On Trees, Chains and Fast Transactions in the Blockchain

A fundamental open problem in the area of blockchain protocols is whether the Bitcoin protocol is the only solution for building a secure transaction ledger. A recently proposed and widely considered alternative is the GHOST protocol which, notably, was proposed to be at the core of Ethereum as well as other recent proposals for improved Bitcoin-like systems. The GHOST variant is touted as o ering superior performance compared to Bitcoin (potentially o ering block production speed up by a factor of more than 40) without a security loss. Motivated by this, in this work, we study from a provable security point of view the GHOST protocol. We introduce a new formal framework for the analysis of blockchain protocols that relies on trees (rather than chains) and we showcase the power of the framework by providing a uni ed description of the GHOST and Bitcoin protocols, the former of which we extract and formally describe. We then prove that GHOST implements a robust transaction ledger (i.e., possesses liveness and persistence) and hence it is a provably secure alternative to Bitcoin; moreover, our bound for the liveness parameter is superior to that proven for the bitcoin backbone in line with the original expectation for GHOST. Our proof follows a novel methodology for establishing that GHOST is a robust transaction ledger compared to previous works, which may be of independent interest and can be applicable to other blockchain variants.

[1]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[2]  Joseph Bonneau,et al.  EthIKS: Using Ethereum to Audit a CONIKS Key Transparency Log , 2016, Financial Cryptography Workshops.

[3]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[4]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[5]  Marcin Andrychowicz,et al.  PoW-Based Distributed Cryptography with No Trusted Setup , 2015, CRYPTO.

[6]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[7]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[8]  The Ring of Gyges : Using Smart Contracts for Crime , 2015 .

[9]  Speed-Security Tradeo s in Blockchain Protocols , 2015 .

[10]  Lear Bahack,et al.  Theoretical Bitcoin Attacks with less than Half of the Computational Power (draft) , 2013, IACR Cryptol. ePrint Arch..

[11]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[12]  Colin Percival STRONGER KEY DERIVATION VIA SEQUENTIAL MEMORY-HARD FUNCTIONS , 2009 .

[13]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[14]  Jack Peterson,et al.  Augur: a decentralized, open-source platform for prediction markets , 2015, ArXiv.

[15]  Jurica Hižak,et al.  A derivation of the mean absolute distance in one-dimensional random walk , 2011 .

[16]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[17]  Steve Omohundro,et al.  Cryptocurrencies, smart contracts, and artificial intelligence , 2014, SIGAI.

[18]  Emin Gün Sirer,et al.  Majority Is Not Enough: Bitcoin Mining Is Vulnerable , 2013, Financial Cryptography.

[19]  Michael Okun Agreement Among Unacquainted Byzantine Generals , 2005, DISC.

[20]  Elaine Shi,et al.  Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[21]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[22]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.