Skip to main content

Updatable Blockchains

Part of the Lecture Notes in Computer Science book series (LNSC,volume 12309)


Software updates for blockchain systems become a real challenge when they impact the underlying consensus mechanism. The activation of such changes might jeopardize the integrity of the blockchain by resulting in chain splits. Moreover, the software update process should be handed over to the community and this means that the blockchain should support updates without relying on a trusted party. In this paper, we introduce the notion of updatable blockchains and show how to construct blockchains that satisfy this definition. Informally, an updatable blockchain is a secure blockchain and in addition it allows to update its protocol preserving the history of the chain. In this work, we focus only on the processes that allow securely switching from one blockchain protocol to another assuming that the blockchain protocols are correct. That is, we do not aim at providing a mechanism that allows reaching consensus on what is the code of the new blockchain protocol. We just assume that such a mechanism exists (like the one proposed in NDSS 2019 by Zhang et al.), and show how to securely go from the old protocol to the new one. The contribution of this paper can be summarized as follows. We provide the first formal definition of updatable ledgers and propose the description of two compilers. These compilers take a blockchain and turn it into an updatable blockchain. The first compiler requires the structure of the current and the updated blockchain to be very similar (only the structure of the blocks can be different) but it allows for an update process more simple, efficient. The second compiler that we propose is very generic (i.e., makes few assumptions on the similarities between the structure of the current blockchain and the update blockchain). The drawback of this compiler is that it requires the new blockchain to be resilient against a specific adversarial behaviour and requires all the honest parties to be online during the update process. However, we show how to get rid of the latest requirement (the honest parties being online during the update) in the case of proof-of-work and proof-of-stake ledgers.


  • Blockchain
  • Update
  • Ledger

Research partly supported by H2020 project PRIVILEDGE #780477.

This is a preview of subscription content, access via your institution.

Buying options

USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-59013-0_29
  • Chapter length: 20 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
USD   89.00
Price excludes VAT (USA)
  • ISBN: 978-3-030-59013-0
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   119.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.


  1. 1.

    With slight abuse of terminology we use the words ledger and blockchain interchangeably.

  2. 2.

    As a global setup, \(\mathcal {G}_{\mathtt {clock}}\) also exists in the ideal world and the ledger connects to it to keep track of rounds.

  3. 3.

    A rushing adversary waits to receive the messages from all the honest parties and then computes its reply. Note that this means that, in general, the adversary is always able to see the output of the computation before the honest parties do.

  4. 4.

    We also show that we can relax the requirement on the honest parties being online during the update for the case of PoW ledgers.


  1. Zcash.

  2. Avarikioti, G., Käppeli, L., Wang, Y., Wattenhofer, R.: Bitcoin security under temporary dishonest majority. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 466–483. Springer, Cham (2019).

    CrossRef  Google Scholar 

  3. Badertscher, C., Gazi, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Lie, D., Mannan, M., Backes, M., Wang, X. (eds.) ACM CCS 2018, pp. 913–930. ACM Press, October 2018.

  4. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017).

    CrossRef  Google Scholar 

  5. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press, October 2001.

  6. Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007).

    CrossRef  Google Scholar 

  7. Coretti, S., Garay, J., Hirt, M., Zikas, V.: Constant-round asynchronous multi-party computation based on one-way functions. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 998–1021. Springer, Heidelberg (2016).

    CrossRef  Google Scholar 

  8. Decred: Decred white paper (2019).

  9. Duffield, E., Diaz, D.: Dash: a payments-focused cryptocurrency (2018).

  10. Garay, J., Kiayias, A.: SoK: a consensus taxonomy in the blockchain era. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 284–318. Springer, Cham (2020).

    CrossRef  MATH  Google Scholar 

  11. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015).

    CrossRef  Google Scholar 

  12. Garay, J.A., Kiayias, A., Leonardos, N., Panagiotakos, G.: Bootstrapping the blockchain, with applications to consensus and fast PKI setup. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 465–495. Springer, Cham (2018).

    CrossRef  Google Scholar 

  13. Gazi, P., Kiayias, A., Zindros, D.: Proof-of-stake sidechains. In: 2019 IEEE Symposium on Security and Privacy, pp. 139–156. IEEE Computer Society Press, May 2019.

  14. Goodman, L.: Tezos—a self-amending crypto-ledger white paper (2014).

  15. Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013).

    CrossRef  Google Scholar 

  16. Zhang, B., Oliynykov, R., Balogun, H.: A treasury system for cryptocurrencies: enabling better collaborative intelligence. In: NDSS 2019. The Internet Society, February 2019

    Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Michele Ciampi .

Editor information

Editors and Affiliations


A Modeling Synchrony

We refer to Fig. 4 for the formal description of the functionality \(\mathcal {G}_{\mathtt {clock}}\).

Fig. 4.
figure 4

The functionality \(\mathcal {G}_{\mathtt {clock}}\)

B Functionalities with Dynamic Party Sets

UC provides support for functionalities in which the set of parties that might interact with the functionality is dynamic. We make this explicit by means of the following mechanism (that we describe almost verbatim from  [4, Sec. 3.1]): All the functionalities considered here include the following instructions that allow honest parties to join or leave the set \(\mathcal {P}\) of players that the functionality interacts with, and inform the adversary about the current set of registered parties:

  • Upon receiving \((\mathtt {REGISTER}, sid)\) from some party \(p_i\) (or from \(\mathcal {A}\) on behalf of a corrupted \(p_i\)), set \(\mathcal {P}:= \mathcal {P}\cup \{p_i\}\). Return \((\mathtt {REGISTER}, sid, p_i)\) to the caller.

  • Upon receiving \((\mathtt {DE\_REGISTER},sid)\) from some party \(p_i\in \mathcal {P}\), the functionality updates \(\mathcal {P}:=\mathcal {P}\setminus \{p_i\}\) and returns \((\mathtt {DE\_REGISTER}, sid, p_i)\) to \(p_i\).

  • Upon receiving \((\mathtt {IS\_REGISTERED}, sid)\) from some party \(p_i\), return \((\mathtt {REGISTER}, sid, b)\) to the caller, where the bit b is 1 if and only if \(p_i\in \mathcal {P}\).

  • Upon receiving \((\mathtt {GET\_REGISTERED},sid)\) from \(\mathcal {A}\), the functionality returns the response \((\mathtt {GET\_REGISTERED}, sid, \mathcal {P})\) to \(\mathcal {A}\).

In addition to the above registration instructions, global setups, i.e., shared functionalities that are available both in the real and in the ideal world and allow parties connected to them to share state  [6], allow also UC functionalities to register with them. Concretely, global setups include, in addition to the above party registration instructions, two registration/de-registration instructions for functionalities:

  • Upon receiving \((\mathtt {REGISTER}, sid_G)\) from a functionality F (with session-id \(sid\)), update \(F:= F \cup \{(F, sid)\}\).

  • Upon receiving \((\mathtt {DE\_REGISTER},sid_G)\) from a functionality F (with session-id \(sid\)), update \(F := F \{(F, sid)\}\).

  • Upon receiving \((\mathtt {GET\_REGISTERED}_F, sid_G)\) from \(\mathcal {A}\), return \((\mathtt {GET\_REGISTERED}_F, sid_G, F)\) to \(\mathcal {A}\).

We use the expression \(sid_G\) to refer to the encoding of the session identifier of global setups. By default (and if not otherwise stated), the above four (or seven in case of global setups) instructions will be part of the code of all ideal functionalities considered in this work. However, to keep the description simpler we will omit these instructions from the formal descriptions unless deviations are defined.

Rights and permissions

Reprints and Permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Ciampi, M., Karayannidis, N., Kiayias, A., Zindros, D. (2020). Updatable Blockchains. In: Chen, L., Li, N., Liang, K., Schneider, S. (eds) Computer Security – ESORICS 2020. ESORICS 2020. Lecture Notes in Computer Science(), vol 12309. Springer, Cham.

Download citation

  • DOI:

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-59012-3

  • Online ISBN: 978-3-030-59013-0

  • eBook Packages: Computer ScienceComputer Science (R0)