Abstract
Time-based cryptographic primitives such as Time-Lock Puzzles (TLPs) and Verifiable Delay Functions (VDFs) have proven to be pivotal in several areas of cryptography. All existing candidate constructions, however, guarantee time-delays based on the average hardness of sequential computational problems. This means that any algorithmic or hardware improvement affects parameter choices and may turn deployed systems insecure.
To address this issue, we investigate how to build time-based cryptographic primitives where delays depend on sources other than sequential computations: namely, transmission delays caused by sequential communication. We explore sequential communication delays that arise when sending a message through a constellation of satellites in Space. This setting has the advantage that distances between protocol participants are guaranteed as positions of satellites are observable from Earth, moreover delay lower bounds are unconditional and can be easily computed using the laws of Physics (the speed of light bounds transmission speed).
We introduce proofs of sequential communication delay (SCD) in the Universal Composability framework, that can be used to convince a verifier that a message has accrued delay by traversing a path among a set of scattered satellites. With our SCD proofs we realize the first proposals of Publicly Verifiable TLPs and VDFs whose delay guarantees are rooted on physical limits, rather than ever-decreasing computational hardness. Finally, our notion of SCD paves the way to the first Delay Encryption construction not based on supersingular isogenies.
C. Baum—This work was supported by Protocol Labs.
B. M. David—This work was supported by Protocol Labs and the Independent Research Fund Denmark (IRFD) grant number 0165-00079B.
E. Pagnin—This work was supported by the VR project number 2022-04684.
A. Takahashi—Work partially done while affiliated with the University of Edinburgh. This paper was prepared in part for information purposes by the Artificial Intelligence Research group of JPMorgan Chase & Co and its affiliates (“JP Morgan”), and is not a product of the Research Department of JP Morgan. JP Morgan makes no representation and warranty whatsoever and disclaims all liability, for the completeness, accuracy or reliability of the information contained herein. This document is not intended as investment research or investment advice, or a recommendation, offer or solicitation for the purchase or sale of any security, financial instrument, financial product or service, or to be used in any way for evaluating the merits of participating in any transaction, and shall not constitute a solicitation under any jurisdiction or to any person, if such solicitation under such jurisdiction or to such person would be unlawful.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Our protocols in fact only require loosely synchronized clocks, as the minimum delay is guaranteed by a physical effect rather than synchronization, and the use of synchronization only impacts liveness of the protocol. We choose not to model that more explicitly as it would require more details in the formalization.
References
Cryptosat. https://cryptosat.io. Accessed 07 Oct 2022
Alikhani, P., et al.: Experimental relativistic zero-knowledge proofs. Nature 599(7883), 47–50 (2021)
Almashaqbeh, G., et al.: Unclonable polymers and their cryptographic applications. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022 Part I. LNCS, vol. 13275, pp. 759–789. Springer, Heidelberg (2022). https://doi.org/10.1007/978-3-031-06944-4_26
Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017 Part I. LNCS, vol. 10401, pp. 324–356. Springer, Heidelberg (2017)
Bate, R.R., Mueller, D.D., White, J.E., Saylor, W.W.: Fundamentals of Astrodynamics. Courier Dover Publications, Mineola (2020)
Baum, C., David, B., Dowsley, R.: (Public) verifiability for composable protocols without adaptivity or zero-knowledge. In: Ge, C., Guo, F. (eds.) ProvSec 2022. LNCS, vol. 13600, pp. 249–272. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-20917-8_17
Baum, C., David, B., Dowsley, R., Kishore, R., Nielsen, J.B., Oechsner, S.: CRAFT: composable randomness beacons and output-independent abort MPC from time. In: Boldyreva, A., Kolesnikov, V. (eds.) PKC 2023 Part I. LNCS, vol. 13940, pp. 439–470. Springer, Heidelberg (2023). https://doi.org/10.1007/978-3-031-31368-4_16
Baum, C., David, B., Dowsley, R., Nielsen, J.B., Oechsner, S.: TARDIS: a foundation of time-lock puzzles in UC. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021 Part III. LNCS, vol. 12698, pp. 429–459. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_15
Baum, C., David, B., Pagnin, E, Takahashi, A.: CaSCaDE: (time-based) cryptography from space communications DElay. Cryptology ePrint Archive, Paper 2023/405 (2023). https://eprint.iacr.org/2023/405
Bitansky, N., Goldwasser, S., Jain, A., Paneth, O., Vaikuntanathan, V., Waters, B.: Time-lock puzzles from randomized encodings. In Sudan, M., (ed.) ITCS 2016, pp. 345–356. ACM (2016)
Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018 Part I. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25
Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13
Boneh, D., Naor, M.: Timed commitments. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 236–254. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_15
Brzuska, C., Fischlin, M., Schröder, H., Katzenbeisser, S.: Physically uncloneable functions in the universal composition framework. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 51–70. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_4
Burdges, J., De Feo, L.: Delay encryption. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021 Part I. LNCS, vol. 12696, pp. 302–326. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_11
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press (2001)
Crépeau, C., Kilian, J.: Achieving oblivious transfer using weakened security assumptions (extended abstract). In: 29th FOCS, pp. 42–52. IEEE Computer Society Press (1988)
Crépeau, C., Massenet, A., Salvail, L., Stinchcombe, L.S., Yang, N.: Practical relativistic zero-knowledge for NP. In: Kalai, Y.T., Smith, A.D., Wichs, D. (eds.) ITC 2020, pp. 4:1–4:18. Schloss Dagstuhl (2020)
De Feo, L., Masson, S., Petit, C., Sanso, A.: Verifiable delay functions from supersingular isogenies and pairings. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019 Part I. LNCS, vol. 11921, pp. 248–277. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_10
Ephraim, N., Freitag, C., Komargodski, I., Pass, R.: Continuous verifiable delay functions. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020 Part III. LNCS, vol. 12107, pp. 125–154. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_5
Freitag, C., Komargodski, I., Pass, R., Sirkin, N.: Non-malleable time-lock puzzles and applications. In: Nissim, K., Waters, B. (eds.) TCC 2021 Part III. LNCS, vol. 13044, pp. 447–479. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-90456-2_15
Fujisaki, E., Okamoto, T.: How to enhance the security of public-key encryption at minimum cost. In: Imai, H., Zheng, Y. (eds.) PKC 1999. LNCS, vol. 1560, pp. 53–68. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-49162-7_5
Goyal, V., Ishai, Y., Sahai, A., Venkatesan, R., Wadia, A.: Founding cryptography on tamper-proof hardware tokens. In: Micciancio, D. (ed.) TCC 2010. LNCS, vol. 5978, pp. 308–326. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-11799-2_19
Katz, J.: Universally composable multi-party computation using tamper-proof hardware. In: Naor, M. (ed.) EUROCRYPT 2007. LNCS, vol. 4515, pp. 115–128. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-72540-4_7
Katz, J., Loss, J., Xu, J.: On the security of time-lock puzzles and timed commitments. In: Pass, R., Pietrzak, K. (eds.) TCC 2020 Part III. LNCS, vol. 12552, pp. 390–413. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64381-2_14
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Kent, A.: Unconditionally secure bit commitment. Phys. Rev. Lett. 83(7), 1447 (1999)
Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016 Part II. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_25
Lunghi, T., et al.: Practical relativistic bit commitment. Phys. Rev. Lett. 115(3), 030502 (2015)
Maurer, U.M.: Protocols for secret key agreement by public discussion based on common information. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 461–470. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_32
Nishimaki, R., Manabe, Y., Okamoto, T.: Universally composable identity-based encryption. In: Nguyen, P.Q. (ed.) VIETCRYPT 2006. LNCS, vol. 4341, pp. 337–353. Springer, Heidelberg (2006). https://doi.org/10.1007/11958239_23
Pappu, R., Recht, B., Taylor, J., Gershenfeld, N.: Physical one-way functions. Science 297(5589), 2026–2030 (2002)
Pietrzak, K.: Simple verifiable delay functions. In: Blum, A (ed.) ITCS 2019, vol. 124, pp. 60:1–60:15. LIPIcs (2019)
Pointcheval, D.: Chosen-ciphertext security for any one-way cryptosystem. In: Imai, H., Zheng, Y. (eds.) PKC 2000. LNCS, vol. 1751, pp. 129–146. Springer, Heidelberg (2000). https://doi.org/10.1007/978-3-540-46588-1_10
Puig-Suari, J., Turner, C., Ahlgren, W.: Development of the standard cubesat deployer and a cubesat class picosatellite. In: 2001 IEEE Aerospace Conference Proceedings (Cat. No.01TH8542), vol. 1, pp. 1/347–1/353 (2001)
Rivest, R.L., Shamir, A., Wagner, D.A.: Time-lock puzzles and timed-release crypto (1996)
Rührmair, U., van Dijk, M.: On the practical use of physical unclonable functions in oblivious transfer and bit commitment protocols. J. Cryptogr. Eng. 3, 17–28 (2013)
Vallado, D.A.: Fundamentals of Astrodynamics and Applications, vol. 12. Springer, Cham (2001)
Verbanis, E., Martin, A., Houlmann, R., Boso, G., Bussières, F., Zbinden, H.: 24-hour relativistic bit commitment. Phys. Rev. Lett. 117, 140506 (2016)
Wesolowski, B.: Efficient verifiable delay functions. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019 Part III. LNCS, vol. 11478, pp. 379–407. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17659-4_13
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Practical Considerations
A Practical Considerations
In this appendix, we elaborate on our model choices and how realistic our constructions are in generic terms. Unfortunately we cannot back our estimates with concrete results as we could not buy a few satellites, ship them to space and test our protocol in its realistic setting. We leave this as interesting future work.
How to Compute Communication Delay Lower Bounds. In Physics c denotes the speed of light (measured to \(c=299.792.458\) m/s in the space). Einstein’s Special Relativity sets c as the natural upper bound on communication speed since matter, energy or signals that may carry information can travel at most as fast as the speed of light. With this in mind it is straightforward to determine the exact lower bound for communication delay between two satellites. Let d denote the distance in meters between two satellites, then the minimal possible time-delay in their communication is \(\varDelta =d/c\). The distance d can be computed by first determining each satellite’s position and then computing the Euclidean distance between such positions. Determining a satellite’s position at an instant in time is done via classical mechanics, see [5, Chapter 4 & 5] or [38, Chapter 10 & 11] for standard references. Even spy satellites can be tracked by amateur enthusiasts, e.g. https://gizmodo.com/how-you-can-track-every-spy-satellite-in-orbit-1685316357.
Efficiency of TLP and IBE Constructions. When computing the Time-Lock Puzzle (TLP) based on threshold encryption, each satellite performs one extra scalar multiplication, adding 0.066 ms for the Cortex-A15 processor and 2.28 ms for the A9 processor mentioned above. When executing our VDF/TLP constructions based on IBE, each satellite only needs to compute one extra scalar multiplication on the elliptic curve as in the TLP based on threshold encryption. Expensive operations (e.g. re-encryption and bilinear pairings) are only done on non-constrained devices verifying the result of VDF/TLP evaluations.
On a Trust Assumption. Previous results on TLPs/VDFs consider that the evaluation of TLPs/VDFs is done locally by each party, thus requiring security even when this single evaluator is dishonest. In our setting, we outsource this evaluation to a group of parties and guarantee security if at least 1 of them is honest. In our concrete instantiation, we require at least one of the parties signing the message be honest, when the message travels through the round-robin network of parties when being signed in order by each party. While this is indeed an extra trust assumption, it allows us to provide precise and absolute delay lower bounds. This is not unprecedented in the time-based cryptography literature, as the same assumption of at least 1 out of n parties being honest is also made in the context of distance bounding protocols. Moreover, since satellites are in orbit, it is infeasible to corrupt their hardware and software (provided it is not updatable) after the launch.
Liveness of Optimistic Protocols. We take an optimistic approach of designing highly efficient protocols that might abort in case of misbehavior by one of the parties, in which case we resort to more expensive protocols that identify and eliminate the cheating party. This applies to our constructions of VDFs in Sect. 5,TLPs in the full version [9] and Delay Encryption in Sect. 6. All of the constructions rely on our proof of communication delay, so they will abort if a satellite in the pre-established signing path fails to provide a valid signature. Moreover, in the TLP (resp. Delay Encryption) constructions, a satellite who misbehaves in the threshold encryption (resp. threshold identity key generation) will also cause an abort. Both abort cases can be handled by requiring the satellites to repeat the protocol while providing non-interactive zero knowledge proofs (NIZK) of correct execution. In this augmented protocol, we can easily identify a cheater by checking the NIZKs (i.e. misbehavior will result in an invalid NIZK), subsequently eliminating this cheater e re-executing the protocol once more. Naturally, eliminating a cheating satellite will also require re-executing the sequential signing protocol, which might be costly. However, notice that once a cheater is eliminated, it no longer participates in future executions of the protocol. Hence, these re-executions will happen at most t times, where t is the number of corrupted satellites. After all cheaters are eliminated, all executions will only require the highly efficient optimistic protocol.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Baum, C., David, B.M., Pagnin, E., Takahashi, A. (2024). CaSCaDE: (Time-Based) Cryptography from Space Communications DElay. In: Galdi, C., Phan, D.H. (eds) Security and Cryptography for Networks. SCN 2024. Lecture Notes in Computer Science, vol 14973. Springer, Cham. https://doi.org/10.1007/978-3-031-71070-4_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-71070-4_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-71069-8
Online ISBN: 978-3-031-71070-4
eBook Packages: Computer ScienceComputer Science (R0)