Securing Proof-of-Stake Nakamoto Consensus Under Bandwidth Constraint

Satoshi Nakamoto’s Proof-of-Work (PoW) longest chain (LC) protocol was a breakthrough for Internet-scale open-participation consensus. Many Proof-of-Stake (PoS) variants of Nakamoto’s protocol such as Ouroboros or Snow White aim to preserve the advantages of LC by mimicking PoW LC closely, while mitigating downsides of PoW by using PoS for Sybil resistance. Previous works have proven these PoS LC protocols secure assuming all network messages are delivered within a bounded delay. However, this assumption is not compatible with PoS when considering bandwidth constraints in the underlying communication network. This is because PoS enables the adversary to reuse block production opportunities and spam the network with equivocating blocks, which is impossible in PoW. The bandwidth constraint necessitates that nodes choose carefully which blocks to spend their limited download budget on. We show that ‘download along the longest header chain’, a natural download rule for PoW LC, emulated by PoS variants, is insecure for PoS LC. Instead, we propose ‘download towards the freshest block’ and prove that PoS LC with this download rule is secure in bandwidth constrained networks. Our result can be viewed as a first step towards the co-design of consensus and network layer protocols.

[1]  Tong Cao,et al.  Revisiting Network-Level Attacks on Blockchain Network , 2018 .

[2]  Prateek Saxena,et al.  OHIE: Blockchain Scaling Made Simple , 2018, 2020 IEEE Symposium on Security and Privacy (SP).

[3]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[4]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[5]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[6]  David Tse,et al.  Everything is a Race and Nakamoto Always Wins , 2020, IACR Cryptol. ePrint Arch..

[7]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[8]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[9]  Markus Jakobsson,et al.  Proofs of Work and Bread Pudding Protocols , 1999, Communications and Multimedia Security.

[10]  Sreeram Kannan,et al.  Prism: Deconstructing the Blockchain to Approach Physical Limits , 2019, CCS.

[11]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[12]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[13]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[14]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[15]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[16]  A. Dembo,et al.  Proof-of-Stake Longest Chain Protocols: Security vs Predictability , 2019, Proceedings of the 2022 ACM Workshop on Developments in Consensus on ACM Workshop on Developments in Consensus.

[17]  Nick McKeown,et al.  A network in a laptop: rapid prototyping for software-defined networks , 2010, Hotnets-IX.

[18]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[19]  Aggelos Kiayias,et al.  Parallel Chains: Improving Throughput and Latency of Blockchain Protocols via Parallel Composition , 2018, IACR Cryptol. ePrint Arch..

[20]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[21]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[22]  A. Yakovenko Solana : A new architecture for a high performance blockchain v 0 . 8 , 2018 .

[23]  Aggelos Kiayias,et al.  Tight Consistency Bounds for Bitcoin , 2020, IACR Cryptol. ePrint Arch..

[24]  Ling Ren,et al.  Analysis of Nakamoto Consensus , 2019, IACR Cryptol. ePrint Arch..

[25]  Aggelos Kiayias,et al.  Proof-of-Work Sidechains , 2019, IACR Cryptol. ePrint Arch..

[26]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[27]  Hari Balakrishnan,et al.  Mahimahi: Accurate Record-and-Replay for HTTP , 2015, USENIX Annual Technical Conference.

[28]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[29]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[30]  Wei Xu,et al.  Scaling Nakamoto Consensus to Thousands of Transactions per Second , 2018, ArXiv.

[31]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[32]  Aggelos Kiayias,et al.  Proof-of-Stake Blockchain Protocols with Near-Optimal Throughput , 2020, IACR Cryptol. ePrint Arch..

[33]  Aggelos Kiayias,et al.  Proof-of-Burn , 2020, IACR Cryptol. ePrint Arch..

[34]  Elaine Shi,et al.  Streamlet: Textbook Streamlined Blockchains , 2020, IACR Cryptol. ePrint Arch..

[35]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[36]  Aggelos Kiayias,et al.  Proof-of-Stake Sidechains , 2019, 2019 IEEE Symposium on Security and Privacy (SP).