Soubhik Deb,Robert Raynor,Sreeram Kannan

2024-01-11

Abstract:As of July 15, 2023, Ethererum, which is a Proof-of-Stake (PoS) blockchain [1] has around 410 Billion USD in total assets on chain (popularly referred to as total-value-locked, TVL) but has only 33 Billion USD worth of ETH staked in securing the underlying consensus of the chain [2]. A preliminary analysis might suggest that as the amount staked is far less (11x less) than the value secured, the Ethereum blockchain is insecure and "over-leveraged" in a purely cryptoeconomic sense. In this work, we investigate how Ethereum, or, more generally, any PoS blockchain can be made secure despite this apparent imbalance. Towards that end, we attempt to formalize a model for analyzing the cryptoeconomic safety of PoS blockchain, which separately analyzes the cost-of-corruption, the cost incurred by an attacker, and the profit-from-corruption, the profit gained by an attacker. We derive sharper bounds on profit-from-corruption, as well as new confirmation rules that significantly decrease this upper-bound. We evaluate cost-of-corruption and profit-from-corruption only from the perspective of attacking safety. Finally, we present a new "insurance" mechanism, STAKESURE, for allocating the slashed funds in a PoS system, that has several highly desirable properties: solving common information problem in existing blockchains, creating a mechanism for provably safe bridging, and providing the first sharp solution for automatically adjusting how much economic security is sufficient in a PoS system. Finally, we show that the system satisfies a notion of strong cryptoeconomic safety, which guarantees that no honest transactor ever loses money, and creates a closed system of Karma, which not only ensures that the attacker suffers a loss of funds but also that the harmed parties are sufficiently compensated.

Cryptography and Security,Networking and Internet Architecture

Tuyet Duong,Lei Fan,Jonathan Katz,Phuc Thai,Hong-Sheng Zhou

DOI: https://doi.org/10.1007/978-3-030-59013-0_34

2020-01-01

Abstract:Bitcoin-like blockchains use a proof-of-work (PoW) mechanism, where security holds if the majority of the computing power is under the control of honest players. However, this assumption has been seriously challenged recently, and Bitcoin-like systems fail if this assumption is violated. In this work we propose a novel 2-hop blockchain protocol that combines PoW and proof-of-stake (PoS) mechanisms. Our analysis shows that the protocol is secure as long as the honest players control a majority of the collective resources (which consist of both computing power and stake). In particular, even if the adversary controls more than 50% of the computing power, security still holds if the honest parties hold sufficiently high stake in the system. As an added contribution, our protocol also remains secure against adaptive adversaries.

Xinshu Dong,Orfeas Stefanos Thyfronitis Litos,Ertem Nusret Tas,David Tse,Robin Linus Woll,Lei Yang,Mingchao Yu

2024-12-02

Abstract:Proof-of-stake (PoS) blockchains require validators to lock their tokens as collateral, slashing these tokens if they are identified as protocol violators. PoS chains have mostly been secured by their native tokens. However, using only the native token upper-bounds the value eligible for staking by the market capitalization of the native token. In contrast, the remote staking of another crypto asset from a provider chain provides an avenue to improve the consumer chain's economic security. In this paper, we present the first known remote staking protocols with guaranteed optimal economic safety: whenever there is a safety violation on the consumer chain, at least one third of the provider's stake securing the consumer chain is slashed. To achieve this goal for a broad range of provider and consumer chains, two independent contributions are made: 1) a cryptographic protocol to slash stake even without smart contracts on the provider chain; 2) a secure unbonding protocol that ensures slashing before the stake is unbonded on the provider chain if there is safety violation on the consumer chain. A major use case of this work is when the provider chain is Bitcoin, making available an asset worth more than 1.7 trillion USD to secure PoS chains. Such a Bitcoin staking protocol has been launched on the Mainnet in August 2024 and has accumulated 2.1 billion USD worth of stake thus far.

Cryptography and Security

Xinyu Li,Jing Xu,Xiong Fan,Yuchen Wang,Zhenfeng Zhang

DOI: https://doi.org/10.48550/arXiv.1909.03955

2019-09-09

Cryptography and Security

Abstract:Proof-of-stake blockchain protocols are becoming one of the most promising alternatives to the energy-consuming proof-of-work protocols. However, one particularly critical threat in the PoS setting is the well-known long-range attacks caused by secret key leakage (LRSL attack). Specifically, an adversary can attempt to control/compromise accounts possessing substantial stake at some past moment such that double-spend or erase past transactions, violating the fundamental persistence property of blockchain. Puncturable signatures provide a satisfying solution to construct practical proof-of-stake blockchain resilient to LRSL attack, despite of the fact that existent constructions are not efficient enough for practical deployments. In this paper, we provide an in-depth study of puncturable signatures and explore its applications in the proof-of-stake blockchain. We formalize a security model that allows the adversary for adaptive signing and puncturing queries, and show a construction with efficient puncturing operations based on the Bloom filter data structure and strong Diffie-Hellman assumption. The puncturing functionality we desire is for a particular part of message, like prefix, instead of the whole message. Furthermore, we use puncturable signatures to construct practical proof-of-stake blockchain protocols that are resilient to LRSL attack, while previously the forward-secure signature is used to immunize this attack. We implement our scheme and provide experimental results showing that in comparison with the forward-secure signature, our construction performs substantially better on signature size, signing and verification efficiency, significantly on key update efficiency.

George Gui,Ali Hortacsu,Jose Tudon

DOI: https://doi.org/10.48550/arXiv.1807.09626

2018-06-14

Abstract:We analyze the economic incentives generated by the proof-of-stake mechanism discussed in the Ethereum Casper upgrade proposal. Compared with proof-of-work, proof-of-stake has a different cost structure for attackers. In Budish (2018), three equations characterize the limits of Bitcoin, which has a proof-of-work mechanism. We investigate their counterparts and evaluate the risk of double-spending attack and sabotage attack. We argue that PoS is safer than PoW agaisnt double-spending attack because of the tractability of attackers, which implies a large "stock" cost for the attacker. Compared to a PoW system whose mining equipments are repurposable, PoS is also safer against a sabotage attack.

Cryptography and Security

Muhammad Saad,Zhan Qin,Kui Ren,DaeHun Nyang,David Mohaisen

DOI: https://doi.org/10.1109/tpds.2020.3048853

IF: 5.3

2021-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Blockchain applications that rely on the Proof-of-Work (PoW) have increasingly become energy inefficient with a staggering carbon footprint. In contrast, energy-efficient alternative consensus protocols such as Proof-of-Stake (PoS) may cause centralization and unfairness in the blockchain system. To address these challenges, we propose a modular version of PoS-based blockchain systems called epos that resists the centralization of network resources by extending mining opportunities to a wider set of stakeholders. Moreover, epos leverages the in-built system operations to promote fair mining practices by penalizing malicious entities. We validate epos's achievable objectives through theoretical analysis and simulations. Our results show that epos ensures fairness and decentralization, and can be applied to existing blockchain applications.

Nicolas Oderbolz,Beatrix Marosvölgyi,Matthias Hafner

2024-05-23

Abstract:This paper examines the economic and security implications of Proof-of-Stake (POS) designs, providing a survey of POS design choices and their underlying economic principles in prominent POS-blockchains. The paper argues that POS-blockchains are essentially platforms that connect three groups of agents: users, validators, and investors. To meet the needs of these groups, blockchains must balance trade-offs between security, user adoption, and investment into the protocol. We focus on the security aspect and identify two different strategies: increasing the quality of validators (static security) vs. increasing the quantity of stakes (dynamic security). We argue that quality comes at the cost of quantity, identifying a trade-off between the two strategies when designing POS systems. We test our qualitative findings using panel analysis on collected data. The analysis indicates that enhancing the quality of the validator set through security measures like slashing and minimum staking amounts may decrease dynamic security. Further, the analysis reveals a strategic divergence among blockchains, highlighting the absence of a single, universally optimal staking design solution. The optimal design hinges upon a platform's specific objectives and its developmental stage. This research compels blockchain developers to meticulously assess the trade-offs outlined in this paper when developing their staking designs.

General Economics

Ertem Nusret Tas,David Tse,Fangyu Gai,Sreeram Kannan,Mohammad Ali Maddah-Ali,Fisher Yu

DOI: https://doi.org/10.48550/arXiv.2207.08392

2023-05-13

Abstract:Bitcoin is the most secure blockchain in the world, supported by the immense hash power of its Proof-of-Work miners. Proof-of-Stake chains are energy-efficient, have fast finality but face several security issues: susceptibility to non-slashable long-range safety attacks, low liveness resilience and difficulty to bootstrap from low token valuation. We show that these security issues are inherent in any PoS chain without an external trusted source, and propose a new protocol, Babylon, where an off-the-shelf PoS protocol checkpoints onto Bitcoin to resolve these issues. An impossibility result justifies the optimality of Babylon. A use case of Babylon is to reduce the stake withdrawal delay: our experimental results show that this delay can be reduced from weeks in existing PoS chains to less than 5 hours using Babylon, at a transaction cost of less than 10K USD per annum for posting the checkpoints onto Bitcoin.

Cryptography and Security

Caspar Schwarz-Schilling,Joachim Neu,Barnabé Monnot,Aditya Asgaonkar,Ertem Nusret Tas,David Tse

DOI: https://doi.org/10.48550/arXiv.2110.10086

2021-10-20

Abstract:Recently, two attacks were presented against Proof-of-Stake (PoS) Ethereum: one where short-range reorganizations of the underlying consensus chain are used to increase individual validators' profits and delay consensus decisions, and one where adversarial network delay is leveraged to stall consensus decisions indefinitely. We provide refined variants of these attacks, considerably relaxing the requirements on adversarial stake and network timing, and thus rendering the attacks more severe. Combining techniques from both refined attacks, we obtain a third attack which allows an adversary with vanishingly small fraction of stake and no control over network message propagation (assuming instead probabilistic message propagation) to cause even long-range consensus chain reorganizations. Honest-but-rational or ideologically motivated validators could use this attack to increase their profits or stall the protocol, threatening incentive alignment and security of PoS Ethereum. The attack can also lead to destabilization of consensus from congestion in vote processing.

Cryptography and Security

Lei Fan

2018-01-01

Abstract:Bitcoin and blockchain technologies have proven to be a phenomenal success. Œe underlying techniques hold huge promise to change the future of €nancial transactions, and eventually the way people and companies compute, collaborate, and interact. At the same time, the current Bitcoin-like proof-of-work based blockchain systems are facing many challenges. For example, a huge amount of energy/electricity is needed for maintaining the Bitcoin blockchain. We propose a new approach to constructing energy-ecient blockchain protocols. More concretely, we develop proof-of-stake based, scalable blockchain protocols in the open network seŠing. Our contributions are as follows: • We for the €rst time identify a new security property called chain soundness for proofof-stake based protocols, which captures the intuition of ensuring new players to join the protocol execution securely. • We for the €rst time formally investigate greedy strategies for proof-of-stake based protocols; via a greedy strategy, the protocol players may extend the best blockchain faster by aŠempting to extend multiple positions, instead of only the latest block, in the blockchain. We demonstrate a very useful upper bound of extending blockchain by greedy players, which enables us to give the €rst natural mimic of Bitcoin blockchain via proof-of-stake mechanism (without using any form of Byzantine fault tolerance). • Our design is very simple, using only standard hash functions and unique digital signatures, which makes our design very appealing in practice. Our blockchain achieves important security properties including common pre€x, chain quality, chain growth, and chain soundness, and is adaptively secure without assuming secure erasure. ∗All results in this paper have been submiŠed to Eurocrypt 2018. In this version, the presentation has been improved, according to the feedback from the Eurocrypt reviewers, and from multiple researchers. In addition, in the current version, the related work part has been updated, and some discussions about rational aŠacks including nothing at stake aŠacks, sel€sh mining aŠacks, are added.

Mitar Milutinovic,Warren He,Howard Wu,Maxinder Kanwal

DOI: https://doi.org/10.1145/3007788.3007790

2017-03-16

Abstract:In the paper, we present designs for multiple blockchain consensus primitives and a novel blockchain system, all based on the use of trusted execution environments (TEEs), such as Intel SGX-enabled CPUs. First, we show how using TEEs for existing proof of work schemes can make mining equitably distributed by preventing the use of ASICs. Next, we extend the design with proof of time and proof of ownership consensus primitives to make mining energy- and time-efficient. Further improving on these designs, we present a blockchain using a proof of luck consensus protocol. Our proof of luck blockchain uses a TEE platform's random number generation to choose a consensus leader, which offers low-latency transaction validation, deterministic confirmation time, negligible energy consumption, and equitably distributed mining. Lastly, we discuss a potential protection against up to a constant number of compromised TEEs.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Abdelatif Hafid,Abdelhakim Senhaji Hafid,Adil Senhaji

DOI: https://doi.org/10.48550/arXiv.2108.05835

2021-08-13

Abstract:Blockchain technology has been gaining great interest from a variety of sectors, including healthcare, supply chain and cryptocurrencies. However, Blockchain suffers from its limited ability to scale (i.e. low throughput and high latency). Several solutions have been appeared to tackle this issue. In particular, sharding proved that it is one of the most promising solutions to Blockchain scalability. Sharding can be divided into two major categories: (1) Sharding-based Proof-of-Work (PoW) Blockchain protocols, and (2) Sharding-based Proof-of-Stake (PoS) Blockchain protocols. The two categories achieve a good performances (i.e. good throughput with a reasonable latency), but raise security issues. This article attends that analyze the security of the second category. More specifically, we compute the probability of committing a faulty block and measure the security by computing the number of years to fail. Finally, to show the effectiveness of the proposed model, we conduct a numerical analysis and evaluate the results obtained.

Cryptography and Security

Aiya Li,Xianhua Wei,Zhou He

DOI: https://doi.org/10.3390/su12072824

IF: 3.9

2020-04-02

Sustainability

Abstract:In the digital economy era, the development of a distributed robust economy system has become increasingly important. The blockchain technology can be used to build such a system, but current mainstream consensus protocols are vulnerable to attack, making blockchain systems unsustainable. In this paper, we propose a new Robust Proof of Stake (RPoS) consensus protocol, which uses the amount of coins to select miners and limits the maximum value of the coin age to effectively avoid coin age accumulation attack and Nothing-at-Stake (N@S) attack. Under a comparison framework, we show that the RPoS equals or outperforms Proof of Work (PoW) protocol and Proof of Stake (PoS) protocol in three dimensions: energy consumption, robustness, and transaction processing speed. To compare the three consensus protocols in terms of trade efficiency, we built an agent-based model and find that RPoS protocol has greater or similar trade request-satisfied ratio than PoW and PoS. Hence, we suggest that RPoS is very suitable for building a robust digital economy distributed system.

environmental sciences,environmental studies,green & sustainable science & technology

Lei Fan,Jonathan Katz,Hong-Sheng Zhou

2019-01-01

Abstract:Bitcoin and blockchain technologies have proven to be a phenomenal success. The underlying techniques hold huge promise to change the future of financial transactions, and eventually the way people and companies compute, collaborate and interact. At the same time, the current Bitcoin-like proof-of-work based blockchain systems are facing many challenges. For example, a huge amount of energy/electricity is needed to maintain the Bitcoin blockchain. We propose a new approach to constructing energy-efficient blockchain protocols. More concretely, we develop proof-of-stake based, large-scale blockchain protocols in the open network setting. Our contributions are as follows: • We for the first time formally investigate “greedy” strategies for proof-of-stake based protocols. In a proof-of-work based system, players follow a “simple” strategy by extending only the longest chain. However, in a proof-of-stake based system, players may make attempts to extend a set of chains, and we call such strategies, greedy. We have two major findings. Players with greedy strategies can extend the blockchain faster. Our first finding is an interesting upper bound of extending blockchain: greedy players can generate blockchain at most 2.7 times faster than playing the simple strategy. Our second finding is a design of a novel greedy strategy called “D-distance-greedy” strategy, which enables us to construct a class of secure proof-of-stake blockchain protocols, against an arbitrary adversary. • We for the first time provide a strategy to allow players to register to the system during the protocol execution. • Our protocols are the first natural mimic of Bitcoin blockchain but via proof-of-stake mechanism. Our design is very simple, using only standard hash functions and unique digital signatures, which makes our design very appealing in practice. • Finally, as a side contribution, we for the first time identify a new security property called chain soundness for proof-of-stake based protocols, which captures the intuition of ensuring new players can join the protocol execution securely. ∗All results in this paper have been submitted and presented in public. In particular, the presentation slides and video can be available online at Stanford Blockchain Conference https://cyber.stanford.edu/sbc19 †Shanghai Jiao Tong University ‡George Mason University §Virginia Commonwealth University

Iván Abellán Álvarez,Vincent Gramlich,Johannes Sedlmeir

2024-01-31

Abstract:With the increasing adoption of decentralized information systems based on a variety of permissionless blockchain networks, the choice of consensus mechanism is at the core of many controversial discussions. Ethereum's recent transition from (PoW) to proof-of-stake (PoS)-based consensus has further fueled the debate on which mechanism is more favorable. While the aspects of energy consumption and degree of (de-)centralization are often emphasized in the public discourse, seminal research has also shed light on the formal security aspects of both approaches individually. However, related work has not yet comprehensively structured the knowledge about the security properties of PoW and PoS. Rather, it has focused on in-depth analyses of specific protocols or high-level comparative reviews covering a broad range of consensus mechanisms. To fill this gap and unravel the commonalities and discrepancies between the formal security properties of PoW- and PoS-based consensus, we conduct a systematic literature review over 26 research articles. Our findings indicate that PoW-based consensus with the longest chain rule provides the strongest formal security guarantees. Nonetheless, PoS can achieve similar guarantees when addressing its more pronounced tradeoff between safety and liveness through hybrid approaches.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Sarah Azouvi,Marko Vukolić

DOI: https://doi.org/10.48550/arXiv.2208.05408

2022-10-13

Abstract:Blockchain systems based on a reusable resource, such as proof-of-stake (PoS), provide weaker security guarantees than those based on proof-of-work. Specifically, they are vulnerable to long-range attacks, where an adversary can corrupt prior participants in order to rewrite the full history of the chain. To prevent this attack on a PoS chain, we propose a protocol that checkpoints the state of the PoS chain to a proof-of-work blockchain such as Bitcoin. Our checkpointing protocol hence does not rely on any central authority. Our work uses Schnorr signatures and leverages Bitcoin recent Taproot upgrade, allowing us to create a checkpointing transaction of constant size. We argue for the security of our protocol and present an open-source implementation that was tested on the Bitcoin testnet.

Cryptography and Security

Michael Neuder,Daniel J. Moroz,Rithvik Rao,David C. Parkes

DOI: https://doi.org/10.48550/arXiv.1912.02954

2020-04-08

Abstract:Proof-of-Stake consensus protocols give rise to complex modeling challenges. We analyze the recently-updated Tezos Proof-of-Stake protocol and demonstrate that, under certain conditions, rational participants are incentivized to behave dishonestly. In doing so, we provide a theoretical analysis of the feasibility and profitability of a block stealing attack that we call selfish endorsing, a concrete instance of an attack previously only theoretically considered. We propose and analyze a simple change to the Tezos protocol which significantly reduces the (already small) profitability of this dishonest behavior, and introduce a new delay and reward scheme that is provably secure against length-1 and length-2 selfish endorsing attacks. Our framework provides a template for analyzing other Proof-of-Stake implementations for selfish behavior.

Cryptography and Security,Computer Science and Game Theory

Wenbo Zhang,Tao Wang,Jingyu Feng

DOI: https://doi.org/10.48550/arXiv.2106.02383

2021-11-02

Abstract:As cross-chain technologies make the interactions among different blockchains (hereinafter "chains") possible, multi-chains consensus is becoming more and more important in blockchain networks. However, more attention has been paid to the single-chain consensus schemes. The multi-chains consensus with trusted miners participation has been not considered, thus offering opportunities for malicious users to launch Diverse Miners Behaviors (DMB) attacks on different chains. DMB attackers can be friendly in the consensus process of some chains called mask-chains to enhance trust value, while on other chains called kill-chains they engage in destructive behaviors of network. In this paper, we propose a multi-chains consensus scheme named as Proof-of-DiscTrust (PoDT) to defend against DMB attacks. Distinctive trust idea (DiscTrust) is introduced to evaluate the trust value of each user concerning different chains. A dynamic behaviors prediction scheme is designed to strengthen DiscTrust to prevent intensive DMB attackers who maintain high trust by alternately creating true or false blocks on kill-chains. On this basis, a trusted miners selection algorithm for multi-chains can be achieved at a round of block creation. Experimental results show that PoDT is secure against DMB attacks and more effective than traditional consensus schemes in multi-chains environments.

Cryptography and Security

Sana Naz,Scott Uk-Jin Lee

DOI: https://doi.org/10.3390/math12060833

IF: 2.4

2024-03-13

Mathematics

Abstract:In a blockchain network, a rule set called consensus mechanism is used to create and finalize a block. In a proof-of-stake (PoS), consensus-based blockchain network, nodes become validators, minters, or stakeholders' nodes to complete the consensus mechanism. In these networks, when a node becomes a validator node, its details need to be saved because the details of the validators are used in the network for many important decisions, such as selecting block proposers for the consensus process. In this paper, we present Sea Shield, which uses a validator chain to save a node's information when it becomes a validator or leaves its responsibility as a validator in the PoS-based blockchain network. The validator chain is a blockchain that can run with the main chain of a PoS-based blockchain. The internal features of the validator chain are similar to those of the blockchain. We designed and simulated a consensus mechanism to create and finalize the block for the validator chain with no forks. We present a process by which a node may join or unjoin as a validator in a PoS-based blockchain network to improve the overall security of the main chain-consensus process.

mathematics

Joachim Neu,Ertem Nusret Tas,David Tse

DOI: https://doi.org/10.48550/arXiv.2203.01315

2022-03-02

Cryptography and Security

Abstract:We present two attacks targeting the Proof-of-Stake (PoS) Ethereum consensus protocol. The first attack suggests a fundamental conceptual incompatibility between PoS and the Greedy Heaviest-Observed Sub-Tree (GHOST) fork choice paradigm employed by PoS Ethereum. In a nutshell, PoS allows an adversary with a vanishing amount of stake to produce an unlimited number of equivocating blocks. While most equivocating blocks will be orphaned, such orphaned `uncle blocks' still influence fork choice under the GHOST paradigm, bestowing upon the adversary devastating control over the canonical chain. While the Latest Message Driven (LMD) aspect of current PoS Ethereum prevents a straightforward application of this attack, our second attack shows how LMD specifically can be exploited to obtain a new variant of the balancing attack that overcomes a recent protocol addition that was intended to mitigate balancing-type attacks. Thus, in its current form, PoS Ethereum without and with LMD is vulnerable to our first and second attack, respectively.