-
Sliding Window Challenge Process for Congestion Detection
Authors:
Ayelet Lotem,
Sarah Azouvi,
Patrick McCorry,
Aviv Zohar
Abstract:
Many prominent smart-contract applications such as payment channels, auctions, and voting systems often involve a mechanism in which some party must respond to a challenge or appeal some action within a fixed time limit. This pattern of challenge-response mechanisms poses great risks if during periods of high transaction volume, the network becomes congested. In this case fee market competition ca…
▽ More
Many prominent smart-contract applications such as payment channels, auctions, and voting systems often involve a mechanism in which some party must respond to a challenge or appeal some action within a fixed time limit. This pattern of challenge-response mechanisms poses great risks if during periods of high transaction volume, the network becomes congested. In this case fee market competition can prevent the inclusion of the response in blocks, causing great harm. As a result, responders are allowed long periods to submit their response and overpay in fees. To overcome these problems and improve challenge-response protocols, we suggest a secure mechanism that detects congestion in blocks and adjusts the deadline of the response accordingly. The responder is thus guaranteed a deadline extension should congestion arise. We lay theoretical foundations for congestion signals in blockchains and then proceed to analyze and discuss possible attacks on the mechanism and evaluate its robustness. Our results show that in Ethereum, using short response deadlines as low as 3 hours, the protocol has >99% defense rate from attacks even by miners with up to 33% of the computational power. Using shorter deadlines such as one hour is also possible with a similar defense rate for attackers with up to 27% of the power.
△ Less
Submitted 25 September, 2022; v1 submitted 22 January, 2022;
originally announced January 2022.
-
Shades of Finality and Layer 2 Scaling
Authors:
Bennet Yee,
Dawn Song,
Patrick McCorry,
Chris Buckland
Abstract:
Blockchains combine a distributed append-only log with a virtual machine that defines how log entries are interpreted. By viewing transactions as state transformation functions for the virtual machine, we separate the naming of a state from the computation of its value and reaching consensus on that value. This distinction allows us to separate the notion of transaction order finality from state v…
▽ More
Blockchains combine a distributed append-only log with a virtual machine that defines how log entries are interpreted. By viewing transactions as state transformation functions for the virtual machine, we separate the naming of a state from the computation of its value and reaching consensus on that value. This distinction allows us to separate the notion of transaction order finality from state value finality. Further consideration of how blockchain governance handles catastrophic failures such as zero day exploits leads us to the notion of checkpoint finality.
Consensus on the transaction order determines the ground truth. Everything else -- computing the value of a state or handling catastrophic failures such as bugs / zero-day based attacks -- are just optimizations.
△ Less
Submitted 19 January, 2022;
originally announced January 2022.
-
Formal Modelling and Security Analysis of Bitcoin's Payment Protocol
Authors:
Paolo Modesti,
Siamak F. Shahandashti,
Patrick McCorry,
Feng Hao
Abstract:
The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal model of the protocol and formalise the refund addr…
▽ More
The Payment Protocol standard BIP70, specifying how payments in Bitcoin are performed by merchants and customers, is supported by the largest payment processors and most widely-used wallets. The protocol has been shown to be vulnerable to refund attacks due to lack of authentication of the refund addresses. In this paper, we give the first formal model of the protocol and formalise the refund address security goals for the protocol, namely refund address authentication and secrecy. The formal model utilises communication channels as abstractions conveying security goals on which the protocol modeller and verifier can rely. We analyse the Payment Protocol confirming that it is vulnerable to an attack violating the refund address authentication security goal. Moreover, we present a concrete protocol revision proposal supporting the merchant with publicly verifiable evidence that can mitigate the attack. We verify that the revised protocol meets the security goals defined for the refund address. Hence, we demonstrate that the revised protocol is secure, not only against the existing attacks, but also against any further attacks violating the formalised security goals.
△ Less
Submitted 15 March, 2021;
originally announced March 2021.
-
Betting on Blockchain Consensus with Fantomette
Authors:
Sarah Azouvi,
Patrick McCorry,
Sarah Meiklejohn
Abstract:
Blockchain-based consensus protocols present the opportunity to develop new protocols, due to their novel requirements of open participation and explicit incentivization of participants. To address the first requirement, it is necessary to consider the leader election inherent in consensus protocols, which can be difficult to scale to a large and untrusted set of participants. To address the secon…
▽ More
Blockchain-based consensus protocols present the opportunity to develop new protocols, due to their novel requirements of open participation and explicit incentivization of participants. To address the first requirement, it is necessary to consider the leader election inherent in consensus protocols, which can be difficult to scale to a large and untrusted set of participants. To address the second, it is important to consider ways to provide incentivization without relying on the resource-intensive proofs-of-work used in Bitcoin. In this paper, we propose a secure leader election protocol, Caucus; we next fit this protocol into a broader blockchain-based consensus protocol, Fantomette, that provides game-theoretic guarantees in addition to traditional blockchain security properties. Fantomette is the first proof-of-stake protocol to give formal game-theoretic proofs of security in the presence of non-rational players.
△ Less
Submitted 8 August, 2018; v1 submitted 16 May, 2018;
originally announced May 2018.
-
Winning the Caucus Race: Continuous Leader Election via Public Randomness
Authors:
Sarah Azouvi,
Patrick McCorry,
Sarah Meiklejohn
Abstract:
Consensus protocols inherently rely on the notion of leader election, in which one or a subset of participants are temporarily elected to authorize and announce the network's latest state. While leader election is a well studied problem, the rise of distributed ledgers (i.e., blockchains) has led to a new perspective on how to perform large-scale leader elections via solving a computationally diff…
▽ More
Consensus protocols inherently rely on the notion of leader election, in which one or a subset of participants are temporarily elected to authorize and announce the network's latest state. While leader election is a well studied problem, the rise of distributed ledgers (i.e., blockchains) has led to a new perspective on how to perform large-scale leader elections via solving a computationally difficult puzzle (i.e., proof of work). In this paper, we present Caucus, a large-scale leader election protocol with minimal coordination costs that does not require the computational cost of proof-of-work. We evaluate Caucus in terms of its security, using a new model for blockchain-focused leader election, before testing an implementation of Caucus on an Ethereum private network. Our experiments highlight that one variant of Caucus costs only $0.10 per leader election if deployed on Ethereum.
△ Less
Submitted 4 February, 2018; v1 submitted 24 January, 2018;
originally announced January 2018.
-
Consensus in the Age of Blockchains
Authors:
Shehar Bano,
Alberto Sonnino,
Mustafa Al-Bassam,
Sarah Azouvi,
Patrick McCorry,
Sarah Meiklejohn,
George Danezis
Abstract:
The blockchain initially gained traction in 2008 as the technology underlying bitcoin, but now has been employed in a diverse range of applications and created a global market worth over $150B as of 2017. What distinguishes blockchains from traditional distributed databases is the ability to operate in a decentralized setting without relying on a trusted third party. As such their core technical c…
▽ More
The blockchain initially gained traction in 2008 as the technology underlying bitcoin, but now has been employed in a diverse range of applications and created a global market worth over $150B as of 2017. What distinguishes blockchains from traditional distributed databases is the ability to operate in a decentralized setting without relying on a trusted third party. As such their core technical component is consensus: how to reach agreement among a group of nodes. This has been extensively studied already in the distributed systems community for closed systems, but its application to open blockchains has revitalized the field and led to a plethora of new designs.
The inherent complexity of consensus protocols and their rapid and dramatic evolution makes it hard to contextualize the design landscape. We address this challenge by conducting a systematic and comprehensive study of blockchain consensus protocols. After first discussing key themes in classical consensus protocols, we describe: first protocols based on proof-of-work (PoW), second proof-of-X (PoX) protocols that replace PoW with more energy-efficient alternatives, and third hybrid protocols that are compositions or variations of classical consensus protocols. We develop a framework to evaluate their performance, security and design properties, and use it to systematize key themes in the protocol categories described above. This evaluation leads us to identify research gaps and challenges for the community to consider in future research endeavours.
△ Less
Submitted 13 November, 2017; v1 submitted 10 November, 2017;
originally announced November 2017.
-
The Nuts and Bolts of Micropayments: A Survey
Authors:
Syed Taha Ali,
Dylan Clarke,
Patrick McCorry
Abstract:
In this paper, we undertake a comprehensive survey of key trends and innovations in the development of research-based and commercial micropayment systems. Based on our study, we argue that past solutions have largely failed because research has focused heavily on cryptographic and engineering innovation, whereas fundamental issues pertaining to usability, psychology, and economics have been neglec…
▽ More
In this paper, we undertake a comprehensive survey of key trends and innovations in the development of research-based and commercial micropayment systems. Based on our study, we argue that past solutions have largely failed because research has focused heavily on cryptographic and engineering innovation, whereas fundamental issues pertaining to usability, psychology, and economics have been neglected. We contextualize the range of existing challenges for micropayments systems, discuss potential deployment strategies, and identify critical stumbling blocks, some of which we believe researchers and developers have yet to fully recognize. We hope this effort will motivate and guide the development of micropayments systems.
△ Less
Submitted 9 October, 2017;
originally announced October 2017.
-
Betrayal, Distrust, and Rationality: Smart Counter-Collusion Contracts for Verifiable Cloud Computing
Authors:
Changyu Dong,
Yilei Wang,
Amjad Aldweesh,
Patrick McCorry,
Aad van Moorsel
Abstract:
Cloud computing has become an irreversible trend. Together comes the pressing need for verifiability, to assure the client the correctness of computation outsourced to the cloud. Existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart. To achieve verifiability at a reason…
▽ More
Cloud computing has become an irreversible trend. Together comes the pressing need for verifiability, to assure the client the correctness of computation outsourced to the cloud. Existing verifiable computation techniques all have a high overhead, thus if being deployed in the clouds, would render cloud computing more expensive than the on-premises counterpart. To achieve verifiability at a reasonable cost, we leverage game theory and propose a smart contract based solution. In a nutshell, a client lets two clouds compute the same task, and uses smart contracts to stimulate tension, betrayal and distrust between the clouds, so that rational clouds will not collude and cheat. In the absence of collusion, verification of correctness can be done easily by crosschecking the results from the two clouds. We provide a formal analysis of the games induced by the contracts, and prove that the contracts will be effective under certain reasonable assumptions. By resorting to game theory and smart contracts, we are able to avoid heavy cryptographic protocols. The client only needs to pay two clouds to compute in the clear, and a small transaction fee to use the smart contracts. We also conducted a feasibility study that involves implementing the contracts in Solidity and running them on the official Ethereum network.
△ Less
Submitted 4 September, 2017; v1 submitted 3 August, 2017;
originally announced August 2017.
-
Sprites and State Channels: Payment Networks that Go Faster than Lightning
Authors:
Andrew Miller,
Iddo Bentov,
Ranjit Kumaresan,
Christopher Cordi,
Patrick McCorry
Abstract:
Bitcoin, Ethereum and other blockchain-based cryptocurrencies, as deployed today, cannot scale for wide-spread use. A leading approach for cryptocurrency scaling is a smart contract mechanism called a payment channel which enables two mutually distrustful parties to transact efficiently (and only requires a single transaction in the blockchain to set-up). Payment channels can be linked together to…
▽ More
Bitcoin, Ethereum and other blockchain-based cryptocurrencies, as deployed today, cannot scale for wide-spread use. A leading approach for cryptocurrency scaling is a smart contract mechanism called a payment channel which enables two mutually distrustful parties to transact efficiently (and only requires a single transaction in the blockchain to set-up). Payment channels can be linked together to form a payment network, such that payments between any two parties can (usually) be routed through the network along a path that connects them. Crucially, both parties can transact without trusting hops along the route.
In this paper, we propose a novel variant of payment channels, called Sprites, that reduces the worst-case "collateral cost" that each hop along the route may incur. The benefits of Sprites are two-fold. 1) In Lightning Network, a payment across a path of $\ell$ channels requires locking up collateral for $Θ(\ellΔ)$ time, where $Δ$ is the time to commit an on-chain transaction. Sprites reduces this cost to $O(\ell + Δ)$. 2) Unlike prior work, Sprites supports partial withdrawals and deposits, during which the channel can continue to operate without interruption.
In evaluating Sprites we make several additional contributions. First, our simulation-based security model is the first formalism to model timing guarantees in payment channels. Our construction is also modular, making use of a generic abstraction from folklore, called the "state channel," which we are the first to formalize. We also provide a simulation framework for payment network protocols, which we use to confirm that the Sprites construction mitigates against throughput-reducing attacks.
△ Less
Submitted 30 November, 2017; v1 submitted 19 February, 2017;
originally announced February 2017.