Erlay: Efficient Transaction Relay for Bitcoin

Bitcoin is a top-ranked cryptocurrency that has experienced huge growth and survived numerous attacks. The protocols making up Bitcoin must therefore accommodate the growth of the network and ensure security. Security of the Bitcoin network depends on connectivity between the nodes. Higher connectivity yields better security. In this paper we make two observations: (1) current connectivity in the Bitcoin network is too low for optimal security; (2) at the same time, increasing connectivity will substantially increase the bandwidth used by the transaction dissemination protocol, making it prohibitively expensive to operate a Bitcoin node. Half of the total bandwidth needed to operate a Bitcoin node is currently used to just announce transactions. Unlike block relay, transaction dissemination has received little attention in prior work. We propose a new transaction dissemination protocol, Erlay, that not only reduces the bandwidth consumption by 40% assuming current connectivity, but also keeps the bandwidth use almost constant as the connectivity increases. In contrast, the existing protocol increases the bandwidth consumption linearly with the number of connections. By allowing more connections at a small cost, Erlay improves the security of the Bitcoin network. And, as we demonstrate, Erlay also hardens the network against attacks that attempt to learn the origin node of a transaction. Erlay is currently being investigated by the Bitcoin community for future use with the Bitcoin protocol.

[1]  Alan Dearle,et al.  Hosting Byzantine Fault Tolerant Services on a Chord Ring , 2010, ArXiv.

[2]  Mahesh Viswanathan,et al.  An Approximate L1-Difference Algorithm for Massive Data Streams , 2002, SIAM J. Comput..

[3]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[4]  Juan Li,et al.  Efa: an efficient content routing algorithm in large peer-to-peer overlay networks , 2003, Proceedings Third International Conference on Peer-to-Peer Computing (P2P2003).

[5]  A. Trachtenberg,et al.  Practical Set Reconciliation , 2002 .

[6]  Sachin Agarwal,et al.  Fast PDA synchronization using characteristic polynomial interpolation , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[7]  Albert-László Barabási,et al.  Statistical mechanics of complex networks , 2001, ArXiv.

[8]  Hannes Hartenstein,et al.  Network Layer Aspects of Permissionless Blockchains , 2019, IEEE Communications Surveys & Tutorials.

[9]  Christian Decker,et al.  Bitcoin Transaction Malleability and MtGox , 2014, ESORICS.

[10]  Rafail Ostrovsky,et al.  Fuzzy Extractors: How to Generate Strong Keys from Biometrics and Other Noisy Data , 2004, SIAM J. Comput..

[11]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[12]  Gavin Andresen,et al.  Graphene: A New Protocol for Block Propagation Using Set Reconciliation , 2017, DPM/CBT@ESORICS.

[13]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[14]  Alex Biryukov,et al.  Deanonymisation of Clients in Bitcoin P2P Network , 2014, CCS.

[15]  Jessica H. Fong,et al.  An Approximate Lp Difference Algorithm for Massive Data Streams , 1999, Discret. Math. Theor. Comput. Sci..

[16]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[17]  Enrico Tronci 1997 , 1997, Les 25 ans de l’OMC: Une rétrospective en photos.

[18]  Yasushi Saito,et al.  Optimistic replication , 2005, CSUR.

[19]  Fan Zhang,et al.  REM: Resource-Efficient Mining for Blockchains , 2017, IACR Cryptol. ePrint Arch..

[20]  Massimo Marchiori,et al.  Error and attacktolerance of complex network s , 2004 .

[21]  Rasmus Pagh,et al.  Simple multi-party set reconciliation , 2013, Distributed Computing.

[22]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[23]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[24]  Tyler Moore,et al.  Game-Theoretic Analysis of DDoS Attacks Against Bitcoin Mining Pools , 2014, Financial Cryptography Workshops.

[25]  G. Sridhar,et al.  Bandwidth and latency model for DHT based peer-to-peer networks under variable churn , 2005, 2005 Systems Communications (ICW'05, ICHSN'05, ICMCS'05, SENET'05).

[26]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[27]  Hannes Hartenstein,et al.  Exploiting Transaction Accumulation and Double Spends for Topology Inference in Bitcoin , 2018, Financial Cryptography Workshops.

[28]  Arvind Narayanan,et al.  Bitcoin and Cryptocurrency Technologies - A Comprehensive Introduction , 2016 .

[29]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[30]  Wu Ai,et al.  Efficient flooding in peer-to-peer networks , 2006, 2006 7th International Conference on Computer-Aided Industrial Design and Conceptual Design.

[31]  Patrick D. McDaniel,et al.  An Analysis of Anonymity in Bitcoin Using P2P Network Traffic , 2014, Financial Cryptography.

[32]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[33]  Mo Adda,et al.  Bitcoin Network Measurements for Simulation Validation and Parameterization , 2016, INC.

[34]  Michael Mitzenmacher,et al.  Multi-party set reconciliation using characteristic polynomials , 2014, 2014 52nd Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[35]  Joseph Bonneau,et al.  Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus , 2016, Financial Cryptography Workshops.

[36]  Cristina Pérez-Solà,et al.  TxProbe: Discovering Bitcoin's Network Topology Using Orphan Transactions , 2018, Financial Cryptography.

[37]  Jehn-Ruey Jiang,et al.  Bandwidth- and Latency-Aware Peer-to-Peer Instant Friendcast for Online Social Networks , 2010, 2010 IEEE 16th International Conference on Parallel and Distributed Systems.

[38]  Marios D. Dikaiakos,et al.  A Feedback-Based Approach to Reduce Duplicate Messages in Unstructured Peer-To-Peer Networks , 2007 .

[39]  Albert-László Barabási,et al.  Error and attack tolerance of complex networks , 2000, Nature.

[40]  David Mazières,et al.  Kademlia: A Peer-to-Peer Information System Based on the XOR Metric , 2002, IPTPS.

[41]  Andrew Miller,et al.  Discovering Bitcoin ’ s Public Topology and Influential Nodes , 2015 .

[42]  Amos Fiat,et al.  Making Chord Robust to Byzantine Attacks , 2005, ESA.

[43]  Feng Hao,et al.  Refund Attacks on Bitcoin's Payment Protocol , 2016, Financial Cryptography.

[44]  Marcin Andrychowicz,et al.  On the Malleability of Bitcoin Transactions , 2015, Financial Cryptography Workshops.

[45]  Andrei Z. Broder,et al.  On the resemblance and containment of documents , 1997, Proceedings. Compression and Complexity of SEQUENCES 1997 (Cat. No.97TB100171).

[46]  Ran Canetti,et al.  Black-Box Concurrent Zero-Knowledge Requires (Almost) Logarithmically Many Rounds , 2002, SIAM J. Comput..

[47]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[48]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[49]  Ian Clarke,et al.  Freenet: A Distributed Anonymous Information Storage and Retrieval System , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[50]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[51]  Andrew Miller,et al.  Dandelion++: Lightweight Cryptocurrency Networking with Formal Anonymity Guarantees , 2018, Proc. ACM Meas. Anal. Comput. Syst..

[52]  Vassilios V. Dimakopoulos,et al.  A study on the redundancy of flooding in unstructured p2p networks , 2013, Int. J. Parallel Emergent Distributed Syst..

[53]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[54]  Hannes Hartenstein,et al.  Timing Analysis for Inferring the Topology of the Bitcoin Peer-to-Peer Network , 2016, 2016 Intl IEEE Conferences on Ubiquitous Intelligence & Computing, Advanced and Trusted Computing, Scalable Computing and Communications, Cloud and Big Data Computing, Internet of People, and Smart World Congress (UIC/ATC/ScalCom/CBDCom/IoP/SmartWorld).