The consensus number of a cryptocurrency

Many blockchain-based algorithms, such as Bitcoin, implement a decentralized asset transfer system, often referred to as a cryptocurrency. As stated in the original paper by Nakamoto, at the heart of these systems lies the problem of preventing double-spending ; this is usually solved by achieving consensus on the order of transfers among the participants. By treating the asset transfer problem as a concurrent object and determining its consensus number, we show that consensus is not necessary to prevent double-spending. We first consider the problem as defined by Nakamoto, where only a single process---the account owner---can withdraw from each account. Safety and liveness need to be ensured for correct account owners, whereas misbehaving account owners might be unable to perform transfers. We show that the consensus number of an asset transfer object is 1. We then consider a more general k-shared asset transfer object where up to k processes can atomically withdraw from the same account, and show that this object has consensus number k. We first establish these these results in the context of shared memory with benign faults, in order to properly understand the level of difficulty of the asset transfer problem. Then, we translate our result in the more practically relevant message passing setting with Byzantine players. We describe an asynchronous Byzantine fault-tolerant asset transfer implementation that is both simpler and more efficient than state-of-the-art consensus-based solutions. Our results are applicable to both the permissioned (private) and permissionless (public) setting, as normally their differentiation is hidden by the abstractions on top of which our algorithms are based.

[1]  Sam Toueg,et al.  Randomized Byzantine Agreements , 1984, PODC '84.

[2]  Piotr Berman,et al.  Towards optimal distributed consensus , 1989, 30th Annual Symposium on Foundations of Computer Science.

[3]  Sam Toueg,et al.  Some Results on the Impossibility, Universality, and Decidability of Consensus , 1992, WDAG.

[4]  Alysson Bessani,et al.  A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2017, 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[5]  C. Lemahieu,et al.  Nano : A Feeless Distributed Cryptocurrency Network , 2018 .

[6]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[7]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[8]  David Mazières The Stellar Consensus Protocol : A Federated Model for Internet-level Consensus , 2015 .

[9]  Snowflake to Avalanche : A Novel Metastable Consensus Protocol Family for Cryptocurrencies Team Rocket , 2018 .

[10]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[11]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[12]  Haibin Zhang,et al.  BEAT: Asynchronous BFT Made Practical , 2018, CCS.

[13]  Marko Vukolic,et al.  Blockchain Consensus Protocols in the Wild , 2017, DISC.

[14]  Nir Shavit,et al.  Atomic snapshots of shared memory , 1990, JACM.

[15]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[16]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[17]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[18]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[19]  R. Guerraoui,et al.  Blockchain Protocols : The Adversary is in the Details , 2018 .

[20]  Ariel Gabizon,et al.  Cryptocurrencies Without Proof of Work , 2014, Financial Cryptography Workshops.

[21]  Maurice Herlihy,et al.  Linearizability: a correctness condition for concurrent objects , 1990, TOPL.

[22]  Dahlia Malkhi,et al.  Secure reliable multicast protocols in a WAN , 1997, Proceedings of 17th International Conference on Distributed Computing Systems.

[23]  Nick Szabo,et al.  Formalizing and Securing Relationships on Public Networks , 1997, First Monday.

[24]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[25]  Hagit Attiya,et al.  Sequential consistency versus linearizability , 1994, TOCS.

[26]  Marko Vukolic,et al.  Blockchain Consensus Protocols in the Wild (Keynote Talk) , 2017, DISC.

[27]  Maurice Herlihy,et al.  Wait-free synchronization , 1991, TOPL.

[28]  Christian Decker,et al.  Bitcoin meets strong consistency , 2014, ICDCN.

[29]  Saurabh Gupta A Non-Consensus Based Decentralized Financial Transaction Processing Model with Support for Efficient Auditing , 2016 .

[30]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[31]  Ramakrishna Kotla,et al.  Revisiting Fast Practical Byzantine Fault Tolerance , 2017, ArXiv.

[32]  Marko Vukolic,et al.  Hyperledger fabric: a distributed operating system for permissioned blockchains , 2018, EuroSys.

[33]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[34]  Michael K. Reiter,et al.  A high-throughput secure reliable multicast protocol , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[35]  Colin J. Fidge,et al.  Timestamps in Message-Passing Systems That Preserve the Partial Ordering , 1988 .

[36]  André Schiper,et al.  Handling message semantics with Generic Broadcast protocols , 2002, Distributed Computing.

[37]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[38]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[39]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[40]  Rachid Guerraoui,et al.  State Machine Replication Is More Expensive Than Consensus , 2018, DISC.

[41]  Sam Toueg,et al.  Fault-tolerant broadcasts and related problems , 1993 .

[42]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[43]  Kartik Nayak,et al.  Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus , 2016, OPODIS.

[44]  Marko Vukolic,et al.  A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform , 2018, DSN.

[45]  Stephen B. Wicker,et al.  Vegvisir: A Partition-Tolerant Blockchain for the Internet-of-Things , 2018, 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS).

[46]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[47]  Aviv Zohar,et al.  Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains , 2013, IACR Cryptol. ePrint Arch..