Abstract
Software updates for blockchain systems become a real challenge when they impact the underlying consensus mechanism. The activation of such changes might jeopardize the integrity of the blockchain by resulting in chain splits. Moreover, the software update process should be handed over to the community and this means that the blockchain should support updates without relying on a trusted party. In this paper, we introduce the notion of updatable blockchains and show how to construct blockchains that satisfy this definition. Informally, an updatable blockchain is a secure blockchain and in addition it allows to update its protocol preserving the history of the chain. In this work, we focus only on the processes that allow securely switching from one blockchain protocol to another assuming that the blockchain protocols are correct. That is, we do not aim at providing a mechanism that allows reaching consensus on what is the code of the new blockchain protocol. We just assume that such a mechanism exists (like the one proposed in NDSS 2019 by Zhang et al.), and show how to securely go from the old protocol to the new one. The contribution of this paper can be summarized as follows. We provide the first formal definition of updatable ledgers and propose the description of two compilers. These compilers take a blockchain and turn it into an updatable blockchain. The first compiler requires the structure of the current and the updated blockchain to be very similar (only the structure of the blocks can be different) but it allows for an update process more simple, efficient. The second compiler that we propose is very generic (i.e., makes few assumptions on the similarities between the structure of the current blockchain and the update blockchain). The drawback of this compiler is that it requires the new blockchain to be resilient against a specific adversarial behaviour and requires all the honest parties to be online during the update process. However, we show how to get rid of the latest requirement (the honest parties being online during the update) in the case of proof-of-work and proof-of-stake ledgers.
Keywords
Research partly supported by H2020 project PRIVILEDGE #780477.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
With slight abuse of terminology we use the words ledger and blockchain interchangeably.
- 2.
As a global setup, \(\mathcal {G}_{\mathtt {clock}}\) also exists in the ideal world and the ledger connects to it to keep track of rounds.
- 3.
A rushing adversary waits to receive the messages from all the honest parties and then computes its reply. Note that this means that, in general, the adversary is always able to see the output of the computation before the honest parties do.
- 4.
We also show that we can relax the requirement on the honest parties being online during the update for the case of PoW ledgers.
References
Zcash. https://z.cash/
Avarikioti, G., Käppeli, L., Wang, Y., Wattenhofer, R.: Bitcoin security under temporary dishonest majority. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 466–483. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_28
Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 913–930. ACM Press, October 2018. https://doi.org/10.1145/3243734.3243848
Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001. https://doi.org/10.1109/SFCS.2001.959888
Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-70936-7_4
Coretti, S., Garay, J., Hirt, M., Zikas, V.: Constant-round asynchronous multi-party computation based on one-way functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 998–1021. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53890-6_33
Decred: Decred white paper (2019). https://docs.decred.org/
Duffield, E., Diaz, D.: Dash: a payments-focused cryptocurrency (2018). https://github.com/dashpay/dash/wiki/Whitepaper
Garay, J., Kiayias, A.: SoK: a consensus taxonomy in the blockchain era. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 284–318. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_13
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Garay, J.A., Kiayias, A., Leonardos, N., Panagiotakos, G.: Bootstrapping the blockchain, with applications to consensus and fast PKI setup. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 465–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76581-5_16
Gazi, P., Kiayias, A., Zindros, D.: Proof-of-stake sidechains. In: 2019 IEEE Symposium on Security and Privacy, pp. 139–156. IEEE Computer Society Press, May 2019. https://doi.org/10.1109/SP.2019.00040
Goodman, L.: Tezos—a self-amending crypto-ledger white paper (2014). https://tezos.com/static/white_paper-2dc8c02267a8fb86bd67a108199441bf.pdf
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Zhang, B., Oliynykov, R., Balogun, H.: A treasury system for cryptocurrencies: enabling better collaborative intelligence. In: NDSS 2019. The Internet Society, February 2019
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
A Modeling Synchrony
We refer to Fig. 4 for the formal description of the functionality \(\mathcal {G}_{\mathtt {clock}}\).
B Functionalities with Dynamic Party Sets
UC provides support for functionalities in which the set of parties that might interact with the functionality is dynamic. We make this explicit by means of the following mechanism (that we describe almost verbatim from [4, Sec. 3.1]): All the functionalities considered here include the following instructions that allow honest parties to join or leave the set \(\mathcal {P}\) of players that the functionality interacts with, and inform the adversary about the current set of registered parties:
-
Upon receiving \((\mathtt {REGISTER}, sid)\) from some party \(p_i\) (or from \(\mathcal {A}\) on behalf of a corrupted \(p_i\)), set \(\mathcal {P}:= \mathcal {P}\cup \{p_i\}\). Return \((\mathtt {REGISTER}, sid, p_i)\) to the caller.
-
Upon receiving \((\mathtt {DE\_REGISTER},sid)\) from some party \(p_i\in \mathcal {P}\), the functionality updates \(\mathcal {P}:=\mathcal {P}\setminus \{p_i\}\) and returns \((\mathtt {DE\_REGISTER}, sid, p_i)\) to \(p_i\).
-
Upon receiving \((\mathtt {IS\_REGISTERED}, sid)\) from some party \(p_i\), return \((\mathtt {REGISTER}, sid, b)\) to the caller, where the bit b is 1 if and only if \(p_i\in \mathcal {P}\).
-
Upon receiving \((\mathtt {GET\_REGISTERED},sid)\) from \(\mathcal {A}\), the functionality returns the response \((\mathtt {GET\_REGISTERED}, sid, \mathcal {P})\) to \(\mathcal {A}\).
In addition to the above registration instructions, global setups, i.e., shared functionalities that are available both in the real and in the ideal world and allow parties connected to them to share state [6], allow also UC functionalities to register with them. Concretely, global setups include, in addition to the above party registration instructions, two registration/de-registration instructions for functionalities:
-
Upon receiving \((\mathtt {REGISTER}, sid_G)\) from a functionality F (with session-id \(sid\)), update \(F:= F \cup \{(F, sid)\}\).
-
Upon receiving \((\mathtt {DE\_REGISTER},sid_G)\) from a functionality F (with session-id \(sid\)), update \(F := F \{(F, sid)\}\).
-
Upon receiving \((\mathtt {GET\_REGISTERED}_F, sid_G)\) from \(\mathcal {A}\), return \((\mathtt {GET\_REGISTERED}_F, sid_G, F)\) to \(\mathcal {A}\).
We use the expression \(sid_G\) to refer to the encoding of the session identifier of global setups. By default (and if not otherwise stated), the above four (or seven in case of global setups) instructions will be part of the code of all ideal functionalities considered in this work. However, to keep the description simpler we will omit these instructions from the formal descriptions unless deviations are defined.
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Ciampi, M., Karayannidis, N., Kiayias, A., Zindros, D. (2020). Updatable Blockchains. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12309. Springer, Cham. https://doi.org/10.1007/978-3-030-59013-0_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-59013-0_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-59012-3
Online ISBN: 978-3-030-59013-0
eBook Packages: Computer ScienceComputer Science (R0)