In this paper, we analyze the security of subset-resilient hash function families, which is first proposed as a requirement of a hash-based signature scheme called HORS. Let $${\mathcal {H}}$$ H be a family of functions mapping an element to a subset of size at most k. (r, k)-subset resilience guarantees that given a random function H from $${\mathcal {H}}$$ H , it is hard to find an $$(r+1)$$ ( r + 1 ) -tuple $$(x,x_1,\ldots ,x_r)$$ ( x , x 1 , … , x r ) such that (1) H(x) is covered by the union of $$H(x_i)$$ H ( x i ) and (2) x is not equal to any $$x_i$$ x i . Subset resilience and its variants are related to nearly all existing stateless hash-based signature schemes, but the power of this security notion is lacking in research. We present three results on subset resilience. First, we show a generic quantum attack against subset resilience, whose time complexity is smaller than simply implementing Grover’s search. Second, we show that subset-resilient hash function families imply the existence of distributional collision-resistant hash function families. Informally, distributional collision resistance is a relaxation of collision resistance, which guarantees that it is hard to find a uniform collision for a hash function. This result implies a comparison among the power of subset resilience, collision resistance, and distributional collision resistance. Third, we prove the fully black-box separation from one-way permutations.
No abstract
Bitcoin, which was initially introduced by Nakamoto, is the most disruptive and impactive cryptocurrency. The core Bitcoin technology is the so-called blockchain protocol. In recent years, several studies have focused on rigorous analyses of the security of Nakamoto's blockchain protocol in an asynchronous network where network delay must be considered. Wei, Yuan, and Zheng investigated the effect of a long delay attack against Nakamoto's blockchain protocol. However, their proof only holds in the honest miner setting. In this study, we improve Wei, Yuan and Zheng's result using a stronger model where the adversary can perform long delay attacks and corrupt a certain fraction of the miners. We propose a method to analyze the converge event and demonstrate that the properties of chain growth, common prefix, and chain quality still hold with reasonable parameters in our stronger model.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.