WO2018172185A1 - Communication électronique et procédé de commande d'accès - Google Patents

Communication électronique et procédé de commande d'accès Download PDF

Info

Publication number
WO2018172185A1
WO2018172185A1 PCT/EP2018/056560 EP2018056560W WO2018172185A1 WO 2018172185 A1 WO2018172185 A1 WO 2018172185A1 EP 2018056560 W EP2018056560 W EP 2018056560W WO 2018172185 A1 WO2018172185 A1 WO 2018172185A1
Authority
WO
WIPO (PCT)
Prior art keywords
test
proof
work
communication terminal
function
Prior art date
Application number
PCT/EP2018/056560
Other languages
English (en)
Inventor
Leo PERRIN
Alex BIRYUKOV
Original Assignee
Universite Du Luxembourg
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Universite Du Luxembourg filed Critical Universite Du Luxembourg
Publication of WO2018172185A1 publication Critical patent/WO2018172185A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN

Definitions

  • the invention generally pertains to a communication method and an access- control method for communication networks. More particularly, the method comprises producing a proof-of-work associated with a received or self-imposed proof-of-work test according to a privileged-user strategy and transmitting, broadcasting or multicasting the same over the network for verification by one or more other network members.
  • PoWs Proof-of-works
  • PoWs have attracted more and more attention, especially because they are used as core building blocks in the most recognized and widely used digital currency: Bitcoin [4].
  • PoWs are used in Bitcoin for producing blocks (which are recording the transactions, a block comprises a plurality of transactions).
  • the so-called miners must produce a PoW which covers all of the data in current block and some data of one or more preceding blocks in order for a block to be accepted by network participants.
  • One miner manages to generate a proof-of-work in approximately 10 minutes and communicates (transmits) it to the network participants for verification of the validity of the generated PoW. If the block is accepted, it is added to the chain of other blocks for bookkeeping, effectively increasing the size of the so-called blockchain.
  • Document US 2010/0031315 relates to a systems and methods for using client puzzles to protect against denial-of-service attacks.
  • the puzzles are placed at the network layer level and/or application layer level to protect against denial-of-service attacks.
  • document US 2010/0031315 claims to provide a robust and flexible solution to support puzzle issuance at arbitrary points in the network, including end hosts, firewalls, and routers and thereby a defense against denial-of-service attacks.
  • PoW protocol designates a protocol or set of rules that define the generic structure of well-shaped PoW tests and the verification method of the PoWs.
  • PoW test designates a specific instance of a computational puzzle or challenge within the class of all puzzles or challenges that are compliant with the PoW protocol.
  • a PoW is a solution of the test that results in a successful verification under the verification method.
  • the verification method uses a verification function that returns "True” or "False” for a given PoW test and a candidate solution. A PoW thus is a solution for which the verification function returns "True”.
  • a first aspect of the invention pertains to a communication method (for electronic communication).
  • the method comprises receiving or generating, by a first communication terminal, a PoW test.
  • the received or generated PoW test is compliant with a PoW protocol agreed upon within a communication network comprising, at least, the first communication terminal and a second communication terminal.
  • the method further comprises producing a PoW associated with the PoW test by solving the PoW test according to a privileged-user strategy.
  • the privileged-user strategy comprises a meet-in-the-middle search, the meet-in-the-middle search using a secret key associated with the PoW test.
  • the produced PoW is transmitted, broadcast or multicast over the network for verification by the second communication terminal.
  • the transmission of the PoW on the network may be effected via one or more point-to-point communication links between the first communication terminal and the second communication terminal, via broadcast or via multicast.
  • Direct reception of the PoW by the second communication terminal may be desirable or even necessary for some applications but is not necessary in general.
  • transmission on the network could comprise making available the PoW for inspection (by the general public or only the network members) on a server or other network resource.
  • the meet-in- the-middle search reduces, on average, the computational effort a privileged user (possessing the secret key) needs to perform in comparison to a common (non- privileged) user (not possessing the secret key) in order to find a valid solution to the PoW test.
  • the communication method comprises determining, by the first communication terminal, whether the secret key associated with the PoW test is known to the first communication terminal.
  • the secret key is known to the first communication terminal if it is stored in a memory of the first communication terminal or in a memory the first communication terminal has access to.
  • the method further comprises producing a PoW associated with the PoW test by solving the PoW test according to a common-user strategy instead of the privileged-user strategy if the secret key is not known.
  • the common-user strategy may comprise a brute-force search of a PoW associated with the PoW test.
  • a "brute-force search" is a trial-and-error search, wherein candidate PoWs are generated (e.g.
  • An interesting advantage of the invention resides in the fact that verification of PoW is very easy (computationally cheap) for all network members (for both privileged and non-privileged ones.)
  • the method used to perform this verification may be identical for checking the solutions found by both privileged users and common ones. In other words, no special resources or knowledge is needed to verify the PoWs of privileged users. Therefore, the second communication terminal that verifies the PoW generated by the first communication terminal need not be itself a privileged user.
  • PoWs are made available to all network members for verification (this may be the case, for instance, in applications where the PoWs document successful mining), there may be several network members that take the role of the second communication terminal.
  • the meet-in-the-middle search comprises:
  • the meet-in-the-middle search comprises:
  • bit string designates a sequence of bits, which may be organized as any suitable data structure. Bits may be represented as “0"s and “1 "s. Bit strings may also be written in hexadecimal (base 16 or hex) notation, which is regarded as particularly convenient for long bit strings.
  • cryptographic function designates a function that obscures the relationship between input values and their images under the function. If a part of the bits of an output value under such a function is given, then the only way to find a corresponding input, certain bits of which are constrained, is proceeding by trial-and-error or knowledge of the trapdoor (secret), if any.
  • cryptographic functions are hash functions, pseudorandom permutations (PRP) and one-way functions (including trapdoor functions).
  • PRP pseudorandom permutations
  • Cryptographic one-way functions are cryptographic functions that are easy to compute on a given input but very hard (prohibitively costly in terms of computational resources) to invert.
  • the cryptographic function comprises a hash function, a random oracle or a pseudo-random permutation (e.g. a permutation from the SHA-3 standard).
  • a trapdoor function is a cryptographic one-way function, which can (only) be inverted easily if a special piece of information (the secret key) is known.
  • the trapdoor function is a RSA trapdoor function having a private key. The RSA trapdoor function is inverted using the private key as the secret key. Trapdoor functions based on Rabin's cryptosystem, Schmidt-Samoa cryptosystem or others can be used as well.
  • test input bit strings and/or the test output bit string are generated using a random or pseudorandom number generator, a cryptographic function (e.g. a hash function) and/or a counter.
  • a cryptographic function e.g. a hash function
  • the generation of the test input bit string and/or the test output bit string is constrained; the constraint(s) comprising a subset of bits of the test input bit string and/or of the test output bit string being fixed to a predefined value.
  • the PoW protocol may specify that a part of each test input bit string and/or test output bit string must correspond to a certain value.
  • the protocol may define the rules as to how this value or these values have to be calculated.
  • the PoW protocol could, for example, specify that the value(s) must be derived from some parameters of the communication network, e.g., previously published PoWs, geographic location, current time, etc. A possibility to derive such value(s) would be to assemble the needed parameters in a way specified by the PoW protocol and then apply a hash function.
  • the PoW protocol could specify that the constraints are fixed by a network member requesting the PoW.
  • An interesting advantage of the proposed invention is that difficulties of finding PoW for the privileged and non-privileged users can be adjusted separately and without impacting the ease of PoW verification.
  • the verification function may be regarded as a composition of two or more cryptographic functions followed by a Boolean-valued function returning "True” (or 1 ) or "False” (or 0)
  • the constraint preferably includes that the test output bit string is within the preimage of "True” (or 1 ).
  • the predefined value of the subset of bits comprises a signature indicative of the use of the privileged-user strategy for producing the PoW.
  • the method further comprises transmitting the signature to the second communication terminal.
  • a second aspect of the invention pertains to an access-control method for a communication network, wherein a first communication terminal requests a service to a second communication terminal, the second communication terminal being configured to grant or deny the request of access to the service based upon a transmission of a PoW by the first communication terminal. Moreover, the first communication terminal carries out the communication method according to first aspect of the invention. In addition, the first communication terminal receives a grant or denial of access to the requested service from the second communication terminal. If access is granted by the second communication terminal, the first communication terminal accesses the service.
  • the service may comprise making available a website, a mail server, a game, a (distributed) database, or making a publicly (or privately) verifiable record in a (distributed) ledger.
  • the access-control method is a part of a spam mitigation method, e.g. a spam mitigation method for emails.
  • a third aspect of the invention pertains to computer program comprising instructions, which, when executed by a computer, cause the computer to carry out the method according to the first or the second aspect of the invention.
  • a further aspect of the invention pertains to a computer program product comprising a computer readable medium (volatile or non-volatile memory, e.g. hard disk, flash drive, solid-state drive, etc.) having stored thereon a computer program according to the third aspect of the invention.
  • Fig. 1 depicts an access-control method according to an embodiment of the invention
  • Fig. 2 depicts an access-control method according to another embodiment of the invention.
  • Fig. 3 illustrates a first example of a cryptographic function used by a proof-of-work system
  • Fig. 4 illustrates an example of a meet-in-the-middle search procedure
  • Fig. 5 illustrates a second example of a cryptographic function used by a proof-of- work system
  • Fig. 6 illustrates an embodiment of a communication method.
  • Fig. 1 shows an access-control method 10 for an electronic communication network, according to an embodiment of the invention.
  • a client terminal 12 sends a service request 14 to a server terminal 16.
  • the server terminal 16 Upon receiving the request 14, the server terminal 16 generates a PoW test compliant to a PoW protocol implemented by both the client terminal 12 and the server terminal 16.
  • the server terminal 16 responds to the service request 14 by transmitting (a message containing) the PoW test 18 to the client terminal 12.
  • the client terminal 12 solves the received PoW test, thereby producing 20 a PoW, and sends back (a message containing) the solution 22 (the PoW) to the server terminal 16.
  • the client terminal may also send back other information (described hereinafter) produced when solving the PoW test.
  • the server terminal 16 verifies that the PoW received from the client terminal 12 is valid, i.e. that the PoW actually solves the PoW test. Finally, the server terminal 16 grants or denies 24 the client terminal 12 access to the service depending on the outcome of the
  • Fig. 2 shows another access-control method 26.
  • a client terminal 28 attempts to have access to a service.
  • the client terminal 28 generates 30 a self- imposed PoW test compliant with a PoW protocol implemented by the client terminal 28 and the server terminal 32 (which controls access to the desired service).
  • the client terminal 28 solves 34 the PoW test and transmits a message 36 containing the PoW test and the corresponding PoW to the server terminal 32 for verification.
  • the client terminal 28 may also send other information produced when solving the PoW test.
  • the server terminal 32 verifies if the self-imposed PoW test complies with the PoW protocol and if the received PoW is a valid solution of the PoW test. Finally, the server terminal 32 grants or denies 38 the client terminal 28 access to the requested service depending on the verifications of the PoW test and the PoW.
  • an asymmetric proof-of-work system is defined using a function, hereinafter denoted VerifCore(i,x), where i is an input parameter and x is an a priori unknown value.
  • the aim for the users is, given i, to recover a value x such that VerifCore(i,x) is in some subset (hereinafter denoted subset "Y") of the range of the function VerifCore.
  • Users can be privileged, in which case they know a secret shortcut, hereinafter denoted "k”. Otherwise, they are common users. Common users may use a procedure Long(i), which allows them to find a suitable x. Privileged users can use a special procedure Short(kj), which allows them to find a suitable x with, on average, less computational effort, i.e., Short(kj) has less computational complexity than Long(i), which is typically a brute-force search.
  • the function VerifCore and Y generically define a class of puzzles.
  • the parameter i defines a puzzle instance, i.e. a specific puzzle in this class.
  • a puzzle instance is also referred to as PoW test.
  • VerifCore is typically defined in the PoW protocol, i is typically generated ad hoc, i.e. at runtime.
  • the function lYoVerifCore(i,x) is the verification function and is denoted Verif(i,x) below.
  • VerifCore uses two cryptographic functions, the second of which is a trapdoor permutation.
  • the following definitions will be used: o R designates a trapdoor permutation operating on n bits. It could for example be based on RSA.
  • o k is the secret key that allows the inversion of R.
  • o R "1 is the functional inverse of R. It can only be evaluated by users who know k.
  • o F is a cryptographic function that operates on n bits. F could operate, for instance, as a random oracle or as a pseudo-random permutation.
  • o H is a hash function operating on n-bit strings and producing a C-bit output.
  • a candidate solution (or candidate PoW) x is composed of two parts xo and xi of length n-n s and n-C, respectively, x may be written as the pair (xo, xi).
  • o S is the set of all possible candidate solutions x.
  • the set S is the set So x Si where So is the set of all bit strings of length n-ns and Si is the set of all bit strings of length n-C.
  • the concatenation of two strings yo and yi is denoted "yo
  • R is RSA encryption under public key Z, denoted RZ for brevity.
  • RZ public key Z
  • Generalisation to any other trapdoor permutation can be obtained by dropping the letter Z in the examples below.
  • Fig. 3 illustrates a first example of the function VerifCore.
  • VerifCore((s,t),(xo,xi)) is evaluated as follows: o F is applied to xo
  • o xi is XORed on n-C bits of F(xo
  • Exclusive OR (XOR) corresponds to bitwise modulo-2 addition, denoted with 0.
  • Procedure Short can use a time-memory trade-off using the fact that the secret shortcut key k is known.
  • a possible meet-in-the-middle search (see also Fig. 4) works as follows (s and t are given bit strings): 1.
  • the client terminal generates M random values xo (step S10) and stores them in a hash table indexed by the last C bits of F(xo
  • the client terminal then chooses a random value of X2 (bit string of length n- P) (step S14) and computes RZ "1 (X2
  • step S18 xi is identified with the first n- C bits of F(xo II s) 0 RZ "1 (x 2 1
  • X2 is returned as well.
  • xi is XORed with the first n-C bits of F(xo II s)
  • the meet-in-the-middle search could be done in the opposite direction.
  • the client terminal would generate M random values of X2, store them in a hash table indexed by the last C bits of RZ "1 (X2 II t) and then iterate a random choice of xi until a match for F(xo
  • Fig. 5 illustrates a second example of the function VerifCore. VerifCore((s,t),(xo,xi)) is evaluated as follows: o H (hash function with C-bit output) is applied to xo
  • s to yield C-bit value y H(xo II s).
  • Procedure Short can again be a meet-in-the-middle search working as follows (s and t are given bit strings):
  • the client terminal generates M random values xo and stores them in a hash table indexed by H(xo
  • step 3 Once a match has been identified in step 2, xi is identified with the first n-C bits of RZ ⁇ 1 (X2 1
  • X2 includes a certain signature in form of a bit pattern (e.g. a fixed number of bits equal to 0 at the beginning or end of X2) or a result of a cryptographic function, like a MAC tag (authentication tag).
  • a bit pattern e.g. a fixed number of bits equal to 0 at the beginning or end of X2
  • MAC tag authentication tag
  • Asymmetric proof-of-work systems have several advantages.
  • the puzzles solved by both classes of users are identical and the only distinction between the users is the ownership of the secret key. No database of all users is thus needed to make a difference between them.
  • the use of an asymmetric proof-of-work allows a decentralized discrimination of the users.
  • the difficulty of solving a puzzle depends on whether the secret key is known. In the above-described embodiments, Katchup and Katchup-H, the parameters P and C determining the complexity of the puzzles for privileged and common users are independent and can be adjusted separately.
  • P length of t determines the complexity for common users: if P is increased, the computation effort increases for common users; if the length of xi is increased (C is decreased), then the computational effort decreases for privileged users. It is thus possible, for instance, to define (on the level of the PoW protocol) the average computational effort a privileged user has to invest into the resolution of one puzzle without modifying puzzle complexity for common users. Moreover, if the PoW protocol so specifies, C and P could be tuned dynamically, e.g. be changed depending on the workload of the verification server and/or the server providing the requested service and/or other network parameters such as, for instance, the rate at which new PoWs are made available.
  • the verification of PoW is very easy for all users (both privileged and non-privileged) and the method used to perform this verification may be identical for checking the solutions found by both privileged users and common ones.
  • Fig. 6 schematically illustrates an embodiment of a communication method, wherein a client terminal is requested by a server terminal to provide a PoW.
  • the client terminal receives a PoW test (puzzle instance (s,t)).
  • the client terminal checks whether the secret key associated with the PoW test to be solved is known (step S26). If it is the case, the client terminal applies a privileged-user strategy comprising a meet-in-the-middle search (step S28). In the opposite case, the client terminal solves the PoW test using a common-user strategy which may comprise or consist of a brute-force search of a PoW (step S30).
  • a PoW associated with the PoW test has been found, it is returned and transmitted to the server terminal for verification (step S32).
  • the communication method described herein could be used in the technical infrastructure underlying a cryptocurrency in order to prevent a so-called 51 % attack.
  • a supervising authority could control the privileged-user rights, i.e. be in the possession of the secret key.
  • the supervising authority could prevent that from actually happening, using only a fraction of the computational resources necessary for common users. The sheer possibility of regulatory intervention by the supervising authority would make it unattractive to attempt an attack of that kind.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

L'invention concerne un procédé de communication, comprenant la réception ou la génération, par un premier terminal de communication, d'un test de preuve de travail, le test de preuve de travail étant conforme à un protocole de preuve de travail convenu dans un réseau comprenant, au moins, le premier terminal de communication et un second terminal de communication. Le procédé comprend en outre la production d'une preuve de travail associée au test de preuve de travail en résolvant le test de preuve de travail selon une stratégie d'utilisateur privilégié. La stratégie d'utilisateur privilégié comprend une recherche de rencontre dans le milieu à l'aide d'une clé secrète associée au test de preuve de travail. De plus, le procédé comprend la transmission, la diffusion ou la multidiffusion de la preuve de travail produite sur le réseau pour la vérification de la preuve de travail produite par le second terminal de communication.
PCT/EP2018/056560 2017-03-20 2018-03-15 Communication électronique et procédé de commande d'accès WO2018172185A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
LULU100142 2017-03-20
LU100142A LU100142B1 (en) 2017-03-20 2017-03-20 Electronic communication and access-control method

Publications (1)

Publication Number Publication Date
WO2018172185A1 true WO2018172185A1 (fr) 2018-09-27

Family

ID=59067838

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2018/056560 WO2018172185A1 (fr) 2017-03-20 2018-03-15 Communication électronique et procédé de commande d'accès

Country Status (2)

Country Link
LU (1) LU100142B1 (fr)
WO (1) WO2018172185A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4060933A1 (fr) * 2021-03-16 2022-09-21 Basf Se Procédé de preuve de travail
EP4187841A1 (fr) * 2021-11-26 2023-05-31 Basf Se Preuve de travail via l'impression et la numérisation d'images rvb dérivées de valeurs de hachage
EP4221067A1 (fr) * 2022-01-31 2023-08-02 Basf Se Preuve de travail numérique et physique sécurisée par l'informatique quantique

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7149801B2 (en) 2002-11-08 2006-12-12 Microsoft Corporation Memory bound functions for spam deterrence and the like
US20100031315A1 (en) 2003-08-26 2010-02-04 Wu-Chang Feng Systems and methods for protecting against denial of service attacks

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7149801B2 (en) 2002-11-08 2006-12-12 Microsoft Corporation Memory bound functions for spam deterrence and the like
US20100031315A1 (en) 2003-08-26 2010-02-04 Wu-Chang Feng Systems and methods for protecting against denial of service attacks

Non-Patent Citations (12)

* Cited by examiner, † Cited by third party
Title
A. BACK: "Hashcash - a denial of service counter-measure", FIRST ANNOUNCED IN MARCH 1997, 2002
A. BIRYUKOV; D. DINU; D. KHOVRATOVICH: "Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications", EUROS&P, 2016, pages 292 - 302, XP032899536, DOI: doi:10.1109/EuroSP.2016.31
A. BIRYUKOV; D. KHOVRATOVICH: "Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem", NDSS, 2016
ALEX BIRYUKOV ET AL: "Egalitarian computing", ARXIV.ORG, CORNELL UNIVERSITY LIBRARY, 201 OLIN LIBRARY CORNELL UNIVERSITY ITHACA, NY 14853, 11 June 2016 (2016-06-11), XP080707375 *
ALEX BIRYUKOV ET AL: "Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem (Full version)", 21 February 2016 (2016-02-21), XP055419026, Retrieved from the Internet <URL:http://orbilu.uni.lu/bitstream/10993/22277/2/946.pdf> [retrieved on 20171025] *
BIRYUKOV ALEX ET AL: "Argon2: New Generation of Memory-Hard Functions for Password Hashing and Other Applications", 2016 IEEE EUROPEAN SYMPOSIUM ON SECURITY AND PRIVACY (EUROS&P), IEEE, 21 March 2016 (2016-03-21), pages 292 - 302, XP032899536, ISBN: 978-1-5090-1751-5, [retrieved on 20160509], DOI: 10.1109/EUROSP.2016.31 *
C. DWORK C.; M. NAOR: "Advances in Cryptology — CRYPTO' 92. CRYPTO 1992. Lecture Notes in Computer Science", vol. 740, 1993, SPRINGER, article "Pricing via Processing or Combatting Junk Mail"
C. DWORK; A. GOLDBERG; M. NAOR: "CRYPTO'03 (2003), vol. 2729 of Lecture Notes in Computer Science", vol. 2729, 2003, SPRINGER, article "On Memory-Bound Functions for Fighting Spam", pages: 426 - 444
C. PERCIVAL, STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS, Retrieved from the Internet <URL:http://www.tarsnap.com/scrypt/scrypt.pdf>
M. JAKOBSSON; A. JUELS: "Communications and Multimedia Security", 1999, KLUWER ACADEMIC PUBLISHERS, article "Proofs of Work and Bread Pudding Protocols", pages: 258 - 272
RIVEST R L ET AL: "Time lock puzzles and timed release Crypto", INTERNET CITATION, 10 March 1996 (1996-03-10), XP002327209, Retrieved from the Internet <URL:http://theory.lcs.mit.edu/ rivest/RivestShamirWagner-timelock.pdf> [retrieved on 20050504] *
S. NAKAMOTO, BITCOIN: A PEER-TO-PEER ELECTRONIC CASH SYSTEM, 2008

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP4060933A1 (fr) * 2021-03-16 2022-09-21 Basf Se Procédé de preuve de travail
WO2022194850A1 (fr) 2021-03-16 2022-09-22 Basf Se Exploitation minière écologique à l'aide d'au moins un dispositif d'impression pour preuve de travail
EP4187841A1 (fr) * 2021-11-26 2023-05-31 Basf Se Preuve de travail via l'impression et la numérisation d'images rvb dérivées de valeurs de hachage
WO2023094341A1 (fr) * 2021-11-26 2023-06-01 Basf Se Preuve de travail par l'intermédiaire d'une impression et d'un balayage d'images rvb dérivées de valeurs de hachage
EP4221067A1 (fr) * 2022-01-31 2023-08-02 Basf Se Preuve de travail numérique et physique sécurisée par l'informatique quantique
WO2023144360A1 (fr) * 2022-01-31 2023-08-03 Basf Se Preuve de travail numérique et physique sécurisée par informatique quantique

Also Published As

Publication number Publication date
LU100142B1 (en) 2018-10-01

Similar Documents

Publication Publication Date Title
CN112106322B (zh) 基于密码的阈值令牌生成
US11985225B2 (en) Computer-implemented systems and methods for using veiled values in blockchain
EP3130104B1 (fr) Système et procédé pour des signatures de données séquentielles
KR100571820B1 (ko) 신원 정보를 기반으로 하는 암호 시스템에서의 컨퍼런스세션 키 분배 방법
Katz et al. Efficient and secure authenticated key exchange using weak passwords
JP2003536320A (ja) 複数のサーバを使用した遠隔パスワード認証のためのシステム、方法およびソフトウェア
JP2008545353A (ja) 未知の通信当事者間における信頼できる関係の確立
US20120087495A1 (en) Method for generating an encryption/decryption key
Pacher et al. Attacks on quantum key distribution protocols that employ non-ITS authentication
JP6041864B2 (ja) データの暗号化のための方法、コンピュータ・プログラム、および装置
Chen et al. Security notions and generic constructions for client puzzles
MacKenzie et al. Delegation of cryptographic servers for capture-resilient devices
WO2018172185A1 (fr) Communication électronique et procédé de commande d&#39;accès
Puthuparambil et al. Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks
Tiwari et al. ACDAS: Authenticated controlled data access and sharing scheme for cloud storage
Huszti et al. A simple authentication scheme for clouds
Verbücheln How perfect offline wallets can still leak bitcoin private keys
Worku et al. Cloud data auditing with designated verifier
Babu et al. Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks
Bemmann et al. Subversion-resilient authenticated encryption without random oracles
Harkins Secure pre-shared key (PSK) authentication for the internet key exchange protocol (IKE)
Kelsey et al. TMPS: ticket-mediated password strengthening
Ordi et al. A novel wlan client puzzle against dos attack based on pattern matching
CN113536355B (en) Session key generation method and device
Nair et al. Multi-Factor Credential Hashing for Asymmetric Brute-Force Attack Resistance

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18709646

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18709646

Country of ref document: EP

Kind code of ref document: A1