Abstract
Time-lock puzzles, introduced by May, Rivest, Shamir and Wagner, is a mechanism for sending messages “to the future”. A sender can quickly generate a puzzle with a solution s that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors. While the notion of time-lock puzzles has been around for 22 years, there has only been a single candidate proposed. Fifteen years ago, Rivest, Shamir and Wagner suggested a beautiful candidate time-lock puzzle based on the assumption that exponentiation modulo an RSA integer is an “inherently sequential” computation.
In this talk, I will describe a new approach for constructing time-lock puzzles based on various flavors of randomized encodings, as well as a mild and necessary complexity assumption on the existence of languages that cannot be sped up by parallelism in the worst case. We give several instantiations based on different randomized encodings from the literature, where increasingly better efficiency is obtained based on increasingly stronger cryptographic assumptions, ranging from one-way functions to indistinguishability obfuscation.
Based on joint work with Shafi Goldwasser, Abhishek Jain, Omer Paneth, Vinod Vaikuntanathan, and Brent Waters