Fork-free hybrid consensus with flexible Proof-of-Activity

doi:10.1016/j.future.2019.02.059

Future Generation Computer Systems

Volume 96, July 2019, Pages 515-524

https://doi.org/10.1016/j.future.2019.02.059 Get rights and content

Highlights

•
The first fork-free PoW-based blockchain in the permissionless environment.
•
Reducing variance without centralized mining pools.
•
Flexible hybrid of PoW and PoS.

Abstract

Bitcoin and its underlying blockchain mechanism have been attracting much attention. One of their core innovations, Proof-of-Work (PoW), is notoriously inefficient which potentially motivates a centralization of hash power, defeating the original goal of decentralization. Proof-of-Stake (PoS) is later proposed to replace PoW. However, both PoW and PoS have different inherent advantages and disadvantages, so does Proof-of-Activity (PoA) of Bentov et al. (SIGMETRICS 2014) which only offers limited hybrids of two mechanisms. On the other hand, the hybrid consensus protocol of Pass and Shi (DISC 2017) aims to improve the efficiency by dynamically maintaining a rotating committee. Yet, there are unsatisfactory issues including chain forks and fair committee election.

In this paper, we firstly devise a generalized variant of PoW. After that, we leverage our generalized PoW to construct a fork-free hybrid consensus protocol. We further combine our fork-free hybrid consensus mechanism with PoS for a flexible version of PoA with tunable parameters between PoW and PoS. Compared with Bentov et al.’s PoA, our “flexible PoA” improves the efficiency, leading to a more applicable consensus protocol.

Introduction

Blockchain, or “Nakamoto chain” (for differentiating it from later proposals), has been attracting much interest (e.g., see [1], [2], [3]) since it first appears as an implicit consensus mechanism used by bitcoin [4] and subsequent decentralized cryptocurrencies (e.g., [5], [6], [7]). Blockchain keeps a growing distributed ledger of blocks, each of which includes an ordered list of transactions. Blockchain is built upon the methodology of Proof-of-Work (PoW) (e.g., see [8]), which requires the creator of a new block to solve a hash puzzle regarding the hash of the previous block, an ordered list of transactions, as well as other necessary information. Solving a hash puzzle regarding some content $w$ is to find a solution $x$ so that $H (x ∥ w)$ falls into a target range. Thereby, any newly generated block is created by an honest node with high probability, as most computing power (called “hash rate”, or “hash power”) solving this puzzle is at hands of honest nodes. After a solution is obtained, the lucky solver (also called miner, for the possibility of gaining some bitcoins after completing this process) can then propose a block containing a list of transactions to the peer-to-peer bitcoin network, and the distributed ledger of blocks grows. PoW ensures that tampering the records on the blockchains requires investing a lot of computing power. We refer this as “traditional PoW”, or just “PoW” when no ambiguity exists.

When multiple new blocks are generated “simultaneously”, the disagreement manifests in the form of a chain fork (or simply a fork) having more than one branch. The fork may be a result of coincidence or tampering attempt from malicious nodes. To confirm which branch is valid, the rule used by the bitcoin system is to pick the first forked branch that is followed by a certain number of blocks. and discard any other branches. As such, honest nodes should only work on the longest valid chain. Resolving the fork tackles the misbehavior of (malicious) miners, i.e., clearing any disagreement and making all nodes concede to “the miner of the next block”. Yet, users have to wait long to make sure one block will not be nullified by other forks. Also, fork leads to issues like selfish mining [9], which undermines both fairness and security. A fork-free blockchain consensus is thus desired.

Serving as a core part of the consensus protocol underlying bitcoin, PoW shows several potential merits such as openness to any participant and good robustness. The puzzle should be hard enough so that expectedly only one block can be solved in a certain period of time, which is ten minutes in bitcoin. PoW-based protocols thus often confirm the validity of a newly added block at an unsatisfactory speed. Since an individual may take years to find a puzzle solution, mining pools emerges which bring us back to a more centralized setting.

Two major approaches are considered for addressing the above issues. The first approach is to replace PoW with Proof-of-Stake (PoS) [10], [11], [12], which moves the decision basis from computing power to possession of stake in the system (e.g., in the form of cryptocurrency). With PoS, specific risk of having a few mining farms dominating PoW is mitigated, and the fork-free property can be achieved. Yet, PoS still faces another kind of centralization risk (from large stakeholders). Another approach is to adjust the protocol of PoW, such as Fruitchain [13] which aims to reduce the variance in mining revenue without a centralized mining pool. Other works are done to provide an instant transaction confirmation [5], [14]. However, to our knowledge, no PoW-based protocol simultaneously achieves the fork-free property, significant improvements to the variance, and instant transaction confirmations. This motivates our work.

We aim to achieve a fork-free property and a smaller variance of miners’ revenues, thereby we change the principle of blockchain mining so that multiple puzzle solutions can be found each round. For the first time, blockchain-based consensus protocol accepts multiple solutions, and we name it “the generalized PoW”. All of these solutions are submitted to a committee directly without causing any fork by the means of a practical Byzantine fault tolerance (PBFT) from the distributed system literature. Moreover, all of them are recorded, so that the history of records is still hard to forge. Based on the idea of hybrid consensus proposed by Pass and Shi [14], and the generalized PoW, we construct a scheme which we call the fork-free hybrid consensus. Note that the protocol of Pass and Shi elects a committee by the blockchain to verify transactions, who are miners of certain blocks. In contrast, our fork-free hybrid consensus protocol lets the committee (instead of block proposers) decide the record for the current round (including transactions, accepted puzzle solutions) and future committee members once for all without any ambiguity.

We can further allow different rules of committee election. Specifically, we establish a function to assign a weight to each candidate according to its PoW power and its PoS capability, and the election is based on such a weight. We thus propose a flexible PoA protocol. This takes a step further from the notion of Proof-of-Activity (PoA) proposed by Bentov et al. [15] which aims to inherit the advantages of both PoW and PoS by determining the miner of a new block by taking into account both its hash power as well as its stake. Basing on the fork-free hybrid consensus, our flexible PoA is also fork-free. Table 1 compares between our constructions and other few consensus schemes. We show the roadmap of our constructions in Fig. 1.

1.
The first fork-free PoW-based blockchain in the permissionless environment. In bitcoin, the integrity of transactions in a block is guaranteed by fork resolutions (e.g., blocks including double-spending transactions are resolved), since any malicious branch can be outraced by an honest one. We employed the paradigm of hybrid consensus which leverages the security of practical Byzantine fault tolerance (PBFT) to get rid of fork resolution while ensuring transaction integrity. To the best of our knowledge, achieving fork-free property in this way is not yet identified by the literature including the work of Pass and Shi.
2.
Reducing variance without centralized mining pools. Traditional PoW crucially relies on accepting a single hash puzzle to ensure that existing records cannot be tampered with. Our proposed functionality of generalized PoW accepts multiple solutions for the same puzzle in each round, this reduces the mining-revenues variance. This functionality is hard to realize in bitcoin since its setting provides nothing to “operate” on different solutions. But our fork-free hybrid consensus achieves this functionality by leveraging a rotating committee.
3.
Flexible hybrid of PoW and PoS. We construct a flexible PoA by having a committee perform the election based on a hybrid weight regarding the participants’ PoW power $w$ and the PoS capability $s$ . The relationship between the hybrid weight ( $w$ and $s$ ) can be flexibly determined according to different scenarios. To our knowledge, such a flexibility is never considered in previous works.

Section snippets

Notations

The set ${1, 2, \dots, N}$ is denoted by $[N]$ . $x | | y$ denotes the concatenation of $x$ and $y$ . $A ≔ B$ assigns $B$ to the variable $A$ , $A \overset{$}{\leftarrow} B$ selects an element of $B$ uniformly at random (if $B$ is a set) or according to $B$ (if $B$ is a distribution). Table 2 lists more notations. A node is either a candidate of the committee in the next round or a current committee member.

Security model

1.
Network. We follow the security and network assumptions of Pass and Shi’s hybrid consensus [14]. We consider the network as partially synchronous, where

Practical Byzantine fault tolerance

Practical Byzantine fault tolerance (PBFT) algorithm [16] (among many other BFT protocols, see [17], [18], [19]), provides a high performance Byzantine state machine replication for tolerating certain failures in Byzantine general problem. It has been widely adopted for maintaining distributed ledgers. In this work, we treat PBFT as a blackbox among $n$ participants, by which a consensus on a linearly ordered log can be attained at the communication cost of $O (n^{2})$ provided a $2 ∕ 3$ honest rate of the

Generalized proof-of-work and fork-free hybrid consensus

We propose the functionality of our generalized PoW, show how traditional PoW fits with that, and argue the merits of our generalized notion. Afterwards, the fork-free hybrid consensus is demonstrated to realize the generalized PoW.

The flexible proof-of-activity

We propose an alternative proof-of-activity to support flexible hybrids of generalized PoW and PoS. Specifically, for a candidate with PoW capability $w$ and stake value $s$ , a function $G (w, s)$ can be established to assign a weight $L$ to each candidate that reflects its PoW capability $w$ and its stake value $s$ . The probability of entering the next committee is determined by such a weight.

We discuss protocols for candidates and committee members separately, detailed illustrations of protocols are shown

Security and performance analysis

Here, we provide a security analysis for our fork-free hybrid consensus protocol and flexible PoA protocol. The discussion applies on both unless specified otherwise.

Conclusion

We generalized the classical PoW to make it fork-free which also leads to a better evaluation of hash power. We then constructed fork-free hybrid consensus based on generalized PoW to address the issues of selfish mining and fair committee election in the original hybrid consensus. The election mechanism for rotating committee in our protocols is flexible in the sense that it takes into the account of both the PoW capability $w$ and stake value $s$ of a candidate. In other words, a function $G (w, s)$

Acknowledgment

We would like to thank the anonymous reviewers for their helpful feedback. The authors are supported by the National Natural Science Foundation of China (Grant No. 61672347, 61572318, 61672339).

Zhiqiang Liu received the BS and MS degrees in Mathematics, and the PhD degree in Cryptography from Shanghai Jiao Tong University in 1998, 2001, and 2012, respectively. He is currently an associate professor in the Department of Computer Science and Engineering, Shanghai Jiao Tong University. His research interests include Symmetric-Key Cryptography, Post-Quantum Cryptography, Cryptocurrency, Block Chain and DAG-based Distributed System.

References (22)

BonneauJoseph et al.
SoK: research perspectives and challenges for bitcoin and cryptocurrencies
SwanMelanie
Blockchain thinking : the brain as a decentralized autonomous corporation [commentary]
IEEE Technol. Soc. Mag.
(2015)
TschorschFlorian et al.
Bitcoin and beyond: A technical survey on decentralized digital currencies
IEEE Commun. Surv. Tutor.
(2016)
Satoshi Nakamoto, Bitcoin: A peer-to-peer electronic cash system, 2008. URL...
Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, Alexander Spiegelman, Solidus: An Incentive-compatible...
SenguptaBinanda et al.
Retricoin: bitcoin based on compact proofs of retrievability
WustrowEric et al.
DDoSCoin: cryptocurrency with a malicious proof-of-work
van TilborgHenk C.A. et al.
Proof of work
EyalIttay et al.
Majority is not enough: bitcoin mining is vulnerable
. QuantumMechanic, et al. Proof of stake instead of proof of work. Bitcoin forum, 2011....

BentovIddo et al.

Cryptocurrencies without proof of work

Cited by (35)

SP-PoR: Improve blockchain performance by semi-parallel processing transactions
2024, Computer Networks
As is well known, performance is always an obstacle to blockchain’s further development and application. However, limited by information propagation latency and the existence of conflicted transactions, neither shortening block generation interval, expanding block capacity, nor designing noval parallel processing supported blockchain structures cannot actually improve the performance. To address the performance improvement dilemma, in this paper, starting with the transaction relation, we propose a semi-parallel transaction processing protocol called the “Semi-Parallel Proof-of-Relevance” (SP-PoR). By analyzing the relevance determination condition of different types of transactions, we found that splitting and processing normal transactions and contract transactions respectively are key factors in boosting the entire blockchain performance. Then, theoretically, the parallel processing of unrelated blocks has been proven to have no influence on final consensus achievement. Based on this, a semi-parallel processing method is proposed to parallel and serially process normal and contract transactions based on relevance determination. Furthermore, multi-way tree DAG structure and tangle structure are designed to support our research. Finally, extensive experiments based on real Ethereum transaction data prove that our proposed method can indeed improve blockchain performance in which normal transactions and contract transactions of our method have 8.575 times and 2.54 times improvement respectively. The entire blockchain can experience 2.117 times performance improvement on blockchain synchronization considering practical execution environment deductions.
Multi-stage data synchronization for public blockchain in complex network environment
2023, Computer Networks
The various node connecting ways make the public blockchain live in a complex network environment. Single network model, no matter whether synchronized network, partial asynchronous network, or pure asynchronous network, are failed to accurately describe the practical public network environment. This results in the data synchronization and consensus achievement in public blockchain facing a dilemma, either relies on a weak timing assumption or adopts the strict asynchronous assumption but accepts a complex method.
To address this dilemma, in this paper, we propose a multi-stage data synchronization (MSDS) mechanism for the public blockchain. First, we define the complex network for public blockchain in which nodes can join or leave freely. Then, data synchronization is been proven as a sufficient but not necessary condition for consensus. Second, a new kind of block structure called the block abstraction (BA) is proposed to quickly determine the relevance between different blocks. A new epoch-based DAG is proposed in which synchronizations of unrelated per-order blocks are reduced within an epoch. Then, a novel base-address PoW protocol is proposed to screen out nodes who have finished the synchronization and block verification of the previous epoch. Finally, a dual-phase consensus is conducted to achieve consensus that does not rely on timing assumptions on block generation and data synchronization while preventing the adoption of complex asynchronous consensus mechanisms. Extensive experiments are conducted on real data from Bitcoin and Ethereum and the results demonstrate the effectiveness and efficiency of our proposal.
Blockchain for healthcare systems: Architecture, security challenges, trends and future directions
2023, Journal of Network and Computer Applications
Blockchain has become popular in recent times through its data integrity and wide scope of applications. It has laid the foundation for cryptocurrencies such as Ripple, Bitcoin, Ethereum, and so on. Blockchain provides a platform for decentralization and trust in various applications such as finance, commerce, IoT, reputation systems, and healthcare. However, prevailing challenges like scalability, resilience, security and privacy are yet to be overcome. Due to rigorous regulatory constraints such as HIPAA, blockchain applications in the healthcare industry usually require more stringent authentication, interoperability, and record sharing requirements. This article presents an extensive study to showcase the significance of blockchain technology from both application and technical perspectives for healthcare domain. The article discusses the features and use-cases of blockchain in different applications along with the healthcare domain interoperability. The detailed working operation of the blockchain and the consensus algorithms are presented in the context of healthcare. An outline of the blockchain architecture, platforms, and classifications are discussed to choose the right platform for healthcare applications. The current state-of-the-art research in healthcare blockchain and available blockchain based healthcare applications are summarized. Furthermore, the challenges and future research opportunities along with the performance evaluation metrics in realizing the blockchain technology for healthcare are presented to provide insight for future research. We also layout the various security attacks on the blockchain protocol with the classifications of threat models and presented a comparative analysis of the detection and protection techniques. Techniques to enhance the security and privacy of the blockchain network is also discussed.
Blockchain based solutions to secure IoT: Background, integration trends and a way forward
2021, Journal of Network and Computer Applications
Citation Excerpt :
Proof of stake is used to achieve this step. Although it is more secure against different attacks, this approach can face higher delay which may not be sustainable for time-restricted IoT applications (Liu et al., 2019). LPoS is a consensus mechanism that operates like PoS but can be regarded as an improved version of PoS as it attempts to annihilate the centrality challenge associated with PoS consensus.
The lack of intrinsic security technologies in the current Internet of Things (IoT) systems brings forth numerous security vulnerabilities and privacy risks. To this end, a distributed and decentralized technology named blockchain comes out as a viable solution. This paper investigates the integration trends of blockchain technology with IoT and discusses the insights of this new paradigm. In particular, this paper presents a comprehensive survey on security improvements achieved in IoT systems using blockchain and the challenges that originate during this integration. Further, the paper highlights the most relevant blockchain based IoT applications and outlines some future research directions.
Blockchain voting: Publicly verifiable online voting protocol without trusted tallying authorities
2020, Future Generation Computer Systems
Citation Excerpt :
This ensures that there are no adversaries capable of isolating any user from the blockchain ledger or replacing the user’s submissions to the blockchain by counterfeit entries. In the future complete and rigorous security proofs the best possible option is probably to incorporate the conditions discussed in a formal model proposed in [64], since the blockchain mechanism introduced there is more efficient than other versions suitable for the current application. Let us refer to [65] for detailed recommendations on creating a comprehensive list of adversaries and clear definitions of the adversary goals, assumptions and capabilities in a complete formal security model.
In organizing elections, a difficult problem is to achieve trust of all voters in the tallying process. Practical elections often lead to recounting of the submitted votes and raise questions about the validity of many submitted votes. There are even situations, when the opposition raises concerns about the validity of the whole election process due to insufficient transparency in the verification of the votes and in tallying. To solve this problem, the present paper proposes a new voting protocol based on the blockchain technology. There are several main advantages of the protocol. It does not rely on a trusted tallying authority. All votes are submitted with complete proofs of validity and are available for public access in an encrypted form. We propose a new encryption mechanism to guarantee that nobody can decrypt the votes, but everyone can verify the validity of the votes as well as the outcome of the tallying process by using the homomorphic property of the encryption. This makes the results of the election publicly verifiable. Our protocol enables all voters to store, verify, and tally all submitted votes which are added to a blockchain database. They allow every voter to rank each candidate by assigning different scores to them, rather than voting for only one candidate. Each vote is encrypted using a new encryption mechanism before submission. For each encrypted score in the vote, proofs are generated and stored. Everyone can use these proofs to verify the correctness and the eligibility of each submission without decrypting the content of the vote. This ensures the validity of the submitted votes in the counting process and at the same time maintains confidentiality. The security and performance analyses included in this paper demonstrate the feasibility of the proposed protocol for implementation in real elections.
A New Approach to Orphan Blocks in the Nakamoto Consensus Blockchain
2024, IEEE Transactions on Network Science and Engineering

View all citing articles on Scopus

Shuyang Tang received the BS degree in Computer Science and Technology in Shanghai Jiao Tong University in 2018. He is currently a PhD candidate in Shanghai Jiao Tong University. His research interests include Program Semantics, Interactive Program Verification and Cryptocurrency.

Sherman S.M. Chow joined the Department of Information Engineering at the Chinese University of Hong Kong in November 2012, and received the Early Career Award 2013/14 by the Hong Kong Research Grant Council. Before CUHK, he was a research fellow at Department of Combinatorics and Optimization, University of Waterloo, a position he commenced after receiving his PhD degree from the Courant Institute of Mathematical Sciences, New York University. He interned at NTT Research and Development (Tokyo), Microsoft Research (Redmond) and Fuji Xerox Palo Alto Laboratory, and has made research visits to Friedrich-Alexander-U., U. Maryland, U. Calgary, U. Texas, HKU, MIT, Academia Sinica, and Queensland University of Technology. He has published in major conferences such as CCS, EUROCRYPT, ITCS, NDSS, and Usenix Security.

Zhen Liu received the BS and MS degrees in Mathematics, and the PhD degree in Cryptography from Shanghai Jiao Tong University in 1999, 2002, and 2013, respectively. He is currently an special researcher in the Department of Computer Science and Engineering, Shanghai Jiao Tong University. His research interests include Applied Cryptography, Information Security, Attribution-based Encryption, Cloud Computing Security, Big Data Security, Blockchain and Cryptocurrency.

Yu Long received the BS from Southwest Jiao Tong University, MS and the PhD degree in Computer Science from Shanghai Jiao Tong University in 2002, 2005, and 2008, respectively. She is currently an associate professor in the Department of Computer Science and Engineering, Shanghai Jiao Tong University. His research interests include Public Key Encryption and Blockchain.

View full text

Fork-free hybrid consensus with flexible Proof-of-Activity

Highlights

Abstract

Introduction

Section snippets

Notations

Security model

Practical Byzantine fault tolerance

Generalized proof-of-work and fork-free hybrid consensus

The flexible proof-of-activity

Security and performance analysis

Conclusion

Acknowledgment

SoK: research perspectives and challenges for bitcoin and cryptocurrencies

Blockchain thinking : the brain as a decentralized autonomous corporation [commentary]

IEEE Technol. Soc. Mag.

Bitcoin and beyond: A technical survey on decentralized digital currencies

IEEE Commun. Surv. Tutor.

Retricoin: bitcoin based on compact proofs of retrievability

DDoSCoin: cryptocurrency with a malicious proof-of-work

Proof of work

Majority is not enough: bitcoin mining is vulnerable

Cryptocurrencies without proof of work