DOCSLIB.ORG

Evaluating Memory-Hard Proof-Of-Work Algorithms on Three Processors

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Evaluating Memory-Hard Proof-of-Work Algorithms on Three Processors Zonghao Feng Qiong Luo Hong Kong University of Science and Hong Kong University of Science and Technology Technology Kowloon, Hong Kong Kowloon, Hong Kong [email protected] [email protected] ABSTRACT Recently, database researchers have started analyzing pri- Most public blockchain systems, exemplified by cryptocur- vate blockchains [20], scaling up blockchains [19], and devel- rencies such as Ethereum and Monero, use memory-hard oping blockchain-based storage engines [43], databases [23, proof-of-work (PoW) algorithms in consensus protocols to 35], cloud data management [33], and data provenance [39]. maintain fair participation without a trusted third party. In this paper, we study the performance of several represen- The memory hardness, or the amount of memory access, tative memory-hard proof-of-work (PoW) algorithms, which of these PoW algorithms is to prevent the dominance of are key components in leading cryptocurrency systems. custom-made hardware of massive computation units, in Cryptocurrencies are public blockchain systems, where particular, application-specific integrated circuit (ASIC) and distributed participants do not fully trust each other but field-programmable gate array (FPGA) machines, in the sys- must reach consensus for their data blocks (transactions) tem. However, it is unclear how effective these algorithms to be appended to the blockchain. PoW algorithms [22] are are on general-purpose processors. used to reach such consensus. The core idea is that a service In this paper, we study the performance of representa- requestor must prove to a service provider that the requestor tive memory-hard PoW algorithms on the CPU, the Graph- has spent a certain amount of computational effort, and that ics Processing Unit (GPU), and the Intel Knights Landing the provider can verify this effort in a short time. (KNL) processors. We first optimize each algorithm for indi- Because the success of appending data blocks to the chain vidual processors, and then measure their performance with depends on the speed of executing PoW algorithms, cryp- number of threads and memory size varied. Our experimen- tocurrency participants, or called miners, utilize powerful tal results show that (1) the GPU dominates the CPU and computers for this purpose. These computers include not the KNL processors on each algorithm, (2) all algorithms only general-purpose CPUs and GPUs, but also application- scale well with number of threads on the CPU and KNL, specific integrated circuit (ASIC) and field-programmable and (3) the size of accessed memory area affects each al- gate array (FPGA) machines. Such imbalance in comput- gorithm differently. Based on these results, we recommend ing power between participants challenges the democratiza- CryptoNight with scratchpads of different sizes as the most tion of the system, and may create opportunities for security egalitarian PoW algorithm. threats. To prevent the dominance of powerful computers, in par- PVLDB Reference Format: ticular, ASICs and FPGAs, recent cryptocurrencies adopt Zonghao Feng and Qiong Luo. Evaluating Memory-Hard Proof- memory-hard PoW algorithms, which require a large amount of-Work Algorithms on Three Processors. PVLDB, 13(6): 898- of memory access. The goal is to have a similar PoW perfor- 911, 2020. mance on various processors. These PoW algorithms effec- DOI: https://doi.org/10.14778/3380750.3380759 tively discourage the use of ASICs and FPGAs because their memory performance is limited and will be costly to boost. 1. INTRODUCTION However, it is unclear how effective these memory-hard PoW algorithms achieve the democratization purpose on general- Blockchain technologies have been under rapid develop- purpose computers, as CPUs and GPUs differ considerably ment, and a major application is cryptocurrencies, such as on processor architectures as well as memory performance. Bitcoin [34], Ethereum [44], and Monero [42]. Promising ap- Therefore, we study the performance of memory-hard PoW plications have also been demonstrated in healthcare [21], algorithms on three types of general-purpose processors - supply chain [36], financial services [46], and other areas. the CPU, the GPU, and the Intel Xeon Phi Knights Land- ing (KNL) processors. We select three representative memory-hard PoW algo- This work is licensed under the Creative Commons Attribution- rithms for our study. The first algorithm under study is NonCommercial-NoDerivatives 4.0 International License. To view a copy CryptoNight [18], which is one of the most popular memory- of this license, visit http://creativecommons.org/licenses/by-nc-nd/4.0/. For hard PoW algorithms, designed by the CryptoNote founda- any use beyond those covered by this license, obtain permission by emailing [email protected]. Copyright is held by the owner/author(s). Publication rights tion. Its performance is bound by memory latency because licensed to the VLDB Endowment. the algorithm performs a sequence of random memory ac- Proceedings of the VLDB Endowment, Vol. 13, No. 6 cesses mixed with reads and writes in a 2MB scratchpad ISSN 2150-8097. in the memory. The second algorithm we study is Ethash DOI: https://doi.org/10.14778/3380750.3380759 898 [24], which is another notable memory-hard PoW algorithm, asset database that is shared among multiple sites. In this used by Ethereum [44]. It works by fetching data from a database, transactions are recorded in a chain of blocks con- randomly generated dataset, specifically a directed acyclic nected by hash pointers, as shown in Figure 1. This chain graph (DAG) in memory, which is typically several gigabytes of blocks is called the blockchain, and the first block of the in size. The third algorithm under study is Cuckoo Cycle blockchain is called the genesis block. Except the genesis [41]. It finds cycles in a randomly generated bipartite graph block, each block contains the hash value of the previous by visiting all edges and marking vertices whose degrees are block. Thus, the content of each block cannot be modified, less than or equal to one. The bipartite graph takes several given that the hash function is secure. Nodes (participants) gigabytes of memory, the accesses to the graph are sequen- can freely join or leave the Bitcoin network, and every node tial reads, and those to the mark arrays are random reads can verify the validity of past transactions. This way, every and writes. node can be the validator. To save storage space and reduce In this paper, we study memory-hard PoW algorithms verification time, the Merkle tree (a binary hash tree) is used on general-purpose processors, because these techniques are to store the transactions. not only essential for public blockchains, but also relevant to in-memory data-intensive operations. However, few stud- Block ies have been performed to compare the performance of a Block Header Block Header memory-hard PoW algorithm between general-purpose pro- Previous Hash Previous Hash cessors or analyze the performance characteristics of these algorithms. To the best of our knowledge, this study is the Timestamp Difficulty Nonce Timestamp Difficulty Nonce first to fill the gap. Merkle Root Merkle Root Specifically, we first take the open-source versions of the memory-hard PoW algorithms, and implement and optimize Hash01 Hash23 them on the CPUs, the GPUs, and the KNL. We then evalu- ate the overall performance of these optimized implementa- Hash0 Hash1 Hash2 Hash3 tions in their default parameter settings. Next, we vary the number of threads and the size of accessed memory area to Tx0 Tx1 Tx2 Tx3 examine the scalability and memory performance character- istics. Finally, we analyze the results on processor profiling, memory throughput, and power consumption. Figure 1: The Bitcoin blockchain Our contributions can be summarized as follows: • We evaluate the overall performance of each optimized Blockchain systems can be categorized into two types - algorithm on seven processors (two CPUs, one KNL, public or private. Public blockchains or permissionless block- and four GPUs). chains keep the decentralization feature, i.e., nodes are un- trusted and can freely join or leave the network. In contrast, • We identify the performance factors of each algorithm in private blockchains or permissioned blockchains, the iden- and examine their effect. tities of participants are known, the data might be private, and trusted third parties may act as transaction validators. • We collect and analyze various hardware profiling re- Due to propagation delays or malicious attacks, nodes sults, such as cache hit rate, memory throughput, and may have different views of the blockchain, called forks. The power consumption. forks may result in double spending problems, i.e., an asset is spent in two distinct transactions. To resolve this issue, con- • We provide suggestions for selecting PoW algorithms sensus protocols must be developed. For example, Bitcoin's in blockchains and designing egalitarian PoW algo- consensus protocol is that only the longest chain among the rithms based on our experiment results. forks is accepted as the finalized transactions, because the The remainder of this paper is organized as follows. We longest chain is likely to be the work of honest nodes. The first introduce the background on blockchain, PoW algo- assumption is that honest nodes in the blockchain system rithms, and computer processors in Section 2. Then we possess more than half of the computation power, so that describe details of the memory-hard PoW algorithms under these honest nodes can always produce the longest chain. study in Section 3. The implementations and optimizations Finally, forks are not always undesirable. Some consensus of each algorithm on different processors are presented in protocols accept forks and turn the blockchain into a tree or Section 4, and the experimental results along with our anal- graph, in order to improve the performance [32]. ysis and findings are shown in Section 5. Finally, we discuss 2.2 Proof-of-Work Algorithms related work in Section 6 and conclude in Section 7.
Recommended publications
  • A Quantitative Study of Advanced Encryption Standard Performance

    A Quantitative Study of Advanced Encryption Standard Performance

    United States Military Academy USMA Digital Commons West Point ETD 12-2018 A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility Daniel Hawthorne United States Military Academy, [email protected] Follow this and additional works at: https://digitalcommons.usmalibrary.org/faculty_etd Part of the Information Security Commons Recommended Citation Hawthorne, Daniel, "A Quantitative Study of Advanced Encryption Standard Performance as it Relates to Cryptographic Attack Feasibility" (2018). West Point ETD. 9. https://digitalcommons.usmalibrary.org/faculty_etd/9 This Doctoral Dissertation is brought to you for free and open access by USMA Digital Commons. It has been accepted for inclusion in West Point ETD by an authorized administrator of USMA Digital Commons. For more information, please contact [email protected]. A QUANTITATIVE STUDY OF ADVANCED ENCRYPTION STANDARD PERFORMANCE AS IT RELATES TO CRYPTOGRAPHIC ATTACK FEASIBILITY A Dissertation Presented in Partial Fulfillment of the Requirements for the Degree of Doctor of Computer Science By Daniel Stephen Hawthorne Colorado Technical University December, 2018 Committee Dr. Richard Livingood, Ph.D., Chair Dr. Kelly Hughes, DCS, Committee Member Dr. James O. Webb, Ph.D., Committee Member December 17, 2018 © Daniel Stephen Hawthorne, 2018 1 Abstract The advanced encryption standard (AES) is the premier symmetric key cryptosystem in use today. Given its prevalence, the security provided by AES is of utmost importance. Technology is advancing at an incredible rate, in both capability and popularity, much faster than its rate of advancement in the late 1990s when AES was selected as the replacement standard for DES. Although the literature surrounding AES is robust, most studies fall into either theoretical or practical yet infeasible.
  • Characterizing Ethereum's Mining Power Decentralization at a Deeper

    Characterizing Ethereum's Mining Power Decentralization at a Deeper

    Characterizing Ethereum’s Mining Power Decentralization at a Deeper Level Liyi Zeng∗§, Yang Chen†§, Shuo Chen†, Xian Zhang†, Zhongxin Guo†, Wei Xu∗, Thomas Moscibroda‡ ∗Institute for Interdisciplinary Information Sciences, Tsinghua University †Microsoft Research ‡Microsoft Azure §Contacts: [email protected], [email protected] Abstract—For proof-of-work blockchains such as Ethereum, than 50% of the total power has grown from several the mining power decentralization is an important discussion hundred to several thousand. Overall, the power is more point in the community. Previous studies mostly focus on the decentralized at the participant level than 4 years ago. aggregated power of the mining pools, neglecting the pool participants who are the source of the pools’ power. In this paper, However, we also find that this number varied signif- we present the first large-scale study of the pool participants icantly over time, which means it requires continuous in Ethereum’s mining pools. Pool participants are not directly tracking. Additionally, as our current data and method- observable because they communicate with their pools via private ology cannot de-anonymize the participants, it’s possible channels. However, they leave “footprints” on chain as they that some participants split themselves into many smaller use Ethereum accounts to anonymously receive rewards from mining pools. For this study, we combine several data sources ones for various reasons, which could make our estima- to identify 62,358,646 pool reward transactions sent by 47 tion inaccurate if not completely off the target. Further pools to their participants over Ethereum’s entire near 5-year study to improve the estimation accuracy is important.
  • Crypto Research Report ‒ April 2019 Edition

    Crypto Research Report ‒ April 2019 Edition

    April 2019 Edition VI. “When the Tide Goes Out…” Investments: Gold and Bitcoin, Stronger Together Technical Analysis: Spring Awakening? Cryptocurrency Mining in Theory and Practice Demelza Kelso Hays Mark J. Valek We would like to express our profound gratitude to our premium partners for supporting the Crypto Research Report: www.cryptofunds.li Contents Editorial ............................................................................................................................................... 4 In Case You Were Sleeping: When the Tide Goes Out…............................................................... 5 Back to the Roots ............................................................................................................................................. 6 How Long Will This Bear Market Last .............................................................................................................. 7 A Tragic Story Traverses the World ................................................................................................................. 9 When the tide goes out… ............................................................................................................................... 10 A State Cryptocurrency? ................................................................................................................................ 12 Support is Increasing ..................................................................................................................................... 14
  • Pwc I 2Nd Global Crypto M&A and Fundraising Report

    Pwc I 2Nd Global Crypto M&A and Fundraising Report

    2nd Global Crypto M&A and Fundraising Report April 2020 2 PwC I 2nd Global Crypto M&A and Fundraising Report Dear Clients and Friends, We are proud to launch the 2nd edition of our Global Crypto M&A and Fundraising Report. We hope that the market colour and insights from this report will be useful data points. We will continue to publish this report twice a year to enable you to monitor the ongoing trends in the crypto ecosystem. PwC has put together a “one stop shop” offering, focused on crypto services across our various lines of services in over 25 jurisdictions, including the most active crypto jurisdictions. Our goal is to service your needs in the best possible way leveraging the PwC network and allowing you to make your project a success. Our crypto clients include crypto exchanges, crypto investors, crypto asset managers, ICOs/IEOs/STOs/stable and asset backed tokens, traditional financial institutions entering the crypto space as well as governments, central banks, regulators and other policy makers looking at the crypto ecosystem. As part of our “one stop shop” offering, we provide an entire range of services to the crypto ecosystem including strategy, legal, regulatory, accounting, tax, governance, risk assurance, audit, cybersecurity, M&A advisory as well as capital raising. More details are available on our global crypto page as well as at the back of this report. 2nd Global Crypto M&A and Fundraising Report April 2020 PwC 2 3 PwC I 2nd Global Crypto M&A and Fundraising Report 5 Key takeaways when comparing 2018 vs 2019 There
  • Asymmetric Proof-Of-Work Based on the Generalized Birthday Problem

    Asymmetric Proof-Of-Work Based on the Generalized Birthday Problem

    Equihash: Asymmetric Proof-of-Work Based on the Generalized Birthday Problem Alex Biryukov Dmitry Khovratovich University of Luxembourg University of Luxembourg [email protected] [email protected] Abstract—The proof-of-work is a central concept in modern Long before the rise of Bitcoin it was realized [20] that cryptocurrencies and denial-of-service protection tools, but the the dedicated hardware can produce a proof-of-work much requirement for fast verification so far made it an easy prey for faster and cheaper than a regular desktop or laptop. Thus the GPU-, ASIC-, and botnet-equipped users. The attempts to rely on users equipped with such hardware have an advantage over memory-intensive computations in order to remedy the disparity others, which eventually led the Bitcoin mining to concentrate between architectures have resulted in slow or broken schemes. in a few hardware farms of enormous size and high electricity In this paper we solve this open problem and show how to consumption. An advantage of the same order of magnitude construct an asymmetric proof-of-work (PoW) based on a compu- is given to “owners” of large botnets, which nowadays often tationally hard problem, which requires a lot of memory to gen- accommodate hundreds of thousands of machines. For prac- erate a proof (called ”memory-hardness” feature) but is instant tical DoS protection, this means that the early TLS puzzle to verify. Our primary proposal Equihash is a PoW based on the schemes [8], [17] are no longer effective against the most generalized birthday problem and enhanced Wagner’s algorithm powerful adversaries.
  • Zcash Protocol Speci Cation

    Zcash Protocol Speci Cation

    Zcash Protocol Specication Version 2018.0-beta-14 Daira Hopwood† Sean Bowe† — Taylor Hornby† — Nathan Wilcox† March 11, 2018 Abstract. Zcash is an implementation of the Decentralized Anonymous Payment scheme Zerocash, with security xes and adjustments to terminology, functionality and performance. It bridges the exist- ing transparent payment scheme used by Bitcoin with a shielded payment scheme secured by zero- knowledge succinct non-interactive arguments of knowledge (zk-SNARKs). It attempts to address the problem of mining centralization by use of the Equihash memory-hard proof-of-work algorithm. This specication denes the Zcash consensus protocol and explains its differences from Zerocash and Bitcoin. Keywords: anonymity, applications, cryptographic protocols, electronic commerce and payment, nancial privacy, proof of work, zero knowledge. Contents 1 1 Introduction 5 1.1 Caution . .5 1.2 High-level Overview . .5 2 Notation 7 3 Concepts 8 3.1 Payment Addresses and Keys . .8 3.2 Notes...........................................................9 3.2.1 Note Plaintexts and Memo Fields . .9 3.3 The Block Chain . 10 3.4 Transactions and Treestates . 10 3.5 JoinSplit Transfers and Descriptions . 11 3.6 Note Commitment Trees . 11 3.7 Nullier Sets . 12 3.8 Block Subsidy and Founders’ Reward . 12 3.9 Coinbase Transactions . 12 † Zerocoin Electric Coin Company 1 4 Abstract Protocol 12 4.1 Abstract Cryptographic Schemes . 12 4.1.1 Hash Functions . 12 4.1.2 Pseudo Random Functions . 13 4.1.3 Authenticated One-Time Symmetric Encryption . 13 4.1.4 Key Agreement . 13 4.1.5 Key Derivation . 14 4.1.6 Signature . 15 4.1.6.1 Signature with Re-Randomizable Keys .
  • Piecework: Generalized Outsourcing Control for Proofs of Work

    Piecework: Generalized Outsourcing Control for Proofs of Work

    (Short Paper): PieceWork: Generalized Outsourcing Control for Proofs of Work Philip Daian1, Ittay Eyal1, Ari Juels2, and Emin G¨unSirer1 1 Department of Computer Science, Cornell University, [email protected],[email protected],[email protected] 2 Jacobs Technion-Cornell Institute, Cornell Tech [email protected] Abstract. Most prominent cryptocurrencies utilize proof of work (PoW) to secure their operation, yet PoW suffers from two key undesirable prop- erties. First, the work done is generally wasted, not useful for anything but the gleaned security of the cryptocurrency. Second, PoW is natu- rally outsourceable, leading to inegalitarian concentration of power in the hands of few so-called pools that command large portions of the system's computation power. We introduce a general approach to constructing PoW called PieceWork that tackles both issues. In essence, PieceWork allows for a configurable fraction of PoW computation to be outsourced to workers. Its controlled outsourcing allows for reusing the work towards additional goals such as spam prevention and DoS mitigation, thereby reducing PoW waste. Meanwhile, PieceWork can be tuned to prevent excessive outsourcing. Doing so causes pool operation to be significantly more costly than today. This disincentivizes aggregation of work in mining pools. 1 Introduction Distributed cryptocurrencies such as Bitcoin [18] rely on the equivalence \com- putation = money." To generate a batch of coins, clients in a distributed cryp- tocurrency system perform an operation called mining. Mining requires solving a computationally intensive problem involving repeated cryptographic hashing. Such problem and its solution is called a Proof of Work (PoW) [11]. As currently designed, nearly all PoWs suffer from one of two drawbacks (or both, as in Bitcoin).
  • Short Selling Attack: a Self-Destructive but Profitable 51% Attack on Pos Blockchains

    Short Selling Attack: a Self-Destructive but Profitable 51% Attack on Pos Blockchains

    Short Selling Attack: A Self-Destructive But Profitable 51% Attack On PoS Blockchains Suhyeon Lee and Seungjoo Kim CIST (Center for Information Security Technologies), Korea University, Korea Abstract—There have been several 51% attacks on Proof-of- With a PoS, the attacker needs to obtain 51% of the Work (PoW) blockchains recently, including Verge and Game- cryptocurrency to carry out a 51% attack. But unlike PoW, Credits, but the most noteworthy has been the attack that saw attacker in a PoS system is highly discouraged from launching hackers make off with up to $18 million after a successful double spend was executed on the Bitcoin Gold network. For this reason, 51% attack because he would have to risk of depreciation the Proof-of-Stake (PoS) algorithm, which already has advantages of his entire stake amount to do so. In comparison, bad of energy efficiency and throughput, is attracting attention as an actor in a PoW system will not lose their expensive alternative to the PoW algorithm. With a PoS, the attacker needs mining equipment if he launch a 51% attack. Moreover, to obtain 51% of the cryptocurrency to carry out a 51% attack. even if a 51% attack succeeds, the value of PoS-based But unlike PoW, attacker in a PoS system is highly discouraged from launching 51% attack because he would have to risk losing cryptocurrency will fall, and the attacker with the most stake his entire stake amount to do so. Moreover, even if a 51% attack will eventually lose the most. For these reasons, those who succeeds, the value of PoS-based cryptocurrency will fall, and attempt to attack 51% of the PoS blockchain will not be the attacker with the most stake will eventually lose the most.
  • The Economic Limits of Bitcoin and the Blockchain∗†

    The Economic Limits of Bitcoin and the Blockchain∗†

    The Economic Limits of Bitcoin and the Blockchain∗† Eric Budish‡ June 5, 2018 Abstract The amount of computational power devoted to anonymous, decentralized blockchains such as Bitcoin’s must simultaneously satisfy two conditions in equilibrium: (1) a zero-profit condition among miners, who engage in a rent-seeking competition for the prize associated with adding the next block to the chain; and (2) an incentive compatibility condition on the system’s vulnerability to a “majority attack”, namely that the computational costs of such an attack must exceed the benefits. Together, these two equations imply that (3) the recurring, “flow”, payments to miners for running the blockchain must be large relative to the one-off, “stock”, benefits of attacking it. This is very expensive! The constraint is softer (i.e., stock versus stock) if both (i) the mining technology used to run the blockchain is both scarce and non-repurposable, and (ii) any majority attack is a “sabotage” in that it causes a collapse in the economic value of the blockchain; however, reliance on non-repurposable technology for security and vulnerability to sabotage each raise their own concerns, and point to specific collapse scenarios. In particular, the model suggests that Bitcoin would be majority attacked if it became sufficiently economically important — e.g., if it became a “store of value” akin to gold — which suggests that there are intrinsic economic limits to how economically important it can become in the first place. ∗Project start date: Feb 18, 2018. First public draft: May 3, 2018. For the record, the first large-stakes majority attack of a well-known cryptocurrency, the $18M attack on Bitcoin Gold, occurred a few weeks later in mid-May 2018 (Wilmoth, 2018; Wong, 2018).
  • On Security and Privacy for Networked Information Society

    On Security and Privacy for Networked Information Society

    Antti Hakkala On Security and Privacy for Networked Information Society Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes Turku Centre for Computer Science TUCS Dissertations No 225, November 2017 ON SECURITY AND PRIVACY FOR NETWORKED INFORMATIONSOCIETY Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes antti hakkala To be presented, with the permission of the Faculty of Mathematics and Natural Sciences of the University of Turku, for public criticism in Auditorium XXII on November 18th, 2017, at 12 noon. University of Turku Department of Future Technologies FI-20014 Turun yliopisto 2017 supervisors Adjunct professor Seppo Virtanen, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland Professor Jouni Isoaho, D. Sc. (Tech.) Department of Future Technologies University of Turku Turku, Finland reviewers Professor Tuomas Aura Department of Computer Science Aalto University Espoo, Finland Professor Olaf Maennel Department of Computer Science Tallinn University of Technology Tallinn, Estonia opponent Professor Jarno Limnéll Department of Communications and Networking Aalto University Espoo, Finland The originality of this thesis has been checked in accordance with the University of Turku quality assurance system using the Turnitin OriginalityCheck service ISBN 978-952-12-3607-5 (Online) ISSN 1239-1883 To my wife Maria, I am forever grateful for everything. Thank you. ABSTRACT Our society has developed into a networked information soci- ety, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet ar- guably the most important piece of critical infrastructure in the world.
  • Coinbase Explores Crypto ETF (9/6) Coinbase Spoke to Asset Manager Blackrock About Creating a Crypto ETF, Business Insider Reports

    Coinbase Explores Crypto ETF (9/6) Coinbase Spoke to Asset Manager Blackrock About Creating a Crypto ETF, Business Insider Reports

    Crypto Week in Review (9/1-9/7) Goldman Sachs CFO Denies Crypto Strategy Shift (9/6) GS CFO Marty Chavez addressed claims from an unsubstantiated report earlier this week that the firm may be delaying previous plans to open a crypto trading desk, calling the report “fake news”. Coinbase Explores Crypto ETF (9/6) Coinbase spoke to asset manager BlackRock about creating a crypto ETF, Business Insider reports. While the current status of the discussions is unclear, BlackRock is said to have “no interest in being a crypto fund issuer,” and SEC approval in the near term remains uncertain. Looking ahead, the Wednesday confirmation of Trump nominee Elad Roisman has the potential to tip the scales towards a more favorable cryptoasset approach. Twitter CEO Comments on Blockchain (9/5) Twitter CEO Jack Dorsey, speaking in a congressional hearing, indicated that blockchain technology could prove useful for “distributed trust and distributed enforcement.” The platform, given its struggles with how best to address fraud, harassment, and other misuse, could be a prime testing ground for decentralized identity solutions. Ripio Facilitates Peer-to-Peer Loans (9/5) Ripio began to facilitate blockchain powered peer-to-peer loans, available to wallet users in Argentina, Mexico, and Brazil. The loans, which utilize the Ripple Credit Network (RCN) token, are funded in RCN and dispensed to users in fiat through a network of local partners. Since all details of the loan and payments are recorded on the Ethereum blockchain, the solution could contribute to wider access to credit for the unbanked. IBM’s Payment Protocol Out of Beta (9/4) Blockchain World Wire, a global blockchain based payments network by IBM, is out of beta, CoinDesk reports.
  • Efficient Hashing Using the AES Instruction

    Efficient Hashing Using the AES Instruction

    Efficient Hashing Using the AES Instruction Set Joppe W. Bos1, Onur Özen1, and Martijn Stam2 1 Laboratory for Cryptologic Algorithms, EPFL, Station 14, CH-1015 Lausanne, Switzerland {joppe.bos,onur.ozen}@epfl.ch 2 Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom [email protected] Abstract. In this work, we provide a software benchmark for a large range of 256-bit blockcipher-based hash functions. We instantiate the underlying blockci- pher with AES, which allows us to exploit the recent AES instruction set (AES- NI). Since AES itself only outputs 128 bits, we consider double-block-length constructions, as well as (single-block-length) constructions based on RIJNDAEL- 256. Although we primarily target architectures supporting AES-NI, our frame- work has much broader applications by estimating the performance of these hash functions on any (micro-)architecture given AES-benchmark results. As far as we are aware, this is the first comprehensive performance comparison of multi- block-length hash functions in software. 1 Introduction Historically, the most popular way of constructing a hash function is to iterate a com- pression function that itself is based on a blockcipher (this idea dates back to Ra- bin [49]). This approach has the practical advantage—especially on resource-constrained devices—that only a single primitive is needed to implement two functionalities (namely encrypting and hashing). Moreover, trust in the blockcipher can be conferred to the cor- responding hash function. The wisdom of blockcipher-based hashing is still valid today. Indeed, the current cryptographic hash function standard SHA-2 and some of the SHA- 3 candidates are, or can be regarded as, blockcipher-based designs.