Everything is a Race and Nakamoto Always Wins

Nakamoto invented the longest chain protocol, and claimed its security by analyzing the private double-spend attack, a race between the adversary and the honest nodes to grow a longer chain. But is it the worst attack? We answer the question in the affirmative for three classes of longest chain protocols, designed for different consensus models: 1) Nakamoto's original Proof-of-Work protocol; 2) Ouroboros and SnowWhite Proof-of-Stake protocols; 3) Chia Proof-of-Space protocol. As a consequence, exact characterization of the maximum tolerable adversary power is obtained for each protocol as a function of the average block time normalized by the network delay. The security analysis of these protocols is performed in a unified manner by a novel method of reducing all attacks to a race between the adversary and the honest nodes.

[1]  Elaine Shi,et al.  Snow White: Provably Secure Proofs of Stake , 2016, IACR Cryptol. ePrint Arch..

[2]  Krzysztof Pietrzak,et al.  The Chia Network Blockchain , 2019 .

[3]  Stefan Dziembowski,et al.  Proofs of Space , 2015, CRYPTO.

[4]  Aggelos Kiayias,et al.  Consistency of Proof-of-Stake Blockchains with Concurrent Honest Slot Leaders , 2020, 2020 IEEE 40th International Conference on Distributed Computing Systems (ICDCS).

[5]  Aviv Zohar,et al.  Secure High-Rate Transaction Processing in Bitcoin , 2015, Financial Cryptography.

[6]  Michael Drmota The Height of Increasing Trees , 2009 .

[7]  Elie Aidékon Convergence in law of the minimum of a branching random walk , 2011, 1101.1810.

[8]  Dan Boneh,et al.  Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[9]  Boris G. Pittel,et al.  Note on the Heights of Random Recursive Trees and Random m-ary Search Trees , 1994, Random Struct. Algorithms.

[10]  Dongning Guo,et al.  Continuous-Time Analysis of the Bitcoin and Prism Backbone Protocols , 2020, ArXiv.

[11]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[12]  K. Athreya Branching Random Walks , 2010 .

[13]  Leonid Reyzin,et al.  Beyond Hellman's Time-Memory Trade-Offs with Applications to Proofs of Space , 2017, ASIACRYPT.

[14]  E. Aïdékon Convergence in law of the minimum of a branching random walk , 2013 .

[15]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[16]  Georg Fuchsbauer,et al.  SpaceMint: A Cryptocurrency Based on Proofs of Space , 2018, ERCIM News.

[17]  Aggelos Kiayias,et al.  Tight Consistency Bounds for Bitcoin , 2020, IACR Cryptol. ePrint Arch..

[18]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[19]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[20]  Elaine Shi,et al.  Analysis of Deterministic Longest-Chain Protocols , 2019, 2019 IEEE 32nd Computer Security Foundations Symposium (CSF).

[21]  S. Nakamoto,et al.  Bitcoin: A Peer-to-Peer Electronic Cash System , 2008 .

[22]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[23]  Elaine Shi,et al.  The Sleepy Model of Consensus , 2017, ASIACRYPT.

[24]  Ling Ren,et al.  Analysis of Nakamoto Consensus , 2019, IACR Cryptol. ePrint Arch..

[25]  Yueyun Hu,et al.  Minimal position and critical martingale convergence in branching random walks, and directed polymers on disordered trees , 2007, math/0702799.

[26]  Aviv Zohar,et al.  Bitcoin's Security Model Revisited , 2016, ArXiv.

[27]  Krzysztof Pietrzak,et al.  Simple Verifiable Delay Functions , 2018, IACR Cryptol. ePrint Arch..

[28]  Lei Fan,et al.  A Scalable Proof-of-Stake Blockchain in the Open Se ing ∗ ( or , How to Mimic Nakamoto ’ s Design via Proof-of-Stake ) , 2018 .