Paper 2016/1048

The Bitcoin Backbone Protocol with Chains of Variable Difficulty

Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos

Abstract

Bitcoin’s innovative and distributedly maintained blockchain data structure hinges on the adequate degree of difficulty of so-called “proofs of work,” which miners have to produce in order for transactions to be inserted. Importantly, these proofs of work have to be hard enough so that miners have an opportunity to unify their views in the presence of an adversary who interferes but has bounded computational power, but easy enough to be solvable regularly and enable the miners to make progress. As such, as the miners’ population evolves over time, so should the difficulty of these proofs. Bitcoin provides this adjustment mechanism, with empirical evidence of a constant block generation rate against such population changes. In this paper we provide the first (to our knowledge) formal analysis of Bitcoin’s target (re)calculation function in the cryptographic setting, i.e., against all possible adversaries aiming to subvert the protocol’s properties. We extend the q-bounded synchronous model of the Bitcoin backbone protocol [Eurocrypt 2015], which posed the basic properties of Bitcoin’s underlying blockchain data structure and shows how a robust public transaction ledger can be built on top of them, to environments that may introduce or suspend parties in each round. We provide a set of necessary conditions with respect to the way the population evolves under which the “Bitcoin backbone with chains of variable difficulty” provides a robust transaction ledger in the presence of an actively malicious adversary controlling a fraction of the miners strictly below 50% in each instant of the execution. Our work introduces new analysis techniques and tools to the area of blockchain systems that may prove useful in analyzing other blockchain protocols.

Note: Minor corrections and reformulations of theorem statements and definitions compared to previous version.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
A minor revision of an IACR publication in CRYPTO 2017
Keywords
bitcoin
Contact author(s)
akiayias @ inf ed ac uk
History
2019-08-25: revised
2016-11-07: received
See all versions
Short URL
https://ia.cr/2016/1048
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/1048,
      author = {Juan A.  Garay and Aggelos Kiayias and Nikos Leonardos},
      title = {The Bitcoin Backbone Protocol with Chains of Variable Difficulty},
      howpublished = {Cryptology ePrint Archive, Paper 2016/1048},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/1048}},
      url = {https://eprint.iacr.org/2016/1048}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.