Plumo: An Ultralight Blockchain Client

Syncing the latest state of a blockchain can be a resource-intensive task, driving (especially mobile) end users towards centralized services offering instant access. To expand full decentralized access to anyone with a mobile phone, we introduce a consensus-agnostic compiler for constructing ultralight clients, providing secure and highly efficient blockchain syncing via a sequence of SNARK-based state transition proofs, and prove its security formally. Instantiating this, we present Plumo, an ultralight client for the Celo blockchain capable of syncing the latest network state summary in just a few seconds even on a low-end mobile phone. In Plumo, each transition proof covers four months of blockchain history and can be produced for just $25 USD of compute. Plumo achieves this level of efficiency thanks to two new SNARK-friendly constructions, which may also be of independent interest: a new BLS-based offline aggregate multisignature scheme in which signers do not have to know the members of their multisignature group in advance, and a new composite algebraic-symmetric cryptographic hash function.

[1]  Maria Gradinariu Potop-Butucaru,et al.  Correctness of Tendermint-Core Blockchains , 2018, OPODIS.

[2]  Thomas Ristenpart,et al.  The Power of Proofs-of-Possession: Securing Multiparty Signatures against Rogue-Key Attacks , 2007, EUROCRYPT.

[3]  Kannan Ramchandran,et al.  CoVer: Collaborative Light-Node-Only Verification and Data Availability for Blockchains , 2020, 2020 IEEE International Conference on Blockchain (Blockchain).

[4]  Bryan Ford,et al.  Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing , 2016, USENIX Security Symposium.

[5]  Hovav Shacham,et al.  Short Signatures from the Weil Pairing , 2001, J. Cryptol..

[6]  Giulio Malavolta,et al.  Concurrency and Privacy with Payment-Channel Networks , 2017, IACR Cryptol. ePrint Arch..

[7]  Joseph Poon,et al.  Plasma : Scalable Autonomous Smart Contracts , 2017 .

[8]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[9]  Nir Bitansky,et al.  Recursive composition and bootstrapping for SNARKS and proof-carrying data , 2013, STOC '13.

[10]  Aurore Guillevic,et al.  Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition , 2020, IACR Cryptol. ePrint Arch..

[11]  Loi Luu,et al.  FlyClient: Super-Light Clients for Cryptocurrencies , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[12]  Sarah Meiklejohn,et al.  Top Ten Obstacles along Distributed Ledgers Path to Adoption , 2018, IEEE Security & Privacy.

[13]  Mihir Bellare,et al.  Fast Batch Verification for Modular Exponentiation and Digital Signatures , 1998, IACR Cryptol. ePrint Arch..

[14]  Hovav Shacham,et al.  Aggregate and Verifiably Encrypted Signatures from Bilinear Maps , 2003, EUROCRYPT.

[15]  Daniel Kales,et al.  Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems , 2019, IACR Cryptol. ePrint Arch..

[16]  Nicholas Spooner,et al.  Recursive Proof Composition from Accumulation Schemes , 2020, TCC.

[17]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[18]  Joseph Bonneau,et al.  Coda: Decentralized Cryptocurrency at Scale , 2020, IACR Cryptol. ePrint Arch..

[19]  Dong Hoon Lee,et al.  Use of Sparse and/or Complex Exponents in Batch Verification of Exponentiations , 2006, IEEE Transactions on Computers.

[20]  Igor Konnov,et al.  A Tendermint Light Client , 2020, ArXiv.

[21]  Matthew Green,et al.  ZEXE: Enabling Decentralized Private Computation , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[22]  Ian Miers,et al.  Scalable Multi-party Computation for zk-SNARK Parameters in the Random Beacon Model , 2017, IACR Cryptol. ePrint Arch..

[23]  William J. Knottenbelt,et al.  TxChain: Efficient Cryptocurrency Light Clients via Contingent Transaction Aggregation , 2020, IACR Cryptol. ePrint Arch..

[24]  Wei Zhang,et al.  TICK: Tiny Client for Blockchains , 2019, IACR Cryptol. ePrint Arch..

[25]  Eran Tromer,et al.  Proof-Carrying Data and Hearsay Arguments from Signature Cards , 2010, ICS.

[26]  Markulf Kohlweiss,et al.  Sonic: Zero-Knowledge SNARKs from Linear-Size Universal and Updatable Structured Reference Strings , 2019, IACR Cryptol. ePrint Arch..

[27]  Eike Kiltz,et al.  The Algebraic Group Model and its Applications , 2018, IACR Cryptol. ePrint Arch..

[28]  Dario Fiore,et al.  On the (In)Security of SNARKs in the Presence of Oracles , 2016, TCC.

[29]  M. AdelsonVelskii,et al.  AN ALGORITHM FOR THE ORGANIZATION OF INFORMATION , 1963 .

[30]  Pedro Moreno-Sanchez,et al.  SoK: Off The Chain Transactions , 2019, IACR Cryptol. ePrint Arch..

[31]  Dan Boneh,et al.  Bulletproofs: Short Proofs for Confidential Transactions and More , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[32]  Nir Bitansky,et al.  On the existence of extractable one-way functions , 2014, SIAM J. Comput..

[33]  Mary Maller,et al.  Marlin: Preprocessing zkSNARKs with Universal and Updatable SRS , 2020, IACR Cryptol. ePrint Arch..

[34]  Alexandra Boldyreva,et al.  Efficient threshold signature, multisignature and blind signature schemes based on the Gap-Diffie-Hellman-Group signature scheme , 2002 .

[35]  Sean Bowe,et al.  Recursive Proof Composition without a Trusted Setup , 2020 .

[36]  Justin Cappos,et al.  CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds , 2017, USENIX Security Symposium.

[37]  Aggelos Kiayias,et al.  Non-Interactive Proofs of Proof-of-Work , 2020, IACR Cryptol. ePrint Arch..

[38]  Rachid Guerraoui,et al.  Introduction to Reliable and Secure Distributed Programming , 2011 .

[39]  George Danezis,et al.  Chainspace: A Sharded Smart Contracts Platform , 2017, NDSS.

[40]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[41]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[42]  Henrique Moniz,et al.  The Istanbul BFT Consensus Algorithm , 2020, ArXiv.

[43]  Lynn Chua,et al.  On Cycles of Pairing-Friendly Elliptic Curves , 2019, SIAM J. Appl. Algebra Geom..

[44]  Samuel Neves,et al.  BLAKE2: Simpler, Smaller, Fast as MD5 , 2013, ACNS.

[45]  Jung Hee Cheon,et al.  Discrete Logarithm Problems with Auxiliary Inputs , 2010, Journal of Cryptology.

[46]  Martin R. Albrecht,et al.  MiMC: Efficient Encryption and Cryptographic Hashing with Minimal Multiplicative Complexity , 2016, ASIACRYPT.

[47]  Emma Dauterman,et al.  Reducing Participation Costs via Incremental Verification for Ledger Systems , 2020, IACR Cryptol. ePrint Arch..

[48]  Kenneth G. Paterson,et al.  Pairings for Cryptographers , 2008, IACR Cryptol. ePrint Arch..