Understanding Bitcoin Liveness and Chain Growth in Blockchain Security

lecture 7 lecture 7 bitcoin liveness bitcoin n.w
1 / 14
Embed
Share

Explore Bitcoin liveness as a crucial security aspect in blockchain technology, focusing on chain growth, safety, and quality. Discover insights on how the longest chain protocol ensures the integrity and continuity of blockchain operations while safeguarding against potential liveness attacks.

  • Bitcoin
  • Blockchain Security
  • Chain Growth
  • Liveness
  • Longest Chain
rayaanacharya
uriy_744 Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Lecture 7: Lecture 7: Bitcoin Liveness Bitcoin Liveness

  2. Recap Recap Last lecture: safety of the longest chain protocol, which means that once a block is confirmed (e.g., k-deep), then the probability of deconfirmation is very small. Safety is an important security property But what if no block gets into the ledger, or blocks get in but some honest transactions don t Liveness Liveness is an important security property: focus of this lecture

  3. Observations Observations The longest chain protocol cannot deadlock Mining operation is very democratic and even a single honest miner with tiny hash power will eventually succeed in mining But the ledger is made up of blocks on the longest chain. It could happen that all blocks on the longest chain are adversarial A block mined by an adversary could be simply empty (censoring all transactions) or censor specific transactions Both these are fatal liveness attacks.

  4. Chain growth Chain growth Chain growth ( Chain growth (??): rate of growth of the longest chain ): rate of growth of the longest chain Observation 1: Observation 1: ?? > 0 Adversary stays silent Adversary stays silent ?? = 1 ? ? 1+ 1 ? ? 1 ? ? 1+ 1 ? ? + ?? Adversary acts honest Adversary acts honest ?? = 1 ? ? 1+ 1 ? ?? Claim: ?? >

  5. Chain growth Chain growth Minute 0 genesis Minute 8 Minute 19 Minute 31 Chain growth is 1 block/10 minutes Minute 40 Minute 51 Minute 60

  6. Chain quality Chain quality 4 honest blocks genesis 2 adversarial blocks In the longest chain longest chain => chain quality is 4/6 = 0.667 Chain quality ( Chain quality (??): # of honest blocks in the longest chain/# ): # of honest blocks in the longest chain/# of all blocks in the longest chain of all blocks in the longest chain

  7. Chain quality Chain quality Observation: we need Observation: we need ?? > 0 for liveness for liveness ?? ?? ? ??? ?? ? =?? ?? ?? 1 ? ? 1+ 1 ? ??> ?? ?? > 0 This is exactly the same condition for safety Turns out the condition above is also necessary for liveness Selfish mining

  8. Selfish mining attack Selfish mining attack The adversary always mines on the block at the tip of the longest chain, whether the chain is private or public. Upon successful mining, the adversary maintains the block in private to release it at an appropriate time. When an honest miner publishes a block the adversary will release a previously mined block at the same level (if it has one). honest private adversarial public adversarial displaced honest block We assume that the adversary can break ties in its favor, so honest miners will mine on the adversarial block.

  9. Chain quality and liveness Chain quality and liveness 1 ? ? 1 + 1 ? ?? ?? 1 ? ? 1 + 1 ? ?? 1 ? ?? Chain quality quantifies liveness and fairness fairness The most fair reward distribution occurs when number of honest blocks on the longest chain is proportional to honest hash power 1 ? , i.e., ?? = 1 ?, This is not happening in the longest chain protocol (due to selfish mining).

  10. Fruitchains Fruitchains Main idea: separate transactions (& their rewards) from blocks in the longest chain

  11. Cryptographic Sortition Cryptographic Sortition How to do PoW for both types of blocks simultaneously? Transaction Block Transaction Block T_prop + T_tx Superblock Superblock hash T_prop Proposer Block Proposer Block hash 0

  12. Optimal chain quality Optimal chain quality Transaction block Displaced proposer block Honest proposer block Adversarial proposer block Fraction of honest transaction blocks in the longest chain longest chain Fraction of honest transaction blocks overall in the overall

  13. Short time scale optimal CQ Short time scale optimal CQ Block withholding attack: An attacker keep successfully mined transaction blocks private Then it suddenly release a large number of them at the same time, thereby creating a very high fraction of adversarial transaction blocks in some small segment of the proposer chain Resolution: by requiring that a transaction block should hang from a confirmed proposer block which is not too far from the proposer block which includes it.

  14. Short time scale optimal CQ Short time scale optimal CQ During mining, each transaction block refers to a recently stabilized/confirmed proposer block (called confirmed parent) Recency condition: a transaction block B is recent with respect to a proposer chain C if the confirmed parent of B is a block that is at most R deep in C, where R is a recency parameter. Proposer blocks only include recent transaction blocks Question: How to set R? Question: How to set R?

Related


No related presentations.

More Related Content