Abstract
We formalize the notion of a proof of work (POW). In many cryptographic protocols, a prover seeks to convince a verifier that she possesses knowledge of a secret or that a certain mathematical relation holds true. By contrast, in a POW, a prover demonstrates to a verifier that she has performed a certain amount of computational work in a specified interval of time. POWs have served as the basis of a number of security protocols in the literature, but have hitherto lacked careful characterization. In this paper, we offer definitions treating the notion of a POW and related concepts.
We also introduce the dependent idea of a bread pudding protocol. Bread pudding is a dish that originated with the purpose of reusing bread that has gone stale. In the same spirit, we define a bread pudding protocol to be a POW such that the computational effort invested in the proof may be reused by the verifier to achieve a separate, useful, and verifiably correct computation. As an example of a bread pudding protocol, we show how the MicroMint scheme of Rivest and Shamir can be broken up into a collection of POWs. These POWs can not only serve in their own right as mechanisms for security protocols, but can also be harvested in order to outsource the MicroMint minting operation to a large group of untrusted computational devices.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abadi, J. Feigenbaum, and J. Kilian. On hiding information from an oracle. Journal of Computer and System Sciences, 39 (1): 21–50, Aug 1989.
M. Bellare and S. Goldwasser. Encapsulated key escrow. Technical Report Technical Report 688, MIT Laboratory for Computer Science, April 1996.
M. Bellare and S. Goldwasser. Verifiable partial key escrow. In Proceedings of the 4th ACM Conference on Computer and Communications Security, pages 78–91, April 1997.
M. Blum and H. Wasserman. Software reliability via run-time result-checking. Journal of the ACM. To appear. Preliminary version. Software reliability via run-time result-checking. Journal of the ACM. To appear. Preliminary version: ‘Program Result-Checking: A Theory of Testing Meets a Test of Theory, ’ Proc. 35th IEEE FOCS, 1994, pp. 382–392.
J. Cai, R. Lipton, R. Sedgewick, and A. Yao. Towards uncheatable benchmarks. IEEE Structures, pages 2–11, 1993.
C. Dwork and M. Naor. Pricing via processing or combatting junk mail. In Ernest F. Brickell, editor, Proc. CRYPTO ‘82,pages 139147. Springer-Verlag, 1992. Lecture Notes in Computer Science No. 740. (FC ‘87),pages 151–160.
Springer-Verlag, 1997. Lecture Notes in Computer Science No. 1318.
E. Gabber, M. Jakobsson, Y. Matias, and A. Mayer. Curbing junk e-mail via secure classification. In R. Hirschfeld, editor, Financial Cryptography ‘88. Springer-Verlag, 1998.
D. Goldschlag and S. Stubblebine. Publicly verifiable lotteries: Applications of delaying functions. In R. Hirschfeld, editor, Financial Cryptography ‘88. Springer-Verlag, 1998.
M. Jakobsson and J. Müller. How to defend against a militant spammer, 1999. manuscript.
A. Juels and J. Brainard. Client puzzles: A cryptographic defense against connection depletion attacks. In Proceedings of the 1999 ISOC Network and Distributed System Security Symposium, pages 151–165, 1999.
S. Micali. Guaranteed partial key escrow. Technical Report Technical Memo 537, MIT Laboratory for Computer Science, September 1995.
F. Monrose, P. Wyckoff, and A. Rubin. Distributed execution with remote audit. In Proceedings of the 1999 ISOC Network and Distributed System Security Symposium, pages 103–113, 1999.
M. Naor and B. Pinkas. Secure and efficient metering. In K. Nyberg, editor, Advances in Cryptology - Eurocrypt ‘88, pages 576590. Springer-Verlag, 1998.
R. Ostrovsky. A proposal for internet computational commerce: How to tap the power of the WEB, 1998. Presentation at CRYPTO ‘88 Rump Session.
R.L. Rivest and A. Shamir. PayWord and MicroMint-two simple micropayment schemes. RSA Laboratories. CryptoBytes, 2 (1): 7–11, Spring 1996.
R.L. Rivest, A. Shamir, and D. Wagner. Time-lock puzzles and timed-release crypto. To appear, 10 March 1996.
Irma S. Rombauer and Marion Rombauer. Bread-pudding with meringue (six servings). In Joy of Cooking, page 751. Penguin Group, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer Science+Business Media Dordrecht
About this chapter
Cite this chapter
Jakobsson, M., Juels, A. (1999). Proofs of Work and Bread Pudding Protocols(Extended Abstract). In: Preneel, B. (eds) Secure Information Networks. IFIP — The International Federation for Information Processing, vol 23. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-35568-9_18
Download citation
DOI: https://doi.org/10.1007/978-0-387-35568-9_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4757-6487-1
Online ISBN: 978-0-387-35568-9
eBook Packages: Springer Book Archive