Cryptology ePrint Archive: Report 2018/096
Paralysis Proofs: Safe Access-Structure Updates for Cryptocurrencies and More
Fan Zhang and Philip Daian and Iddo Bentov and Ari Juels
Abstract: Suppose that $N$ players share cryptocurrency using an $M-\text{of}-N$ multisig scheme. If $N-M+1$ players disappear, the remaining ones have a problem: They’ve permanently lost their funds. We introduce Paralysis Proofs. A Paralysis Proof is a proof that players cannot act in concert, e.g., some players have become unavailable. Paralysis Proofs can support the construction of a Paralysis Proof System, which helps maintain resource availability by updating (e.g., downgrading) the resource’s access structure when critical players, i.e., key-share holders, become unavailable. We present a very general Paralysis Proof System implementation that combines trusted hardware, specifically Intel SGX, with a censorship-resistant channel in the form of a blockchain. Active players may issue a challenge to inactive or missing ones. A failure to respond in a timely way, as recorded on the blockchain, generates a Paralysis Proof that authorizes the trusted hardware to change the access structure, for instance, to allow cryptocurrency to be spent without the missing players. Paralysis Proofs help address a pervasive key-management problem in cryptocurrencies and many other settings. We present specific instantiations for Ethereum (without trusted hardware) and for Bitcoin (with and without trusted hardware). We show that for any cryptocurrency system, versions with trusted hardware can be far more efficient than those without. We also show how extensions of our techniques can encompass a rich array of access-structure policies addressing problems well beyond paralysis.
Category / Keywords: cryptographic protocols / blockchain, access structure, trusted hardware, Intel SGX, Bitcoin
Date: received 26 Jan 2018, last revised 9 Mar 2018
Contact author: fz84 at cornell edu
Available format(s): PDF | BibTeX Citation
Version: 20180310:052627 (All versions of this report)
Short URL: ia.cr/2018/096
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]