Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability

We present a novel Proof-of-Stake (PoS) protocol, Ouroboros Genesis, that enables parties to safely join (or rejoin) the protocol execution using only the genesis block information. Prior to our work, PoS protocols either required parties to obtain a trusted "checkpoint" block upon joining and, furthermore, to be frequently online or required an accurate estimate of the number of online parties to be hardcoded into the protocol logic. This ability of new parties to "bootstrap from genesis" was a hallmark property of the Bitcoin blockchain and was considered an important advantage of PoW-based blockchains over PoS-based blockchains since it facilitates robust operation in a setting with dynamic availability, i.e., the natural setting---without external trusted objects such as checkpoint blocks---where parties come and go arbitrarily, may join at any moment, or remain offline for prolonged periods of time. We prove the security of Ouroboros Genesis against a fully adaptive adversary controlling less than half of the total stake in a partially synchronous network with unknown message delay and unknown, varying levels of party availability. Our security proof is in the Universally Composable setting assuming the most natural abstraction of a hash function, known as the strict Global Random Oracle (ACM-CCS 2014); this highlights an important advantage of PoS blockchains over their PoW counterparts in terms of composability with respect to the hash function formalisation: rather than a strict GRO, PoW-based protocol security requires a "local" random oracle. Finally, proving the security of our construction against an adaptive adversary requires a novel martingale technique that may be of independent interest in the analysis of blockchain protocols.

[1]  Rajeev Motwani,et al.  Randomized Algorithms , 1995, SIGA.

[2]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[3]  Ran Canetti,et al.  Universally Composable Commitments , 2001, CRYPTO.

[4]  Yevgeniy Dodis,et al.  A Verifiable Random Function with Short Proofs and Keys , 2005, Public Key Cryptography.

[5]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[6]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[7]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[8]  Marc Fischlin,et al.  Random Oracles with(out) Programmability , 2010, ASIACRYPT.

[9]  Ueli Maurer,et al.  Universally Composable Synchronous Computation , 2013, TCC.

[10]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[11]  Iddo Bentov,et al.  How to Use Bitcoin to Incentivize Correct Computations , 2014, CCS.

[12]  Ran Canetti,et al.  Practical UC security with a Global Random Oracle , 2014, CCS.

[13]  Marcin Andrychowicz,et al.  Secure Multiparty Computations on Bitcoin , 2014, IEEE Symposium on Security and Privacy.

[14]  Iddo Bentov,et al.  How to Use Bitcoin to Design Fair Protocols , 2014, CRYPTO.

[15]  Iddo Bentov,et al.  How to Use Bitcoin to Play Decentralized Poker , 2015, CCS.

[16]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[17]  Marcin Andrychowicz,et al.  PoW-Based Distributed Cryptography with No Trusted Setup , 2015, CRYPTO.

[18]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[19]  A. Poelstra Distributed Consensus from Proof of Stake is Impossible , 2015 .

[20]  Iddo Bentov,et al.  Amortizing Secure Computation with Penalties , 2016, CCS.

[21]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[22]  Ralf Küsters,et al.  Universal Composition with Responsive Environments , 2016, ASIACRYPT.

[23]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[24]  Ran Canetti,et al.  Universally Composable Authentication and Key-Exchange with Global PKI , 2016, Public Key Cryptography.

[25]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[26]  Ariel Gabizon,et al.  Cryptocurrencies Without Proof of Work , 2014, Financial Cryptography Workshops.

[27]  Edgar R. Weippl,et al.  Merged Mining: Curse or Cure? , 2017, DPM/CBT@ESORICS.

[28]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[29]  Aggelos Kiayias,et al.  Forkable Strings are Rare , 2017, IACR Cryptol. ePrint Arch..

[30]  Feng Hao,et al.  A Smart Contract for Boardroom Voting with Maximum Voter Privacy , 2017, IACR Cryptol. ePrint Arch..

[31]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[32]  Aggelos Kiayias,et al.  Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol , 2017, IACR Cryptol. ePrint Arch..

[33]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol with Chains of Variable Difficulty , 2017, CRYPTO.

[34]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[35]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[36]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[37]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[38]  Rafael Dowsley,et al.  ROYALE: A Framework for Universally Composable Card Games with Financial Rewards and Penalties Enforcement , 2019, IACR Cryptol. ePrint Arch..