Skip to main content
Springer Nature Link
Log in

Plumo: An Ultralight Blockchain Client

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13411))

Included in the following conference series:

Abstract

Syncing the latest state of a blockchain can be a resource-intensive task, driving (especially mobile) end users towards centralized services offering instant access. To expand full decentralized access to anyone with a mobile phone, we introduce a consensus-agnostic compiler for constructing ultralight clients, providing secure and highly efficient blockchain syncing via a sequence of SNARK-based state transition proofs, and prove its security formally. Instantiating this, we present Plumo, an ultralight client for the Celo blockchain capable of syncing the latest network state summary in just a few seconds even on a low-end mobile phone. In Plumo, each transition proof covers four months of blockchain history and can be produced for just $25 USD of compute. Plumo achieves this level of efficiency thanks to two new SNARK-friendly constructions, which may also be of independent interest: a new BLS-based offline aggregate multisignature scheme in which signers do not have to know the members of their multisignature group in advance, and a new composite algebraic-symmetric cryptographic hash function.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    The NIPowPow protocol of Kiayias et al. is forced to revert to the SPV light client protocol in the presence of bribing and selfish mining attacks.

  2. 2.

    MNT4-753/MNT6-753 is the most efficient known pairing-friendly cycle at 128-bits security. Evidence suggests the nonexistence of significantly better options [19].

  3. 3.

    Subsequent work introducing fully succinct SNARKs with universal SRSs [32] allow parallel setups, but performance lags behind circuit-specific SNARKs [21].

  4. 4.

    E.g., non-interactive multisignatures, used often in BFT consensus and multisignature wallets, are only possible with pairings; for consensus naive \(O(n^2)\) communication can be avoided with CoSi [29], but higher latency persists, and multisignature wallet spends would require participants to all be online concurrently. Pairing-based cryptography will also power Celo’s forthcoming ARKE private contact discovery system (see https://celo.org/papers/future-of-digital-currencies).

  5. 5.

    We believe the estimates of subsequent work [18] for a transition-based UC proving full consensus of a barebones Bitcoin network to be off by an order of magnitude even assuming a circuit an order of magnitude greater than \(\textsc {Plumo} \)’s (which required coordinating a historically large \(2^{28}\) powers-of-\(\tau \) trusted setup ceremony), and hashing with SNARK-optimized Poseidon [25]. Such circumstances would allow proofs to cover about a week, but Flyclient would offer much faster verifier time with only slightly larger proofs given the relative costs of SNARK verification and hashing.

  6. 6.

    We note that proofs of \(\mathcal {R}_{\hat{s}}^{(m')}\) for \(1 \le m' \le m\) are called for by our construction as well. With transparent and universal setup SNARKs this can be achieved just by making m circuits, but for SNARKs with circuit-specific setups adding support for padding in \(\mathcal {R}_{\hat{s}}^{(m)}\) can avoid the need for m distinct trusted setups.

  7. 7.

    Our PoS election occasionally elects \(n{<}100\) committee members. Rather than compute \(\lceil 2n/3 \rceil {+}1\) in the circuit, we piggyback on our SA, including it in the epoch message.

  8. 8.

    A benign distribution supplies negligible advantage to any adversary against any construction (e.g., the uniform distribution is conjectured benign [7]).

  9. 9.

    Results for hash-then-sign signatures in [23] require modifying the signer to sample and prepend a random nonce to each message they sign—currently no UCs which prove verification of signatures are doing this.

  10. 10.

    See https://github.com/celo-org/celo-bls-snark-rs and https://github.com/celo-org/snark-setup.

References

  1. Al-Bassam, M., et al.: Chainspace: a sharded smart contracts platform. In: Proceedings of the 25th Network and Distributed System Security Symposium, NDSS 2018 (2018). https://eprint.iacr.org/2016/492.pdf

  2. Albrecht, M., et al.: MiMC: efficient encryption and cryptographic hashing with minimal multiplicative complexity. In: 22nd International Conference on the Theory and Application of Cryptology and Information Security, pp. 191–219 (2016). https://eprint.iacr.org/2016/492.pdf

  3. Amoussou-Guenou, Y., et al.: Correctness of tendermint-core blockchains. In: 22nd International Conference on Principles of Distributed Systems, OPODIS 2018, vol. 125, pp. 16:1–16:16 (2018). https://eprint.iacr.org/2018/574.pdf

  4. Aumasson, J.-P., et al.: BLAKE2: simpler, smaller, fast as MD5. In: 11th International Conference of Applied Cryptography and Security, ACNS 2013 (2013). https://www.blake2.net/blake2_20130129.pdf

  5. Ben-Sasson, E., Ciesa, A., Spooner, N.: Interactive oracle proofs. In: 14th Theory of Cryptography Conference, TCC 2016 (2016). https://www.iacr.org/archive/tcc2016b/99850156/99850156.pdf

  6. Ben-Sasson, E., et al.: Scalable zero knowledge via cycles of elliptic curves. In: 34th Annual International Cryptology Conference, CRYPTO 2014, pp. 276–294 (2014). https://eprint.iacr.org/2014/595.pdf

  7. Bitansky, N., et al.: Recursive composition and bootstrapping for SNARKs and proof-carrying data. In: 45th ACM Symposium on the Theory of Computing, STOC 2013, pp. 111–120 (2013). https://eprint.iacr.org/2012/095.pdf

  8. Bitansky, N., et al.: On the existence of extractable one-way functions. SIAM J. Comput. 45(5) (2016). Preliminary Version Appeared in STOC 2014, pp. 1910–1952. https://eprint.iacr.org/2014/402.pdf

  9. Boldyreva, A.: Threshold signatures, multisignatures and blind signatures based on the gap-Diffie-Hellman-group signature scheme. In: 6th International Conference on Practice and Theory in Public Key Cryptography, PKC 2003, pp. 31–46 (2003). https://www.cc.gatech.edu/~aboldyre/papers/bold.pdf

  10. Boneh, D., Drijvers, M., Neven, G.: Compact multi-signatures for smaller blockchains. In: 24th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2018, pp. 435–464 (2018). https://eprint.iacr.org/2018/483.pdf

  11. Boneh, D., Lynn, B., Shacham, H.: Short signatures from the weil pairing. In: 7th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2001, pp. 514–532 (2001). https://www.iacr.org/archive/asiacrypt2001/22480516.pdf

  12. Boneh, D., et al.: Aggregate and verifiably encrypted signatures from bilinear maps. In: 22nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2003, pp. 416–432 (2003). https://crypto.stanford.edu/~dabo/pubs/papers/aggreg.pdf

  13. Bonneau, J., et al.: Coda: Decentralized Cryptocurrency at Scale. Cryptology ePrint Archive, Report 2020/352 (2020). https://eprint.iacr.org/2020/352.pdf

  14. Bowe, S., Grigg, J., Hopwood, D.: Recursive Proof Composition without a Trusted Setup. Cryptology ePrint Archive, Report 2019/1021 (2019). https://eprint.iacr.org/2019/1021.pdf

  15. Bowe, S., et al.: Zexe: enabling decentralized private computation. In: 41st IEEE Symposium on Security and Privacy, S&P 2020, pp. 947–964 (2020). https://eprint.iacr.org/2018/962.pdf

  16. Bünz, B., et al.: FlyClient: super-light clients for cryptocurrencies. In: 41st IEEE Symposium on Security and Privacy, S&P 2020, pp. 928–946 (2020). https://eprint.iacr.org/2019/226.pdf

  17. Bünz, B., et al.: Recursive proof composition from accumulation schemes. In: 18th Theory of Cryptography Conference, TCC 2020, vol. 2, pp. 1–18 (2020). https://eprint.iacr.org/2020/499.pdf

  18. Chen, W., et al.: Reducing Participation Costs via Incremental Verification for Ledger Systems. Cryptology ePrint Archive, Report 2020/1522 (2020). https://eprint.iacr.org/2020/1522.pdf

  19. Chiesa, A., Chua, L., Weidner, M.: On cycles of pairing-friendly elliptic curves. SIAM J. Appl. Algebra Geom. 3(2), 175–192 (2019). https://arxiv.org/pdf/1803.02067.pdf

  20. Chiesa, A., Tromer, E.: Proof-carrying data and hearsay arguments from signature cards. In: 1st Conference on Innovations in Computer Science, ICS 2010, pp. 310–331 (2010). http://people.eecs.berkeley.edu/~alexch/docs/CT10.pdf

  21. Chiesa, A., et al.: Marlin: preprocessing zkSNARKS with universal and updatable SRS. In: 39th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2020, pp. 738–768 (2020). https://eprint.iacr.org/2019/1047.pdf

  22. El Housni, Y., Guillevic, A.: Optimized and secure pairing-friendly elliptic curves suitable for one layer proof composition. Cryptology ePrint Archive, Report 2020/351 (2020)

    Google Scholar 

  23. Fiore, D., Nitulescu, A.: On the (in)security of SNARKs in the presence of oracles. In: 14th International Conference on the Theory of Cryptography, TCC 2016, pp. 108–138 (2016). https://eprint.iacr.org/2016/112.pdf

  24. Fuchsbauer, G., Kiltz, E., Loss, J.: The algebraic group model and its applications. In: 38th Annual International Cryptology Conference, CRYPTO 2018, pp. 33–62 (2018). https://eprint.iacr.org/2017/620.pdf

  25. Grassi, L., et al.: Starkad and Poseidon: New Hash Functions for Zero Knowledge Proof Systems (2019). https://eprint.iacr.org/2019/458.pdf

  26. Gudgeon, L., et al.: SoK: off the chain transactions. Cryptology ePrint Archive, Report 2019/360 (2019). https://eprint.iacr.org/2019/360.pdf

  27. Hopwood, D., et al.: Zcash Protocol Specification [Overwinter+Sapling] (2021). https://raw.githubusercontent.com/zcash/zips/master/protocol/sapling.pdf

  28. Kiayias, A., Miller, A., Zindros, D.: Non-interactive proofs of proof-of-work. In: 24th International Conference on Financial Cryptography and Data Security, FC 2020, pp. 505–522 (2020). https://eprint.iacr.org/2017/963.pdf

  29. Kokoris-Kogias, E., et al.: Enhancing bitcoin security and performance with strong consistency via collective signing. In: 25th USENIX Conference on Security Symposium, USENIX Security 2016, pp. 279–296 (2016). https://arxiv.org/pdf/1602.06997.pdf

  30. Kokoris-Kogias, E., et al.: OmniLedger: a secure, scale-out, decentralized ledger via sharding. In: 39th IEEE Symposium on Security and Privacy, S &P 2018, pp. 583–598 (2018). https://eprint.iacr.org/2017/406.pdf

  31. Malavolta, G., et al.: Concurrency and privacy with payment-channel networks. In: 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017, pp. 455–471. Association for Computing Machinery (2017). https://eprint.iacr.org/2017/820.pdf

  32. Maller, M., et al.: Sonic: zero-knowledge SNARKs from linear-size universal and updateable structured reference strings. In: 26th ACM Conference on Computer and Communications Security, CS 2019, pp. 2111–2128 (2019). https://eprint.iacr.org/2019/099.pdf

  33. Meiklejohn, S.: Top ten obstacles along distributed ledgers path to adoption. IEEE Secur. Priv. 16(4), 13–19 (2018). https://discovery.ucl.ac.uk/id/eprint/10057035/1/accepted-topten.pdf

  34. Moniz, H.: The Istanbul BFT Consensus Algorithm. arXiv abs/2002.03613. https://arxiv.org/pdf/2002.03613.pdf

  35. Nikitin, K., et al.: CHAINIAC: proactive software-update transparency via collectively signed skipchains and verified builds. In: 26th USENIX Security Symposium, USENIX Security 2014, pp. 1271–1287 (2017). https://eprint.iacr.org/2017/648.pdf

  36. Ristenpart, T., Yilek, S.: The power of proofs-of-possession: securing multiparty signatures against rogue-key attacks. In: 26th Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2007, pp. 228–245 (2007). https://www.iacr.org/archive/eurocrypt2007/45150228/45150228.pdf

  37. Vesely, P., et al.: Plumo: An ultralight blockchain client. Cryptology ePrint Archive, Paper 2021/1361 (2021). https://eprint.iacr.org/2021/1361

  38. Yin, M., et al.: HotStuff: BFT consensus with linearity and responsiveness. In: ACM Symposium on Principles of Distributed Computing 2019, PODC 2019, pp. 347–356 (2019). https://arxiv.org/pdf/1803.05069.pdf

Download references

Author information

Authors and Affiliations

  1. University of California San Diego, San Diego, USA

    Psi Vesely

  2. cLabs, Berlin, Germany

    Psi Vesely, Kobi Gurkan, Michael Straka, Philipp Jovanovic, Asa Oines, Marek Olszewski & Eran Tromer

  3. Ethereum Foundation, Berlin, Germany

    Kobi Gurkan

  4. AZTEC Protocol, London, UK

    Ariel Gabizon

  5. University College London, London, UK

    Philipp Jovanovic

  6. Paradigm, San Francisco, USA

    Georgios Konstantopoulos

  7. Columbia University, New York, USA

    Eran Tromer

  8. Tel Aviv University, Tel Aviv, Israel

    Eran Tromer

Authors
  1. Psi Vesely
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kobi Gurkan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Straka
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ariel Gabizon
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Philipp Jovanovic
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Georgios Konstantopoulos
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Asa Oines
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Marek Olszewski
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Eran Tromer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Philipp Jovanovic .

Editor information

Editors and Affiliations

  1. Technion - Israel Institute of Technology, Haifa, Israel

    Ittay Eyal

  2. Texas A&M University, College Station, TX, USA

    Juan Garay

Rights and permissions

Reprints and permissions

Copyright information

© 2022 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vesely, P. et al. (2022). Plumo: An Ultralight Blockchain Client. In: Eyal, I., Garay, J. (eds) Financial Cryptography and Data Security. FC 2022. Lecture Notes in Computer Science, vol 13411. Springer, Cham. https://doi.org/10.1007/978-3-031-18283-9_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-18283-9_30

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-18282-2

  • Online ISBN: 978-3-031-18283-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation