Next, we propose and analyze applications that can be built ``on top'' of the backbone protocol, specifically focusing on Byzantine agreement (BA) and on the notion of a public transaction ledger. Regarding BA, we observe that Nakamoto's suggestion falls short of solving it, and present a simple alternative which works assuming that the adversary's hashing power is bounded by $1/3$. The public transaction ledger captures the essence of Bitcoin's operation as a cryptocurrency, in the sense that it guarantees the ``liveness'' and ``persistence'' of committed transactions. Based on this notion we describe and analyze the Bitcoin system as well as a more elaborate BA protocol, proving them secure assuming high network synchronicity and that the adversary's hashing power is strictly less than $1/2$, while the adversarial bound needed for security decreases as the network desynchronizes.
Category / Keywords: applications / Date: received 29 Sep 2014, last revised 7 Jul 2015 Contact author: aggelos at di uoa gr Available format(s): PDF | BibTeX Citation Note: minor fixes in various places including the persistence property Version: 20150707:191159 (All versions of this report) Short URL: ia.cr/2014/765 Discussion forum: Show discussion | Start new discussion