Abstract
Proof-of-Stake cryptocurrencies avoid many of the computational and environmental costs associated with Proof-of-Work protocols. However, they must address the nothing-at-stake problem, where a validator might attempt to sign off on competing blocks, with the hopes of earning coins regardless of which block becomes accepted as part of the blockchain. Cryptocurrencies such as Tendermint resolve this challenge by requiring validators to bond coins, which can be seized from a validator that is caught signing two competing blocks. Nevertheless, as the number of validators increases, it becomes increasingly infeasible to effectively monitor all validators, and to reach consensus. In this work, we incentivize proper block monitoring by allowing validators to form tontines. In the real world, tontines are financial agreements where payouts to each member increase as the number of members decreases. In our system, a tontine is a group of validators that monitor each other’s behavior, “murdering” any cheating tontine members to seize their stake. As the number of validators in a tontine is smaller than the number of validators in the currency as a whole, members can effectively police each other. We propose two methods whereby a Tendermint-like currency can be extended to allow for the creation of tontines: a pure PoS model, and a hybrid Proof-of-Stake/Proof-of-Work model. We describe snitch mechanisms for both the inter- and intra-tontine setting, argue our incentive mechanisms increase monitoring, and describe how it handles a variety of possible attacks. We extend our model to act as a validator delegated cryptocurrency, with the users having an incentive to partially participate. We show that these strategies may benefit validators as well as speed up the block formation process. Moreover, we describe a prototype implementation of TontineCoin, and perform various experiments that support our theoretical analysis
Similar content being viewed by others
Notes
For the starting block, known as the genesis block, the previous block hash field has a special value.
A validator in a Proof-of-Stake system is roughly analogous to a miner in a Proof-of-Work system.
We provide JavaScript implementations of this pseudocode and the pseudocode examples in the remainder of this paper for use with the SpartanGold framework. The implementation is available at https://github.com/taustin/tendermint-sg. The function names used in our pseudocode and in our JavaScript code are identical. Review of this implementation may facilitate better understanding of Tendermint’s design.
When comparing two Proof-of-Work values, we often describe it in terms of leading zeroes – the better proof produces more leading zeroes when the block is hashed. However, we actually compare the two hash values simply as numerical values, making the odds of a tie astronomically unlikely.
Our discussion assumes that only a single tontine is created in any given round. However, it is trivial to modify the protocol to accept the top X bids.
Should there be no other active tontines, the remaining tontine may continue to operate indefinitely.
The block producer might also have an incentive to steal the snitch’s evidence transaction even if they are in the same tontine. If the block producer has accounts in multiple tontines, the block producer might gain a larger share of the seized tokens in a different tontine, in which case the block producer has an incentive to steal the evidence transaction and deny the snitch their reward.
We have abstracted away from the fact that as the effort put into monitoring increases, there is a two fold impact: 1) for a given level of cheating, cheaters are more likely to be caught, but 2) increased monitoring will likely lead to less cheating given the increased likelihood of being caught.
If we allow for the “murder” of cheaters under Tendermint, the cost per cheater is almost three times as expensive as checking occurs until there is only one validator left.
References
Abraham I, Gueta G, Malkhi D (2018) Hot-stuff the linear, optimal-resilience, one-message BFT devil. CoRR abs/1803.05069
Ali M, Nelson JC, Shea R, Freedman MJ (2016) Blockstack: A global naming and storage system secured by blockchains. In: USENIX Annual Technical Conference, pp. 181–194. USENIX Association
Amoussou-Guenou Y, Pozzo AD, Potop-Butucaru M, Tucci Piergiovanni S (2018) Correctness and fairness of tendermint-core blockchains. IACR Cryptology ePrint Archive 2018:574
Austin TH (2020) Spartangold: A blockchain for education, experimentation, and rapid prototyping. In: Silicon Valley Cybersecurity Conference (SVCC)
Back A (2002) Hashcash - a denial of service counter-measure. http://www.hashcash.org/papers/hashcash.pdf Tech rep
Back A, Corallo M, Dashjr L, Friedenbach M, Maxwell G, Miller A, Poelstra A, Timón J, Wuille P (2014) Enabling blockchain innovations with pegged sidechains. https://blockstream.com/sidechains.pdf
Bentov I, Gabizon A, Mizrahi A (2016) Cryptocurrencies without proof of work. In: International conference on financial cryptography and data security, pp. 142–157. Springer
Braithwaite S, Buchman E, Konnov I, Milosevic Z, Stoilkovska I, Widder J, Zamfir A (2020) Formal specification and model checking of the tendermint blockchain synchronization protocol (short paper). In: 2nd Workshop on Formal Methods for Blockchains (FMBC 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik
Buchman E, Kwon J, Milosevic Z (2018) The latest gossip on BFT consensus. CoRR abs/1807.04938. http://arxiv.org/abs/1807.04938
Buterin V, Griffith V (2017) Casper the friendly finality gadget. CoRR abs/1710.09437
Camera G, Casari M (2009) Cooperation among strangers under the shadow of the future. Am Econ Rev 99(3):979–1005
Castro M, Druschel P, Ganesh A, Rowstron A, Wallach DS (2002) Secure routing for structured peer-to-peer overlay networks. ACM SIGOPS Operating Systems Review 36(SI):299–314
Chen J, Gorbunov S, Micali S, Vlachos G (2018) Algorand Agreement: super fast and partition resilient byzantine agreement. IACR Cryptology ePrint Archive 2018:377
DurandA, Anceaume E, Ludinard R (2019) Stakecube: Combining sharding and proof-of-stake to build fork-free secure permissionless distributed ledgers. In: Networked Systems - 7th International Conference, NETYS, Revised Selected Papers. pp. 148–165
Dwork C, Lynch N, Stockmeyer L (1988) Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323. http://doi.acm.org/10.1145/42282.42283
Eyal I, Gencer AE, Sirer EG, van Renesse R (2016) Bitcoin-ng: A scalable blockchain protocol. In: Symposium on Networked Systems Design and Implementation (NSDI), pp. 45–59. USENIX Association (2016). https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/eyal
Fang H, Ke R (2016) The insurance role of rosca in the presence of credit markets: Theory and evidence. https://www.ssc.wisc.edu/scholz/seminar/rosca-wisc.pdf
Feng C, Yu K, Bashir AK, Al-Otaibi YD, Lu Y, Chen S, Zhang D (2021) Efficient and secure data sharing for 5G flying drones: a blockchain-enabled approach. IEEE Network 35(1):130–137
Fiat A, Saia J, Young M (2005) Making chord robust to byzantine attacks. In: European Symposium on Algorithms. pp. 803–814. Springer
Filecoin: A decentralized storage network. Tech. rep., Protocol Labs (2017)
Jaiyeola MO, Patron K, Saia J, Young M, Zhou QM (2018) Tiny groups tackle byzantine adversaries. In: 2018 IEEE International Parallel and Distributed Processing Symposium (IPDPS), pp. 1030–1039. IEEE
Kandori M (1992) Social norms and community enforcement. Rev Econ Stud 59(1):63–80
Kiayias A, Russell A, David B, Oliynykov R (2017) Ouroboros: A provably secure proof-of-stake blockchain protocol. In: Advances in Cryptology - CRYPTO 2017 - 37th Annual International Cryptology Conference, Proceedings, Part I, pp. 357–388
King S (2013) Primecoin: Cryptocurrency with prime number proof-of-work.
King S, Nadal S (2012) Ppcoin: Peer-to-peer crypto-currency with proof-of-stake. http://primecoin.org/static/primecoin-paper.pdf
Kwon J (2013) Tendermint: Consensus without mining, http://jaekwon.com/2014/05/11/tendermint/
Larimer D (2014) Delegated proof-of-stake (dpos)
Larimer D (2017) Eos.io technical white paper. https://github.com/EOSIO/Documentation/blob/master/TechnicalWhitePaper.md
Laurens P, Paige RF, Brooke PJ, Chivers H (2007) A novel approach to the detection of cheating in multiplayer online games. In: 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007), pp. 97–106. IEEE
Mckeever K (2009) A short history of tontines. Fordham J Corp Financ Law 15(2):491–521
Merkle RC (1980) Protocols for public key cryptosystems. 1980 IEEE Symposium on Security and Privacy pp. 122–122
Merrill P, Austin TH, Thakker J, Park Y, Rietz J (2019) Lock and load: A model for free blockchain transactions through token locking. In: IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON). IEEE
Milevsky M (2015) King William’s Tontine Why the Retirement Annuity of the Future Should Resemble Its Past (Cambridge Studies in Comparative Politics). Cambridge University Press
Miller A, Juels A, Shi E, Parno B, Katz J (2014) Permacoin: Repurposing bitcoin work for data preservation. In: IEEE Symposium on Security and Privacy, pp. 475–490. IEEE Computer Society
Nakamoto S (2009) Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf
Nguyen CT, Hoang DT, Nguyen DN, Niyato D, Nguyen HT, Dutkiewicz E (2019) Proof-of-stake consensus mechanisms for future blockchain networks: fundamentals, applications and opportunities. IEEE Access 7:85727–85745
Pollett C, Austin TH, Potika K, Rietz J (2020) Tontinecoin: Murder-based proof-of-stake. In: J. Xu, S. Schulte, P. Ruppel, A. Küpper, D. Jadav (eds.) 2nd IEEE International Conference on Decentralized Applications and Infrastructures, DAPPS 2020, Oxford, UK, August 3-6, 2020, pp. 82–87. IEEE
Ransom RL, Sutch R (1987) Tontine insurance and the armstrong investigation: A case of stifled innovation, 1868-1905. J Econ Hist 47(2), 379–390. http://www.jstor.org/stable/2122236
Rosenfeld M (2011) Analysis of bitcoin pooled mining reward systems. Computing Research Repository (CoRR) abs/1112.4980. http://arxiv.org/abs/1112.4980
Sabin MJ, Forman JB (2016) The analytics of a single-period tontine. Available at SSRN 2874160
Shapiro C, Stiglitz JE (1984) Equilibrium unemployment as a worker discipline device. Am Econ Rev 74(3):433–444
Shi N, Tan L, Li W, Qi X, Yu K (2020) A blockchain-empowered AAA scheme in the large-scale HetNet. Digit Commun Netw
Storj (2018) A decentralized cloud storage network framework. Tech. rep., Storj Labs Inc.
Tan L, Xiao H, Yu K, Aloqaily M, Jararweh Y (2021) A blockchain-empowered crowdsourcing system for 5G-enabled smart cities. Comput Stand Interfaces 76
Tendermint documentation (2018) https://tendermint.com/docs/tendermint-core/running-in-production.html#dos-exposure-and-mitigation
Wood, G (2014) Ethereum: a secure decentralised generalised transaction ledger. https://gavwood.com/paper.pdf
Yeung S, Lui JC, Liu J, Yan J (2006) Detecting cheaters for multiplayer games: theory, design and implementation. Proc IEEE CCNC 6:1178–1182
Acknowledgements
We would like to thank Jae Kwon of Tendermint/Cosmos for his valuable feedback and insight, as well as the anonymous reviewers.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This article is part of the Topical Collection: Special Issue on Blockchain for Peer-to-Peer Computing
Guest Editors: Keping Yu, Chunming Rong, Yang Cao, and Wenjuan Li
Rights and permissions
About this article
Cite this article
Pollett, C., Austin, T.H., Potika, K. et al. TontineCoin: Survivor-based Proof-of-Stake. Peer-to-Peer Netw. Appl. 15, 988–1007 (2022). https://doi.org/10.1007/s12083-021-01227-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12083-021-01227-x