Cryptology ePrint Archive: Report 2017/775

Consensus from Signatures of Work

Juan A. Garay and Aggelos Kiayias and Giorgos Panagiotakos

Abstract: Digital signatures are a fundamental building block in the design of consensus protocols that allow correctness with optimal resilience. With the advent of blockchain protocols like Bitcoin, consensus has been considered in the permissionless'' setting where no authentication or even point-to-point communication is available. Despite some preliminary positive results, there has been no attempt to formalize a building block that is sufficient for designing consensus protocols in this setting.

In this work we fill this void by putting forth a formalization of such a primitive, which we call {\em signatures of work} (SoW). Distinctive features of our new notion are a lower bound on the number of steps required to produce a signature; fast verification; {\em moderate unforgeability}---producing a sequence of SoWs, for chosen messages, does not provide an advantage to an adversary in terms of running time; and signing time independence---most relevant in concurrent multi-party applications, as we show. Armed with SoW, we present a new permissionless consensus protocol. The protocol is built on top of a SoW-based blockchain which may be of independent interest and standard properties of the underlying hash function, and is secure assuming an honest majority of computational power.

Category / Keywords: cryptographic protocols / Bitcoin, proof of work, consensus

Date: received 9 Aug 2017, last revised 19 Mar 2019

Contact author: pagio91i at gmail com

Available format(s): PDF | BibTeX Citation

Note: The most important difference of this version of the paper with respect to the previous version is the introduction of the notion of SoW, replacing the Proof of Work (PoW) notion. Moreover, many proofs have been rewritten in a clearer fashion, and the properties required from the underlying computational primitive have been simplified. Finally, additional related work regarding consensus protocols has been added.

Short URL: ia.cr/2017/775

[ Cryptology ePrint archive ]