Cryptology ePrint Archive: Report 2020/537

TARDIS: A Foundation of Time-Lock Puzzles in UC

Carsten Baum and Bernardo David and Rafael Dowsley and Jesper Buus Nielsen and Sabine Oechsner

Abstract: Time-based primitives like time-lock puzzles (TLP) are finding widespread use in practical protocols, partially due to the surge of interest in the blockchain space where TLPs and related primitives are perceived to solve many problems. Unfortunately, the security claims are often shaky or plainly wrong since these primitives are used under composition. One reason is that TLPs are inherently not UC secure and time is tricky to model and use in the UC model. On the other hand, just specifying standalone notions of the intended task, left alone correctly using standalone notions like non-malleable TLPs only, might be hard or impossible for the given task. And even when possible a standalone secure primitive is harder to apply securely in practice afterwards as its behavior under composition is unclear. The ideal solution would be a model of TLPs in the UC framework to allow simple modular proofs. In this paper we provide a foundation for proving composable security of practical protocols using time-lock puzzles and related timed primitives in the UC model. We construct UC-secure TLPs based on random oracles and show that using random oracles is necessary. In order to prove security, we provide a simple and abstract way to reason about time in UC protocols. Finally, we demonstrate the usefulness of this foundation by constructing applications that are interesting in their own right, such as UC-secure two-party computation with output-independent abort.

Category / Keywords: cryptographic protocols / Universal composability, time-lock puzzles, secure two-party computation, fair coin tossing, output independent abort

Original Publication (with major differences): IACR-EUROCRYPT-2021

Date: received 7 May 2020, last revised 8 Aug 2021

Contact author: cbaum at cs au dk, bernardo at bmdavid com, rafael dowsley at monash edu, jbn at cs au dk, oechsner at cs au dk

Available format(s): PDF | BibTeX Citation

Note: Added formal statements for impossibility Theorems 4 and 5 to Appendix E.

Version: 20210808:072900 (All versions of this report)

Short URL: ia.cr/2020/537


[ Cryptology ePrint archive ]