Understanding BlockDAGs and GHOSTDAG
  • Welcome!
  • Preface
  • Introduction
  • Part 1: BlockChains and BlockDAGs
    • Introduction
    • Chapter 1: From BFT to PoW
      • Byzantine Fault Tolerance
      • Proof-of-Work (PoW)
      • How PoW Works*
      • PoS Vs. PoW
      • Exercises
    • Chapter 2: the Block Chain Paradigm
      • A Graph Theory Primer
      • The Paradigm
      • Honesty and Rationality
      • Three Chain Selection Rules
      • Security Notions
      • Selfish Mining in Bitcoin
      • Safety
      • Liveness
      • Confirmation Times
      • Proving Bitcoin's Security*
      • Exercises
  • Part 2: The GHOSTDAG Protocol
    • Page 2
  • Supplementary Material
    • Math
      • Stuff You Should Know
        • Asymptotics, Growth, and Decay
        • Binomial Coefficients
        • The Binomial Formula
        • Geometric Sums and Series
      • Probability Theory
        • Probability Spaces
        • Random Variables
        • The Math of Block Creation
    • Computer Science
      • Stuff you Should Know
        • Asymptotic Notation
        • Negligible Functions
      • Cryptography
        • Random Oracles
        • Merkle Trees
        • One Time Pads
Powered by GitBook
On this page
  1. Supplementary Material
  2. Computer Science
  3. Cryptography

Random Oracles

PreviousCryptographyNextMerkle Trees

Last updated 15 days ago

TODO: this section is poorly written, improve.

In computer science, an oracle is a magic being that performs some task for us. Oracles have many uses, one of them is to assume we can perform some computation without bothering ourselves with the details. Instead, we reason in an alternate universe where a magical oracle does the computation for us. This way we can divide the work with someone working to implement a random oracle. hash functions such as SHA-256, Keccak, or k-HeavyHash are an implementation of a certain kind of oracle called a random oracle. The random oracle model has a nice mathematical description that is oblivious to how the hash function is actually implemented.

A random oracle consistently turn an arbitrary string sss to a random, fixed length string H(s)\mathsf{H}(s)H(s). What does this all mean?

Fixed length just means that H(s)\mathsf{H}(s)H(s) is always the same length, regardless of sss or its length. Under the hood, we assume that sss is a strings of ones and zeros (but that shouldn't concern you), so we call the length bits. Proof-of-work typically uses hash functions with an output length of 256 bits.

Consistency and randomness mean that when the oracle responds to a string sss, the oracle should respond to queries like this:

  • (consistency) if she was queried about the string sss before, respond with the same H(s)\mathsf{H}(s)H(s)

  • (randomness) otherwise, respond with a uniformly random 256-bit string

One key property of a random oracle is that it is hard to invert. If you have a string hhh of appropriate length, and you an sss such that h=H(s)h=\mathsf{H}(s)h=H(s), how would you go about finding it? This problem is called inverting H\mathsf{H}H (in the point hhh).

The only way to get information from the oracle is by making queries. But due to the randomness, if you query on some sss, and get a response different than hhh, this tells you next to nothing. Yes, you know that sss is not the correct answer, but that's it. You haven't eliminated any single other possibility.

The consequences are that the best way to solve the problem is by querying on different strings until you stumble backwards into one that gives the correct answer. Now, how long this should take? If the output length is nnn bits, then there are 2n2^n2n possible outputs. Recall that the oracle always chooses the string uniformly. Hence, the probability a query produces the desired result is one in 2n2^n2n. That is, it would take about 2n2^n2n attempts.

At a trillion attempts per second, inverting a 256 bits hash function will take over three billion trillion trillion trillion trillion years.