Skip to main content
Springer Nature Link
Log in

Proof-of-Work-Based Consensus in Expected-Constant Time

  • Conference paper
  • First Online:
Advances in Cryptology – EUROCRYPT 2024 (EUROCRYPT 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14653))

Abstract

In the traditional consensus problem (aka Byzantine agreement), parties are required to agree on a common value despite the malicious behavior of some of them, subject to the condition that if all the honest parties start the execution with the same value, then that should be the outcome. This problem has been extensively studied by both the distributed computing and cryptographic protocols communities. With the advent of blockchains, whose main application—a distributed ledger—essentially requires that miners agree on their views, new techniques have been proposed to solve the problem, and in particular in so-called “permissionless” environments, where parties are not authenticated or have access to point-to-point channels and, further, may come and go as they please.

So far, the fastest way to achieve consensus in the proof-of-work (PoW)-based setting of Bitcoin, takes \(O(\textsf{polylog} \kappa )\) number of rounds, where \(\kappa \) is the security parameter. We present the first protocol in this setting that requires expected-constant number of rounds. Furthermore, we show how to apply securely sequential composition in order to yield a fast distributed ledger protocol that settles all transactions in expected-constant time. Our result is based on a novel instantiation of “m-for-1 PoWs” on parallel chains that facilitates our basic building block, Chain-King Consensus. The techniques we use, via parallel chains, to port classical protocol design elements (such as Phase-King Consensus, super-phase sequential composition and others) into the permissionless setting may be of independent interest.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    As implemented in the Bitcoin blockchain, via hash functions modeled as a random oracle (RO) [4].

  2. 2.

    Pronounced “m-for-1.”.

  3. 3.

    As in [26], the “transactions” being processed in a BA protocol are the input values being proposed by the parties.

  4. 4.

    Drawing from the “Phase King” approach to solve classical consensus [6].

  5. 5.

    We note that later on (Sect. 3.2), after we introduce phase-based parallel chains, initial blocks in each phase will have to provide a good fresh randomness \(h'\) in order to pass the cross-chain validation check.

  6. 6.

    We cannot require the cross-chain reference to point to all the dense chains in previous phase for two reasons: (i) when typical execution fails it can be the case that neither the honest parties nor the adversary produce a dense chain; and (ii) the adversary can split parties by delivering a private adversarial dense chain to only some of them.

  7. 7.

    We remark that our protocol is a multi-valued consensus protocol directly by construction, rather than following the common approach of first designing a binary consensus protocol and then applying the Turpin-Coan pre-processing step [43].

  8. 8.

    We note that selecting the median as output is not the only available solution to extract the phase’s output. For strong consensus we can extract the plurality (see Remark 1), and for state machine replication we introduce a more refined way to extract output from the king chain (details in Sect. 4).

  9. 9.

    As we show later on in Sect. 3.4, this termination gap can be reduced to 1 phase by emulating so-called “Bracha termination.”.

  10. 10.

    We note that \(\textsf{ChainKingConsensus}\) can tolerate adversarial pre-mining for up to \(\rho _{\textsf {ref}} \ll \rho \) rounds, details see analysis in [24].

References

  1. Andrychowicz, M., Dziembowski, S.: PoW-based distributed cryptography with no trusted setup. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9216, pp. 379–399. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48000-7_19

    Chapter  Google Scholar 

  2. Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11

    Chapter  Google Scholar 

  3. Bagaria, V.K., Kannan, S., Tse, D., Fanti, G.C., Viswanath, P.: Prism: deconstructing the blockchain to approach physical limits. In: Cavallaro, L., Kinder, J., Wang, X., Katz, J. (eds.) ACM CCS 2019: 26th Conference on Computer and Communications Security, pp. 585–602. ACM Press, London, UK (2019). https://doi.org/10.1145/3319535.3363213

  4. Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Denning, D.E., Pyle, R., Ganesan, R., Sandhu, R.S., Ashby, V. (eds.) ACM CCS 93: 1st Conference on Computer and Communications Security, pp. 62–73. ACM Press, Fairfax, Virginia, USA (Nov 3–5, 1993). https://doi.org/10.1145/168588.168596

  5. Berman, P., Garay, J.A.: Asymptotically optimal distributed consensus (extended abstract). In: Ausiello, G., Dezani-Ciancaglini, M., Della Rocca, S.R. (eds.) Automata, Languages and Programming, pp. 80–94. Springer Berlin Heidelberg, Berlin, Heidelberg (1989). https://doi.org/10.1007/BFB0035753

  6. Berman, P., Garay, J.A., Perry, K.J.: Towards optimal distributed consensus (extended abstract). In: 30th Annual Symposium on Foundations of Computer Science, pp. 410–415. IEEE Computer Society Press, Research Triangle Park, NC, USA (Oct 30 - Nov 1, 1989). https://doi.org/10.1109/SFCS.1989.63511

  7. Boneh, D., Bonneau, J., Bünz, B., Fisch, B.: Verifiable delay functions. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 757–788. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_25

    Chapter  Google Scholar 

  8. Bracha, G.: An asynchronou [(n-1)/3]-resilient consensus protocol. In: Probert, R.L., Lynch, N.A., Santoro, N. (eds.) 3rd ACM Symposium Annual on Principles of Distributed Computing, pp. 154–162. Association for Computing Machinery, Vancouver, BC, Canada (Aug 27–29, 1984). https://doi.org/10.1145/800222.806743

  9. Canetti, R.: Security and composition of multiparty cryptographic protocols. J. Cryptol. 13(1), 143–202 (2000). https://doi.org/10.1007/s001459910006

    Article  MathSciNet  Google Scholar 

  10. Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. Cryptology ePrint Archive, Report 2000/067 (2000). https://eprint.iacr.org/2000/067

  11. Chen, J., Micali, S.: Algorand: a secure and efficient distributed ledger. Theoret. Comput. Sci. 777, 155–183 (2019). https://doi.org/10.1016/J.TCS.2019.02.001

    Article  MathSciNet  Google Scholar 

  12. Cohen, R., Coretti, S., Garay, J., Zikas, V.: Probabilistic termination and composability of cryptographic protocols. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 240–269. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_9

    Chapter  Google Scholar 

  13. Das, P., Eckey, L., Faust, S., Loss, J., Maitra, M.: Round efficient byzantine agreement from VDFs. Cryptology ePrint Archive, Report 2022/823 (2022). https://eprint.iacr.org/2022/823

  14. Dolev, D.: The byzantine generals strike again. J. Algorithms 3(1), 14–30 (1982). https://doi.org/10.1016/0196-6774(82)90004-9

    Article  MathSciNet  Google Scholar 

  15. Dolev, D., Reischuk, R., Strong, H.R.: Early stopping in byzantine agreement. J. ACM 37(4), 720–741 (1990). https://doi.org/10.1145/96559.96565

    Article  MathSciNet  Google Scholar 

  16. Dolev, D., Strong, H.R.: Authenticated algorithms for byzantine agreement. SIAM J. Comput. 12(4), 656–666 (1983). https://doi.org/10.1137/0212045

    Article  MathSciNet  Google Scholar 

  17. Eckey, L., Faust, S., Loss, J.: Efficient algorithms for broadcast and consensus based on proofs of work. Cryptology ePrint Archive, Report 2017/915 (2017). https://eprint.iacr.org/2017/915

  18. Feldman, P., Micali, S.: Optimal algorithms for byzantine agreement. In: 20th Annual ACM Symposium on Theory of Computing, pp. 148–161. ACM Press, Chicago, IL, USA (1988). https://doi.org/10.1145/62212.62225

  19. Fischer, M.J., Lynch, N.A.: A lower bound for the time to assure interactive consistency. Inf. Process. Lett. 14(4), 183–186 (1982). https://doi.org/10.1016/0020-0190(82)90033-3

    Article  MathSciNet  Google Scholar 

  20. Fitzi, M., Garay, J.A.: Efficient player-optimal protocols for strong and differential consensus. In: Borowsky, E., Rajsbaum, S. (eds.) 22nd ACM Symposium Annual on Principles of Distributed Computing, pp. 211–220. Association for Computing Machinery, Boston, MA, USA (Jul 13–16 2003). https://doi.org/10.1145/872035.872066

  21. Fitzi, M., Gaži, P., Kiayias, A., Russell, A.: Parallel chains: improving throughput and latency of blockchain protocols via parallel composition. Cryptology ePrint Archive, Report 2018/1119 (2018). https://eprint.iacr.org/2018/1119

  22. Fitzi, M., Gaži, P., Kiayias, A., Russell, A.: Ledger combiners for fast settlement. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 322–352. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64375-1_12

    Chapter  Google Scholar 

  23. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. Cryptology ePrint Archive, Report 2014/765 (2014). https://eprint.iacr.org/2014/765

  24. Garay, J., Kiayias, A., Shen, Y.: Proof-of-work-based consensus in expected-constant time. Cryptology ePrint Archive, Report 2023/1663 (2023). https://eprint.iacr.org/2023/1663

  25. Garay, J., Kiayias, A.: SoK: a consensus taxonomy in the blockchain era. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 284–318. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_13

    Chapter  Google Scholar 

  26. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Chapter  Google Scholar 

  27. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 291–323. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_10

    Chapter  Google Scholar 

  28. Garay, J.A., Kiayias, A., Leonardos, N., Panagiotakos, G.: Bootstrapping the blockchain, with applications to consensus and fast PKI setup. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10770, pp. 465–495. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76581-5_16

    Chapter  Google Scholar 

  29. Garay, J., Kiayias, A., Ostrovsky, R.M., Panagiotakos, G., Zikas, V.: Resource-restricted cryptography: revisiting MPC bounds in the proof-of-work era. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 129–158. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_5

    Chapter  Google Scholar 

  30. Garay, J.A., MacKenzie, P.D., Prabhakaran, M., Yang, K.: Resource fairness and composability of cryptographic protocols. J. Cryptol. 24(4), 615–658 (2011). https://doi.org/10.1007/s00145-010-9080-z

    Article  MathSciNet  Google Scholar 

  31. Garay, J.A., Moses, Y.: Fully polynomial byzantine agreement in t+1 rounds. In: 25th Annual ACM Symposium on Theory of Computing, pp. 31–41. ACM Press, San Diego, CA, USA (1993). https://doi.org/10.1145/167088.167101

  32. Katz, J., Koo, C.-Y.: On expected constant-round protocols for byzantine agreement. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 445–462. Springer, Heidelberg (2006). https://doi.org/10.1007/11818175_27

    Chapter  Google Scholar 

  33. Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally Composable Synchronous Computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27

    Chapter  Google Scholar 

  34. Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978). https://doi.org/10.1145/359545.359563

    Article  Google Scholar 

  35. Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982). https://doi.org/10.1145/357172.357176

    Article  Google Scholar 

  36. Momose, A., Ren, L.: Constant latency in sleepy consensus. In: Yin, H., Stavrou, A., Cremers, C., Shi, E. (eds.) ACM CCS 2022: 29th Conference on Computer and Communications Security, pp. 2295–2308. ACM Press, Los Angeles, CA, USA (Nov 7 - 11 2022). https://doi.org/10.1145/3548606.3559347

  37. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008). https://bitcoin.org/bitcoin.pdf

  38. Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22

    Chapter  Google Scholar 

  39. Pass, R., Shi, E.: FruitChains: A fair blockchain. In: Schiller, E.M., Schwarzmann, A.A. (eds.) 36th ACM Symposium Annual on Principles of Distributed Computing, pp. 315–324. Association for Computing Machinery, Washington, DC, USA (2017). https://doi.org/10.1145/3087801.3087809

  40. Pease, M.C., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (1980). https://doi.org/10.1145/322186.322188

  41. Rabin, M.O.: Randomized byzantine generals. In: 24th Annual Symposium on Foundations of Computer Science, pp. 403–409. IEEE Computer Society Press, Tucson, Arizona (Nov 7–9, 1983). https://doi.org/10.1109/SFCS.1983.48

  42. Schneider, F.B.: Implementing fault-tolerant services using the state machine approach: a tutorial. ACM Comput. Surv. 22(4), 299–319 (1990). https://doi.org/10.1145/98163.98167

  43. Turpin, R., Coan, B.A.: Extending binary byzantine agreement to multivalued byzantine agreement. Inf. Process. Lett. 18(2), 73–76 (1984). https://doi.org/10.1016/0020-0190(84)90027-9

    Article  Google Scholar 

Download references

Acknowledgements

Juan Garay’s research has been supported in part by NSF grants no. 2001082 and 2055694, and by the Algorand Centres of Excellence programme managed by the Algorand Foundation. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of Algorand Foundation. He also thanks Karim Eldefrawy, Ben Terner and Vassilis Zikas for useful discussions on the topic. Yu Shen’s research has been supported by Input Output (iohk.io) through their funding of the University of Edinburgh Blockchain Technology Lab.

Author information

Authors and Affiliations

  1. Texas A &M University, College Station, USA

    Juan Garay

  2. University of Edinburgh and IOG, Edinburgh, UK

    Aggelos Kiayias

  3. University of Edinburgh, Edinburgh, UK

    Yu Shen

Authors
  1. Juan Garay
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aggelos Kiayias
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yu Shen
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Zama, Paris, France

    Marc Joye

  2. Ruhr University Bochum, Bochum, Germany

    Gregor Leander

Rights and permissions

Reprints and permissions

Copyright information

© 2024 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Garay, J., Kiayias, A., Shen, Y. (2024). Proof-of-Work-Based Consensus in Expected-Constant Time. In: Joye, M., Leander, G. (eds) Advances in Cryptology – EUROCRYPT 2024. EUROCRYPT 2024. Lecture Notes in Computer Science, vol 14653. Springer, Cham. https://doi.org/10.1007/978-3-031-58734-4_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-58734-4_4

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-58733-7

  • Online ISBN: 978-3-031-58734-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships