Proof of Space from Stacked Expanders

@inproceedings{Ren2016ProofOS,
  title={Proof of Space from Stacked Expanders},
  author={Ling Ren and Srinivas Devadas},
  booktitle={TCC},
  year={2016}
}
Recently, proof of space PoS has been suggested as a more egalitarian alternative to the traditional hash-based proof of work. In PoS, a prover proves to a verifier that it has dedicated some specified amount of space. A closely related notion is memory-hard functions MHF, functions that require a lot of memory/space to compute. While making promising progress, existing PoS and MHF have several problems. First, there are large gaps between the desired space-hardness and what can be proven… 
Proofs of Catalytic Space
TLDR
This work investigates extensions of PoS which allow the prover to embed useful data into the dedicated space, which later can be recovered and a security proof for the original PoS extends (non-trivially) to these constructions.
Tight Proofs of Space and Replication
  • Ben Fisch
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2018
TLDR
This work constructs a concretely practical proof-of-space (PoS) with arbitrarily tight security based on stacked depth robust graphs and constant-degree expander graphs, which is secure against parallel attacks.
Proofs of Space-Time and Rational Proofs of Storage
TLDR
This work introduces a new cryptographic primitive: Proofs of SpaceTime (PoSTs) and construct a practical protocol for implementing these proofs, making use of the fact that the resource is defined as a linear tradeoff between CPU work and space-time.
A Note on the Security of Equihash
TLDR
Equihash should be considered a heuristic scheme with no formally proven security guarantees, and no tradeoff-resistance bound is known for Equihash, and its analysis on the expected number of solution is incorrect.
Memory hard functions and persistent memory hardness
TLDR
This survey looks at two MHF constructions and their upper and lower bounds under different metrics of space and time complexity.
Linear-map Vector Commitments and their Practical Applications
TLDR
This work examines the demands on the properties that an ideal vector commitment should satisfy in the light of the emerging plethora of practical applications and proposes new constructions that improve the state-of-the-art in several dimensions and new tradeoffs.
PoReps: Proofs of Space on Useful Data
  • Ben Fisch
  • Computer Science
    IACR Cryptol. ePrint Arch.
  • 2018
TLDR
A rational security notion for PoReps is introduced called -rational replication based on the notion of an -Nash equilibrium, which captures the property that a server does not gain any significant advantage by storing its data in any other (non-redundant) format.
Bandwidth Hard Functions for ASIC Resistance
TLDR
A model for hardware energy cost that has sound foundations in practice is proposed and scrypt, Catena-BRG and Balloon are bandwidth hard with suitable parameters and a capacity hard function is not necessarily bandwidth hard, with a stacked double butterfly graph being a counterexample.
Verifiable Capacity-bound Functions: A New Primitive from Kolmogorov Complexity
TLDR
The first VCBF construction relying on evaluating a degree-d polynomial f from Fp[x] at a random point is proposed, leveraging ideas from Kolmogorov complexity to prove that sampling f from a large set ensures that evaluation must entail reading a number of bits proportional to the size of its coefficients.
PIEs: Public Incompressible Encodings for Decentralized Storage
TLDR
This work presents a new primitive supporting file replication in distributed storage networks (DSNs) called a Public Incompressible Encoding (PIE), and is the first to achieve experimentally validated near-optimal performance-within a factor of 4 of optimal by one metric.
...
...

References

SHOWING 1-10 OF 54 REFERENCES
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
TLDR
This paper shows how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof but is instant to verify, and introduces the new technique of algorithm binding to prevent cost amortization.
High Parallel Complexity Graphs and Memory-Hard Functions
TLDR
A new, more robust, type of Memory-Hard Functions (MHF) is obtained; a security primitive which has recently been gaining acceptance in practice as an effective means of countering brute-force attacks on security relevant functions.
On the Complexity of Scrypt and Proofs of Space in the Parallel Random Oracle Model
TLDR
It is proved that for scrypt, when the underlying hash function is invoked n times, the cumulative memory complexity CMC is at least at least $\varOmega w \cdot n/\log n^2$$Ωwi¾?n/logn2, and introduced and study a combinatorial quantity, and show how a sufficiently small upper bound on it which extends the CMC bound for Scrypt to hold against arbitrary adversaries is solved.
Proofs of Space-Time and Rational Proofs of Storage
TLDR
This work introduces a new cryptographic primitive: Proofs of SpaceTime (PoSTs) and construct a practical protocol for implementing these proofs, making use of the fact that the resource is defined as a linear tradeoff between CPU work and space-time.
Pors: proofs of retrievability for large files
In this paper, we define and explore proofs of retrievability (PORs). A POR scheme enables an archive or back-up service (prover) to produce a concise proof that a user (verifier) can retrieve a
Pebbling and Proofs of Work
TLDR
The paradox, compressing an incompressible table, is resolved by embedding a time/space tradeoff into the process for constructing the table from its representation, and a compact representation for the table is designed.
Balloon Hashing: Provably Space-Hard Hash Functions with Data-Independent Access Patterns
We present the Balloon family of password hashing functions. These are the first cryptographic hash functions with proven space-hardness properties that: (i) use a password-independent access
Fast and Tradeoff-Resilient Memory-Hard Functions for Cryptocurrencies and Password Hashing
TLDR
This work develops a simple and cryptographically secure approach to the design of memory-hard functions and shows how to exploit the architecture of modern CPUs and memory chips to make faster and more secure schemes compared to existing alternatives such as scrypt.
Publicly verifiable proofs of sequential work
TLDR
A publicly verifiable protocol for proving computational work based on collision-resistant hash functions and a new plausible complexity assumption regarding the existence of "inherently sequential" hash functions that makes a novel use of "depth-robust" directed acyclic graphs.
Tradeoff Cryptanalysis of Memory-Hard Functions
TLDR
It is shown that using $$M^{4/5}$$ memory instead of M the authors have no time penalties and reduce the AT cost by the factor of 25, and a novel ranking tradeoff is developed and applied to yescrypt and Lyra2.
...
...