Skip to content

real-or-random/accas

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits

cmake

cmake

 
 

secp256k1 @ a0d3b89

secp256k1 @ a0d3b89

 
 

test

test

 
 

.gitignore

.gitignore

 
 

.gitmodules

.gitmodules

 
 

CMakeLists.txt

CMakeLists.txt

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

authenticator.cpp

authenticator.cpp

 
 

authenticator.h

authenticator.h

 
 

chameleonhash.cpp

chameleonhash.cpp

 
 

chameleonhash.h

chameleonhash.h

 
 

node.cpp

node.cpp

 
 

node.h

node.h

 
 

prf.cpp

prf.cpp

 
 

prf.h

prf.h

 
 

secp256k1-macros.h

secp256k1-macros.h

 
 

Repository files navigation

Accountable Assertions

A proof-of-concept implementation of the accountable assertions scheme introduced in the research paper Liar, Liar, Coins on Fire! — Penalizing Equivocation By Loss Of Bitcoins (22nd Conference on Computer and Communications Security, ACM CCS 2015).

Functionality

Accountable assertions are a cryptographc primitive similar to digital signatures. Instead of only authenticating a message, they allow a user holding a secret assertion key to assert a statement in a context. The user should only assert one unique statement in each context. The assertion of two contradicting (i.e., different) statements in the same context, also called equivocation, is considered malicious.

To incentivize that the user does not equivocate, he is held accountable in the following sense: If the user creates two assertions that assert two different statements in the same in the same context, then everybody can extract the user's secret assertion key from the two assertions.

The victims of the equivocation can now use this (no longer) secret assertion key to penalize equivocator. For example, if the secret assertion key is a Bitcoin secret key associated with some time-locked Bitcoins, the equivocator can be forced to lose these Bitcoins to a predetermined party.

See the paper for a full description of the functionality provided by accountable assertions.

Technical Details

This is a proof-of-concept implementation based on Elliptic Curve Cryptography on the curve secp256k1, i.e., it is compatible with Bitcoin keys.

It is written in C++ and depends on libsecp256k1 to perform elliptic curve computations. However, it does not only rely on the API provided by libsecp256k1 but also on internal functions. Consequently, the full source code of libsecp256k1 is currently necessary to build the project.

Dependencies

Building and Usage

$ cd secp256k1
$ ./autogen.sh
$ ./configure
$ cd ..
$ mkdir build
$ cd build
$ cmake ..
$ make

You can additionally pass the following options to cmake:

  • -DCMAKE_BUILD_TYPE=debug for a debug build
  • -DACCA_CT_LEN=n to set the size of a supported assertion context to n bytes. This parameter influences the running time and the probability that any assertion does not succeed; see the paper for details. The default is 8 bytes.

To run tests and benchmarks, run ./authenticatortest.

The Authenticator class is provided as an interface to be used in other projects.

Copyright and License

Copyright 2015 Tim Ruffing

The project is licensed under the MIT License, see LICENSE.txt

About

Implementation of Accountable Assertions

crypsys.mmci.uni-saarland.de/projects/PenalizingEquivocation/penalizing.pdf

Resources

Readme

License

MIT license
Activity

Stars

5 stars

Watchers

3 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages