Cryptology ePrint Archive: Report 2018/096

Paralysis Proofs: Safe Access-Structure Updates for Cryptocurrencies and More

Fan Zhang and Philip Daian and Iddo Bentov and Ari Juels

Abstract: Suppose that $N$ players share cryptocurrency using an $M-\text{of}-N$ multisig scheme. If $N-M+1$ players disappear, the remaining ones have a problem: They’ve permanently lost their funds. We introduce Paralysis Proofs. A Paralysis Proof is a proof that players cannot act in concert, e.g., some players have become unavailable. Paralysis Proofs can support the construction of a Paralysis Proof System, which helps maintain resource availability by updating (e.g., downgrading) the resource’s access structure when critical players, i.e., key-share holders, become unavailable. We present a very general Paralysis Proof System implementation that combines trusted hardware, specifically Intel SGX, with a censorship-resistant channel in the form of a blockchain. Active players may issue a challenge to inactive or missing ones. A failure to respond in a timely way, as recorded on the blockchain, generates a Paralysis Proof that authorizes the trusted hardware to change the access structure, for instance, to allow cryptocurrency to be spent without the missing players. Paralysis Proofs help address a pervasive key-management problem in cryptocurrencies and many other settings. We present specific instantiations for Ethereum (without trusted hardware) and for Bitcoin (with and without trusted hardware). We show that for any cryptocurrency system, versions with trusted hardware can be far more efficient than those without. We also show how extensions of our techniques can encompass a rich array of access-structure policies addressing problems well beyond paralysis.

Category / Keywords: cryptographic protocols / blockchain, access structure, trusted hardware, Intel SGX, Bitcoin

Date: received 26 Jan 2018, last revised 9 Mar 2018

Contact author: fz84 at cornell edu

Available format(s): PDF | BibTeX Citation

Version: 20180310:052627 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]