Parcae: A Blockchain-Based PRF Service for Everyone

Pseudorandom function (PRF) services are utilized to cryptographically harden password hashes against offline brute-force attacks. State-of-the-art implementations of PRF services can additionally offer benefits such as detection of online attacks and practical key rotation, but the cost of doing so in a publicly distributed setting is requiring clients to trust a third party service. These third party services are not incentivized to behave honestly and pose as a single point of failure for Denial of Service (DoS) attacks. A successful DoS attack mounted against a deployed PRF service would prevent its clients from authenticating their users' passwords, thus making it impossible for users to log in to those clients' services. To address these issues, we design and implement Parcae, the first blockchain-based publicly distributed PRF service. Parcae offers all of the additional benefits provided by state-of-the-art PRF services while also providing DoS attack resilience and service auditing capabilities through use of a permissioned blockchain. Performance analysis shows that our implementation of Parcae is practical and can scale to meet the needs of a dynamically growing client base in a publicly distributed setting.