Blockchain with Varying Number of Players

Nakamoto\u27s famous blockchain protocol enables achieving consensus in a so-called permissionless setting--anyone can join (or leave) the protocol execution, and the protocol instructions do not depend on the identities of the players. His ingenious protocol prevents ``sybil attacks\u27\u27 (where an adversary spawns any number of new players) by relying on computational puzzles (a.k.a. ``moderately hard functions\u27\u27) introduced by Dwork and Naor (Crypto\u2792). Recent work by Garay et al (EuroCrypt\u2715) and Pass et al. (EuroCrypt\u2717) demonstrate that this protocol provably achieves consistency and liveness assuming a) honest players control a majority of the computational power in the network, b) the puzzle-difficulty is appropriately set as a function of the maximum network message delay and the total computational power of the network, and c) the computational puzzle is modeled as a random oracle. These works, however, leave open the question of how to set the puzzle difficulty in a setting where the computational power in the network is changing. Nakamoto\u27s protocol indeed also includes a description of a difficutly update procedure. A recent work by Garay et al. (Crypto\u2717) indeed shows a variant of this difficulty adjustment procedure can be used to get a sound protocol as long as the computational power does not change too fast --- however, under two restrictions: 1) their analysis assumes that the attacker cannot delays network messages, and 2) the changes in computational power in the network changes are statically set (i.e., cannot be adaptively selected by the adversary). In this work, we show the same result but without these two restrictions, demonstrating the soundness of a (slightly different) difficulty update procedure, assuming only that the computational power in the network does not change too fast (as a function of the maximum network message delays); as an additional contribution, our analysis yields a tight bound on the ``chain quality\u27\u27 of the protocol

Rethinking Large-Scale Consensus

In this position paper, we initiate a systematic treatment of reaching consensus in a permissionless network. We prove several simple but hopefully insightful lower bounds that demonstrate exactly why reaching consensus in a permissionless setting is fundamentally more difficult than the classical, permissioned setting. We then present a simplified proof of Nakamoto\u27s blockchain which we recommend for pedagogical purposes. Finally, we survey recent results including how to avoid well-known painpoints in permissionless consensus, and how to apply core ideas behind blockchains to solve consensus in the classical, permissioned setting and meanwhile achieve new properties that are not attained by classical approaches

Order-Fair Consensus in the Permissionless Setting

Over the past five years, a significant line of research has investigated the blockchain consensus problem in the general permissionless setting, where protocol nodes can leave and join dynamically. The work of Garay et al. (Eurocrypt 2015) and Pass et al. (Eurocrypt 2017) showed the security properties of consistency and liveness for Nakamoto\u27s seminal proof-of-work protocol. However, consistency and liveness do not provide any guarantees on the relationship between the order in which transactions arrive into the network and the finalized order in the ledger, making protocols prone to transaction order-manipulation attacks. As a solution, a recent paper by Kelkar et al. (Crypto 2020) introduced a third useful property for consensus protocols: transaction-order-fairness. Their model was limited to the classical (permissioned) setting, where the set of protocol nodes is fixed a priori, and does not fit well for permissionless environments where order-manipulation attacks have been most prominent. In this work, we initiate the investigation of order-fairness in the permissionless setting and provide two protocols that realize it. Our protocols work in a synchronous network and use an underlying longest-chain blockchain. As an added contribution, we show that any fair ordering protocol achieves a powerful zero-block confirmation property, through which honest transactions can be securely confirmed even before they are included in any block

Scaling the Unscalable: A Study About Consensus

Consensus protocols form the bedrock of various distributed systems integral to modern life, ranging from basic clock synchronization to sophisticated blockchains. Yet, the proliferation of consensus protocols reveals a fundamental limitation: their scalability. In centralized systems, boosting performance can often be achieved with the addition of more participants. However, in decentralized systems, this approach can be counterproductive. The delicate equilibrium between safety and liveness becomes more restricting as the number of participants increases, especially in the permissionless setting, due to fortifications against sybil attacks. This thesis endeavors to make a contribution towards scaling permissionless protocols in a vast landscape of efforts currently addressing the topic. Commencing with an exhaustive examination of Nakamoto consensus and an attempt to address throughput and latency constraints via GHOST, we establish a unified model for both protocols. This model manifests the intricate interplay between safety, liveness, and performance, paving the way for a family of protocols that arbitrarily approximate the performance of GHOST while remaining resilient against balance attacks, a primary vulnerability of GHOST. Nevertheless, the scope for improvement within the Nakamoto-GHOST paradigm remains constrained by the limitations of GHOST. Avalanche boosts throughput orders of magnitude higher than Nakamoto and GHOST while maintaining latency in the order of seconds, employing a directed acyclic graph (DAG) instead of a chain. Despite its impressive performance, formal analyses of its safety and liveness were absent, except for the work encompassed in this thesis. Our deep analysis of Avalanche consensus reveals a significant liveness vulnerability, prompting us to enhance its mechanism with Glacier without compromising performance. DAG protocols have revolutionized consensus protocols in the permissioned setting in recent years. These protocols achieve remarkable throughput but carry an increase in latency. In this work, we introduce an atomic broadcast protocol that continues this line of work but achieves latency similar to leader-based protocols. These studies serve as inspiration for further results in this thesis. Leveraging techniques used to address consensus protocol performance, we devise a construction that mitigates sandwich attacks in longest-chain consensus protocols. Additionally, our exploration of Avalanche, alongside Conflux, a less familiar protocol, lays the groundwork for the last contribution in this thesis. We craft another construction that transforms a blockchain protocol into a DAG protocol, proving formally that for every blockchain protocol, a corresponding DAG protocol exists that achieves higher throughput, similar or lower latency, and maintains safety and liveness under the same assumptions. Furthermore, this construction allows to determine a set of protocols with the potential to be optimal. Furthermore, the atomic broadcast protocol introduced in this work falls in this category