(Verifiable) delay functions from Lucas sequences

0579718 - MÚ 2024 RIV CH eng C - Konferenční příspěvek (zahraniční konf.)
Hoffmann, C. - Hubáček, Pavel - Kamath, C. - Krňák, T.
(Verifiable) delay functions from Lucas sequences.
Theory of Cryptography: 21st International Conference, TCC 2023, Taipei, Taiwan, November 29–December 2, 2023, Proceedings, Part IV. Cham: Springer, 2023 - (Rothblum, G.; Wee, H.), s. 336-362. Lecture Notes in Computer Science, 14372. ISBN 978-3-031-48623-4. ISSN 0302-9743.
[21st Theory of Cryptography Conference (TCC 2023). Taipei (TW), 29.11.2023-02.12.2023]
Grant CEP: GA ČR(CZ) GX19-27871X
Institucionální podpora: RVO:67985840
Klíčová slova: delay functions * Lucas sequences * verifiable delay functions
Obor OECD: Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
https://doi.org/10.1007/978-3-031-48624-1_13

Lucas sequences are constant-recursive integer sequences with a long history of applications in cryptography, both in the design of cryptographic schemes and cryptanalysis. In this work, we study the sequential hardness of computing Lucas sequences over an RSA modulus. First, we show that modular Lucas sequences are at least as sequentially hard as the classical delay function given by iterated modular squaring proposed by Rivest, Shamir, and Wagner (MIT Tech. Rep. 1996) in the context of time-lock puzzles. Moreover, there is no obvious reduction in the other direction, which suggests that the assumption of sequential hardness of modular Lucas sequences is strictly weaker than that of iterated modular squaring. In other words, the sequential hardness of modular Lucas sequences might hold even in the case of an algorithmic improvement violating the sequential hardness of iterated modular squaring. Second, we demonstrate the feasibility of constructing practically-efficient verifiable delay functions based on the sequential hardness of modular Lucas sequences. Our construction builds on the work of Pietrzak (ITCS 2019) by leveraging the intrinsic connection between the problem of computing modular Lucas sequences and exponentiation in an appropriate extension field.
Trvalý link: https://hdl.handle.net/11104/0348529