TontineCoin: Murder-Based Proof-of-Stake

Proof-of-stake cryptocurrencies avoid many of the computational and environmental costs associated with proof-of-work protocols. However, they must address the nothing-at-stake problem, where a validator might attempt to sign off on competing blocks, with the hopes of earning coins regardless of which block becomes accepted as part of the blockchain. Cryptocurrencies such as Tendermint resolve this challenge by requiring validators to em bond coins, which can be seized from a validator that is caught signing two competing blocks. Nevertheless, as the number of validators increases, it becomes more and more infeasible to effectively monitor all validators. In this work, we incentivize proper block monitoring by allowing validators to form tontines. Tontines are financial agreements where payouts to each member increase as the number of members decreases. In our system, a tontine is a group of validators that monitor each other's behavior, "murdering" any cheating tontine members to seize their stake. As the number of validators in a tontine is smaller than the number of validators in the currency as a whole, members can effectively police each other. We propose two methods whereby a Tendermint-like currency can be extended to allow for the creation of tontines: a pure proof-of-stake model, and a hybrid proof-of-stake/proof-of-work model. We describe snitch mechanisms for both the inter-and intra-tontine setting, argue our incentive mechanisms increase monitoring, and describe how it handles a variety of possible attacks.

[1]  Qian M. Zhou,et al.  Tiny Groups Tackle Byzantine Adversaries , 2017, 2018 IEEE International Parallel and Distributed Processing Symposium (IPDPS).

[2]  Meni Rosenfeld,et al.  Analysis of Bitcoin Pooled Mining Reward Systems , 2011, ArXiv.

[3]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[4]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[5]  Michihiro Kandori Social Norms and Community Enforcement , 1992 .

[6]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[7]  R. Ransom,et al.  Tontine Insurance and the Armstrong Investigation: A Case of Stifled Innovation, 1868–1905 , 1987, The Journal of Economic History.

[8]  Thomas H. Austin,et al.  Lock and Load: A Model for Free Blockchain Transactions through Token Locking , 2019, 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON).

[9]  Muneeb Ali,et al.  Blockstack: A Global Naming and Storage System Secured by Blockchains , 2016, USENIX Annual Technical Conference.

[10]  The Insurance Role of Rosca in the Presence of Credit Markets: Theory and Evidence∗ , 2006 .

[11]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[12]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[13]  Silvio Micali,et al.  ALGORAND AGREEMENT: Super Fast and Partition Resilient Byzantine Agreement , 2018, IACR Cryptol. ePrint Arch..

[14]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[15]  Kenneth J. McKeever A Short History of Tontines , 2009 .

[16]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[17]  Ethan Buchman,et al.  The latest gossip on BFT consensus , 2018, ArXiv.

[18]  Moshe A. Milevsky King William's Tontine: Why the Retirement Annuity of the Future Should Resemble Its Past , 2015 .

[19]  Elaine Shi,et al.  Permacoin: Repurposing Bitcoin Work for Data Preservation , 2014, 2014 IEEE Symposium on Security and Privacy.

[20]  Emmanuelle Anceaume,et al.  StakeCube: Combining Sharding and Proof-of-Stake to build Fork-free Secure Permissionless Distributed Ledgers , 2019, NETYS.

[21]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[22]  Ittai Abraham,et al.  Hot-Stuff the Linear, Optimal-Resilience, One-Message BFT Devil , 2018, ArXiv.