Joachim Neu,Srivatsan Sridhar,Lei Yang,David Tse,Mohammad Alizadeh

DOI: https://doi.org/10.48550/arXiv.2111.12332

2022-05-18

Abstract:Spamming attacks are a serious concern for consensus protocols, as witnessed by recent outages of a major blockchain, Solana. They cause congestion and excessive message delays in a real network due to its bandwidth constraints. In contrast, longest chain (LC), an important family of consensus protocols, has previously only been proven secure assuming an idealized network model in which all messages are delivered within bounded delay. This model-reality mismatch is further aggravated for Proof-of-Stake (PoS) LC where the adversary can spam the network with equivocating blocks. Hence, we extend the network model to capture bandwidth constraints, under which nodes now need to choose carefully which blocks to spend their limited download budget on. To illustrate this point, we show that 'download along the longest header chain', a natural download rule for Proof-of-Work (PoW) LC, is insecure for PoS LC. We propose a simple rule 'download towards the freshest block', formalize two common heuristics 'not downloading equivocations' and 'blocklisting', and prove in a unified framework that PoS LC with any one of these download rules is secure in bandwidth-constrained networks. In experiments, we validate our claims and showcase the behavior of these download rules under attack. By composing multiple instances of a PoS LC protocol with a suitable download rule in parallel, we obtain a PoS consensus protocol that achieves a constant fraction of the network's throughput limit even under worst-case adversarial strategies.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Yujin Kwon,Jian Liu,Minjeong Kim,Dawn Song,Yongdae Kim

DOI: https://doi.org/10.1145/3318041.3355463

2019-01-01

Abstract:Bitcoin uses the proof-of-work (PoW) mechanism where nodes earn rewards in return for the use of their computing resources. Although this incentive system has attracted many participants, power has, at the same time, been significantly biased towards a few nodes, called mining pools. In addition, poor decentralization appears not only in PoW-based coins but also in coins that adopt proof-of-stake (PoS) and delegated proof-of-stake (DPoS) mechanisms. In this paper, we address the issue of centralization in the consensus protocol. To this end, we first define (m, epsilon, delta)-decentralization as a state satisfying that 1) there are at least m participants running a node, and 2) the ratio between the total resource power of nodes run by the richest and the delta-th percentile participants is less than or equal to 1 + epsilon. Therefore, when m is sufficiently large, and epsilon and delta are 0, (m, epsilon, delta)-decentralization represents full decentralization, which is an ideal state. To ascertain if it is possible to achieve good decentralization, we introduce conditions for an incentive system that will allow a blockchain to achieve (m, epsilon, delta)-decentralization. When satisfying the conditions, a blockchain system can reach full decentralization with probability 1, regardless of its consensus protocol. However, to achieve this, the blockchain system should be able to assign a positive Sybil cost, where the Sybil cost is defined as the difference between the cost for one participant running multiple nodes and the total cost for multiple participants each running one node. Conversely, we prove that if there is no Sybil cost, the probability of achieving (m, epsilon, delta)-decentralization is bounded above by a function of f(delta), where f(delta) is the ratio between the resource power of the delta-th percentile and the richest participants. Furthermore, the value of the upper bound is close to 0 for small values of f(delta). Considering the current gap between the rich and poor, this result implies that it is almost impossible for a system without Sybil costs to achieve good decentralization. In addition, because it is yet unknown how to assign a Sybil cost without relying on a TTP in blockchains, it also represents that currently, a contradiction between achieving good decentralization in the consensus protocol and not relying on a TTP exists.

Mustafa Doger,Sennur Ulukus

2024-02-16

Abstract:We analyze how secure a block is after the block becomes k-deep, i.e., security-latency, for Nakamoto consensus under an exponential network delay model. We give parameter regimes for which transactions are safe when sufficiently deep in the chain. We compare our results for Nakamoto consensus under bounded network delay models and obtain analogous bounds for safety violation threshold. Next, modeling the blockchain system as a batch service queue with exponential network delay, we connect the security-latency analysis to sustainable transaction rate of the queue system. As our model assumes exponential network delay, batch service queue models give a meaningful trade-off between transaction capacity, security and latency. As adversary can attack the queue service to hamper the service process, we consider two different attacks for adversary. In an extreme scenario, we modify the selfish-mining attack for this purpose and consider its effect on the sustainable transaction rate of the queue.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Discrete Mathematics,Information Theory

Mustafa Doger,Sennur Ulukus,Nail Akar

2024-05-10

Abstract:Safety guarantees and security-latency problem of Nakamoto consensus have been extensively studied in the last decade with a bounded delay model. Recent studies have shown that PoW protocol is secure under random delay models as well. In this paper, we analyze the security-latency problem, i.e., how secure a block is, after it becomes k-deep in the blockchain, under general random delay distributions. We provide tight and explicit bounds which only require determining the distribution of the number of Poisson arrivals during the random delay. We further consider potential effects of recent Bitcoin halving on the security-latency problem by extending our results.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Discrete Mathematics,Information Theory

Konstantinos I. Tsianos,Michael G. Rabbat

DOI: https://doi.org/10.48550/arXiv.1207.5839

2012-07-24

Distributed, Parallel, and Cluster Computing

Abstract:We study the effect of communication delays on distributed consensus algorithms. Two ways to model delays on a network are presented. The first model assumes that each link delivers messages with a fixed (constant) amount of delay, and the second model is more realistic, allowing for i.i.d. time-varying bounded delays. In contrast to previous work studying the effects of delays on consensus algorithms, the models studied here allow for a node to receive multiple messages from the same neighbor in one iteration. The analysis of the fixed delay model shows that convergence to a consensus is guaranteed and the rate of convergence is reduced by no more than a factor O(B^2) where B is the maximum delay on any link. For the time-varying delay model we also give a convergence proof which, for row-stochastic consensus protocols, is not a trivial consequence of ergodic matrix products. In both delay models, the consensus value is no longer the average, even if the original protocol was an averaging protocol. For this reason, we propose the use of a different consensus algorithm called Push-Sum [Kempe et al. 2003]. We model delays in the Push-Sum framework and show that convergence to the average consensus is guaranteed. This suggests that Push-Sum might be a better choice from a practical standpoint.

Mustafa Doger,Sennur Ulukus

2024-07-24

Abstract:We study security-latency bounds for Nakamoto consensus, i.e., how secure a block is after it becomes $k$-deep in the chain. We improve the state-of-the-art bounds by analyzing the race between adversarial and honest chains in three different phases. We find the probability distribution of the growth of the adversarial chains under models similar to those in [Guo, Ren; AFT 2022] when a target block becomes $k$-deep in the chain. We analyze certain properties of this race to model each phase with random walks that provide tighter bounds than the existing results. Combining all three phases provides novel upper and lower bounds for blockchains with small $\lambda\Delta$.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Discrete Mathematics,Information Theory

Jannik Albrecht,Sebastien Andreina,Frederik Armknecht,Ghassan Karame,Giorgia Marson,Julian Willingmann

2024-04-16

Abstract:Extensive research on Nakamoto-style consensus protocols has shown that network delays degrade the security of these protocols. Established results indicate that, perhaps surprisingly, maximal security is achieved when the network is as small as two nodes due to increased delays in larger networks. This contradicts the very foundation of blockchains, namely that decentralization improves security. In this paper, we take a closer look at how the network scale affects security of Nakamoto-style blockchains. We argue that a crucial aspect has been neglected in existing security models: the larger the network, the harder it is for an attacker to control a significant amount of power. To this end, we introduce a probabilistic corruption model to express the increasing difficulty for an attacker to corrupt resources in larger networks. Based on our model, we analyze the impact of the number of nodes on the (maximum) network delay and the fraction of adversarial power. In particular, we show that (1) increasing the number of nodes eventually violates security, but (2) relying on a small number of nodes does not provide decent security provisions either. We then validate our analysis by means of an empirical evaluation emulating hundreds of thousands of nodes in deployments such as Bitcoin, Monero, Cardano, and Ethereum Classic. Based on our empirical analysis, we concretely analyze the impact of various real-world parameters and configurations on the consistency bounds in existing deployments and on the adversarial power that can be tolerated while providing security. As far as we are aware, this is the first work that analytically and empirically explores the real-world tradeoffs achieved by current popular Nakamoto-style deployments.

Cryptography and Security

Sarah Azouvi,Christian Cachin,Duc V. Le,Marko Vukolic,Luca Zanolini

DOI: https://doi.org/10.48550/arXiv.2211.12050

2022-11-22

Abstract:Blockchain protocols implement total-order broadcast in a permissionless setting, where processes can freely join and leave. In such a setting, to safeguard against Sybil attacks, correct processes rely on cryptographic proofs tied to a particular type of resource to make them eligible to order transactions. For example, in the case of Proof-of-Work (PoW), this resource is computation, and the proof is a solution to a computationally hard puzzle. Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of coins that every process in the system owns, and a secure lottery selects a process for participation proportionally to its coin holdings. Although many resource-based blockchain protocols are formally proven secure in the literature, the existing security proofs fail to demonstrate why particular types of resources cause the blockchain protocols to be vulnerable to distinct classes of attacks. For instance, PoS systems are more vulnerable to long-range attacks, where an adversary corrupts past processes to re-write the history, than Proof-of-Work and Proof-of-Storage systems. Proof-of-Storage-based and Proof-of-Stake-based protocols are both more susceptible to private double-spending attacks than Proof-of-Work-based protocols; in this case, an adversary mines its chain in secret without sharing its blocks with the rest of the processes until the end of the attack. In this paper, we formally characterize the properties of resources through an abstraction called resource allocator and give a framework for understanding longest-chain consensus protocols based on different underlying resources. In addition, we use this resource allocator to demonstrate security trade-offs between various resources focusing on well-known attacks (e.g., the long-range attack and nothing-at-stake attacks).

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Aggelos Kiayias,Saad Quader,Alexander Russell

DOI: https://doi.org/10.48550/arXiv.2001.06403

2020-07-29

Abstract:We improve the fundamental security threshold of eventual consensus Proof-of-Stake (PoS) blockchain protocols under the longest-chain rule by showing, for the first time, the positive effect of rounds with concurrent honest leaders. Current security analyses reduce consistency to the dynamics of an abstract, round-based block creation process that is determined by three events associated with a round: (i) event $A$: at least one adversarial leader, (ii) event $S$: a single honest leader, and (iii) event $M$: multiple, but honest, leaders. We present an asymptotically optimal consistency analysis assuming that an honest round is more likely than an adversarial round (i.e., $\Pr[S] + \Pr[M] > \Pr[A]$); this threshold is optimal. This is a first in the literature and can be applied to both the simple synchronous communication as well as communication with bounded delays. In all existing consistency analyses, event $M$ is either penalized or treated neutrally. Specifically, the consistency analyses in Ouroboros Praos (Eurocrypt 2018) and Genesis (CCS 2018) assume that $\Pr[S] - \Pr[M] > \Pr[A]$; the analyses in Sleepy Consensus (Asiacrypt 2017) and Snow White (Fin. Crypto 2019) assume that $\Pr[S] > \Pr[A]$. Moreover, all existing analyses completely break down when $\Pr[S] < \Pr[A]$. These thresholds determine the critical trade-off between the honest majority, network delays, and consistency error. Our new results can be directly applied to improve the security guarantees of the existing protocols. We also provide an efficient algorithm to explicitly calculate these error probabilities in the synchronous setting. Furthermore, we complement these results by analyzing the setting where $S$ is rare, even allowing $\Pr[S] = 0$, under the added assumption that honest players adopt a consistent chain selection rule.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Discrete Mathematics

Jun Zhao,Jing Tang,Li Zengxiang,Huaxiong Wang,Kwok-Yan Lam,Kaiping Xue

DOI: https://doi.org/10.48550/arXiv.1909.06587

2020-03-13

Abstract:Formal analyses of blockchain protocols have received much attention recently. Consistency results of Nakamoto's blockchain protocol are often expressed in a quantity $c$, which denotes the expected number of network delays before some block is mined. With $\mu$ (resp., $\nu$) denoting the fraction of computational power controlled by benign miners (resp., the adversary), where $\mu + \nu = 1$, we prove for the first time that to ensure the consistency property of Nakamoto's blockchain protocol in an asynchronous network, it suffices to have $c$ to be just slightly greater than $\frac{2\mu}{\ln (\mu/\nu)}$. Such a result is both neater and stronger than existing ones. In the proof, we formulate novel Markov chains which characterize the numbers of mined blocks in different rounds.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Li Zhang,Baoxian Zhang,Cheng Li

DOI: https://doi.org/10.1109/twc.2023.3293709

IF: 10.4

2023-01-01

IEEE Transactions on Wireless Communications

Abstract:Consensus protocol is a key technology enabling blockchain to provide secure and trustful services in wireless networks. However, most previous study on blockchain consensus protocols for wireless networks relies on reliable message transmissions and honest leaders. In practice, wireless blockchains inherently suffer from limited physical resources and unreliable wireless channels due to environmental noises and adversary attacks. This paper studies the design of Byzantine fault tolerant consensus protocol for blockchain in single-hop wireless networks subject to signal-to-noise constraint. For this purpose, we propose a low-latency and reliable Byzantine fault-tolerant consensus protocol LRBP, which incorporates the following three designs: 1) Randomized credit-based block proposer selection, which can prevent adversary corruption and improve the system throughput, 2) Enhanced threshold Boneh-Lynn-Shacham signature based voting mechanism, which can achieve communication-efficient block validity voting by using piggyback-based acknowledgment and criticality-based adaptive channel accessing probability adjustment, and 3) Random linear network coding based batch forwarding, which supports reliable block transmissions. We derive the consensus success probability and consensus time complexity of LRBP. We prove that LRBP simultaneously satisfies the properties of persistence and liveness. It is resistant to the 51% attack, Sybil attack, double-spending attack, and jamming attack. Simulation results show the high efficiency of LRBP as compared with existing work.

telecommunications,engineering, electrical & electronic

Zhuolun Xiang,Sourav Das,Zekun Li,Zhoujun Ma,Alexander Spiegelman

2024-07-17

Abstract:Threshold cryptography is essential for many blockchain protocols. For example, many protocols rely on threshold common coin to implement asynchronous consensus, leader elections, and provide support for randomized applications. Similarly, threshold signature schemes are frequently used for protocol efficiency and state certification, and threshold decryption and threshold time-lock puzzles are often necessary for privacy. In this paper, we study the interplay between threshold cryptography and a class of blockchains that use Byzantine-fault tolerant (BFT) consensus protocols with a focus on latency. More specifically, we focus on blockchain-native threshold cryptosystem, where the blockchain validators seek to run a threshold cryptographic protocol once for every block with the block contents as an input to the threshold cryptographic protocol. All existing approaches for blockchain-native threshold cryptosystems introduce a latency overhead of at least one message delay for running the threshold cryptographic protocol. In this paper, we first propose a mechanism to eliminate this overhead for blockchain-native threshold cryptosystems with tight thresholds, i.e., in threshold cryptographic protocols where the secrecy and reconstruction thresholds are the same. However, many real-world proof-of-stake-based blockchain-native threshold cryptosystems rely on ramp thresholds, where reconstruction thresholds are strictly greater than secrecy thresholds. For these blockchains, we formally demonstrate that the additional delay is unavoidable. We then introduce a mechanism to minimize this delay in the optimistic case. We implement our optimistic protocol for the proof-of-stake distributed randomness scheme on the Aptos blockchain. Our measurements from the Aptos mainnet show that the optimistic approach reduces latency overhead by 71%.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Shu-Jie Cao,Dongning Guo

2024-12-04

Abstract:This paper investigates the fundamental trade-offs between block safety, confirmation latency, and transaction throughput of proof-of-work (PoW) longest-chain fork-choice protocols, also known as PoW Nakamoto consensus. New upper and lower bounds are derived for the probability of block safety violations as a function of honest and adversarial mining rates, a block propagation delay limit, and confirmation latency measured in both time and block depth. The results include the first non-trivial closed-form finite-latency bound applicable across all delays and mining rates up to the ultimate fault tolerance. Notably, the gap between these upper and lower bounds is narrower than previously established bounds for a wide range of parameters relevant to Bitcoin and its derivatives, including Litecoin and Dogecoin, as well as Ethereum Classic. Additionally, the study uncovers a fundamental trade-off between transaction throughput and confirmation latency, ultimately determined by the desired fault tolerance and the rate at which block propagation delay increases with block size.

Cryptography and Security

Lucianna Kiffer,Joachim Neu,Srivatsan Sridhar,Aviv Zohar,David Tse

DOI: https://doi.org/10.1145/3658644.3670347

2024-06-25

Abstract:For Nakamoto's longest-chain consensus protocol, whose proof-of-work (PoW) and proof-of-stake (PoS) variants power major blockchains such as Bitcoin and Cardano, we revisit the classic problem of the security-performance tradeoff: Given a network of nodes with finite communication- and computation-resources, against what fraction of adversary power is Nakamoto consensus (NC) secure for a given block production rate? State-of-the-art analyses of NC fail to answer this question, because their bounded-delay model does not capture the rate limits to nodes' processing of blocks, which cause congestion when blocks are released in quick succession. We develop a new analysis technique to prove a refined security-performance tradeoff for PoW NC in a bounded-capacity model. In this model, we show that, in contrast to the classic bounded-delay model, Nakamoto's private attack is no longer the worst attack, and a new attack we call the teasing strategy, that exploits congestion, is strictly worse. In PoS, equivocating blocks can exacerbate congestion, making traditional PoS NC insecure except at very low block production rates. To counter such equivocation spamming, we present a variant of PoS NC we call Blanking NC (BlaNC), which achieves the same resilience as PoW NC.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Anurag Jain,Shoeb Siddiqui,Sujit Gujar

DOI: https://doi.org/10.48550/arXiv.2102.04326

2021-02-20

Abstract:Blockchain-based Distributed Ledgers (DLs) promise to transform the existing financial system by making it truly democratic. In the past decade, blockchain technology has seen many novel applications ranging from the banking industry to real estate. However, in order to be adopted universally, blockchain systems must be scalable to support a high volume of transactions. As we increase the throughput of the DL system, the underlying peer-to-peer network might face multiple levels of challenges to keep up with the requirements. Due to varying network capacities, the slower nodes would be at a relative disadvantage compared to the faster ones, which could negatively impact their revenue. In order to quantify their relative advantage or disadvantage, we introduce two measures of network fairness, $p_f$, the probability of frontrunning and $\alpha_f$, the publishing fairness. We show that as we scale the blockchain, both these measures deteriorate, implying that the slower nodes face a disadvantage at higher throughputs. It results in the faster nodes getting more than their fair share of the reward while the slower nodes (slow in terms of network quality) get less. Thus, fairness and scalability in blockchain systems do not go hand in hand. In a setting with rational miners, lack of fairness causes miners to deviate from the "longest chain rule" or undercut, which would reduce the blockchain's resilience against byzantine adversaries. Hence, fairness is not only a desirable property for a blockchain system but also essential for the security of the blockchain and any scalable blockchain protocol proposed must ensure fairness.

Distributed, Parallel, and Cluster Computing,Networking and Internet Architecture

Mohammad T. Hajiaghayi,Dariusz R. Kowalski,Jan Olkowski

2024-05-24

Abstract:We study the problem of reaching agreement in a synchronous distributed system by $n$ autonomous parties, when the communication links from/to faulty parties can omit messages. The faulty parties are selected and controlled by an adaptive, full-information, computationally unbounded adversary. We design a randomized algorithm that works in $O(\sqrt{n}\log^2 n)$ rounds and sends $O(n^2\log^3 n)$ communication bits, where the number of faulty parties is $\Theta(n)$. Our result is simultaneously tight for both these measures within polylogarithmic factors: due to the $\Omega(n^2)$ lower bound on communication by Abraham et al. (PODC'19) and $\Omega(\sqrt{n/\log n})$ lower bound on the number of rounds by Bar-Joseph and Ben-Or (PODC'98). We also quantify how much randomness is necessary and sufficient to reduce time complexity to a certain value, while keeping the communication complexity (nearly) optimal. We prove that no MC algorithm can work in less than $\Omega(\frac{n^2}{\max\{R,n\}\log n})$ rounds if it uses less than $O(R)$ calls to a random source, assuming a constant fraction of faulty parties. This can be contrasted with a long line of work on consensus against an {\em adversary limited to polynomial computation time}, thus unable to break cryptographic primitives, culminating in a work by Ghinea et al. (EUROCRYPT'22), where an optimal $O(r)$-round solution with probability $1-(cr)^{-r}$ is given. Our lower bound strictly separates these two regimes, by excluding such results if the adversary is computationally unbounded. On the upper bound side, we show that for $R\in\tilde{O}(n^{3/2})$ there exists an algorithm solving consensus in $\tilde{O}(\frac{n^2}{R})$ rounds with high probability, where tilde notation hides a polylogarithmic factor. The communication complexity of the algorithm does not depend on the amount of randomness $R$ and stays optimal within polylogarithmic factor.

Distributed, Parallel, and Cluster Computing,Cryptography and Security,Data Structures and Algorithms

Quan Yuan,Puwen Wei,Keting Jia,Haiyang Xue

DOI: https://doi.org/10.1007/s11432-019-9916-5

2020-01-01

Science China Information Sciences

Abstract:Bitcoin, which was initially introduced by Nakamoto, is the most disruptive and impactive cryptocurrency. The core Bitcoin technology is the so-called blockchain protocol. In recent years, several studies have focused on rigorous analyses of the security of Nakamoto’s blockchain protocol in an asynchronous network where network delay must be considered. Wei, Yuan, and Zheng investigated the effect of a long delay attack against Nakamoto’s blockchain protocol. However, their proof only holds in the honest miner setting. In this study, we improve Wei, Yuan and Zheng’s result using a stronger model where the adversary can perform long delay attacks and corrupt a certain fraction of the miners. We propose a method to analyze the converge event and demonstrate that the properties of chain growth, common prefix, and chain quality still hold with reasonable parameters in our stronger model.

You Lin,Mingzhe Li,Qingsong Wei,Yong Liu,Siow Mong Rick Goh,Jin Zhang

2024-07-09

Abstract:Sharding enhances blockchain scalability by partitioning nodes into multiple groups for concurrent transaction processing. Configuring a large number of \emph{small shards} helps improve the transaction concurrency of a sharding system. However, it increases the fraction of malicious nodes within each shard, easily leading to shard corruption and jeopardizing system security. Some existing works have attempted to improve concurrency by reducing the shard size while maintaining security. However, they often require frequent and time-consuming recovery of corrupted shards, leading to severe system stagnation. Also, they usually require network-wide consensus to guarantee security, which limits scalability. To address these issues, we propose DL-Chain, a blockchain sharding system that can securely provide \emph{high concurrency with stable and scalable performance.} Our core idea is a \underline{D}ual-\underline{L}ayer architecture and consensus, which consists of numerous smaller proposer shards (PSs) for transaction processing and multiple larger finalizer committees (FCs) for transaction finalization. To avoid system stagnation and thus guarantee stable performance, we ensure PSs' liveness even if they are corrupted through the cooperation of PSs and FCs, thus eliminating the recovery process of corrupted PSs. To better trade-off security and scalability, we fine-tune the FCs to enable multiple FCs to coexist securely. As a result, DL-Chain allows a larger fraction of malicious nodes in each PS ($<1/2$) and thus can securely configure smaller shards for boosted stable and scalable concurrency. Evaluation results show that DL-Chain achieves up to 10 times improvement in throughput compared to existing solutions and provides stable concurrency with up to 2,550 nodes.

Distributed, Parallel, and Cluster Computing

Drew Stone

DOI: https://doi.org/10.48550/arXiv.1804.06836

2018-04-18

Computer Science and Game Theory

Abstract:Given the parallels between game theory and consensus, it makes sense to intelligently design blockchain or DAG protocols with an incentive-compatible-first mentality. To that end, we propose a new blockchain or DAG protocol enhancement based on delayed rewards. We devise a new method for imposing slashing conditions on miner behavior, using their delayed rewards as stake in a Proof of Work system. Using fraud proofs, we can slash malicious miner behavior and reward long-lived, honest behavior.

Chenyu Huang,Zeyu Wang,Huangxun Chen,Qiwei Hu,Qian Zhang,Wei Wang,Xia Guan

DOI: https://doi.org/10.1109/jiot.2020.3028449

IF: 10.6

2021-03-15

IEEE Internet of Things Journal

Abstract:In today's blockchain system, designing a secure and high throughput blockchain on par with a centralized payment system is a difficult task. Sharding is one of the most worthwhile emerging technologies for improving the system throughput while maintain high-security level. However, previous sharding-related designs have two main limitations. First, the security and throughput of their random-based sharding system are not high enough as they did not leverage the heterogeneity among validators. Second, to design an incentive mechanism that promotes cooperation could incur a huge overhead on their system. In this article, we propose RepChain, a reputation-based secure and fast blockchain system via sharding, which also provides high incentive to stimulate node cooperation. RepChain utilizes reputation to explicitly characterize the heterogeneity among the validators and lay the foundation for the incentive mechanism. We propose a new double-chain architecture—a transaction chain and a reputation chain. For the transaction chain, an efficient Raft-based synchronous consensus has been presented. For the reputation chain, the synchronous Byzantine fault tolerance consensus that combines collective signing has been utilized to prevent the attack on both reputation score and the related transaction blocks. It supports a high throughput transaction chain with moderate generation speed. Moreover, we propose a reputation-based sharding and leader selection scheme. To analyze the security of RepChain, we propose a recursive formula to calculate the epoch security within only $mathcal {O}(km^{2})$ time. Furthermore, we implement and evaluate RepChain on the Amazon Web Service platform. The results show our solution can enhance both throughout and security level of the existing sharding-based blockcha-n system.

computer science, information systems,telecommunications,engineering, electrical & electronic