## No full-text available

To read the full-text of this research,

you can request a copy directly from the authors.

Generating a secure source of publicly-verifiable randomness could be the single most fundamental technical challenge on a distributed network, especially in the blockchain context. Many current proposals face serious problems of scalability and security issues. We present a protocol which can be implemented on a blockchain that ensures unpredictable, tamper-resistant, scalable and publicly-verifiable outcomes. The main building blocks of our protocol are homomorphic encryption (HE) and verifiable random functions (VRF). The use of homomorphic encryption enables mathematical operations to be performed on encrypted data, to ensure no one knows the outcome prior to being generated. The protocol requires O(n) elliptic curve multiplications and additions as well as O(n) signature signing and verification operations, which permits great scalability. We present a comparison between recent approaches to the generation of random beacons.

To read the full-text of this research,

you can request a copy directly from the authors.

... Some blockchain oracle networks, e.g., Chainlink 2 , combine an on-chain smart contract and off-chain server to generate random numbers [19] The smart contract listens to client requests and sends them to the server. Chainlink 's server employs a Verifiable Random Function in [7] to generate randomness. ...

... In [20], Nguyen et al. propose to use Homomorphic Encryption (HE) in their DRNG system as another way to achieve linear communication and computation cost. In their protocol described in [19], each participant generates a secret, encrypts it, and publishes the ciphertext. Then, all the ciphertexts are joined. ...

... The requester with a secret key can decrypt the joined ciphertext to receive the randomness. The communication cost of [19] is O(n), but it requires the requester to be honest. Suppose the requester gives his secret key to a colluding participant. ...

This paper introduces Orand, a fast, publicly verifiable, scalable decentralized random number generator designed for applications where public Proof-of-Randomness is essential. A reliable source of randomness is vital for various cryptographic applications and other applications such as decentralized gaming and blockchain proposals. Consequently, generating public randomness has attracted attention from the cryptography research community. However, attempts to generate public randomness still have limitations, such as inadequate security or high communication and computation costs. Orand is designed to generate public randomness in a distributed manner based on a suitable distributed verifiable random function. This approach allows Orand to enjoy low communication and computational costs. Moreover, Orand achieves the following security properties: pseudo-randomness, unbiasability, liveness, and public verifiability.

... This assumption that Byzantine processes will not omit during the commitment phase of the protocol is also an exploitable vulnerability in the synchronous protocol HydRand [26], although it can be modified to restart once there are missing contributions. Nguyen et al.'s proposal [22], also a synchronous protocol, assumes a Requester, a trusted entity generating FHE keys, which can be considered as a client using the system. ...

... In the case of Algorand, a failure happens when the set (of expected cardinality c) of nodes chosen to be proposers is empty. In the protocol by Nguyen et al. [22], this happens when all selected contributors are Byzantine. ...

... The protocol by Nguyen et al. [22] employs a summation on the secrets shared by the contributors, which results in linear computation complexity. ...

... Message signing takes place with the private key; for instance, Alice signs a message with her private key and sends both the message and the signature to Bob. Bob can verify two things using Alice's public key. First, the message signature originated from Alice (and not someone pretending to be Alice), and the message was not changed or tampered with in transit [31], [33]. ...

... For the B-Rand protocol, homomorphic encryption means that messages encrypted with the same public key can be summed to give the encrypted sum of the unencrypted messages. When decrypted, this sum yields the sum of unencrypted messages (1) [33]: ...

... The problem of producing publicly verifiable random numbers, also referred to as beacons or random beacons, has been studied in a range of applications [33]. Andrychowicz and Dziembowski [34] devised a protocol that uses the properties of cryptographic hash functions in PoW blockchain systems to produce an unpredictable public beacon in a peerto-peer environment. ...

Many blockchain processes require pseudo-random numbers. This is especially true of blockchain consensus mechanisms that aim to fairly distribute the opportunity to propose new blocks between the participants in the system. The starting point for these processes is a source of randomness that participants cannot manipulate. This paper proposes two methods for embedding random number seeds in a blockchain data structure to serve as inputs to pseudo-random number generators. Because the output of a pseudo-random number generator depends deterministically on its seed, the properties of the seed are critical to the quality of the eventual pseudo-random number produced. Our protocol, B-Rand, embeds random number seeds that are
confidential
,
tamper-resistant
,
unpredictable
,
collision-resistant
, and
publicly verifiable
as part of every transaction. These seeds may then be used by transaction owners to participate in processes in the blockchain system that require pseudo-random numbers. Both the Single Secret and Double Secret B-Rand protocols are highly scalable with low space and computational cost, and the worst case is linear in the number of transactions per block.

... Nguyen-van et al. [8] Verifiable and scalable random number generation ...

... However, inducing trust as a parameter in SC execution was not addressed. Nguyen-van et al. [8] proposed generation of verifiable random numbers based on homomorphic encryption that generates unpredictable, and immutable random numbers with public access. Michael Mulders [20] proposed a scheme to generate randomization environment on Ethereum based on parameters like eth.blockstamp, and eth.timestamp. ...

... 12: game.balance = 0 13: end if Then, we evaluate throughput-latency trade-offs for SaNkhyA and compare the proposed scheme for delay in random number generation against traditional approaches in [7], [8], [14]. For block-convergence time, we compare the proposed consensus PoV against traditional consensus schemes. ...

In modern decentralized Internet-of-Things (IoT)-based sensor communications, pseudo noise-diffusion oracles are heavily investigated as random oracles for data exchange among peer nodes. As these oracles are generated through algorithmic processes, they pass the standard random tests for finite and bounded intervals only. This ensures a false sense of privacy and confidentiality in exchange through open protocol IoT-stacks in public channels i.e. Internet. Recently, blockchain (BC)-envisioned random sequences as input oracles are proposed about financial applications, and windfall games like roulette, poker, and lottery. These random inputs exhibit fairness, and non-determinism in SC executions termed as probabilistic smart contracts (PSC). However, the IoT-enabled PSC process might be controlled and forged through humans, machines, and bot-nodes through physical and computational methods. Moreover, dishonest entities like contract owners, players, and miners can coordinate together to form collusion attacks during consensus to propagate false updates, which ensures forged block additions by miners in BC. Motivated by these facts, in this paper, we propose a BC-envisioned IoT-enabled PSC scheme, SaNkhyA, which is executed in three phases. In the first phase, the scheme eliminates colluding dishonest miners through the proposed miner selection algorithm. Then, in the second phase, the elected miners agree through the proposed consensus protocol to generate a stream of random bits. In the third phase, the generated random bit-stream is split through random splitters and fed as input oracles to the proposed PSC among participating entities. In simulation, the scheme ensures a trust probability of 0.38 even at 85% collusion among miners and has an average block processing delay of 1.3 seconds compared to serial approaches, where the block processing delay is 5.6 seconds, thereby exhibiting improved scalability. The overall computation and communication cost is 28.48 milliseconds , and 101 bytes, respectively that indicates the efficacy of the proposed scheme compared to the traditional schemes.

... We briefly go through some of the drawbacks each construction/service are facing. A detailed overview and a comparison have been given in [3]. ...

... In this section, we recall some of the primitives that build up our protocol. The materials in this demo paper including homomorphic encryption, and verifiable random functions have been described in great detail in [3]. ...

... As proved in [3], our protocol has achieved the following properties: Unpredictability, Unbiasability, Public Verifiability, Honest Minority and Scalability. ...

Generating public randomness has been significantly demanding and also challenging, especially after the introduction of the Blockchain Technology. Lotteries, smart contracts, and random audits are examples where the reliability of the randomness source is a vital factor. We demonstrate a system of random number generation service for generating fair, tamper-resistant, and verifiable random numbers. Our protocol together with this system is an R&D project aiming at providing a decentralized solution to random number generation by leveraging the blockchain technology along with long-lasting cryptographic primitives including homomorphic encryption, verifiable random functions. The system decentralizes the process of generating random numbers by combining each party's favored value to obtain the final random numbers. Our novel idea is to force each party to encrypt his contribution before making it public. With the help of homomorphic encryption, all encrypted contribution can be combined without performing any decryption. The solution has achieved the properties of unpredictability, tamper-resistance, and public-verifiability. In addition, it only offers a linear overall complexity with respect to the number of parties on the network, which permits great scalability.

... Authors of [13] proposed a protocol composed of three main components: Requester, Core Layer (consists of many parties responsible for PRNG), and Public Distributed Ledger (PDL). Their protocol works in rounds where each round consists of a few stages. ...

Recent advances in blockchain gained significant social attention, mainly due to substantial price fluctuations of Bitcoin and Ethereum cryptocurrencies. By its design, blockchain is an open, distributed ledger that can record transactions between two parties efficiently and in a verifiable and permanent way, providing solutions for many complex tasks without third party involvement. To achieve that, they employ a set of Byzantine Fault-tolerant consensus algorithms that require the implemented logic to be deterministic. The lacking source of randomness is a consequential limitation since many application domains, like games, lotteries, or random elections, require random sources. Given the Byzantine Fault-tolerance, generating random numbers should also be publicly-verifiable and tamper-resistant, but still hold the premises of being unpredictable.In this paper, we will provide an overview of the current research surrounding pseudo-random number generation on a decentralized network that satisfies those requirements.

Blockchain has attracted tremendous attention in recent years due to its significant features including anonymity, security, immutability, and audibility. Blockchain technology has been used in several nonmonetary applications, including Internet-of-Things. Though blockchain has limited resources, and scalability is computationally expensive, resulting in delays and large bandwidth overhead that are unsuitable for many IoT devices. In this paper, we work on a lightweight blockchain approach that is suited for IoT needs and provides end-to-end security. Decentralization is achieved in our lightweight blockchain implementation by building a network with a lot of high-resource devices collaborate to maintain the blockchain. The nodes in the network is arranged in sorted order w.r.t execution time and count to reduce the mining overheads and is accountable for handling the public blockchain. We propose a distributed execution time-based consensus algorithm that decreases the delay and overhead of the mining process. We also propose a randomized node-selection algorithm for the selection of nodes to verify the mined blocks to eliminate the double-spend and 51% attack. The results are encouraging and significantly reduce the mining overhead and keep a check on the double-spending problem and 51% attack.

Bitcoin is one of the most prominent blockchain systems but is infamous for its massive energy consumption. The proof-of-work (PoW) consensus algorithm used for appending transactions to the Bitcoin ledger (also known as Bitcoin mining) incurs substantial energy expenditure due to the energy-intensive nature of PoW. The root of this inefficiency lies in the current implementation of the PoW algorithm. PoW establishes a linear relationship between a miner's computational power and their probability of successfully mining a block by assigning an identical cryptographic puzzle to all miners.
This paper investigates the energy inefficiency inherent in PoW mining by exploring the potential benefits of introducing a nonlinear probability of success based on a miner's computational power. This nonlinear proof-of-work (nlPoW) algorithm reduces energy consumption without compromising the decentralised nature of Bitcoin. This study formulates four distinct nlPoW algorithms through a meticulous design science approach by deducing requisite algorithmic specifications and structures.
Rigorous statistical simulations are employed to assess the performance of nlPoW against conventional PoW within the Bitcoin mining process. Preliminary outcomes obtained from simulating a sizable network of miners, each possessing equivalent computational power, demonstrate that nlPoW effectively curtails the hash computations required during Bitcoin mining. nlPoW achieves energy efficiency enhancements without compromising the decentralised consensus model or substituting energy consumption with alternate resources, a trade-off often observed in prior attempts to mitigate the energy challenge associated with PoW.

Consensus algorithms that function in permissionless blockchain systems must randomly select new block proposers in a decentralised environment. Our contribution is a new blockchain consensus algorithm called Proof-of-Publicly Verifiable Randomness (PoPVR). It may be used in blockchain design to make permissionless blockchain systems function as pseudo-random number generators and to use the results for decentralised consensus. The method employs verifiable random functions to embed pseudo-random number seeds in the blockchain that are confidential, tamper-resistant, unpredictable, collision-resistant, and publicly verifiable. PoPVR does not require large-scale computation, as is the case with Proof-of-Work and is not vulnerable to the exclusion of less wealthy stakeholders from the consensus process inherent in stake-based alternatives. It aims to promote fairness of participation in the consensus process by all participants and functions transparently using only open-source algorithms. PoPVR may also be useful in blockchain systems where asset values cannot be directly compared, for example, logistical systems, intellectual property records and the direct trading of commodities and services. PoPVR scales well with complexity linear in the number of transactions per block.

The scientific interest in the area of Decentralized Randomness Beacon (DRB) protocols has been thriving recently. Partially that interest is due to the success of the disruptive technologies introduced by modern cryptography, such as cryptocurrencies, blockchain technologies, and decentralized finances, where there is an enormous need for a public, reliable, trusted, verifiable, and distributed source of randomness. On the other hand, recent advancements in the development of new cryptographic primitives brought a huge interest in constructing a plethora of DRB protocols differing in design and underlying primitives.To the best of our knowledge, no systematic and comprehensive work systematizes and analyzes the existing DRB protocols. Therefore, we present a Systematization of Knowledge (SoK) intending to structure the multi-faced body of research on DRB protocols. In this SoK, we delineate the DRB protocols along the following axes: their underlying primitive, properties, and security. This SoK tries to fill that gap by providing basic standard definitions and requirements for DRB protocols, such as Unpredictability, Bias-resistance, Availability (or Liveness), and Public Verifiability. We classify DRB protocols according to the nature of interactivity among protocol participants. We also highlight the most significant features of DRB protocols such as scalability, complexity, and performance along with a brief discussion on its improvement. We present future research directions along with a few interesting research problems.KeywordsRandom beaconBias-resistanceUnpredictabilitySecret sharingVerifiable delay function

Sharding is the prevalent approach to breaking the trilemma of simultaneously achieving decentralization, security, and scalability in traditional blockchain systems, which are implemented as replicated state machines relying on atomic broadcast for consensus on an immutable chain of valid transactions. Sharding is to be understood broadly as techniques for dynamically partitioning nodes in a blockchain system into subsets (shards) that perform storage, communication, and computation tasks without fine-grained synchronization with each other. Despite much recent research on sharding blockchains, much remains to be explored in the design space of these systems. Towards that aim, we conduct a systematic analysis of existing sharding blockchain systems and derive a conceptual decomposition of their architecture into functional components and the underlying assumptions about system models and attackers they are built on. The functional components identified are node selection, epoch randomness, node assignment, intra-shard consensus, cross-shard transaction processing, shard reconfiguration, and motivation mechanism. We describe interfaces, functionality, and properties of each component and show how they compose into a sharding blockchain system. For each component, we systematically review existing approaches, identify potential and open problems, and propose future research directions. We focus on potential security attacks and performance problems, including system throughput and latency concerns such as confirmation delays. We believe our modular architectural decomposition and in-depth analysis of each component, based on a comprehensive literature study, provides a systematic basis for conceptualizing state-of-the-art sharding blockchain systems, proving or improving security and performance properties of components, and developing new sharding blockchain system designs.

Random beacons play a crucial role in blockchains. Most random beacons in a blockchain are performed in a distributed approach to secure the generation of random numbers. However, blockchain nodes are in an open environment and are vulnerable to adversary reboot attacks. After such an attack, the number of members involved in a random number generation decreases. The random numbers generated by the system become insecure. To solve this problem while guaranteeing fast recovery of capabilities, we designed a threshold signature scheme based on share recovery. A bivariate polynomial was generated among the participants in the distributed key generation phase. While preserving the threshold signature key share, it can also help participants who lost their shares to recover. The same threshold setting for signing and recovery guarantees the security of the system. The results of our scheme show that we take an acceptable time overhead in distributed key generation and simultaneously enrich the share recovery functionality for the threshold signature-based random number generation scheme.

Consensus algorithms are the core of blockchain technology, which can cause nodes to reach consistency or liveness when there are Byzantine nodes in the network. The generation of public randomness in decentralized networks has been significantly demanding and challenging in terms of the consensus mechanism. Previously, the multi-party random number generator (mRNG), which is a mechanism for creating a single value from the contributions of decentralized multiple parties, was mainly designed based on the verifiable random function. In this study, we first construct novel, efficient verifiable mRNG protocols from any one-way function. The protocols can achieve the properties of fairness, no trusted third party, public verifiability, and manipulation resistance. Subsequently, we propose a delegated PoS (DPoS)-based consensus algorithm that adopts the verifiable mRNG. The new algorithm can solve the problem of low fairness caused by the artificial election of master nodes using DPoS, while addressing the issue of manipulating the consensus process owing to the pseudo-random number generated by the traditional RNG, thereby improving the credibility of the consensus algorithm.

Permissionless blockchain systems are highly dependent on probabilistic decision models, for example, the block addition process. If it were possible to use blockchain systems as pseudo-random number generators, they could be used to select, for example, new block proposers. The first step in this process is to embed random number seeds in the blockchain for use in pseudo-random number generation. This paper proposes transient random number seeds (TRNS), which produce random number seeds as part of each transaction. TRNS, belonging to each recipient in a transaction and are confidential, tamper-resistant, unpredictable, collision-resistant, and publicly verifiable. TRNS enable recipients to produce pseudo-random numbers to participate in any process where the blockchain system depends on random selection. The TRNS protocol is highly scalable with constant computational complexity and space complexity linear in the number of transactions per block.

Edge computing is an emerging computing paradigm, which offers a great opportunity to implement data mining-based services and applications for a large number of devices and sensors in Internet of Things. However, the new paradigm is faced with security and privacy challenges due to the diversity and the limited capability of edge components. In particular, data privacy is one of the most concerned problems for all the participants. In this paper, we propose a framework of privacy-preserving data mining based on private random decision trees in edge computing, which not only gives the strong privacy guarantee, but also provides a certain amount of data utility. Firstly, we design a preservation framework to implement private random decision trees satisfying local differential privacy. Secondly, we present the concrete implementations of algorithms and the corresponding task that each participant needs to undertake. Thirdly, we analyze the key factors to influence privacy and utility, including the allocation of data and privacy budget. Fourthly, we give the improved algorithms to further increase the utility with strong privacy preservation. Finally, extensive experiments demonstrate the good performance of our designed framework.

Diverse technologies, such as machine learning and big data, have been driving the prosperity of the Internet of Things (IoT) and the ubiquitous proliferation of IoT devices. Consequently, it is natural that IoT becomes the driving force to meet the increasing demand for frictionless transactions. To secure transactions in IoT, blockchain is widely deployed since it can remove the necessity of a trusted central authority. However, the mainstream blockchain-based IoT payment platforms, dominated by Proof-of-Work (PoW) and Proof-of-Stake (PoS) consensus algorithms, face several major security and scalability challenges that result in system failures and financial loss. Among the three leading attacks in this scenario, double-spend attacks and long-range attacks threaten the tokens of blockchain users, while eclipse attacks target denial of service. To defeat these attacks, a novel bidirectional-linked blockchain (BLB) using chameleon hash functions is proposed, where bidirectional pointers are constructed between blocks. Furthermore, a new Committee Members Auction (CMA) consensus algorithm is designed to improve the security and attack resistance of BLB while guaranteeing high scalability. In CMA, distributed blockchain nodes elect committee members through a verifiable random function. The smart contract uses Shamir’s Secret Sharing scheme to distribute the trapdoor keys to committee members. To better investigate BLB’s resistance against double-spend attacks, an improved Nakamoto’s attack analysis is presented. In addition, a modified entropy metric is devised to measure eclipse attack resistance across different consensus algorithms. Extensive evaluation results show the superior resistance against attacks and demonstrate high scalability of BLB compared with current leading paradigms based on PoS and PoW.

A reliable source of randomness is a critical element in many cryptographic systems. A public randomness beacon is a randomness source generated in a distributed manner that satisfies the following requirements: Liveness, Unpredictability, Unbiasability and Public Verifiability. In this work we introduce HERB: a new randomness beacon protocol based on ad-ditively homomorphic encryption. We show that this protocol meets the requirements listed above and additionaly provides Guaranteed Output Delivery. HERB has a modular structure with two replaceable modules: an homomorphic cryptosystem and a consensus algorithm. In our analysis we instantiate HERB using ElGamal encryption and a public blockchain. We implemented a prototype using Cosmos SDK to demonstrate the simplicity and efficiency of our approach. HERB allows splitting all protocol participants into two groups that can relate in any way. This property can be used for building more complex participation and reward systems based on the HERB solution.

We give a simple and efficient construction of a verifiable random function (VRF) on bilinear groups. Our construction is
direct. In contrast to prior VRF constructions[14,15], it avoids using an inefficient Goldreich-Levin transformation, thereby
saving several factors in security. Our proofs of security are based on a decisional bilinear Diffie-Hellman inversion assumption,
which seems reasonable given current state of knowledge. For small message spaces, our VRF’s proofs and keys have constant
size. By utilizing a collision-resistant hash function, our VRF can also be used with arbitrary message spaces. We show that
our scheme can be instantiated with an elliptic group of very reasonable size. Furthermore, it can be made distributed and
proactive.

This paper investigates a novel computational problem, na- mely the Composite Residuosity Class Problem, and its applications to public-key cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes : a trapdoor permu- tation and two homomorphic probabilistic encryption schemes computa- tionally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model.

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2001. Includes bibliographical references (p. 163-168).

This paper describes a new replication algorithm that is able to tolerate Byzantine faults. We believe that Byzantinefault -tolerant algorithms will be increasingly important in the future because malicious attacks and software errors are increasingly common and can cause faulty nodes to exhibit arbitrary behavior. Whereas previous algorithms assumed a synchronous system or were too slow to be used in practice, the algorithm described in this paper is practical: it works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude. We implemented a Byzantine-fault-tolerant NFS service using our algorithm and measured its performance. The results show that our service is only 3% slower than a standard unreplicated NFS. 1 Introduction Malicious attacks and software errors are increasingly common. The growing reliance of industry and government on online information...

Uniform randomness beacons whose output can be publicly attested to be unbiased are required in several cryptographic protocols. A common approach to building such beacons is having a number parties run a coin tossing protocol with guaranteed output delivery (so that adversaries cannot simply keep honest parties from obtaining randomness, consequently halting protocols that rely on it). However, current constructions face serious scalability issues due to high computational and communication overheads. We present a coin tossing protocol for an honest majority that allows for any entity to verify that an output was honestly generated by observing publicly available information (even after the execution is complete), while achieving both guaranteed output delivery and scalability. The main building block of our construction is the first Publicly Verifiable Secret Sharing scheme for threshold access structures that requires only O(n) exponentiations. Previous schemes required O(nt) exponentiations (where t is the threshold) from each of the parties involved, making them unfit for scalable distributed randomness generation, which requires \(t=n/2\) and thus \(O(n^2)\) exponentiations.

Bias-resistant public randomness is a critical component in many (distributed) protocols. Generating public randomness is hard, however, because active adversaries may behave dishonestly to bias public random choices toward their advantage. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We propose two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. RandHound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeonhole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon. RandHerd is structurally similar to a BFT protocol, but uses RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. For example, when sharding 512 nodes into groups of 32, our experiments show that RandHound can produce fresh random output after 240 seconds. RandHerd, after a setup phase of 260 seconds, is able to generate fresh random output in intervals of approximately 6 seconds. For this configuration, both protocols operate at a failure probability of at most 0.08% against a Byzantine adversary.

A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. We propose a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.

In a (t, n) threshold digital signature scheme, t out of n signers must co-operate to issue a signature. We present an efficient and robust (t, n) threshold version of Schnorr’s signature scheme. We prove it to be as secure as Schnorr’s signature scheme, i.e., existentially
unforgeable under adaptively chosen message attacks. The signature scheme is then incorporated into a (t,n) threshold scheme for implicit certificates. We prove the implicit certificate scheme to be as secure as the distributed Schnorr
signature scheme.

A publicly verifiable secret sharing (PVSS) scheme is a verifiable secret sharing scheme with the property that the validity
of the shares distributed by the dealer can be verified by any party; hence verification is not limited to the respective
participants receiving the shares. We present a new construction for PVSS schemes, which compared to previous solutions by
Stadler and later by Fujisaki and Okamoto, achieves improvements both in efficiency and in the type of intractability assumptions.
The running time is O(nk), where k is a security parameter, and n is the number of participants, hence essentially optimal. The intractability assumptions are the standard Diffie-Hellman
assumption and its decisional variant. We present several applications of our PVSS scheme, among which is a new type of universally
verifiable election scheme based on PVSS. The election scheme becomes quite practical and combines several advantages of related
electronic voting schemes, which makes it of interest in its own right.

An encryption method is presented with the novel property that publicly re- vealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: 1. Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intended recipient. Only he can decipher the message, since only he knows the corresponding decryption key. 2. A message can be \signed" using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed en- cryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in \electronic mail" and \electronic funds transfer" systems. A message is encrypted by representing it as a number M, raising M to a publicly specied

Introduction to Cryptography with coding theory

A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem. The security of both systems relies on the difficulty of computing discrete logarithms over finite fields.

Elgamal encryption using elliptic curve cryptography

- Rosy Sunuwar
- Suraj Ketan
- Samal

Rosy Sunuwar and Suraj Ketan Samal. Elgamal encryption using elliptic
curve cryptography. Cryptography and Computer Security, University
of Nebraska, Lincoln, 2015.

Distributed cryptography based on the proofs of work

- andrychowicz

Marcin Andrychowicz and Stefan Dziembowski. Distributed cryptography based on the proofs of work. IACR Cryptology ePrint Archive,
2014:796, 2014.

Dfinity technology overview series, consensus system

- Timo Hanke
- Mahnush Movahedi
- Dominic Williams

Timo Hanke, Mahnush Movahedi, and Dominic Williams. Dfinity technology overview series, consensus system. arXiv preprint
arXiv:1805.04548, 2018.

Short signatures from the weil pairing

- Dan Boneh
- Ben Lynn
- Hovav Shacham

Dan Boneh, Ben Lynn, and Hovav Shacham. Short signatures from the
weil pairing. In International Conference on the Theory and Application
of Cryptology and Information Security, pages 514-532. Springer, 2001.

Randao: Verifiable random number generation

- Randao
- Org

Randao.org. Randao: Verifiable random number generation. 2017.

A fully homomorphic encryption scheme

- Craig Gentry
- Dan Boneh

Craig Gentry and Dan Boneh. A fully homomorphic encryption scheme,
volume 20. Stanford University Stanford, 2009.

Performance based comparison study of rsa and elliptic curve cryptography

- Rounak Sinha
- Hemant Kumar Srivastava
- Sumita Gupta

Rounak Sinha, Hemant Kumar Srivastava, and Sumita Gupta. Performance based comparison study of rsa and elliptic curve cryptography.
International Journal of Scientific & Engineering Research, 4(5):720-725, 2013.

Short signatures from the weil pairing

- dan boneh

Performance based comparison study of rsa and elliptic curve cryptography

- sinha

Elgamal encryption using elliptic curve cryptography

- sunuwar