Byzantine Consensus from Moderately-Hard Puzzles : A Model for Bitcoin

We present a formal model of synchronous processes without distinct identifiers (i.e., anonymous processes) that communicate using one-way public broadcasts. Our main contribution is a proof that the Bitcoin protocol achieves consensus in this model, except for a negligible probability, when Byzantine faults make up less than half the network. The protocol is scalable, since the running time and message complexity are all independent of the size of the network, instead depending only on the relative computing power of the faulty processes. We also introduce a requirement that the protocol must tolerate an arbitrary number of passive clients that receive broadcasts but can not send. This leads to a tight 2f + 1 resilience bound.

[1]  R. A. Leibler,et al.  On Information and Sufficiency , 1951 .

[2]  Cora Lee C. Gillilland An Answer to David M. Schneider's Remarks Concerning: The Stone, Money of Yap A Numismatic Survey , 1976 .

[3]  Ralph C. Merkle,et al.  Secure communications over insecure channels , 1978, CACM.

[4]  Dana Angluin,et al.  Local and global properties in networks of processors (Extended Abstract) , 1980, STOC '80.

[5]  Michael Ben-Or,et al.  Another advantage of free choice (Extended Abstract): Completely asynchronous agreement protocols , 1983, PODC '83.

[6]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[7]  Brian A. Coan,et al.  A Simple and Efficient Randomized Byzantine Agreement Algorithm , 1985, IEEE Transactions on Software Engineering.

[8]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1985, JACM.

[9]  Amos Israeli,et al.  On processor coordination using asynchronous hardware , 1987, PODC '87.

[10]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[11]  S. Micali,et al.  Noninteractive Zero-Knowledge , 1990, SIAM J. Comput..

[12]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[13]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[14]  Ronald L. Rivest,et al.  Time-lock Puzzles and Timed-release Crypto , 1996 .

[15]  Adi Shamir,et al.  PayWord and MicroMint: Two Simple Micropayment Schemes , 1996, Security Protocols Workshop.

[16]  Hagit Attiya,et al.  Computing in Totally Anonymous Asynchronous Shared Memory Systems , 1998, DISC.

[17]  Ari Juels,et al.  $evwu Dfw , 1998 .

[18]  Ben Y. Zhao,et al.  OceanStore: an architecture for global-scale persistent storage , 2000, SIGP.

[19]  E. Friedman,et al.  The Social Cost of Cheap Pseudonyms , 2001 .

[20]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[21]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[22]  Paul Resnick,et al.  Trust among strangers in internet transactions: Empirical analysis of eBay' s reputation system , 2002, The Economics of the Internet and E-commerce.

[23]  Fred B. Schneider,et al.  COCA: a secure distributed online certification authority , 2002 .

[24]  Moni Naor,et al.  On Memory-Bound Functions for Fighting Spam , 2003, CRYPTO.

[25]  James Aspnes,et al.  Randomized protocols for asynchronous consensus , 2002, Distributed Computing.

[26]  John Langford,et al.  CAPTCHA: Using Hard AI Problems for Security , 2003, EUROCRYPT.

[27]  Christian Cachin,et al.  Secure distributed DNS , 2004, International Conference on Dependable Systems and Networks, 2004.

[28]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[29]  Rachid Guerraoui,et al.  What Can Be Implemented Anonymously? , 2005, DISC.

[30]  Michael Okun Agreement Among Unacquainted Byzantine Generals , 2005, DISC.

[31]  J. Aspnes,et al.  Exposing Computationally-Challenged Byzantine Impostors , 2005 .

[32]  Harald Niederreiter,et al.  Probability and computing: randomized algorithms and probabilistic analysis , 2006, Math. Comput..

[33]  Brian Neil Levine,et al.  A Survey of Solutions to the Sybil Attack , 2006 .

[34]  Amnon Barak,et al.  Efficient Algorithms for Anonymous Byzantine Agreement , 2008, Theory of Computing Systems.

[35]  L. Addario-Berry,et al.  Ballot Theorems, Old and New , 2008 .

[36]  R. Tempo,et al.  Las Vegas randomized algorithms in distributed consensus problems , 2008, 2008 American Control Conference.

[37]  Carole Delporte-Gallet,et al.  Fault-Tolerant Consensus in Unknown and Anonymous Networks , 2009, 2009 29th IEEE International Conference on Distributed Computing Systems.

[38]  Rachid Guerraoui,et al.  Brief announcement: byzantine agreement with homonyms , 2010, SPAA '10.

[39]  Hagit Attiya,et al.  Lower Bounds for Randomized Consensus under a Weak Adversary , 2010, SIAM J. Comput..

[40]  Corentin Travers,et al.  Anonymous Agreement: The Janus Algorithm , 2011, OPODIS.

[41]  Jared Saia,et al.  Breaking the O(n2) bit barrier: Scalable byzantine agreement with an adaptive adversary , 2010, JACM.

[42]  Gabriel Bracha,et al.  Randomized Consensus in Expected Operations , .