A Permissionless Proof-of-Stake Blockchain with Best-Possible Unpredictability

To eliminate the unnecessary waste of energy and computing power in Bitcoin, in this paper, we develop a novel proof-of-stake consensus in the permissionless se‹ing. Among other features, our design achieves the “best possible” unpredictability for permissionless proof-of-stake protocols. As shown by Brown-Cohen et al (EC 2019), unpredictability property is critical for proof-of-stake consensus in the rational se‹ing; the ƒip side of unpredictability property, i.e., predictability can be abused by the a‹ackers for launching strengthened version of multiple a‹acks such as sel€sh-mining and bribing, against proof-of-stake systems. We are inspired by Bitcoin’s “block-by-block” design, and we show that a direct and natural mimic of Bitcoin’s design via proof-of-stake is secure if the majority 73% of stake is honest. Our result relies on an interesting upper bound of extending proof-of-stake blockchain we establish: players (who may extend all chains) can generate blockchain at most 2.72× faster than playing the basic strategy of extending the longest chain. We introduce a novel strategy called “D-distance-greedy” strategy, which enables us to construct a class of secure proof-of-stake blockchain protocols, against an arbitrary adversary, even assuming much smaller (than 73% of) stake is honest. To enable a thorough security analysis in the cryptographic se‹ing, we develop several new techniques: for example, to show the chain growth property, we represent the chain extension process via a Markov chain, and then develop a random walk on the Markov chain; to prove the common pre€x property, we introduce a new concept called “virtual chains”, and then present a reduction from the regular version of common pre€x to “common pre€x w.r.t. virtual chains”. Finally, we note that, ours is the €rst “block-by-block” style of proof-of-stake in the permissionless se‹ing, naturally mimicking Bitcoin’s design; it turns out that this feature, again allows us to achieve the “best possible” unpredictability property. Other existing provably secure permissionless proof-of-stake solutions are all in an “epoch-by-epoch” style, and thus cannot achieve the best possible unpredictability. ∗‘is is a replacement of earlier versions of the work [30, 31, 29]. Several technical issues in previous versions have been addressed; please see Section 6.3 for details. †Shanghai Jiaotong University, Email: fanlei@sjtu.edu.cn ‡University of Maryland, Email: jkatz@cs.umd.edu §Virginia Commonwealth University, Email: thaipd@vcu.edu ¶Virginia Commonwealth University, Email: hszhou@vcu.edu

[1]  Speed-Security Tradeo s in Blockchain Protocols , 2015 .

[2]  Rafail Ostrovsky,et al.  Invariant Signatures and Non-Interactive Zero-Knowledge Proofs are Equivalent (Extended Abstract) , 1992, CRYPTO.

[3]  Sreeram Kannan,et al.  Everything is a Race and Nakamoto Always Wins , 2020, IACR Cryptol. ePrint Arch..

[4]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[5]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[6]  Ghassan O. Karame,et al.  PoTS: A Secure Proof of TEE-Stake for Permissionless Blockchains , 2022, IEEE Transactions on Services Computing.

[7]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[8]  Aggelos Kiayias,et al.  Consistency of Proof-of-Stake Blockchains with Concurrent Honest Slot Leaders , 2020, 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS).

[9]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[10]  Lei Fan,et al.  2-hop Blockchain: Combining Proof-of-Work and Proof-of-Stake Securely , 2020, ESORICS.

[11]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[12]  E. Felten,et al.  Bitcoin and Cryptocurrency Technologies: a , 2022 .

[13]  Aggelos Kiayias,et al.  Blockchain Mining Games , 2016, EC.

[14]  Ghassan O. Karame,et al.  Securing Proof-of-Stake Blockchain Protocols , 2017, DPM/CBT@ESORICS.

[15]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[16]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[17]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[18]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[19]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[20]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[21]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[22]  S. Matthew Weinberg,et al.  Formal Barriers to Longest-Chain Proof-of-Stake Protocols , 2018, EC.

[23]  Abhi Shelat,et al.  A Better Method to Analyze Blockchain Consistency , 2018, CCS.

[24]  Aggelos Kiayias,et al.  The Combinatorics of the Longest-Chain Rule: Linear Consistency for Proof-of-Stake Blockchains , 2020, SODA.

[25]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[26]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[27]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[28]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[29]  Ran Canetti,et al.  Security and Composition of Multiparty Cryptographic Protocols , 2000, Journal of Cryptology.

[30]  Lei Fan A Scalable Proof-of-Stake Blockchain in the Open Se ing ∗ ( or , How to Mimic Nakamoto ’ s Design via Proof-of-Stake ) , 2018 .

[31]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[32]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[33]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[34]  Tim Roughgarden,et al.  Incentive Compatibility of Bitcoin Mining Pool Reward Functions , 2016, Financial Cryptography.

[35]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[36]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[37]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.