Coded Merkle Tree: Solving Data Availability Attacks in Blockchains

In this paper, we propose coded Merkle tree (CMT), a novel hash accumulator that offers a constant-cost protection against data availability attacks in blockchains, even if the majority of the network nodes are malicious. A CMT is constructed using a family of sparse erasure codes on each layer, and is recovered by iteratively applying a peeling-decoding technique that enables a compact proof for data availability attack on any layer. Our algorithm enables any node to verify the full availability of any data block generated by the system by just downloading a $\Theta(1)$ byte block hash commitment and randomly sampling $\Theta(\log b)$ bytes, where $b$ is the size of the data block. With the help of only one connected honest node in the system, our method also allows any node to verify any tampering of the coded Merkle tree by just downloading $\Theta(\log b)$ bytes. We provide a modular library for CMT in Rust and Python and demonstrate its efficacy inside the Parity Bitcoin client.

[1]  Daniel A. Spielman,et al.  Efficient erasure correcting codes , 2001, IEEE Trans. Inf. Theory.

[2]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[3]  David Burshtein,et al.  Asymptotic enumeration methods for analyzing LDPC codes , 2004, IEEE Transactions on Information Theory.

[4]  Prateek Saxena,et al.  A Secure Sharding Protocol For Open Blockchains , 2016, CCS.

[5]  Philipp Jovanovic,et al.  OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[6]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[7]  Yunnan Wu,et al.  A Survey on Network Codes for Distributed Storage , 2010, Proceedings of the IEEE.

[8]  Nihar B. Shah,et al.  Optimal Exact-Regenerating Codes for Distributed Storage at the MSR and MBR Points via a Product-Matrix Construction , 2010, IEEE Transactions on Information Theory.

[9]  Ghassan O. Karame,et al.  On the privacy provisions of Bloom filters in lightweight bitcoin clients , 2014, IACR Cryptol. ePrint Arch..

[10]  Sreeram Kannan,et al.  PolyShard: Coded Sharding Achieves Linearly Scaling Efficiency and Security Simultaneously , 2018, IEEE Transactions on Information Forensics and Security.

[11]  George Danezis,et al.  The Road to Scalable Blockchain Designs , 2017, Login: The Usenix Magazine.

[12]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[13]  Lav R. Varshney,et al.  Dynamic Distributed Storage for Scaling Blockchains , 2017, ArXiv.

[14]  Praveen Gauravaram,et al.  LSB: A Lightweight Scalable BlockChain for IoT Security and Privacy , 2017, ArXiv.

[15]  F. Moore,et al.  Polynomial Codes Over Certain Finite Fields , 2017 .

[16]  Shouhuai Xu,et al.  Efficient Public Blockchain Client for Lightweight Users , 2018, EAI Endorsed Trans. Security Safety.

[17]  Lav R. Varshney,et al.  Dynamic Distributed Storage for Blockchains , 2018, 2018 IEEE International Symposium on Information Theory (ISIT).

[18]  Alon Orlitsky,et al.  Stopping set distribution of LDPC code ensembles , 2003, IEEE Transactions on Information Theory.

[19]  Michael J. Fischer,et al.  Scalable Bias-Resistant Distributed Randomness , 2017, 2017 IEEE Symposium on Security and Privacy (SP).

[20]  Praveen Gauravaram,et al.  Blockchain for IoT security and privacy: The case study of a smart home , 2017, 2017 IEEE International Conference on Pervasive Computing and Communications Workshops (PerCom Workshops).

[21]  Jérôme Lacan,et al.  Erasure Code-Based Low Storage Blockchain Node , 2018, 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData).

[22]  L. Litwin,et al.  Error control coding , 2001 .

[23]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[24]  Davide Frey,et al.  Bringing secure Bitcoin transactions to your smartphone , 2016, ARM@Middleware.

[25]  Marcos K. Aguilera,et al.  Using erasure codes efficiently for storage in a distributed system , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[26]  Alexandros G. Dimakis,et al.  Network Coding for Distributed Storage Systems , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[27]  Jeremy Clark,et al.  On Bitcoin as a public randomness source , 2015, IACR Cryptol. ePrint Arch..

[28]  Vitalik Buterin,et al.  Fraud and Data Availability Proofs: Maximising Light Client Security and Scaling Blockchains with Dishonest Majorities. , 2018, 1809.09044.