Securing Proof-of-Work Ledgers via Checkpointing

Distributed ledgers based on the Proof-of-Work (PoW) paradigm are typically most vulnerable when mining participation is low. During these periods an attacker can mount devastating attacks, such as double spending or censorship of transactions. Checkpointing has been proposed as a mechanism to mitigate such 51% attacks. The core idea is to employ an external set of parties that securely run an assisting service which guarantees the ledger’s properties and can be relied upon at times when the invested hashing power is low. We realize the assisting service in two ways, via checkpointing and timestamping, and show that a ledger, which employs either, is secure with high probability, even in the presence of an adversarial mining majority. We put forth the first rigorous study of checkpointing as a mechanism to protect PoW ledgers from 51% attacks. Notably, our design is the first to offer both consistency and liveness guarantees, even under adversarial mining majorities. Our liveness analysis also identifies a previously undocumented attack, namely front-running, which enables Denial-of-Service against existing checkpointed ledger systems. We showcase the liveness guarantees of our mechanism by evaluating the checkpointed version of Ethereum Classic, a blockchain which recently suffered a 51% attack, and build a federated distributed checkpointing service, which provides high assurance with low performance requirements. Finally, we prove the security of our timestamping mechanism, build a fully decentralized timestamping solution, by utilizing a secure distributed ledger, and evaluate its performance on the existing Bitcoin and Ethereum systems.

[1]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[4]  Roger Wattenhofer,et al.  Bitcoin Security under Temporary Dishonest Majority , 2019, Financial Cryptography.

[5]  Ghassan O. Karame,et al.  Securing Proof-of-Stake Blockchain Protocols , 2017, DPM/CBT@ESORICS.

[6]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[7]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[8]  Daniel Tschudi,et al.  Afgjort: A Partially Synchronous Finality Layer for Blockchains , 2020, SCN.

[9]  Mema Roussopoulos,et al.  Interactive Consistency in Practical, Mostly-Asynchronous Systems , 2014, 2015 IEEE 21st International Conference on Parallel and Distributed Systems (ICPADS).

[10]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[11]  Elaine Shi,et al.  Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake , 2019, Financial Cryptography.

[12]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[13]  Stefan Dziembowski,et al.  General State Channel Networks , 2018, CCS.

[14]  Stefan Dziembowski,et al.  PERUN: Virtual Payment Channels over Cryptographic Currencies , 2017, IACR Cryptol. ePrint Arch..

[15]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[16]  Loi Luu,et al.  FlyClient: Super-Light Clients for Cryptocurrencies , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[17]  Aggelos Kiayias,et al.  Speed-Security Tradeoffs in Blockchain Protocols , 2015, IACR Cryptol. ePrint Arch..

[18]  David Mazières The Stellar Consensus Protocol: A Federated Model for Internet-level Consensus , 2015 .

[19]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[20]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[21]  Bela Gipp,et al.  Securing Physical Assets on the Blockchain: Linking a novel Object Identification Concept with Distributed Ledgers , 2018, CRYBLOCK@MobiSys.

[22]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[23]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[24]  Joseph Bonneau,et al.  Hostile Blockchain Takeovers (Short Paper) , 2018, Financial Cryptography Workshops.

[25]  John K. Ousterhout,et al.  In Search of an Understandable Consensus Algorithm , 2014, USENIX Annual Technical Conference.

[26]  Stuart Haber,et al.  How to time-stamp a digital document , 1990, Journal of Cryptology.

[27]  Yongdae Kim,et al.  Is Stellar As Secure As You Think? , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[28]  Sebastian Faust,et al.  Temporary Censorship Attacks in the Presence of Rational Miners , 2019, 2019 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).

[29]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[30]  Charles M. Grinstead,et al.  Introduction to probability , 1999, Statistics for the Behavioural Sciences.

[31]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[32]  Alistair Stewart,et al.  Poster: GRANDPA Finality Gadget , 2019, CCS.

[33]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[34]  David Mazières,et al.  Fast and secure global payments with Stellar , 2019, SOSP.

[35]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[36]  Aggelos Kiayias,et al.  Non-Interactive Proofs of Proof-of-Work , 2020, IACR Cryptol. ePrint Arch..

[37]  Norman Meuschke,et al.  Decentralized Trusted Timestamping using the Crypto Currency Bitcoin , 2015, ArXiv.

[38]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[39]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[40]  Leslie Lamport,et al.  Paxos Made Simple , 2001 .

[41]  Vitalik Buterin,et al.  Incentives in Ethereum’s Hybrid Casper Protocol , 2019, 2019 IEEE International Conference on Blockchain and Cryptocurrency (ICBC).

[42]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[43]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[44]  Rainer Böhme,et al.  HotPoW: Finality from Proof-of-Work Quorums , 2019, ArXiv.

[45]  Matthias Fitzi,et al.  Generalized communication and security models in Byzantine agreement , 2002 .

[46]  Sarah Meiklejohn,et al.  Betting on Blockchain Consensus with Fantomette , 2018, ArXiv.