等哈希:基于广义生日问题的非对称工作量证明

IF 0.6 Q4 ECONOMICS Ledger Pub Date : 2016-01-01 DOI:10.14722/NDSS.2016.23108
A. Biryukov, D. Khovratovich
{"title":"等哈希:基于广义生日问题的非对称工作量证明","authors":"A. Biryukov, D. Khovratovich","doi":"10.14722/NDSS.2016.23108","DOIUrl":null,"url":null,"abstract":"The proof-of-work is a central concept in modern cryptocurrencies, but the requirement for fast verification so far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on memory-intensive computations in order to remedy the disparity between architectures have resulted in slow or broken schemes. In this paper we solve this open problem and show how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof (called ”memory-hardness” feature) but is instant to verify. Our primary proposal is a PoW based on the generalized birthday problem and enhanced Wagner’s algorithm for it. We introduce the new technique of algorithm binding to prevent cost amortization and demonstrate that possible parallel implementations are constrained by memory bandwidth. Our scheme has tunable and steep time-space tradeoffs, which impose large computational penalties if less memory is used. Our solution is practical and ready to deploy: a reference implementation of a proof-of-work requiring 700 MB of RAM runs in 30 seconds on a 1.8 GHz CPU, increases the computations by the factor of 1000 if memory is halved, and presents a proof of just 148 bytes long.","PeriodicalId":36240,"journal":{"name":"Ledger","volume":"2 1","pages":"1-30"},"PeriodicalIF":0.6000,"publicationDate":"2016-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://sci-hub-pdf.com/10.14722/NDSS.2016.23108","citationCount":"102","resultStr":"{\"title\":\"Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem\",\"authors\":\"A. Biryukov, D. Khovratovich\",\"doi\":\"10.14722/NDSS.2016.23108\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The proof-of-work is a central concept in modern cryptocurrencies, but the requirement for fast verification so far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on memory-intensive computations in order to remedy the disparity between architectures have resulted in slow or broken schemes. In this paper we solve this open problem and show how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof (called ”memory-hardness” feature) but is instant to verify. Our primary proposal is a PoW based on the generalized birthday problem and enhanced Wagner’s algorithm for it. We introduce the new technique of algorithm binding to prevent cost amortization and demonstrate that possible parallel implementations are constrained by memory bandwidth. Our scheme has tunable and steep time-space tradeoffs, which impose large computational penalties if less memory is used. Our solution is practical and ready to deploy: a reference implementation of a proof-of-work requiring 700 MB of RAM runs in 30 seconds on a 1.8 GHz CPU, increases the computations by the factor of 1000 if memory is halved, and presents a proof of just 148 bytes long.\",\"PeriodicalId\":36240,\"journal\":{\"name\":\"Ledger\",\"volume\":\"2 1\",\"pages\":\"1-30\"},\"PeriodicalIF\":0.6000,\"publicationDate\":\"2016-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"https://sci-hub-pdf.com/10.14722/NDSS.2016.23108\",\"citationCount\":\"102\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Ledger\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.14722/NDSS.2016.23108\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"ECONOMICS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Ledger","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/NDSS.2016.23108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"ECONOMICS","Score":null,"Total":0}
引用次数: 102

摘要

工作量证明是现代加密货币的核心概念,但到目前为止,对快速验证的需求使得它很容易成为配备GPU、ASIC和僵尸网络的用户的猎物。试图依靠内存密集型计算来弥补体系结构之间的差异,导致了缓慢或破碎的方案。在本文中,我们解决了这个开放问题,并展示了如何基于计算困难的问题构建非对称工作量证明(PoW),该问题需要大量内存来生成证明(称为“内存硬度”特征),但可以立即验证。我们的主要建议是基于广义生日问题和改进的Wagner算法的PoW。我们引入了新的算法绑定技术来防止成本摊销,并证明可能的并行实现受到内存带宽的限制。我们的方案具有可调的和陡峭的时间-空间权衡,如果使用较少的内存,则会造成很大的计算损失。我们的解决方案是实用的,并且可以随时部署:需要700 MB RAM的工作量证明的参考实现在1.8 GHz CPU上运行30秒,如果内存减半,计算量将增加1000倍,并且证明长度仅为148字节。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem
The proof-of-work is a central concept in modern cryptocurrencies, but the requirement for fast verification so far made it an easy prey for GPU-, ASIC-, and botnet-equipped users. The attempts to rely on memory-intensive computations in order to remedy the disparity between architectures have resulted in slow or broken schemes. In this paper we solve this open problem and show how to construct an asymmetric proof-of-work (PoW) based on a computationally hard problem, which requires a lot of memory to generate a proof (called ”memory-hardness” feature) but is instant to verify. Our primary proposal is a PoW based on the generalized birthday problem and enhanced Wagner’s algorithm for it. We introduce the new technique of algorithm binding to prevent cost amortization and demonstrate that possible parallel implementations are constrained by memory bandwidth. Our scheme has tunable and steep time-space tradeoffs, which impose large computational penalties if less memory is used. Our solution is practical and ready to deploy: a reference implementation of a proof-of-work requiring 700 MB of RAM runs in 30 seconds on a 1.8 GHz CPU, increases the computations by the factor of 1000 if memory is halved, and presents a proof of just 148 bytes long.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
Ledger
Ledger Economics, Econometrics and Finance-Economics, Econometrics and Finance (all)
CiteScore
2.20
自引率
0.00%
发文量
2
审稿时长
40 weeks
期刊最新文献
Tokenized Carbon Credits Irrational Economic Action: Running a Bitcoin Lightning Node for Negative Profit Blockchains and Triple-Entry Accounting for B2B Business Models A Token Economics Explanation for the De-Pegging of the Algorithmic Stablecoin: Analysis of the Case of Terra Economics of Open-Source Solar Photovoltaic Powered Cryptocurrency Mining
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1