32 research outputs found
Consistency of Proof-of-Stake Blockchains with Concurrent Honest Slot Leaders
We improve the fundamental security threshold of eventual consensus
Proof-of-Stake (PoS) blockchain protocols under the longest-chain rule by
showing, for the first time, the positive effect of rounds with concurrent
honest leaders.
Current security analyses reduce consistency to the dynamics of an abstract,
round-based block creation process that is determined by three events
associated with a round: (i) event : at least one adversarial leader, (ii)
event : a single honest leader, and (iii) event : multiple, but honest,
leaders. We present an asymptotically optimal consistency analysis assuming
that an honest round is more likely than an adversarial round (i.e., ); this threshold is optimal. This is a first in the literature
and can be applied to both the simple synchronous communication as well as
communication with bounded delays.
In all existing consistency analyses, event is either penalized or
treated neutrally. Specifically, the consistency analyses in Ouroboros Praos
(Eurocrypt 2018) and Genesis (CCS 2018) assume that ;
the analyses in Sleepy Consensus (Asiacrypt 2017) and Snow White (Fin. Crypto
2019) assume that . Moreover, all existing analyses completely
break down when . These thresholds determine the critical
trade-off between the honest majority, network delays, and consistency error.
Our new results can be directly applied to improve the security guarantees of
the existing protocols. We also provide an efficient algorithm to explicitly
calculate these error probabilities in the synchronous setting. Furthermore, we
complement these results by analyzing the setting where is rare, even
allowing , under the added assumption that honest players adopt a
consistent chain selection rule.Comment: Includes new sections describing (1) an adaptive online adversary and
(2) an efficient algorithm to compute consistency error probabilities. arXiv
admin note: text overlap with arXiv:1911.1018
Modeling Resources in Permissionless Longest-chain Total-order Broadcast
Blockchain protocols implement total-order broadcast in a permissionless
setting, where processes can freely join and leave. In such a setting, to
safeguard against Sybil attacks, correct processes rely on cryptographic proofs
tied to a particular type of resource to make them eligible to order
transactions. For example, in the case of Proof-of-Work (PoW), this resource is
computation, and the proof is a solution to a computationally hard puzzle.
Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of
coins that every process in the system owns, and a secure lottery selects a
process for participation proportionally to its coin holdings.
Although many resource-based blockchain protocols are formally proven secure
in the literature, the existing security proofs fail to demonstrate why
particular types of resources cause the blockchain protocols to be vulnerable
to distinct classes of attacks. For instance, PoS systems are more vulnerable
to long-range attacks, where an adversary corrupts past processes to re-write
the history, than Proof-of-Work and Proof-of-Storage systems.
Proof-of-Storage-based and Proof-of-Stake-based protocols are both more
susceptible to private double-spending attacks than Proof-of-Work-based
protocols; in this case, an adversary mines its chain in secret without sharing
its blocks with the rest of the processes until the end of the attack.
In this paper, we formally characterize the properties of resources through
an abstraction called resource allocator and give a framework for understanding
longest-chain consensus protocols based on different underlying resources. In
addition, we use this resource allocator to demonstrate security trade-offs
between various resources focusing on well-known attacks (e.g., the long-range
attack and nothing-at-stake attacks)
Modeling Resources in Permissionless Longest-Chain Total-Order Broadcast
Blockchain protocols implement total-order broadcast in a permissionless setting, where processes can freely join and leave. In such a setting, to safeguard against Sybil attacks, correct processes rely on cryptographic proofs tied to a particular type of resource to make them eligible to order transactions. For example, in the case of Proof-of-Work (PoW), this resource is computation, and the proof is a solution to a computationally hard puzzle. Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of coins that every process in the system owns, and a secure lottery selects a process for participation proportionally to its coin holdings.
Although many resource-based blockchain protocols are formally proven secure in the literature, the existing security proofs fail to demonstrate why particular types of resources cause the blockchain protocols to be vulnerable to distinct classes of attacks. For instance, PoS systems are more vulnerable to long-range attacks, where an adversary corrupts past processes to re-write the history, than PoW and Proof-of-Storage systems. Proof-of-Storage-based and PoS-based protocols are both more susceptible to private double-spending attacks than PoW-based protocols; in this case, an adversary mines its chain in secret without sharing its blocks with the rest of the processes until the end of the attack.
In this paper, we formally characterize the properties of resources through an abstraction called resource allocator and give a framework for understanding longest-chain consensus protocols based on different underlying resources. In addition, we use this resource allocator to demonstrate security trade-offs between various resources focusing on well-known attacks (e.g., the long-range attack and nothing-at-stake attacks)
SoK: Diving into DAG-based Blockchain Systems
Blockchain plays an important role in cryptocurrency markets and technology
services. However, limitations on high latency and low scalability retard their
adoptions and applications in classic designs. Reconstructed blockchain systems
have been proposed to avoid the consumption of competitive transactions caused
by linear sequenced blocks. These systems, instead, structure
transactions/blocks in the form of Directed Acyclic Graph (DAG) and
consequently re-build upper layer components including consensus, incentives,
\textit{etc.} The promise of DAG-based blockchain systems is to enable fast
confirmation (complete transactions within million seconds) and high
scalability (attach transactions in parallel) without significantly
compromising security. However, this field still lacks systematic work that
summarises the DAG technique. To bridge the gap, this Systematization of
Knowledge (SoK) provides a comprehensive analysis of DAG-based blockchain
systems. Through deconstructing open-sourced systems and reviewing academic
researches, we conclude the main components and featured properties of systems,
and provide the approach to establish a DAG. With this in hand, we analyze the
security and performance of several leading systems, followed by discussions
and comparisons with concurrent (scaling blockchain) techniques. We further
identify open challenges to highlight the potentiality of DAG-based solutions
and indicate their promising directions for future research.Comment: Full versio