Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol

  • Aggelos KiayiasEmail author
  • Alexander Russell
  • Bernardo David
  • Roman Oliynykov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10401)


We present “Ouroboros”, the first blockchain protocol based on proof of stake with rigorous security guarantees. We establish security properties for the protocol comparable to those achieved by the bitcoin blockchain protocol. As the protocol provides a “proof of stake” blockchain discipline, it offers qualitative efficiency advantages over blockchains based on proof of physical resources (e.g., proof of work). We also present a novel reward mechanism for incentivizing Proof of Stake protocols and we prove that, given this mechanism, honest behavior is an approximate Nash equilibrium, thus neutralizing attacks such as selfish mining.


  1. 1.
    Ateniese, G., Bonacina, I., Faonio, A., Galesi, N.: Proofs of space: when space is of the essence. In: Abdalla, M., de Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 538–557. Springer, Cham (2014). doi: 10.1007/978-3-319-10879-7_31 Google Scholar
  2. 2.
    Aumann, Y., Lindell, Y.: Security against covert adversaries: efficient protocols for realistic adversaries. J. Cryptol. 23(2), 281–343 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. CoRR, abs/1406.5694 (2014)Google Scholar
  4. 4.
    Bentov, I., Lee, C., Mizrahi, A., Rosenfeld, M.: Proof of activity: extending bitcoin’s proof of work via proof of stake [extended abstract]. SIGMETRICS Perform. Eval. Rev. 42(3), 34–37 (2014)CrossRefGoogle Scholar
  5. 5.
    Bentov, I., Pass, R., Shi, E.: The sleepy model of consensus. IACR Cryptology ePrint Archive 2016:918 (2016)Google Scholar
  6. 6.
    Bentov, I., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. IACR Cryptology ePrint Archive 2016:919 (2016)Google Scholar
  7. 7.
    Boldyreva, A., Palacio, A., Warinschi, B.: Secure proxy signature schemes for delegation of signing rights. J. Cryptol. 25(1), 57–115 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Danezis, G., Meiklejohn, S.: Centrally banked cryptocurrencies. In: 23rd Annual Network and Distributed System Security Symposium, NDSS 2016, San Diego, California, USA, 21–24 February 2016. The Internet Society (2016)Google Scholar
  9. 9.
    Dziembowski, S., Faust, S., Kolmogorov, V., Pietrzak, K.: Proofs of space. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 585–605. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-48000-7_29 CrossRefGoogle Scholar
  10. 10.
    Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). doi: 10.1007/978-3-662-45472-5_28 Google Scholar
  11. 11.
    Ford, B.: Delegative democracy (2002).
  12. 12.
    Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46803-6_10 Google Scholar
  13. 13.
    Kiayias, A., Panagiotakos, G.: Speed-security tradeoffs in blockchain protocols. Cryptology ePrint Archive, Report 2015/1019 (2015).
  14. 14.
    Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. Cryptology ePrint Archive, Report 2016/889 (2017).
  15. 15.
    Micali, S.: ALGORAND: the efficient and democratic ledger. CoRR, abs/1607.01341 (2016)Google Scholar
  16. 16.
    Moran, T., Orlov, I.: Proofs of space-time and rational proofs of storage. Cryptology ePrint Archive, Report 2016/035 (2016).
  17. 17.
    Motwani, R., Raghavan, P.: Randomized Algorithms. Cambridge University Press, New York (1995)CrossRefzbMATHGoogle Scholar
  18. 18.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008).
  19. 19.
    Nisan, N., Roughgarden, T., Tardos, E., Vazirani, V.V.: Algorithmic Game Theory. Cambridge University Press, New York (2007)CrossRefzbMATHGoogle Scholar
  20. 20.
    O’Dwyer, K.J., Malone, D.: Bitcoin mining and its energy footprint. ISSC 2014/CIICT 2014, Limerick, 26–27 June 2014Google Scholar
  21. 21.
    Park, S., Pietrzak, K., Kwon, A., Alwen, J., Fuchsbauer, G., Gazi, P.: Spacemint: a cryptocurrency based on proofs of space. IACR Cryptology ePrint Archive 2015:528 (2015)Google Scholar
  22. 22.
    Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. IACR Cryptology ePrint Archive 2016:454 (2016)Google Scholar
  23. 23.
    Pass, R., Shi, E.: Fruitchains: a fair blockchain. IACR Cryptology ePrint Archive 2016:916 (2016)Google Scholar
  24. 24.
    Russell, A., Moore, C., Kiayias, A., Quader, S.: Forkable strings are rare. Cryptology ePrint Archive, Report 2017/241, March 2017.
  25. 25.
    Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. CoRR, abs/1507.06183 (2015)Google Scholar
  26. 26.
    Schoenmakers, B.: A simple publicly verifiable secret sharing scheme and its application to electronic voting. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 148–164. Springer, Heidelberg (1999). doi: 10.1007/3-540-48405-1_10 CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2017

Authors and Affiliations

  • Aggelos Kiayias
    • 1
    Email author
  • Alexander Russell
    • 2
  • Bernardo David
    • 3
  • Roman Oliynykov
    • 4
  1. 1.University of Edinburgh and IOHKEdinburghUK
  2. 2.University of ConnecticutStorrsUSA
  3. 3.Tokyo Institute of Technology and IOHKTokyoJapan
  4. 4.IOHKKievUkraine

Personalised recommendations