## Cryptology ePrint Archive: Report 2015/1019

Aggelos Kiayias and Giorgos Panagiotakos

Abstract: Transaction processing speed is one of the major considerations in cryptocurrencies that are based on proof of work (POW) such as Bitcoin. At an intuitive level it is widely understood that processing speed is at odds with the security aspects of the underlying POW based consensus mechanism of such protocols, nevertheless the tradeoff between the two properties is still not well understood.

In this work, motivated by recent work \cite{GKL15} in the formal analysis of the Bitcoin backbone protocol, we investigate the tradeoff between provable security and transaction processing speed viewing the latter as a function of the block generation rate. % We introduce a new formal property of blockchain protocols, called {\em chain growth}, and we show it is fundamental for arguing the security of a robust transaction ledger. % We strengthen the results of \cite{GKL15} in the following ways: we show how the properties of persistence and liveness of the ledger reduce in a black-box fashion in the underlying properties of the backbone protocol, namely common prefix, chain quality and chain growth, and we improve the security bounds showing that the robustness of the ledger holds for even the faster (than Bitcoin's) block generation rates which have been adopted by other alt-coins.'' % We also present a theoretical attack against bitcoin which we validate in simulation that works when blockchain rate is highly accelerated. This presents a natural upper bound in the context of the speed-security tradeoff. By combining our positive and negative results we map the speed/security domain for blockchain protocols and list open problems for future work.

Category / Keywords: cryptographic protocols / Bitcoin, GHOST, transaction speed, blockchain, robust public transaction ledger, security

Date: received 21 Oct 2015, last revised 13 Oct 2016

Contact author: g panagiotakos at di uoa gr

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2015/1019

[ Cryptology ePrint archive ]