Analysis of Deterministic Longest-Chain Protocols

Most classical consensus protocols rely on a leader to coordinate nodes' voting efforts. One novel idea that stems from blockchain-style consensus is to rely, instead, on a "longestchain" idea for such coordination. Such a longest-chain idea was initially considered in randomized protocols, where in each round, a node has some probability of being elected a leader who can propose the next block. Recently, well-known systems have started implementing the deterministic counterpart of such longest-chain protocols — the deterministic counterpart is especially attractive since it is even simpler to implement than their randomized cousins. A notable instantiation is the Aura protocol which is widely shipped with Parity's open-source Ethereum implementation. Interestingly, mathematical analyses of deterministic, longest-chain protocols are lacking even though there exist several analyses of randomized versions. In this paper, we provide the first formal analysis of deterministic, longest-chain-style consensus. We show that a variant of the Aura protocol can defend against a Byzantine adversary that controls fewer than 1 fraction of the nodes, and this resilience parameter is tight. 3 Based on insights gained through our mathematical treatment, we point out that Aura's concrete instantiation actually fails to achieve the resilience level they claim and thus clarify existing misconceptions. Finally, while our tight proof for the longest-chain protocol is rather involved and non-trivial; we show that a variant of the "longest-chain" idea which we call "largest-set" enables a textbook construction that admits a simple proof (albeit with slower confirmation).

[1]  Aggelos Kiayias,et al.  Ouroboros-BFT: A Simple Byzantine Fault Tolerant Consensus Protocol , 2018, IACR Cryptol. ePrint Arch..

[2]  Yoram Moses,et al.  The unified structure of consensus: a layered analysis approach , 1998, PODC '98.

[3]  Kartik Nayak,et al.  Efficient Synchronous Byzantine Consensus , 2017, 1704.02397.

[4]  Leslie Lamport,et al.  The part-time parliament , 1998, TOCS.

[5]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[6]  Jonathan Katz,et al.  On Expected Constant-Round Protocols for Byzantine Agreement , 2006, CRYPTO.

[7]  Leslie Lamport,et al.  Byzantine Generals and Transaction Commit Protocols , 2016 .

[8]  Elaine Shi,et al.  PiLi: An Extremely Simple Synchronous Blockchain , 2018, IACR Cryptol. ePrint Arch..

[9]  Silvio Micali,et al.  Optimal and Player-Replaceable Consensus with an Honest Majority , 2017 .

[10]  Elaine Shi,et al.  Rethinking Large-Scale Consensus , 2017, 2017 IEEE 30th Computer Security Foundations Symposium (CSF).

[11]  Aggelos Kiayias,et al.  Ouroboros Praos: An adaptively-secure, semi-synchronous proof-of-stake protocol , 2017, IACR Cryptol. ePrint Arch..

[12]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[13]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[14]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[15]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[16]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[17]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[18]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[19]  Elaine Shi,et al.  Hybrid Consensus: Efficient Consensus in the Permissionless Model , 2016, DISC.

[20]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[21]  Leslie Lamport,et al.  Fast Paxos , 2006, Distributed Computing.

[22]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[23]  Marcos K. Aguilera,et al.  A Simple Bivalency Proof that t-Resilient Consensus Requires t + 1 Rounds , 1998, Inf. Process. Lett..

[24]  Kartik Nayak,et al.  Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[25]  Yoram Moses,et al.  Knowledge and common knowledge in a Byzantine environment I: crash failures , 1986 .

[26]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[27]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[28]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[29]  Elaine Shi,et al.  PaLa: A Simple Partially Synchronous Blockchain , 2018, IACR Cryptol. ePrint Arch..

[30]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.