2

I'm looking for a problem that allows me to generate random instances which:

  1. Take arbitrary time to compute (i.e., I can generate an instance that I know would take at least 10 days to solve in an Intel I7);

  2. Is inherently sequential (no matter how many processors you throw at it, it won't be solved faster than 10 days);

  3. Can produce N (say, 2^256) equiprobable outputs;

  4. Given an output, it is easy to verify it is correct.

Example:

  1. Find the smallest N such that sha256^N(seed) < K. You can configure K so that it would take no less than X days given current hardware. The final hash can be any one of 2^256 possible values. But verifying is hard: the only way to prove an N is correct is re-doing the whole computation, so it doesn't really fit.

  2. Find an N such that sha256(seed+N) < K. You can configure K so that it would take no less than X days given current hardware. The final hash can be any one of 2^256 possible values. It is easy to verify the output is correct. But it is embarrassingly parallel.

MaiaVictor
  • 4,199
  • 2
  • 18
  • 34

1 Answers1

2

Requirements 1-3 describe a timelock puzzle, also known as timed-release cryptography or time capsule cryptography. For instance, https://crypto.stackexchange.com/q/606/351.

Requirement 4 says it also has to be easy to verify a correct solution. I don't know of any standard scheme for timelock puzzles that happens to satisfy all four requirements, but you can invent one.

For instance, here is one simple approach that works, if you trust the creator of the puzzle to not try to play games with you. The creator picks a random AES key $k$, encrypts $k$ using the timed-release cryptography / timelock puzzle, and publishes the ciphertext as well as a SHA256 hash of $k$. Now requirements 1-3 are satisfied (it'll take a precisely-controllable amount of time for anyone else to recover $k$), and once you've found $k$, it is easy to verify that you found it correctly by hashing it and comparing the result to the publicly known hash.

For more on timelock puzzles, see also:

and papers in the cryptographic research literature.

Community
  • 1
D.W.
  • 167,959
  • 22
  • 232
  • 500