Analysis of the Blockchain Protocol in Asynchronous Networks

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10211)

Abstract

Nakamoto’s famous blockchain protocol enables achieving consensus in a so-called permissionless setting—anyone can join (or leave) the protocol execution, and the protocol instructions do not depend on the identities of the players. His ingenious protocol prevents “sybil attacks” (where an adversary spawns any number of new players) by relying on computational puzzles (a.k.a. “moderately hard functions”) introduced by Dwork and Naor (Crypto’92).

The analysis of the blockchain consensus protocol (a.k.a. Nakamoto consensus) has been a notoriously difficult task. Prior works that analyze it either make the simplifying assumption that network channels are fully synchronous (i.e. messages are instantly delivered without delays) (Garay et al. Eurocrypt’15) or only consider specific attacks (Nakamoto’08; Sampolinsky and Zohar, FinancialCrypt’15); additionally, as far as we know, none of them deal with players joining or leaving the protocol.

In this work we prove that the blockchain consensus mechanism satisfies a strong forms of consistency and liveness in an asynchronous network with adversarial delays that are a-priori bounded, within a formal model allowing for adaptive corruption and spawning of new players, assuming that the computational puzzle is modeled as a random oracle. (We complement this result by showing a simple attack against the blockchain protocol in a fully asynchronous setting, showing that the “puzzle-hardness” needs to be appropriately set as a function of the maximum network delay; this attack applies even for static corruption.)

As an independent contribution, we define an abstract blockchain protocol and identify appropriate security properties of such protocols; we prove that Nakamoto’s blockchain protocol satisfies them and that these properties are sufficient for typical applications; we hope that this abstraction may simplify further applications of blockchains.

References

  1. [AJK05]
    Aspnes, J., Jackson, C., Krishnamurthy, A.: Exposing computationally-challenged byzantine impostors (2005)Google Scholar
  2. [BCL+05]
    Barak, B., Canetti, R., Lindell, Y., Pass, R., Rabin, T.: Secure computation without authentication. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 361–377. Springer, Heidelberg (2005). doi:10.1007/11535218_22 CrossRefGoogle Scholar
  3. [BK14]
    Bentov, I., Kumaresan, R.: How to use bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). doi:10.1007/978-3-662-44381-1_24 CrossRefGoogle Scholar
  4. [Blo16]
    Blockchain.info. Hash rate for blockchain, February 2016. https://blockchain.info/charts/hash-rate
  5. [BTP]
  6. [Can00]
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). http://eprint.iacr.org/2000/067
  7. [CL99]
    Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI 1999 (1999)Google Scholar
  8. [CLLM12]
    Chung, K.-M., Lam, H., Liu, Z., Mitzenmacher, M.: Chernoff-hoeffding bounds for markov chains: generalized and simplified. In: 29th International Symposium on Theoretical Aspects of Computer Science, STACS 2012, 29th February – 3rd March 2012, Paris, France, pp. 124–135 (2012)Google Scholar
  9. [CSWH00]
    Clarke, I., Sandberg, O., Wiley, B., Hong, T.W.: Freenet: a distributed anonymous information storage and retrieval system. In: Proceedings of the ICSI Workshop on Design Issues in Anonymity and Unobservability (2000)Google Scholar
  10. [DLN02]
    Karger, D., Liben-Nowell, D., Balakrishnan, H.: Analysis of the evolution of peer-to-peer systems. In: PODC 2002 (2002)Google Scholar
  11. [DW13]
    Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: IEEE International Conference on Peer-to-Peer Computing, pp. 1–10 (2013)Google Scholar
  12. [DR01]
    Druschel, P., Rowstron, A.: Past: persistent and anonymous storage in a peer-to-peer networking environment. In: HotOS 2001, pp. 65–70 (2001)Google Scholar
  13. [DLS88]
    Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM (JACM) 35(2), 288–323 (1988)MathSciNetCrossRefGoogle Scholar
  14. [DN92]
    Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993). doi:10.1007/3-540-48071-4_10 Google Scholar
  15. [ES14]
    Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45472-5_28 Google Scholar
  16. [FVY14]
    Fromknecht, C., Velicanu, D., Yakoubov, S.: A decentralized public key infrastructure with identity retention. IACR Cryptology ePrint Archive 2014, 803 (2014)Google Scholar
  17. [GKL15]
    Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46803-6_10 Google Scholar
  18. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game or a completeness theorem for protocols with honest majority. In: STOC, pp. 218–229 (1987)Google Scholar
  19. [KP15]
    Kiayias, A., Panagiotakos, G.: Speed-security tradeoffs in blockchain protocols (2015)Google Scholar
  20. [KMS+15]
    Kosba, A., Miller, A., Shi, E., Wen, Z., Papamanthou, C.: Hawk: the blockchain model of cryptography and privacy-preserving smart contracts. Technical report, Cryptology ePrint Archive, Report 2015/675 (2015). http://eprint.iacr.org
  21. [Lam10]
    Lamport, L.: Byzantizing paxos by refinement (2010)Google Scholar
  22. [Lam11]
    Lamport, L.: Leaderless Byzantine Paxos. In: DISC 2011 (2011)Google Scholar
  23. [Lit]
  24. [MA05]
    Martin, J.-P., Alvisi, L.: Fast Byzantine consensus. In: DSN 2005 (2005)Google Scholar
  25. [ML14]
    Miller, A., LaViola, J.J.: Anonymous Byzantine consensus from moderately-hard puzzles: a model for bitcoin (2014)Google Scholar
  26. [mtg10]
  27. [Nak08]
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)Google Scholar
  28. [Nam]
  29. [Oku05a]
    Okun, M.: Agreement among unacquainted Byzantine generals. In: Fraigniaud, P. (ed.) DISC 2005. LNCS, vol. 3724, pp. 499–500. Springer, Heidelberg (2005). doi:10.1007/11561927_40 CrossRefGoogle Scholar
  30. [Oku05b]
    Okun, M.: Distributed computing among unacquainted processors in the presence of byzantine failures (2005)Google Scholar
  31. [OB08]
    Okun, M., Barak, A.: Efficient algorithms for anonymous Byzantine agreement. Theor. Comp. Sys. 42, 222–238 (2008)MathSciNetCrossRefMATHGoogle Scholar
  32. [PS15]
    Pass, R., Shelat, A.: Micropayments for decentralized currencies. In: CCS 2015 (2015)Google Scholar
  33. [PS16a]
    Pass, R., Shi, E.: Fruitchains: an (almost) optimally fair blockchain (2016)Google Scholar
  34. [PS16b]
    Pass, R., Shi, E.: Hybrid consensus (2016)Google Scholar
  35. [PSL80]
    Pease, M.C., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27, 228–234 (1980)MathSciNetCrossRefMATHGoogle Scholar
  36. [PD15]
    Poon, J., Dryja, T.: The bitcoin lightning network: scalable off-chain instant payments draft 0.5.9.1 (2015). https://lightning.network/lightning-network-paper.pdf
  37. [RFH+00]
    Ratanasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A scalable content-addressable network. In: SIGCOMM 2000 (2000)Google Scholar
  38. [SZ15]
    Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. In: Böhme, R., Okamoto, T. (eds.) FC 2015. LNCS, vol. 8975, pp. 507–527. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47854-7_32 CrossRefGoogle Scholar
  39. [SMK+01]
    Stoica, I., Morris, R., Karger, D., Kaashoek, M.F., Balakrishnan, H.: Chord: a scalable peer-to-peer lookup service for internet applications. In: SIGCOMM 2001 (2001)Google Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  1. 1.Cornell TechNew York CityUSA
  2. 2.UberSan FranciscoUSA
  3. 3.NortheasternBostonUSA

Personalised recommendations