Research Article
Parcae: A Blockchain-Based PRF Service for Everyone
@INPROCEEDINGS{10.1007/978-3-031-06365-7_20, author={Elizabeth Wyss and Drew Davidson}, title={Parcae: A Blockchain-Based PRF Service for Everyone}, proceedings={Digital Forensics and Cyber Crime. 12th EAI International Conference, ICDF2C 2021, Virtual Event, Singapore, December 6-9, 2021, Proceedings}, proceedings_a={ICDF2C}, year={2022}, month={6}, keywords={Blockchain Smart contract Password PRF}, doi={10.1007/978-3-031-06365-7_20} }- Elizabeth Wyss
Drew Davidson
Year: 2022
Parcae: A Blockchain-Based PRF Service for Everyone
ICDF2C
Springer
DOI: 10.1007/978-3-031-06365-7_20
Abstract
Pseudorandom function (PRF) services are utilized to cryptographically harden password hashes against offline brute-force attacks. State-of-the-art implementations of PRF services can additionally offer benefits such as detection of online attacks and practical key rotation, but the cost of doing so in a publicly distributed setting is requiring clients to trust a third party service. These third party services are not incentivized to behave honestly and pose as a single point of failure for Denial of Service (DoS) attacks. A successful DoS attack mounted against a deployed PRF service would prevent its clients from authenticating their users’ passwords, thus making it impossible for users to log in to those clients’ services.
To address these issues, we design and implement Parcae, the first blockchain-based publicly distributed PRF service. Parcae offers all of the additional benefits provided by state-of-the-art PRF services while also providing DoS attack resilience and service auditing capabilities through use of a permissioned blockchain. Performance analysis shows that our implementation of Parcae is practical and can scale to meet the needs of a dynamically growing client base in a publicly distributed setting.
