A PoR/PoS-Hybrid Blockchain: Proof of Reputation with Nakamoto Fallback

Reputation is a major component of trustworthy systems. In this work, we describe how to leverage reputation to establish a highly scalable and efficient blockchain. In order to avoid potential safety concerns stemming from the subjective and volatile nature of reputation, we propose a proof-of-reputation/proof-of-stake-hybrid (in short, PoR/PoS-hybrid) blockchain design. Although proof-of-stake and proof-of-reputation have been separately studied, to our knowledge, our proposal is the first cryptographically secure design of proof-of-reputation-based (in short PoR-based) blockchains; and it is the first blockchain that fortifies its PoR-based security by optimized Nakamoto-style consensus. This results in a ledger protocol which is provably secure if the reputation system is accurate, and preserves its basic safety properties even if it is not, as long as the majority of the stake in the system remains in honest hands. Our results put emphasis on reputation fairness as a key feature of any reputation-based lottery. We devise a definition of reputation fairness that ensures fair participation while giving chances to newly joining parties to participate and potentially build reputation. We also describe a concrete lottery in the random oracle model which achieves this definition of fairness. Our treatment of reputation-fairness can be of independent interest.

[1]  Jennifer L. Welch,et al.  Wait-Free Clock Synchronization (Extended Abstract). , 1993, PODC 1993.

[2]  Wei Peng,et al.  Proof of Reputation: A Reputation-Based Consensus Protocol for Peer-to-Peer Network , 2018, DASFAA.

[3]  Aggelos Kiayias,et al.  Ouroboros Genesis: Composable Proof-of-Stake Blockchains with Dynamic Availability , 2018, IACR Cryptol. ePrint Arch..

[4]  Silvio Micali,et al.  Byzantine Agreement in Constant Expected Time (and Trusting No One) , 1985, FOCS 1985.

[5]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[6]  Sherman S. M. Chow Running on Karma - P2P Reputation and Currency Systems , 2007, CANS.

[7]  Danny Dolev,et al.  On the possibility and impossibility of achieving clock synchronization , 1984, STOC '84.

[8]  Alex Biryukov,et al.  Guru: Universal Reputation Module for Distributed Consensus Protocols , 2017, IACR Cryptol. ePrint Arch..

[9]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[10]  Silvio Micali Very Simple and Efficient Byzantine Agreement , 2017, ITCS.

[11]  Hagit Attiya,et al.  Optimal Clock Synchronization under Different Delay Assumptions (Preliminary Version). , 1993, PODC 1993.

[12]  Rafail Ostrovsky,et al.  The Price of Low Communication in Secure Multi-party Computation , 2017, CRYPTO.

[13]  Yehuda Lindell,et al.  Fair and Efficient Secure Multiparty Computation with Reputation Systems , 2013, IACR Cryptol. ePrint Arch..

[14]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[15]  Ueli Maurer,et al.  Bitcoin as a Transaction Ledger: A Composable Treatment , 2017, CRYPTO.

[16]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, Journal of Cryptology.

[17]  Aggelos Kiayias,et al.  Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain , 2018, EUROCRYPT.

[18]  Sandro Coretti,et al.  Round-Preserving Parallel Composition of Probabilistic-Termination Cryptographic Protocols , 2021, Journal of Cryptology.

[19]  Silvio Micali,et al.  Optimal algorithms for Byzantine agreement , 1988, STOC '88.

[20]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[21]  Jennifer L. Welch,et al.  Self-Stabilizing Clock Synchronization in the Presence of ByzantineFaults ( Preliminary Version ) Shlomi Dolevy , 1995 .

[22]  Aggelos Kiayias,et al.  Fair and Robust Multi-party Computation Using a Global Transaction Ledger , 2016, EUROCRYPT.

[23]  Elaine Shi,et al.  Thunderella: Blockchains with Optimistic Instant Confirmation , 2018, IACR Cryptol. ePrint Arch..

[24]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[25]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[26]  Boaz Patt-Shamir,et al.  Optimal and efficient clock synchronization under drifting clocks , 1999, PODC '99.

[27]  Mihir Bellare,et al.  A Forward-Secure Digital Signature Scheme , 1999, CRYPTO.

[28]  Vitalik Buterin A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM , 2015 .

[29]  Silvio Micali,et al.  A Digital Signature Scheme Secure Against Adaptive Chosen-Message Attacks , 1988, SIAM J. Comput..

[30]  Christoph Lenzen,et al.  Clock Synchronization with Bounded Global and Local Skew , 2008, 2008 49th Annual IEEE Symposium on Foundations of Computer Science.

[31]  Gene Itkis,et al.  Forward-Secure Signatures with Optimal Signing and Verifying , 2001, CRYPTO.

[32]  Daniel Tschudi,et al.  Afgjort - A Semi-Synchronous Finality Layer for Blockchains , 2019, IACR Cryptol. ePrint Arch..

[33]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[34]  Abhi Shelat,et al.  Analysis of the Blockchain Protocol in Asynchronous Networks , 2017, EUROCRYPT.

[35]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[36]  Paulo Esteves-Verissimo,et al.  RepuCoin: Your Reputation Is Your Power , 2019, IEEE Transactions on Computers.

[37]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[38]  Iddo Bentov,et al.  Tortoise and Hares Consensus: the Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[39]  Sam Toueg,et al.  Optimal clock synchronization , 1985, PODC '85.

[40]  Aggelos Kiayias,et al.  Ouroboros Chronos: Permissionless Clock Synchronization via Proof-of-Stake , 2019, IACR Cryptol. ePrint Arch..