Paper 2017/417

A Proof-of-Stake protocol for consensus on Bitcoin subchains

Massimo Bartoletti, Stefano Lande, and Alessandro Sebastian Podda


Although the transactions on the Bitcoin blockchain have the main purpose of recording currency transfers, they can also carry a few bytes of metadata. A sequence of transaction metadata forms a subchain of the Bitcoin blockchain, and it can be used to store a tamper-proof execution trace of a smart contract. Except for the trivial case of contracts which admit any trace, in general there may exist inconsistent subchains which represent incorrect contract executions. A crucial issue is how to make it difficult, for an adversary, to subvert the execution of a contract by making its subchain inconsistent. Existing approaches either postulate that subchains are always consistent, or give weak guarantees about their security (for instance, they are susceptible to Sybil attacks). We propose a consensus protocol, based on Proof-of-Stake, that incentivizes nodes to consistently extend the subchain. We empirically evaluate the security of our protocol, and we show how to exploit it as the basis for smart contracts on Bitcoin.

Available format(s)
Publication info
Published elsewhere. MINOR revision.Workshop on Trusted Smart Contracts 2017
Contact author(s)
bart @ unica it
2017-05-15: received
Short URL
Creative Commons Attribution


      author = {Massimo Bartoletti and Stefano Lande and Alessandro Sebastian Podda},
      title = {A Proof-of-Stake protocol for consensus on Bitcoin subchains},
      howpublished = {Cryptology ePrint Archive, Paper 2017/417},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.