Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake

We present the a provably secure proof-of-stake protocol called Snow White. The primary application of Snow White is to be used as a “green” consensus alternative for a decentralized cryptocurrency system with open enrollement. We break down the task of designing Snow White into the following core challenges: 1. identify a core “permissioned” consensus protocol suitable for proof-of-stake; specifically the core consensus protocol should offer robustness in an Internet-scale, heterogeneous deployment; 2. propose a robust committee re-election mechanism such that as stake switches hands in the cryptocurrency system, the consensus committee can evolve in a timely manner and always reflect the most recent stake distribution; and 3. relying on the formal security of the underlying consensus protocol, prove the full end-to-end protocol to be secure—more specifically, we show that any consensus protocol satisfying the desired robustness properties can be used to construct proofs-of-stake consensus, as long as money does not switch hands too quickly.

[1]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[2]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[3]  Leslie Lamport,et al.  The Weak Byzantine Generals Problem , 1983, JACM.

[4]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[5]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.

[6]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[7]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[8]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[9]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[10]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[11]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[12]  M. Hughes,et al.  Performance analysis. , 2002, Journal of sports sciences.

[13]  Ran Canetti,et al.  Universal Composition with Joint State , 2003, CRYPTO.

[14]  Roy Friedman,et al.  Simple and efficient oracle-based consensus protocols for asynchronous Byzantine systems , 2004, Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, 2004..

[15]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[16]  Jean-Philippe Martin,et al.  Fast Byzantine Consensus , 2006, IEEE Transactions on Dependable and Secure Computing.

[17]  Leslie Lamport,et al.  Fast Paxos , 2006, Distributed Computing.

[18]  Ran Canetti,et al.  Universally Composable Security with Global Setup , 2007, TCC.

[19]  Robbert van Renesse,et al.  Bosco: One-Step Byzantine Asynchronous Consensus , 2008, DISC.

[20]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[21]  Leslie Lamport,et al.  Vertical paxos and primary-backup replication , 2009, PODC '09.

[22]  Yehuda Lindell,et al.  Secure Computation Without Authentication , 2005, Journal of Cryptology.

[23]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[24]  Elaine Shi,et al.  Bitter to Better - How to Make Bitcoin a Better Currency , 2012, Financial Cryptography.

[25]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[26]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[27]  Iddo Bentov,et al.  Proof of Activity: Extending Bitcoin's Proof of Work via Proof of Stake [Extended Abstract]y , 2014, PERV.

[28]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[29]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[30]  Aggelos Kiayias,et al.  Speed-Security Tradeoffs in Blockchain Protocols , 2015, IACR Cryptol. ePrint Arch..

[31]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[32]  A. Poelstra Distributed Consensus from Proof of Stake is Impossible , 2015 .

[33]  Jeremy Clark,et al.  On Bitcoin as a public randomness source , 2015, IACR Cryptol. ePrint Arch..

[34]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[35]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[36]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[37]  Dahlia Malkhi,et al.  Flexible Paxos: Quorum Intersection Revisited , 2016, OPODIS.

[38]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[39]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[40]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[41]  Ariel Gabizon,et al.  Cryptocurrencies Without Proof of Work , 2014, Financial Cryptography Workshops.

[42]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[43]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[44]  Elaine Shi,et al.  Rethinking Large-Scale Consensus , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[45]  Aggelos Kiayias,et al.  Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol , 2017, IACR Cryptol. ePrint Arch..

[46]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[47]  R. Sarpong,et al.  Bio-inspired synthesis of xishacorenes A, B, and C, and a new congener from fuscol† †Electronic supplementary information (ESI) available. See DOI: 10.1039/c9sc02572c , 2019, Chemical science.

[48]  Dominic Williams,et al.  DFINITY Technology Overview Series, Consensus System , 2018, ArXiv.