian alternative to the traditional hash-based proof of work. In PoS, a prover proves to a verifier that it has dedicated some specified amount of space. A closely related notion is memory-hard functions MHF, functions that require a lot of memory/space to compute. While making promising progress, existing PoS and MHF have several problems. First, there are large gaps between the desired space-hardness and what can be proven…

## 55 Citations

Proofs of Catalytic Space

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work investigates extensions of PoS which allow the prover to embed useful data into the dedicated space, which later can be recovered and a security proof for the original PoS extends (non-trivially) to these constructions.

Tight Proofs of Space and Replication

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2018

This work constructs a concretely practical proof-of-space (PoS) with arbitrarily tight security based on stacked depth robust graphs and constant-degree expander graphs, which is secure against parallel attacks.

Proofs of Space-Time and Rational Proofs of Storage

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This work introduces a new cryptographic primitive: Proofs of SpaceTime (PoSTs) and construct a practical protocol for implementing these proofs, making use of the fact that the resource is defined as a linear tradeoff between CPU work and space-time.

A Note on the Security of Equihash

- Computer ScienceCCSW@CCS
- 2017

Equihash should be considered a heuristic scheme with no formally proven security guarantees, and no tradeoff-resistance bound is known for Equihash, and its analysis on the expected number of solution is incorrect.

Memory hard functions and persistent memory hardness

- Computer Science
- 2022

This survey looks at two MHF constructions and their upper and lower bounds under different metrics of space and time complexity.

Linear-map Vector Commitments and their Practical Applications

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2022

This work examines the demands on the properties that an ideal vector commitment should satisfy in the light of the emerging plethora of practical applications and proposes new constructions that improve the state-of-the-art in several dimensions and new tradeoﬀs.

PoReps: Proofs of Space on Useful Data

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

A rational security notion for PoReps is introduced called -rational replication based on the notion of an -Nash equilibrium, which captures the property that a server does not gain any significant advantage by storing its data in any other (non-redundant) format.

Bandwidth Hard Functions for ASIC Resistance

- Computer ScienceTCC
- 2017

A model for hardware energy cost that has sound foundations in practice is proposed and scrypt, Catena-BRG and Balloon are bandwidth hard with suitable parameters and a capacity hard function is not necessarily bandwidth hard, with a stacked double butterfly graph being a counterexample.

Verifiable Capacity-bound Functions: A New Primitive from Kolmogorov Complexity

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2021

The first VCBF construction relying on evaluating a degree-d polynomial f from Fp[x] at a random point is proposed, leveraging ideas from Kolmogorov complexity to prove that sampling f from a large set ensures that evaluation must entail reading a number of bits proportional to the size of its coefficients.

PIEs: Public Incompressible Encodings for Decentralized Storage

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2018

This work presents a new primitive supporting file replication in distributed storage networks (DSNs) called a Public Incompressible Encoding (PIE), and is the first to achieve experimentally validated near-optimal performance-within a factor of 4 of optimal by one metric.

## References

SHOWING 1-10 OF 54 REFERENCES

Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem

- Computer ScienceNDSS
- 2016

This paper shows how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof but is instant to verify, and introduces the new technique of algorithm binding to prevent cost amortization.

High Parallel Complexity Graphs and Memory-Hard Functions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2014

A new, more robust, type of Memory-Hard Functions (MHF) is obtained; a security primitive which has recently been gaining acceptance in practice as an effective means of countering brute-force attacks on security relevant functions.

On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model

- Computer Science, MathematicsEUROCRYPT
- 2016

It is proved that for scrypt, when the underlying hash function is invoked n times, the cumulative memory complexity CMC is at least at least $\varOmega w \cdot n/\log n^2$$Ωwi¾?n/logn2, and introduced and study a combinatorial quantity, and show how a sufficiently small upper bound on it which extends the CMC bound for Scrypt to hold against arbitrary adversaries is solved.

Proofs of Space-Time and Rational Proofs of Storage

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

This work introduces a new cryptographic primitive: Proofs of SpaceTime (PoSTs) and construct a practical protocol for implementing these proofs, making use of the fact that the resource is defined as a linear tradeoff between CPU work and space-time.

Pors: proofs of retrievability for large files

- Computer ScienceCCS '07
- 2007

In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a…

Pebbling and Proofs of Work

- Computer Science, MathematicsCRYPTO
- 2005

The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation, and a compact representation for the table is designed.

Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2016

We present the Balloon family of password hashing functions. These are the first cryptographic hash functions with proven space-hardness properties that: (i) use a password-independent access…

Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2015

This work develops a simple and cryptographically secure approach to the design of memory-hard functions and shows how to exploit the architecture of modern CPUs and memory chips to make faster and more secure schemes compared to existing alternatives such as scrypt.

Publicly verifiable proofs of sequential work

- Computer Science, MathematicsITCS '13
- 2013

A publicly verifiable protocol for proving computational work based on collision-resistant hash functions and a new plausible complexity assumption regarding the existence of "inherently sequential" hash functions that makes a novel use of "depth-robust" directed acyclic graphs.

Tradeoff Cryptanalysis of Memory-Hard Functions

- Computer ScienceASIACRYPT
- 2015

It is shown that using $$M^{4/5}$$ memory instead of M the authors have no time penalties and reduce the AT cost by the factor of 25, and a novel ranking tradeoff is developed and applied to yescrypt and Lyra2.