Blockchain data structures maintained via the longest-chain rule have emerged as a powerful algorithmic tool for consensus algorithms. The technique—popularized by the Bitcoin protocol—has proven to be remarkably exible and now supports consensus algorithms in a wide variety of settings. Despite such broad applicability and adoption, current analytic understanding of the technique is highly dependent on details of the protocol’s leader election scheme. A particular challenge appears in the proof-of-stake setting, where existing analyses su er from quadratic dependence on su x length. We describe an axiomatic theory of blockchain dynamics that permits rigorous reasoning about the longestchain rule in quite general circumstances and establish bounds—optimal to within a constant—on the probability of a consistency violation. This settles a critical open question in the proof-of-stake setting where we achieve linear consistency for the rst time. Operationally, blockchain consensus protocols achieve consistency by instructing parties to remove a su x of a certain length from their local blockchain. While the analysis of Bitcoin guarantees consistency with error 2−k by removing O(k) blocks, recent work on proof-of-stake (PoS) blockchains has su ered from quadratic dependence: (PoS) blockchain protocols, exempli ed by Ouroboros (Crypto 2017), Ouroboros Praos (Eurocrypt 2018) and Sleepy Consensus (Asiacrypt 2017), can only establish that the length of this su x should be Θ(k2). This consistency guarantee is a fundamental design parameter for these systems, as the length of the su x is a lower bound for the time required to wait for transactions to settle. Whether this gap is an intrinsic limitation of PoS—due to issues such as the “nothing-at-stake” problem—has been an urgent open question, as deployed PoS blockchains further rely on consistency for protocol correctness: in particular, security of the protocol itself relies on this parameter. Our general theory directly improves the required su x length from Θ(k2) to Θ(k). Thus we show, for the rst time, how PoS protocols can match proof-of-work blockchain protocols for exponentially decreasing consistency error. Our analysis focuses on the articulation of a two-dimensional stochastic process that captures the features of interest, an exact recursive closed form for the critical functional of the process, and tail bounds established for associated generating functions that dominate the failure events. Finally, the analysis provides an explicit polynomial-time algorithm for exactly computing the exponentially-decaying error function which can directly inform practice. Erica Blum’s work was partly supported by nancial assistance award 70NANB19H126 from U.S. Department of Commerce, National Institute of Standards and Technology. Aggelos Kiayias’ research was partly supported by H2020 Grant #780477, PRIViLEDGE. Cristopher Moore’s research was partly supported by NSF grant BIGDATA-1838251. Alexander Russell’s work was partly supported by NSF Grant #1717432.
[1]
Satoshi Nakamoto.
Bitcoin : A Peer-to-Peer Electronic Cash System
,
2009
.
[2]
Ariel Gabizon,et al.
Cryptocurrencies Without Proof of Work
,
2014,
Financial Cryptography Workshops.
[3]
Charles M. Grinstead,et al.
Introduction to probability
,
1999,
Statistics for the Behavioural Sciences.
[4]
Elaine Shi,et al.
Hybrid Consensus: Efficient Consensus in the Permissionless Model
,
2016,
DISC.
[5]
Aggelos Kiayias,et al.
Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol
,
2017,
CRYPTO.
[6]
Aggelos Kiayias,et al.
Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain
,
2018,
EUROCRYPT.
[7]
Stefan Dziembowski,et al.
Proofs of Space
,
2015,
CRYPTO.
[8]
Elaine Shi,et al.
Thunderella: Blockchains with Optimistic Instant Confirmation
,
2018,
IACR Cryptol. ePrint Arch..
[9]
Georg Fuchsbauer,et al.
SpaceMint: A Cryptocurrency Based on Proofs of Space
,
2018,
ERCIM News.
[10]
V. Climenhaga.
Markov chains and mixing times
,
2013
.
[11]
Abhi Shelat,et al.
Analysis of the Blockchain Protocol in Asynchronous Networks
,
2017,
EUROCRYPT.
[12]
Elaine Shi,et al.
The Sleepy Model of Consensus
,
2017,
ASIACRYPT.
[13]
Aggelos Kiayias,et al.
The Bitcoin Backbone Protocol: Analysis and Applications
,
2015,
EUROCRYPT.
[14]
Elaine Shi,et al.
Snow White: Provably Secure Proofs of Stake
,
2016,
IACR Cryptol. ePrint Arch..
[15]
Aggelos Kiayias,et al.
Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability
,
2018,
IACR Cryptol. ePrint Arch..
[16]
Ilan Orlov,et al.
Proofs of Space-Time and Rational Proofs of Storage
,
2019,
IACR Cryptol. ePrint Arch..
[17]
Rajeev Motwani,et al.
Randomized Algorithms
,
1995,
SIGA.
[18]
Moni Naor,et al.
Pricing via Processing or Combatting Junk Mail
,
1992,
CRYPTO.
[19]
S. Matthew Weinberg,et al.
Formal Barriers to Longest-Chain Proof-of-Stake Protocols
,
2018,
EC.
[20]
Aggelos Kiayias,et al.
The Bitcoin Backbone Protocol with Chains of Variable Difficulty
,
2017,
CRYPTO.
[21]
Silvio Micali,et al.
ALGORAND: The Efficient and Democratic Ledger
,
2016,
ArXiv.
[22]
Vincent Rijmen,et al.
Advances in Cryptology – EUROCRYPT 2018
,
2018,
Lecture Notes in Computer Science.