Betting on Blockchain Consensus with Fantomette

Blockchain-based consensus protocols present the opportunity to develop new protocols, due to their novel requirements of open participation and explicit incentivization of participants. To address the first requirement, it is necessary to consider the leader election inherent in consensus protocols, which can be difficult to scale to a large and untrusted set of participants. To address the second, it is important to consider ways to provide incentivization without relying on the resource-intensive proofs-of-work used in Bitcoin. In this paper, we propose a secure leader election protocol, Caucus; we next fit this protocol into a broader blockchain-based consensus protocol, Fantomette, that provides game-theoretic guarantees in addition to traditional blockchain security properties. Fantomette is the first proof-of-stake protocol to give formal game-theoretic proofs of security in the presence of non-rational players.

[1]  Ignacio Cascudo,et al.  SCRAPE: Scalable Randomness Attested by Public Entities , 2017, IACR Cryptol. ePrint Arch..

[2]  Nathan Linial,et al.  Collective Coin Flipping , 1989, Advances in Computational Research.

[3]  Joshua A. Kroll,et al.  The Economics of Bitcoin Mining, or Bitcoin in the Presence of Adversaries , 2013 .

[4]  Joseph Y. Halpern Beyond nash equilibrium: solution concepts for the 21st century , 2008, PODC '08.

[5]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[6]  Erik Vee,et al.  Scalable leader election , 2006, SODA '06.

[7]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[8]  Christian Decker,et al.  Information propagation in the Bitcoin network , 2013, IEEE P2P 2013 Proceedings.

[9]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[10]  Uriel Feige,et al.  Noncryptographic selection protocols , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[11]  Aggelos Kiayias,et al.  Stake-Bleeding Attacks on Proof-of-Stake Blockchains , 2018, 2018 Crypto Valley Conference on Blockchain Technology (CVCBT).

[12]  Aviv Zohar,et al.  PHANTOM: A Scalable BlockDAG Protocol , 2018, IACR Cryptol. ePrint Arch..

[13]  Joseph Bonneau,et al.  Proofs-of-delay and randomness beacons in Ethereum , 2017 .

[14]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[15]  Michael O. Rabin,et al.  Transaction Protection by Beacons , 1983, J. Comput. Syst. Sci..

[16]  Ittay Eyal,et al.  The Miner's Dilemma , 2014, 2015 IEEE Symposium on Security and Privacy.

[17]  Michael E. Saks A Robust Noncryptographic Protocol for Collective Coin Flipping , 1989, SIAM J. Discret. Math..

[18]  Elaine Shi,et al.  FruitChains: A Fair Blockchain , 2017, IACR Cryptol. ePrint Arch..

[19]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[20]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[21]  Ran Canetti,et al.  Towards Realizing Random Oracles: Hash Functions That Hide All Partial Information , 1997, CRYPTO.

[22]  Michael Dahlin,et al.  BAR fault tolerance for cooperative services , 2005, SOSP '05.

[23]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[24]  Alexander Chepurnoy Interactive Proof-of-stake , 2016, ArXiv.

[25]  Kartik Nayak,et al.  Solidus: An Incentive-compatible Cryptocurrency Based on Permissionless Byzantine Consensus , 2016, ArXiv.

[26]  S. Matthew Weinberg,et al.  On the Instability of Bitcoin Without the Block Reward , 2016, CCS.

[27]  Alexander Russell,et al.  Perfect information leader election in log*n+O(1) rounds , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[28]  Jeremy Clark,et al.  On Bitcoin as a public randomness source , 2015, IACR Cryptol. ePrint Arch..

[29]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[30]  Serguei Popov,et al.  On a decentralized trustless pseudo-random number generation algorithm , 2017, J. Math. Cryptol..

[31]  Manuel Blum,et al.  Coin flipping by telephone a protocol for solving impossible problems , 1983, SIGA.

[32]  Georg Fuchsbauer,et al.  SpaceMint: A Cryptocurrency Based on Proofs of Space , 2018, ERCIM News.

[33]  Ueli Maurer,et al.  But Why does it Work? A Rational Protocol Design Treatment of Bitcoin , 2018, IACR Cryptol. ePrint Arch..

[34]  Ittai Abraham,et al.  Distributed computing meets game theory: combining insights from two fields , 2011, SIGA.

[35]  Aggelos Kiayias,et al.  Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol , 2017, IACR Cryptol. ePrint Arch..

[36]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[37]  Jason Teutsch,et al.  Demystifying Incentives in the Consensus Computer , 2015, CCS.

[38]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[39]  Danny Dolev,et al.  Distributed computing meets game theory: robust mechanisms for rational secret sharing and multiparty computation , 2006, PODC '06.

[40]  George Danezis,et al.  Consensus in the Age of Blockchains , 2017, ArXiv.

[41]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[42]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[43]  Nathan Linial,et al.  Collective coin flipping, robust voting schemes and minima of Banzhaf values , 1985, 26th Annual Symposium on Foundations of Computer Science (sfcs 1985).

[44]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[45]  Leslie Lamport,et al.  Paxos Made Simple , 2001 .

[46]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[47]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[48]  Roberto Palmieri,et al.  Leaderless Consensus: The State of the Art , 2016, 2016 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW).

[49]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[50]  Yoad Lewenberg,et al.  SPECTRE: A Fast and Scalable Cryptocurrency Protocol , 2016, IACR Cryptol. ePrint Arch..

[51]  Ittai Abraham,et al.  Hot-Stuff the Linear, Optimal-Resilience, One-Message BFT Devil , 2018, ArXiv.

[52]  Rafail Ostrovsky,et al.  Simple and efficient leader election in the full information model , 1994, STOC '94.