Abstract

Abstract: Many security protocols can be strengthened by a public randomness beacon: a source of randomness which can be sampled by anybody after time t, but is strongly unpredictable to anybody prior to time t. Applications include public lotteries, election auditing, and multiple cryptographic protocols such as cut-and-choose or fair contract signing. Until recently, all proposals for instantiating a beacon either rely on a trusted third party (such as the NIST beacon or random.org) or have difficult-to-evaluate security properties (such as hashing stock market data). In this talk we introduce a new construction for building a beacon based on Bitcoin’s block chain. This beacon outputs 64 bits of min-entropy every 10 minutes on average and we can prove strong financial lower bounds on the cost of manipulating the output which are at least in the tens of thousands of dollars. We discuss constructions for building a manipulation-resistant lottery, a new security construction, on top of this primitive which can make attacks even more expensive. Finally, we discuss a number of interesting smart contracts that can be efficiently implemented by extending Bitcoin script to enable sampling the beacon output, including secure multi-party lotteries and self-enforcing non-interactive cut and choose.

Bio: Joseph Bonneau is a Postdoctoral Research Fellow at the Center for Information Technology Policy, Princeton. His research interests include passwords and web authentication, Bitcoin and cryptocurrencies, HTTPS , and secure messaging software. He received a PhD from the University of Cambridge under the supervision of Ross Anderson and an MS from Stanford under the supervision of Dan Boneh. He has worked at Google, Yahoo, and Cryptography Research Inc.