Fruitchains: A Fair Blockchain?

Similar documents
Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Pooled Mining Makes Selfish Mining Tricky

Problem: Equivocation!

Analyzing Bitcoin Security. Philippe Camacho

Introduction to Bitcoin I

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

On the impact of propogation delay on mining rewards in Bitcoin. Xuan Wen 1. Abstract

Consensus & Blockchain

SmartPool: practical decentralized pool mining. Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena August 18, 2017

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

ENEE 457: E-Cash and Bitcoin

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

Jan Møller Co-founder, CTO Chainalysis

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Smalltalk 3/30/15. The Mathematics of Bitcoin Brian Heinold

A Lightweight Blockchain Consensus Protocol

Burstcoin Technical information about mining and block forging

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

arxiv: v1 [cs.cr] 31 Aug 2017

CONSENSUS PROTOCOLS & BLOCKCHAINS. Techruption Lecture March 16 th, 2017 Maarten Everts (TNO & University of Twente)

Be Selfish and Avoid Dilemmas: Fork After Withholding (FAW) Attacks on Bitcoin

Brown University. Yana Hrytsenko. Final Project: Blockchain for PKI: Using Blockchain data structure for Public Key. Infrastructure.

A Scalable Proof-of-Stake Blockchain in the Open Setting

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Biomedical Security. Cipher Block Chaining and Applications

Introduce A mobile and decentral Proof-of-Transaction crypto coin

Proof-of-Work & Bitcoin

Ensimag - 4MMSR Network Security Student Seminar. Bitcoin: A peer-to-peer Electronic Cash System Satoshi Nakamoto

Bitcoin/Namecoin/*coin: On Bitcoin like protocols and their relation to other IT-Security issues

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

Proof-of-Stake Protocol v3.0

What is Bitcoin? How Bitcoin Works. Outline. Outline. Bitcoin. Problems with Centralization

What is Proof of Work?

P2P BitCoin: Technical details

Bitcoin (and why it uses SO much energy)

Neel Gupte. Index Terms Bitcoin, Cryptocurreny, Block Chain, Hashing, Proof-of-Work, Double-spending, Momentum Method, Proof of Stake.

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Introduction to Cryptoeconomics

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Blockchains & Cryptocurrencies

Bitcoin and Blockchain

Radix - Public Node Incentives

arxiv: v3 [cs.cr] 23 Aug 2016

Bitcoin. Arni Par ov. December 17, 2013

A Proof-of-Stake protocol for consensus on Bitcoin subchains

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Security Analysis of Monero s Peer-to-Peer System

Adapting Blockchain Technology for Scientific Computing. Wei Li

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

TOPPERCASH TOPPERCASH WHITEPAPER REFORM THE BEST OF BLOCKCHAIN

Whitepaper Rcoin Global

BITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes

But Why Does it Work? A Rational Protocol Design Treatment of Bitcoin

Applied cryptography

SpaceMint Overcoming Bitcoin s waste of energy

EECS 498 Introduction to Distributed Systems

Alternative Consensus Algorithms. Murat Osmanoglu

Adapting Blockchain Technology for Scientific Computing. Wei Li

A Gentle Introduction To Bitcoin Mining

Decentralized prediction game platform, powered by public

Distributed Algorithms Bitcoin

Proof of Stake Made Simple with Casper

BLOCKCHAIN The foundation behind Bitcoin

CS 261 Notes: Algorand

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

ZeroBlock: Timestamp-Free Prevention of Block-Withholding Attack in Bitcoin

EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING

About cryptocurrencies and blockchains part 1. Jyväskylä 17th of April 2018 Henri Heinonen

BCH-SV Professional Stress Test

CS 251: Bitcoin and Crypto Currencies Fall 2015

ZeroBlock: Preventing Selfish Mining in Bitcoin

Half Fast Bitcoin Miner Design Peter Xu (px2117) Patrick Taylor (pat2138) Ben Nappier (ben2113) Matheus Candido (mcc2224)

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

Bitcoin as a Transaction Ledger: A Composable Treatment

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

BLOCKREDUCE: SCALING BLOCKCHAIN TO HUMAN COMMERCE

Marker addresses: Adding identification information to Bitcoin transactions to leverage existing trust relationships

Blockchain without Bitcoin. Muralidhar Gopinath October 19, 2017 University at Albany

arxiv: v2 [cs.cr] 14 Nov 2018

Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus

(Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Blockchain as cryptanalytic tool

Bitcoin and Cryptocurrency Technologies. Arvind Narayanan, Joseph Bonneau, Edward Felten, Andrew Miller, Steven Goldfeder

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

Bitcoin a Peer-to-Peer payment solution

Cryptography and Cryptocurrencies. Intro to Cryptography and Cryptocurrencies

I. Introduction. II. Security, Coinage and Attacks

ILCOIN White Paper. In ILCOIN We Trust ILCOIN

Bitcoin Mining. A high-level technical introduction. Konstantinos Karasavvas

On Power Splitting Games in Distributed Computation: The Case of Bitcoin Pooled Mining

primechain building blockchains for a better world

Countering Block Withholding Attack Efficiently

Hybrid Consensus. Tai-Ning Liao, Xian-Ming Pan, Zhao-Heng Chiu, Imu Lin 1/65

Blockchain: Past, Present and Future

Blockchain Certification Protocol (BCP)

Transcription:

Fruitchains: A Fair Blockchain? Kyrylo Voronchenko Supervised by Michal Zajac June 4, 2018 Abstract This report is an overview of the paper [PS16] in which authors introduced a new protocol called FruitChain that has fair reward mechanism, removes transaction fees instability and eliminates the need of mining pools. They shown that proposed protocol can be run as an instance of Nakamoto s blockchain protocol. Contents 1 Introduction 2 2 Protocols Overview 3 2.1 Nakamoto s Blockchain Protocol................ 3 2.2 The FruitChain Protocol.................... 4 2.2.1 Fruit structure...................... 4 2.2.2 Block structure...................... 5 2.2.3 Blockchain Structure................... 6 2.2.4 Fairness in FruitChain blockchain protocol...... 7 2.2.5 Transaction fees exacerbate instability......... 7 2.2.6 Disincentivizing Pooled Mining............. 7 3 Summary 8 4 References 8 1

1 Introduction The word blockchain stems from its technical structure - a chain of blocks. Each block in the blockchain is connected to the previous one with a cryptographic hash along with a timestamp. A block is a data structure that can store a list of records. In Bitcoin, when miners try to compute the block, they pick all transactions they want and include them into the block so they can form a tree of transaction later hashed into a merkle root and referenced into a block s header. Miners are incentivized to solve computaional puzzles by receiving block rewards for every block together with transactions fee from transactions they included into the mined block. Nakamoto s Bitcoin blockchain protocol reward mechanism suffers from several attacks: 1. Selfish-mining attack. In selfish-mining attack, if an adversary controls the network delivery, he may get close to half of all the rewards. Adversary withholds his mined block and wait until honest party will solve computational puzzle and mine a new block. As an adversary controls network delivery, he can deny incoming honest party block and replace it with his own already mined block. 2. Transaction fees exacerbate instability. In Nakamoto s Bitcoin, the block reward is halves every 210,000 blocks. Due to this property, miners are expected to obtain most of the reward from transaction fees. In the paper, authors mentioned that a recent work by Carlsten at al.[ckwn16] show that if a block contains transactions with large fees, miners will be incentivized to create a fork and attempt to confirm transactions themselves[ps16] 3. Mining pool harm decentralization. Nowadays, the block difficulty setted in such way that one block needs to be mined in approximatelly 10 minutes[gkl14]. It is impossible to individual miner for mine a new block during this period of time. Today, a solo miner wourld take 2 to 5 years to obtain its first reward. [sol]. That is why participants of the network started to collaborate with each other and share their mining power. Mining pool is a group of people that share their computational resources in order to mine a block and after poll operator splits the block reward proportional to the hashing power they used. Mining pools remove the main feature 2

of a blockchain - decentralization. For instance, BTC.com mining pool has 28.4% of all the Bitcoin mining power 1. Also, most of the mining pools participants mining power are located in China and if goverment will try to ban a mining pool, it most probably will do it. Fruitchain protocol removes these three properties that were stated above. In fruitchain, we have 2 different data structures - fruits and blocks. Fruits consists of transaction data and blocks are consists of fruit. Each data structure has its own proof-of-work that is need to be solved for mining. The difficulties of these proof-of-work are different and selected in that way, that even individual miner is able to mine a fruit of a block. 2 Protocols Overview 2.1 Nakamoto s Blockchain Protocol Satoshi Nakamoto proposed a decentalized and distributed solution for maintaining for chain of blocks of records - called a blockchain. Each block of a blochchain consist of four main parts:... (h 2, η, m, h 1 ) (h 1, η, m, h 0 )..., where: Figure 1: Bitcoin Blockchain Structure 1. h 1 - pointer to the hash of the previous block 2. η - nonce(proof of work derived from the pair (h 1, m). 3. h - pointer to the current record 4. m - a set of records (transactions). Bitcoin application blockchain protocol is parametrized by a mining harness difficulty parameter p and proof-of-work is deemed valid if η is a string such that H(h 1, η, m) < D p where H is a hash function is set that an inpit satisfies the relation is less than p.[?]. Basically, this means that the string projects into whole range of hash function values and if this string satisfies 1 https://blockchain.info/pools 3

an inequation, this string is a correct input. Parameter p acts as a value resized the range of the values that may satisfy the relation. Each participant of the protocol, may attempt to receive the set of messages m from other participants, pick random η, check whether it satisfies the the relation above and extend the blockchain by sending his mined block over network. 2.2 The FruitChain Protocol FruitChain differs from Nakamoto s blockchain protocol. Compare to Bitcoin blockchain, instead of putting a set of messages m into the block, authors come up with idea to put them into the fruits denoted as f. 2.2.1 Fruit structure Fruits structure are similar to Bitcoin block structure but fruit requires additional requirements to be hanged (mined): 1. Fruits requires solving additional proof-of-work with a different handness parameter p f. 2. Fruit should store a pointer to a block that is not far away from the block containing it. Authors proposed to use additional parameter R that specifies how far back a fruit allows to be. A valid fruit has the following structure: (h 1, h, η, digest, m, h), where: Figure 2: Fruit Structure 1. h 1 - pointer to the hash of the previous block. 2. h - pointer to a block from which the fruit f hangs 3. η - nonce, fruit proof-of-work solution. The mining hardness parameter parameter is p f which is different from block p. 4

4. digest - digest of fruit set F that contains fruit f. Instead of set of records (transactions), block contains the fruit set. 5. m - message (records) that fruit contains. 6. h - hash of the fruit. Definition 2.1 Valid fruit (from [PS16]) A fruit denoted as f = (h 1, h, η, digest, m, h) is valid iff: 1. H(h 1, h, η, digest, m) = h 2. [h] κ < D pf where [h] κ denotes the last κ bits of h. We say that F is a valid fruit-set if either F = or F is a set of valid fruits. 2.2.2 Block structure A block structure in a FruitChain protocol is similar to a fruit structure except it also requires the fruitset F. ((h 1, h, η, digest, m, h), F ), where: Figure 3: FruitChain Block Structure 1. h 1 - a pointer to a previous block in a chain. 2. h - is an artifact of the fruit mining and block mining piggybacked. 3. η - nonce denoting proof-of-work solution for a block. Difficulty parameter p denotes the mining hardness difficulty for block proof-ofwork, so it is different from p f that denotes the fruit mining hardness difficulty. 4. digest - digest (hash) of a fruit set F that will be included to this block. 5. m - a record, artifact of the two mining processes. 6. h - a pointer to a block, hash of all the previous values 5

7. F - fruit set that needs to be included into the block. Fruit set F has the following structure: f 0 f 1 f 2 f 3 Figure 4: Fruit Set Structure Note that fruits are not linked to each other. Each fruit has a reference to a block that is not too far away from the newest block in a blockchain. Definition 2.2 Valid block (from [PS16]) A block denoted as b = ((h 1, h, η, digest, m, h), F ) is valid iff: 1. digest = d(f ), where d is a collision-resistant hash function. 2. F is a valid fruit-set. 3. H(h 1, h, η, d(f ), m) = h 4. [h] :κ < D p1 where [h] :κ denotes the first κ bits of h. 2.2.3 Blockchain Structure FruitChain blockchain has the following structure:... ((h 2, h, η, digest, m, h 1 ), F 0 ) ((h 1, h, η, digest, m, h 0 ), F 1 )... Figure 5: Fruitchain Blockchain Structure Definition 2.3 Valid blockchin (from [PS16]) We say that a chain is valid iff: 1. chain[0] = genesis where genesis := ((0; 0; 0; ; H(0; 0; 0; 0, )), ) is the genesis block. 2. for all i [l], chain[i].h 1 = chain[i 1].h, i.e., each block refers to the previous block s pointer. 3. for all i [l], all f chain[i].f, there exists some j i Rκ such that the pointer of f is chain[j].h. 6

As we can see, the first two properties are similar to Nakamoto s valid blockchain definition that differs only in block structure. Third property states that fruit set F needs to be not far back from the block to which fruits from this set point to. 2.2.4 Fairness in FruitChain blockchain protocol In the [PS16], authors introduces a notion of fairness for blockchain protocols. Definition 2.4 Fairness (from [PS16]) A blockchain protocol is fair if honest players that wiled φ fraction of the computational resources will reap al least φ fraction of the blocks in any sufficiently long window of the chain. In their work, they proved that FruitChain blockchain is fair and has consistency and liveness properties as Nakamoto s one. If the protocol is fair, adversary is not able to gain much more that its fair share of a block rewards and transaction fee. That is why the selfish-mining problem disincentivized. 2.2.5 Transaction fees exacerbate instability In [PS16], authors suggested a method for spreading out the transaction fees of a block over the miners of a sequence of blocks preceeding it. 2.2.6 Disincentivizing Pooled Mining As a solution for mining pools centralization problem, authors of [PS16] proposed Fruichain protocol that is parametrized by two mining hardness parameters - p for a block and p f for a fruit. These parameters are independent of each other, so p can be set appropriately to ensure consistency of a whole blockchain and p f can be set much larger. For instance, the difficulty p f may be equal to a partial proof-of-work that solo-miner can solve without being in a mining pool. In [PS16], authors calculated that if they allocate space for 1000 fruits in a block, where each block is 80 bytes, this would occupy roughly 8% of a 1MB block and this will allow a solo miner to get his first rewards 1000x faster compare to a Bitcoin. 7

3 Summary Blockchain technology is promising technology that yet has to find its new opportunities and new application. In the [PS16] paper, authors proposed a new blockchain protocol that is fair, deincentivizes mining pools and give an opportunity to earn a reward for a solo miners. I hope that we will see the implementation of this protocol in the nearest future. 4 References References [CKWN16] Miles Carlsten, Harry Kalodner, S. Matthew Weinberg, and Arvind Narayanan. On the instability of bitcoin without the block reward, 2016. [GKL14] [Nak] Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. Cryptology eprint Archive, Report 2014/765, 2014. https://eprint. iacr.org/2014/765. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system, http://bitcoin.org/bitcoin.pdf. [PS16] Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. Cryptology eprint Archive, Report 2016/916, 2016. https:// eprint.iacr.org/2016/916. [sol] https://www.coinwarz.com/calculators/ bitcoin-mining-calculator. 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback