Author

Topic: Creating private key which is only revealed after a given time (Read 133 times)

newbie
Activity: 3
Merit: 0
Is it possible to generate a pair (A,P) where P is an ECC-public key, and A is some data from which a private key corresponding to P is computable if and only if a certain time passed?

The way this is related to bitcoin is that bitcoin uses a time-stamped proof-of-work, so it can provide some data which only becomes available if a certain amount of time has passed. This data is of the form:
(x_0,y_0,x_1,y_1,...,y_n) where n is fixed, x_0 is the hash of the last block, SHA256(x_i,y_i)=x_{i+1}, and x_is are "small".
This kind of data is automatically generated on the Bitcoin blockchain, and you cannot generate such a data faster, because in order to do so you would need at least as much hash power as the whole bitcoin network, in which case you would be able to 51% attack (which we can exclude).

Now because of the argument above, my question can be translated to a purely cryptographic question:
Is it possible to generate a pair as above where a private key can only be computed if and only if we know a solution to an equation of the above form?

Would not work. The solution of proof of work cant be known in advance.

Yes, that is the point. I want the private key to be secret to everyone until a certain block is mined.

Quote
The solution requires finding a SHA256 hash that fulfils the requirement that it starts with atleast the required amount of zeroes, but other than that the solution can be anything.

You cannot use something you do not know as an input for creating a private key . And if you use something you DO know, then an attacker can have the same info too. 

Exactly. But I didn't say I want an unknown input. I just want the private key to be computable whenever some form of data is available. (If you like I want the solution to be tractable provided an oracle which can solve equations of the form I described.)
Quote

And you need to first have the private key in order to be able to calculate the public key. Cant be done the other way around.

Would be great if that would work Smiley


This is not true. It is only true if you don't know anything about the public key, for instance if you generate (securely) your own private key, and  then you share the corresponding public key. For instance this is what you do when you set up your bitcoin wallet. But this is not the only way to generate public keys. A natural example is when you compute a public key corresponding to a shared secret. This is computable from the public keys only (this method is used for vanity address generators, and if I'm not mistaken this is also how multi-sig addresses work). So basically what I want can be implemented by some trusted members of a committee (using this) who promise that they don't share their private keys until a certain time (and after that they do). But I'm looking for a trustless solution. (If you are reading this forum, you probably understand why this could be important. Cheesy)
full member
Activity: 378
Merit: 197
Is it possible to generate a pair (A,P) where P is an ECC-public key, and A is some data from which a private key corresponding to P is computable if and only if a certain time passed?

The way this is related to bitcoin is that bitcoin uses a time-stamped proof-of-work, so it can provide some data which only becomes available if a certain amount of time has passed. This data is of the form:
(x_0,y_0,x_1,y_1,...,y_n) where n is fixed, x_0 is the hash of the last block, SHA256(x_i,y_i)=x_{i+1}, and x_is are "small".
This kind of data is automatically generated on the Bitcoin blockchain, and you cannot generate such a data faster, because in order to do so you would need at least as much hash power as the whole bitcoin network, in which case you would be able to 51% attack (which we can exclude).

Now because of the argument above, my question can be translated to a purely cryptographic question:
Is it possible to generate a pair as above where a private key can only be computed if and only if we know a solution to an equation of the above form?

Would not work. The solution of proof of work cant be known in advance. The solution requires finding a SHA256 hash that fulfils the requirement that it starts with atleast the required amount of zeroes, but other than that the solution can be anything.

You cannot use something you do not know as an input for creating a private key . And if you use something you DO know, then an attacker can have the same info too.  

And you need to first have the private key in order to be able to calculate the public key. Cant be done the other way around.

Would be great if that would work Smiley
newbie
Activity: 3
Merit: 0
Hi guys,

I would have the following question.
Is it possible to generate a pair (A,P) where P is an ECC-public key, and A is some data from which a private key corresponding to P is computable if and only if a certain time passed?

The way this is related to bitcoin is that bitcoin uses a time-stamped proof-of-work, so it can provide some data which only becomes available if a certain amount of time has passed. This data is of the form:
(x_0,y_0,x_1,y_1,...,y_n) where n is fixed, x_0 is the hash of the last block, SHA256(x_i,y_i)=x_{i+1}, and x_is are "small".
This kind of data is automatically generated on the Bitcoin blockchain, and you cannot generate such a data faster, because in order to do so you would need at least as much hash power as the whole bitcoin network, in which case you would be able to 51% attack (which we can exclude).

Now because of the argument above, my question can be translated to a purely cryptographic question:
Is it possible to generate a pair as above where a private key can only be computed if and only if we know a solution to an equation of the above form?

I didn't find anything related to this question on the internet (and I was not able to solve it myself), so I would appreciate any idea/solutions/references.
Jump to: