On the Security and Performance of Proof of Work Blockchains.

IACR Cryptology ePrint Archive, (2016)

Cited by: 1158|Views344
EI

Abstract

Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies. Although the security provisions of Bitcoin have been thoroughly analysed, the security guarantees of variant (forked) PoW blockchains (which were instantiated with different parameters) have...More

Code:

Data:

0
Introduction
  • Since its inception in 2009, Bitcoin’s blockchain has fueled innovation and a number of novel applications, such as smart contracts, have been designed to take advantage of the blockchain.
  • Litecoin and Dogecoin—Bitcoin’s most prominent forks—reduce the block generation time from 10 to 2.5 and 1 minute
  • Parallel to these efforts, alternative decentralised blockchain-based networks emerged with the ambition to optimize the consensus and network parameters and to ease the deployment of decentralised applications on top of the blockchain.
  • Other peers in the network can verify the PoW by computing the hash of the block and checking whether it satisfies the condition to be smaller than the current target value
Highlights
  • Since its inception in 2009, Bitcoin’s blockchain has fueled innovation and a number of novel applications, such as smart contracts, have been designed to take advantage of the blockchain
  • We provide merchants with the knowledge to decide on the required number of confirmations for a given transaction value to ensure security against double-spending. Our results show that, due to the smaller block rewards and the higher stale block rate of Ethereum2 compared to Bitcoin, Ethereum needs at least 37 confirmations to match Bitcoin’s security with 6 block confirmations against an adversary with 30% of the total mining power
  • We identify two main parameters that are of particular importance for Proof of Work-based blockchains, namely: the block size, and the information propagation mechanism
  • For an adversary equipped with 30% of the total mining power11, the lower is the consensus time, the higher is the relative revenue from selfish mining and the lower is the double-spending value
  • We introduced a novel quantitative framework to objectively compare Proof of Work blockchains given real world network impacts and blockchain parameters
  • Proof of Work (PoW) powered blockchains currently account for more than 90% of the total market capitalization of existing digital cryptocurrencies
  • We show how to objectively compare the security provisions of different Proof of Work blockchain instances
Results
  • The authors present the results from the evaluation.

    4.2.1 Simulator Validation

    With the objective to experimentally validate the simulation, the authors compared Bitcoin, Litecoin, and Dogecoin with their respective simulated counterpart.
  • The authors present the results from the evaluation.
  • With the objective to experimentally validate the simulation, the authors compared Bitcoin, Litecoin, and Dogecoin with their respective simulated counterpart.
  • The authors adjusted the parameters of Table 5 according to the current parameters featured by existing deployments of the investigated blockchains.
  • The authors measured Bitcoin’s block size distribution, as well as the.
  • 1.66% Asia Paci c, Japan, 1.19%.
  • North America, 38.69% Europe, 51.59% Europe, 5.40%
Conclusion
  • The authors introduced a novel quantitative framework to objectively compare PoW blockchains given real world network impacts and blockchain parameters.
  • The authors show how to objectively compare the security provisions of different PoW blockchain instances.
  • The authors' framework allows them to push the boundaries of PoW powered blockchains in terms of throughput in transactions per second, while observing the impact on the security provisions of the blockchain in terms of optimal selfish mining and double spending strategies.
  • The authors' results indicate that existing PoW blockchains can achieve a throughput of 60 transactions per second—without significantly affecting the blockchain’s security
Tables
  • Table1: Comparison of different Bitcoin forks, Ethereum and the impact of parameter choices on the network propagation times. Stale block rate (rs) and average block size (sB) were measured over the last 10000 blocks. tMBP stands for median block propagation time
  • Table2: State transition and reward matrices for optimal selfish mining and double-spending strategies in PoW blockchains. α is the mining power of the attacker, ω is the mining power of the eclipsed node, be is the number of blocks in the attacker chain that were mined by the eclipsed node, γ is the fraction of nodes that an attacker can reach faster than the honest network, rs is the stale block rate and vd is the value of the double-spend. The actions override and match are feasible only when la > lh or la ≥ lh, respectively. We discount the mining costs cm ∈ [0, α] in the state transition reward only for double-spending. The fork label (last element of the state) is denoted by i, r and a for irrelevant, relevant and active respectively. For a reward tuple (a, b), a corresponds to the adversary’s costs, while b represents the reward for the honest network for selfish mining
  • Table3: Optimal double-spending strategy for α = 0.3, γ = 0, rs = 0.41%, cm = α, ω = 0 and vd = 19.5. The rows correspond to the length la of the adversary’s chain and the columns correspond to the length lh of the honest network’s chain. The three values in each table entry correspond to the fork labels irrelevant, relevant and active, where * marks an unreachable state and w, a and e denote the wait, adopt and exit actions, respectively
  • Table4: State transition and reward matrices for an MDP for optimal double-spending strategies in Ethereum where ru is the uncle reward (i.e
  • Table5: Parameters of the blockchain simulation
  • Table6: Median block propagation time (tMBP , in seconds), and rs in the real networks and the simulation (10000 blocks for each blockchain). (a) assumes that all miners use the relay network and unsolicited block push, while (b) is only given the standard propagation mechanism. We conclude that not all miners in Bitcoin use the relay network and unsolicited block push
  • Table7: Impact of the block interval on the median block propagation time (tMBP ) in seconds, and the stale block rate rs, vd and rrel given the current Bitcoin block size distribution, an adversary with α = 0.3 and k = 6. Case 1 refers to the standard block propagation mechanism, Case 2 refers to standard mechanism plus unsolicited block push, Case 3 to the combination of Case 2 plus the relay network and Case 4 to the send headers with unsolicited block push and relay network
  • Table8: To this end, we simulate block sizes ranging from 0.1 MB to up to 8 MB, given a block interval of 10 minutes. Impact of the block size on the median block propagation time (tMBP ) in seconds, the stale block rate rs, vd and rrel, given the current Bitcoin block generation interval and an adversary with α = 0.3 and k = 6
  • Table9: Throughput in transactions per second (tps) vs. security measured in vd and rrel for an adversary with 30% mining power, k = 6 and given 16 mining pools
Download tables as Excel
Related work
  • A number of contributions analyze double-spending attacks in Bitcoin [16,31]) but they do not consider optimal adversarial strategies.

    Eyal and Sirer [15] show that a selfish miner can increase its relative mining revenue by not directly publishing his blocks. Similarly, Courtois and Bahack [8] study subversive mining strategies. Our work shares similarities with Sapirshtein et al [32]. Here, the authors devise optimal adversarial strategies for selfish mining in Bitcoin. Unlike [32], our work however captures optimal adversarial selfish mining strategies for PoW-powered blockchain and takes into account network delays and eclipse attacks. We additionally capture optimal double-spending strategies—where we also take into account the mining costs of the adversary, the number of required block confirmations, and the double-spending value in order to properly account for costs of the attack.
Reference
  • Bitcoin block size limit controversy, 2016. Available from: https://en.bitcoin.it/wiki/Block_size_limit_controversy.
    Findings
  • Frederik Armknecht, Jens-Matthias Bohli, Ghassan O Karame, Zongren Liu, and Christian A Reuter. Outsourced proofs of retrievability. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, pages 831–843. ACM, 2014.
    Google ScholarLocate open access versionFindings
  • Bitnodes. Bitnodes ip crawler. Available from: https://github.com/ayeowch/bitnodes.
    Findings
  • V. Buterin. A next-generation smart contract and decentralized application platform, 2014.
    Google ScholarFindings
  • Miguel Castro, Barbara Liskov, et al. Practical byzantine fault tolerance. In OSDI, volume 99, pages 173–186, 1999.
    Google ScholarLocate open access versionFindings
  • Coinmarketcap. Coinmarketcap. Available from: https://coinmarketcap.com/.
    Findings
  • Matt Corallo. Bitcoin relay network. Available from: http://bitcoinrelaynetwork.org/.
    Findings
  • Nicolas T. Courtois and Lear Bahack. On subversive miner strategies and block withholding attack in bitcoin digital currency. CoRR, abs/1402.1718, 2014.
    Findings
  • Kyle Croman, Christian Decker, Ittay Eyal, Adem Efe Gencer, Ari Juels, Ahmed Kosba, Andrew Miller, Prateek Saxena, Elaine Shi, and Emin Gün. On scaling decentralized blockchains. In Proc. 3rd Workshop on Bitcoin and Blockchain Research, 2016.
    Google ScholarLocate open access versionFindings
  • C. Decker and R. Wattenhofer. Information Propagation in the Bitcoin Network. In 13-th IEEE International Conference on Peer-to-Peer Computing, 2013.
    Google ScholarLocate open access versionFindings
  • Ethereum. Ethereum tie breaking. Available from: https://github.com/ethereum/go-ethereum/commit/bcf565730b1816304947021080981245d084a930.
    Findings
  • Ethereum. ethernodes. Available from: https://www.ethernodes.org/network/1.
    Findings
  • Ethereum. ethstats. Available from: https://ethstats.net/.
    Findings
  • Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert van Renesse. Bitcoin-ng: A scalable blockchain protocol. arXiv preprint arXiv:1510.02037, 2015.
    Findings
  • Ittay Eyal and Emin Gün Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454.
    Google ScholarLocate open access versionFindings
  • The Finney Attack, 2013. Available from: https://en.bitcoin.it/wiki/Weaknesses#The_.22Finney.22_attack.
    Findings
  • Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 281–310.
    Google ScholarLocate open access versionFindings
  • Arthur Gervais, Hubert Ritzdorf, Ghassan O Karame, and Srdjan Capkun. Tampering with the delivery of blocks and transactions in bitcoin. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 692–705. ACM, 2015.
    Google ScholarLocate open access versionFindings
  • E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. 2015.
    Google ScholarFindings
  • Ronald A Howard. Dynamic Probabilistic Systems, Volume I: Markov Models, volume 1. Courier Corporation, 2012.
    Google ScholarFindings
  • IBM. Ibm openblockchain. Available from: http://www.ibm.com/blockchain/.
    Findings
  • Intel. Proof of elapsed time (poet). Available from: http://intelledger.github.io/.
    Findings
  • Ghassan O. Karame, Elli Androulaki, and Srdjan Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, CCS ’12, New York, NY, USA, 2012. ACM.
    Google ScholarLocate open access versionFindings
  • John G Kemeny, J Laurie Snell, and Gerald L Thompson. Finite mathematics. DC Murdoch, Linear Algebra for Undergraduates, 1974.
    Google ScholarFindings
  • Eleftherios Kokoris Kogias, Philipp Jovanovic, Nicolas Gailly, Ismail Khoffi, Linus Gasser, and Bryan Ford. Enhancing bitcoin security and performance with strong consistency via collective signing. In 25th USENIX Security Symposium (USENIX Security 16), pages 279–296, Austin, TX, August 2016. USENIX Association.
    Google ScholarLocate open access versionFindings
  • D. Mazieres. The stellar consensus protocol: A federated model for internet-level consensus. Available from: https://www.stellar.org/papers/stellar-consensus-protocol.pdf.
    Findings
  • Andrew Miller, James Litton, Andrew Pachulski, Neal Gupta, Dave Levin, Neil Spring, and Bobby Bhattacharjee. Discovering bitcoin’s public topology and influential nodes.
    Google ScholarFindings
  • S. Nakamoto. Bitcoin: A p2p electronic cash system, 2009.
    Google ScholarFindings
  • Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. Technical report, IACR Cryptology ePrint Archive 2015, 2015.
    Google ScholarFindings
  • QuantumMechanic. Proof of stake. Available from: https://bitcointalk.org/index.php?topic=27787.0.
    Findings
  • Meni Rosenfeld. Analysis of hashrate-based double spending. arXiv preprint arXiv:1402.2009, 2014.
    Findings
  • Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. Proceedings of the 2016 Conference on Financial Crypto (FC), 2016.
    Google ScholarLocate open access versionFindings
  • Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In Financial Cryptography and Data Security, pages 507–527. Springer, 2015. [34] testmy.net. testmy.net. Available from: http://testmy.net/country.
    Findings
  • [35] Jonathan Toomim. blocktorrent. Available from: http://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-September/011176.html.
    Findings
  • [36] Verizon. Verizon latency. Available from: http://www.verizonenterprise.com/about/network/latency/.
    Findings
  • [37] Marko Vukolic. The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In Proceedings of the IFIP WG 11.4 Workshop iNetSec 2015. 2015.
    Google ScholarLocate open access versionFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科