Abstract
Most existing blockchains either rely on a Nakamoto-style of consensus, where the chain can fork and produce rollbacks, or on a committee-based Byzantine fault tolerant (CBFT) consensus, where no rollbacks are possible. While the latter ones offer better consistency, the former tolerate more corruptions. To achieve the best of both worlds, we initiate the formal study of finality layers. Such a finality layer can be combined with a Nakamoto-style blockchain (NSB) and periodically declare blocks as final, preventing rollbacks beyond final blocks.
As conceptual contributions, we formalize the concept of a finality layer and identify the following properties to be crucial for finality layers: finalized blocks form a chain (chain-forming), all parties agree on the finalized blocks (agreement), the last finalized block does not fall too far behind the last block in the underlying blockchain (updated), and all finalized blocks at some point have been on the chain adopted by honest parties holding at least k units of the resource on which consensus is based, e.g., stake or computing power (k-support).
As our main technical contribution we propose the finality layer protocol Afgjort. We prove that it satisfies all of the aforementioned requirements in the setting with less than 1/3 corruption among the finalizers and a partially synchronous network.
We further show that tolerating less thanĀ 1/3 corruption is optimal for partially synchronous finality layers. Finally, we provide data from experiments ran with an implementation of our protocol; the data confirms that finality is reached much faster than without our finality layer.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We note that whenever we mention number of parties in this work it should be interpreted as the number of parties weighted by the underlying resource of the blockchain, e.g., in a PoS system k parties should be read as the fraction k/n of the total stake n in the system.
- 2.
We consider the partially synchronous network model ofĀ [11], where there is an upper boundĀ \(\varDelta _{\mathtt {net}}\) on the network delay that is not known to the protocol designer or the honest parties. In particular, \(\varDelta _{\mathtt {net}}\) cannot be used by a partially synchronous protocol.
- 3.
Our finality layer repeatedly executes finalization in the \(\mathsf {FinalizationLoop} \). We require monotonicity only for each iteration separately, i.e., justified values can become unjustified in later iterations. We do not formalize this to simplify the presentation. This can in fact happen for the justification we use since they are with respect to \(\mathtt {FinalTree} \) and nodes get removed from \(\mathtt {FinalTree} \) after a successful finalization.
References
Attiya, H., Welch, J.: Distributed Computing: Fundamentals, Simulations, and Advanced Topics. Wiley Series on Parallel and Distributed Computing. Wiley, Hoboken (2004)
Backes, M., Hofheinz, D.: How to break and repair a universally composable signature functionality. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 61ā72. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30144-8_6
Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: ACM CCS 2018, pp. 913ā930. ACM Press (2018)
Bracha, G.: An asynchronous [(n-1)/3]-resilient consensus protocol. In: Probert, R.L., Lynch, N.A., Santoro, N. (eds.) 3rd ACM PODC, pp. 154ā162. ACM, August 1984
Buchman, E.: Tendermint: byzantine fault tolerance in the age of blockchains. Masterās thesis, The University of Guelph, Guelph, Ontario, Canada, June 2016. http://hdl.handle.net/10214/9769
Buterin, V., Griffith, V.: Casper the friendly finality gadget. CoRR abs/1710.09437 (2017)
Cachin, C., Kursawe, K., Petzold, F., Shoup, V.: Secure and efficient asynchronous broadcast protocols. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 524ā541. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_31
Canetti, R.: Universally composable signature, certification, and authentication. In: Proceedings of the 17th IEEE Computer Security Foundations Workshop, June 2004
David, B., Gaži, P., Kiayias, A., Russell, A.: Ouroboros Praos: an adaptively-secure, semi-synchronous proof-of-stake blockchain. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 66ā98. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_3
Dinsdale-Young, T., Magri, B., Matt, C., Nielsen, J.B., Tschudi, D.: Afgjort: a partially synchronous finality layer for blockchains. Cryptology ePrint Archive, Report 2019/504 (2019). https://eprint.iacr.org/2019/504
Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288ā323 (1988)
Fitzi, M., Garay, J.A.: Efficient player-optimal protocols for strong and differential consensus. In: Borowsky, E., Rajsbaum, S. (eds.) 22nd ACM PODC, pp. 211ā220. ACM, July 2003
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015, Part II. LNCS, vol. 9057, pp. 281ā310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 291ā323. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_10
Gazi, P., Kiayias, A., Russell, A.: Stake-bleeding attacks on proof-of-stake blockchains. In: Crypto Valley Conference on Blockchain Technology, CVCBT (2018)
Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles (2017)
Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017, Part I. LNCS, vol. 10401, pp. 357ā388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12
Kokoris-Kogias, E., Jovanovic, P., Gailly, N., Khoffi, I., Gasser, L., Ford, B.: Enhancing bitcoin security and performance with strong consistency via collective signing. In: 25th USENIX Security Symposium (2016)
Kokoris-Kogias, E., Jovanovic, P., Gasser, L., Gailly, N., Syta, E., Ford, B.: OmniLedger: a secure, scale-out, decentralized ledger via sharding. In: 2018 IEEE Symposium on Security and Privacy, pp. 583ā598. IEEE Computer Society Press, May 2018
Kwon, J.: Tendermint: consensus without mining. Manuscript (2014). https://tendermint.com/static/docs/tendermint.pdf
Micali, S.: ALGORAND: the efficient and democratic ledger. CoRR (2016)
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system. Manuscript (2009). http://www.bitcoin.org/bitcoin.pdf
Neiger, G.: Distributed consensus revisited. Inf. Process. Lett. 49(4), 195ā201 (1994)
Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 643ā673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22
Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model. In: 31st International Symposium on Distributed Computing, DISC (2017)
Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018, Part II. LNCS, vol. 10821, pp. 3ā33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_1
Stewart, A.: Byzantine finality gadgets. Manuscript (2019). https://github.com/w3f/consensus/blob/master/pdf/grandpa.pdf
Turpin, R., Coan, B.A.: Extending binary byzantine agreement to multivalued byzantine agreement. Inf. Process. Lett. 18(2), 73ā76 (1984)
Acknowledgements
We would like to thank Mateusz Tilewski for countless discussions during the design of the finality layer, his deep insights into practical distributed systems were valuable in designing a system which is at the same time efficient in practice and provably secure. We would like to thank Matias Frank Jensen and Emil Morre Christensen; their work on generalizing the Finality layer gave valuable insights which were adapted into the protocol presented in this paper. Finally, we thank the Concordium tech team that worked on the implementation and ran the experiments reported in this paper.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Dinsdale-Young, T., Magri, B., Matt, C., Nielsen, J.B., Tschudi, D. (2020). Afgjort: A Partially Synchronous Finality Layer for Blockchains. In: Galdi, C., Kolesnikov, V. (eds) Security and Cryptography for Networks. SCN 2020. Lecture Notes in Computer Science(), vol 12238. Springer, Cham. https://doi.org/10.1007/978-3-030-57990-6_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-57990-6_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-57989-0
Online ISBN: 978-3-030-57990-6
eBook Packages: Computer ScienceComputer Science (R0)