Skip to main content
SpringerLink
Log in

A Proof-of-Stake Protocol for Consensus on Bitcoin Subchains

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10323))

Included in the following conference series:

Abstract

Although the transactions on the Bitcoin blockchain have the main purpose of recording currency transfers, they can also carry a few bytes of metadata. A sequence of transaction metadata forms a subchain of the Bitcoin blockchain, and it can be used to store a tamper-proof execution trace of a smart contract. Except for the trivial case of contracts which admit any trace, in general there may exist inconsistent subchains which represent incorrect contract executions. A crucial issue is how to make it difficult, for an adversary, to subvert the execution of a contract by making its subchain inconsistent. Existing approaches either postulate that subchains are always consistent, or give weak guarantees about their security (for instance, they are susceptible to Sybil attacks). We propose a consensus protocol, based on Proof-of-Stake, that incentivizes nodes to consistently extend the subchain. We empirically evaluate the security of our protocol, and we show how to exploit it as the basis for smart contracts on Bitcoin.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    This is important, because non-standard transactions are discarded by nodes running the official Bitcoin client.

  2. 2.

    Source: crypto-currency market capitalizations http://coinmarketcap.com.

  3. 3.

    in-script and out-script are respectively referred as scriptPubKey and scriptSig in the Bitcoin documentation.

  4. 4.

    Note that a similar hypothesis, but related to computational power rather than stake, holds in Bitcoin, where honest miners are supposed to control more computational power than dishonest ones.

  5. 5.

    We assume that all meta-nodes agree on the Bitcoin blockchain; since \(\eta \) is a projection of the blockchain, they also agree on \(\eta \).

  6. 6.

    Under this assumption, meta-nodes can ensure that the arbiter is honest.

  7. 7.

    The instruction allows to save 80 bytes metadata in a transaction; an out-script containing always evaluates to false, hence it is unspendable.

  8. 8.

    Assuming a single adversary is not less general than having many non-colluding meta-nodes which carry on individual attacks. Indeed, in this setting meta-nodes do not join their funds to increase the stake ratio \(\mu \).

  9. 9.

    Note that saying the update queue is not always saturated is equivalent to model an adversary with a stronger \(\mu \): this because honest meta-nodes cannot spend all their stake in a single protocol stage, i.e. reducing their actual power. Thus, studying this particular case will not give any additional contribution to the analysis.

References

  1. Making sense of blockchain smart contracts. http://www.coindesk.com/making-sense-smart-contracts/. Accessed 14 Jan 2017

  2. opreturn.org. http://opreturn.org/. Accessed 15 Dec 2016

  3. Andrychowicz, M., Dziembowski, S., Malinowski, D., Mazurek, Ł.: Fair two-party computations via Bitcoin deposits. In: Böhme, R., Brenner, M., Moore, T., Smith, M. (eds.) FC 2014. LNCS, vol. 8438, pp. 105–121. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44774-1_8

    Google Scholar 

  4. Babaioff, M., Dobzinski, S., Oren, S., Zohar, A.: On Bitcoin and red balloons. In: ACM Conference on Electronic Commerce (EC), pp. 56–73 (2012)

    Google Scholar 

  5. Banasik, W., Dziembowski, S., Malinowski, D.: Efficient zero-knowledge contingent payments in cryptocurrencies without scripts. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 261–280. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_14

    Chapter  Google Scholar 

  6. Bartoletti, M., Pompianu, L.: An analysis of Bitcoin OP_RETURN metadata. In: Financial Cryptography Workshops (2017). Also available as CoRR abs/1702.01024

    Google Scholar 

  7. Bartoletti, M., Zunino, R.: Constant-deposit multiparty lotteries on Bitcoin. In: Financial Cryptography Workshops (2017). Also available as IACR Cryptology ePrint Archive 955/2016

    Google Scholar 

  8. Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 142–157. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_10

    Chapter  Google Scholar 

  9. Bentov, I., Kumaresan, R.: How to use Bitcoin to design fair protocols. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8617, pp. 421–439. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44381-1_24

    Chapter  Google Scholar 

  10. Blockstore: key-value store for name registration and data storage on the Bitcoin blockchain (2014). https://github.com/blockstack/blockstore

  11. Buterin, V.: Ethereum: a next generation smart contract and decentralized application platform (2013). https://github.com/ethereum/wiki/wiki/White-Paper

  12. Cai, M., Chervenak, A., Frank, M.: A peer-to-peer replica location service based on a distributed hash table. In: ACM/IEEE Conference on High Performance Networking and Computing, p. 56. IEEE Computer Society (2004)

    Google Scholar 

  13. Crary, K., Sullivan, M.J.: Peer-to-peer affine commitment using Bitcoin. In: ACM PLDI, pp. 479–488 (2015)

    Google Scholar 

  14. Dermody, R., Krellenstein, A., Slama, O., Wagner, E.: CounterParty: protocol specification (2014). http://counterparty.io/docs/protocol_specification/

  15. Dwork, C., Naor, M.: Pricing via processing or combatting junk mail. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 139–147. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-48071-4_10

    Google Scholar 

  16. Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45472-5_28

    Google Scholar 

  17. Garay, J., Kiayias, A., Leonardos, N.: The Bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Google Scholar 

  18. Göbel, J., Joschko, P., Koors, A., Page, B.: The discrete event simulation framework DESMO-J: review, comparison to other frameworks and latest development. In: European Conference on Modelling and Simulation (ECMS), pp. 100–109. European Council for Modeling and Simulation (2013)

    Google Scholar 

  19. Hern, A.: A history of Bitcoin hacks. March 2014. http://www.theguardian.com/technology/2014/mar/18/history-of-bitcoin-hacks-alternative-currency

  20. Iyer, S., Rowstron, A., Druschel, P.: Squirrel: a decentralized peer-to-peer web cache. In: PODC, pp. 213–222. ACM (2002)

    Google Scholar 

  21. Kiayias, A., Konstantinou, I., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol (2016). IACR Cryptology ePrint Archive, 2016:889

    Google Scholar 

  22. Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_25

    Chapter  Google Scholar 

  23. Kumaresan, R., Bentov, I.: How to use Bitcoin to incentivize correct computations. In: ACM CCS, pp. 30–41 (2014)

    Google Scholar 

  24. Kumaresan, R., Moran, T., Bentov, I.: How to use Bitcoin to play decentralized poker. In: ACM CCS, pp. 195–206 (2015)

    Google Scholar 

  25. Maymounkov, P., Mazières, D.: Kademlia: a peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, pp. 53–65. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45748-8_5

    Chapter  Google Scholar 

  26. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2018). https://bitcoin.org/bitcoin.pdf

  27. Rosenfeld, M.: Analysis of hashrate-based double spending (2014). CoRR, abs/1402.2009

    Google Scholar 

  28. Ruffing, T., Kate, A., Schröder, D.: Liar, liar, coins on fire!: penalizing equivocation by loss of Bitcoins. In: ACM CCS, pp. 219–230 (2015)

    Google Scholar 

  29. Szabo, N.: Formalizing and securing relationships on public networks. First Monday, 2(9) (1997)

    Google Scholar 

  30. Tomescu, A., Devadas, S.: Catena: efficient non-equivocation via Bitcoin. In: IEEE Symposium on Security and Privacy (2017)

    Google Scholar 

Download references

Acknowledgments

This work is partially supported by Aut. Reg. of Sardinia grant P.I.A. 2013 “NOMAD”. Alessandro Sebastian Podda gratefully acknowledges Sardinia Regional Government for the financial support of her PhD scholarship (P.O.R. Sardegna F.S.E. Operational Programme of the Autonomous Region of Sardinia, European Social Fund 2007-2013 - Axis IV Human Resources, Objective l.3, Line of Activity l.3.1).

Author information

Authors and Affiliations

  1. Università degli Studi di Cagliari, Cagliari, Italy

    Massimo Bartoletti, Stefano Lande & Alessandro Sebastian Podda

Authors
  1. Massimo Bartoletti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stefano Lande
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alessandro Sebastian Podda
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Massimo Bartoletti .

Editor information

Editors and Affiliations

  1. Leibniz Universität Hannover, Hannover, Germany

    Michael Brenner

  2. New Jersey Institute of Technology, Newark, New Jersey, USA

    Kurt Rohloff

  3. New York University, New York, New York, USA

    Joseph Bonneau

  4. University of Illinois at Urbana-Champaign, Urbana, Illinois, USA

    Andrew Miller

  5. University of Luxembourg, Luxembourg, Luxembourg

    Peter Y.A. Ryan

  6. University of Melbourne, Parkville, Victoria, Australia

    Vanessa Teague

  7. University of Stirling, Stirling, United Kingdom

    Andrea Bracciali

  8. University of Trento, Trento, Italy

    Massimiliano Sala

  9. University of Trento, Trento, Italy

    Federico Pintore

  10. Agari Inc., San Mateo, California, USA

    Markus Jakobsson

Rights and permissions

Reprints and permissions

Copyright information

© 2017 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bartoletti, M., Lande, S., Podda, A.S. (2017). A Proof-of-Stake Protocol for Consensus on Bitcoin Subchains. In: Brenner, M., et al. Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10323. Springer, Cham. https://doi.org/10.1007/978-3-319-70278-0_36

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-70278-0_36

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-70277-3

  • Online ISBN: 978-3-319-70278-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation