Paper 2018/104

PHANTOM and GHOSTDAG: A Scalable Generalization of Nakamoto Consensus

Yonatan Sompolinsky, Shai Wyborski, and Aviv Zohar

Abstract

In 2008 Satoshi Nakamoto invented the basis for blockchain-based distributed ledgers. The core concept of this system is an open and anonymous network of nodes, or miners, which together maintain a public ledger of transactions. The ledger takes the form of a chain of blocks, the blockchain, where each block is a batch of new transactions collected from users. One primary problem with Satoshi's blockchain is its highly limited scalability. The security of Satoshi's longest chain rule, more generally known as the Bitcoin protocol, requires that all honest nodes be aware of each other's blocks very soon after the block's creation. To this end, the throughput of the system is artificially suppressed so that each block fully propagates before the next one is created, and that very few ``orphan blocks'' that fork the chain be created spontaneously. In this paper we present PHANTOM, a proof-of-work based protocol for a permissionless ledger that generalizes Nakamoto's blockchain to a direct acyclic graph of blocks (blockDAG). PHANTOM includes a parameter $k$ that controls the level of tolerance of the protocol to blocks that were created concurrently, which can be set to accommodate higher throughput. It thus avoids the security-scalability tradeoff which Satoshi's protocol suffers from. PHANTOM solves an optimization problem over the blockDAG to distinguish between blocks mined properly by honest nodes and those created by non-cooperating nodes who chose to deviate from the mining protocol. Using this distinction, PHANTOM provides a robust total order on the blockDAG in a way that is eventually agreed upon by all honest nodes. Implementing PHANTOM requires solving an NP-hard problem, and to avoid this prohibitive computation, we devised an efficient greedy algorithm GHOSTDAG that captures the essence of PHANTOM. We provide a formal proof of the security of GHOSTDAG, namely, that its ordering of blocks is irreversible up to an exponentially negligible factor. We discuss the properties of GHOSTDAG and how it compares to other DAG based protocols.

Metadata
Available format(s)
PDF
Category
Applications
Publication info
Preprint. Minor revision.
Keywords
BlockDAGCryptocurrencyConsensus Protocols
Contact author(s)
yonatan sompolinsky @ mail huji ac il
shaiw @ daglabs com
History
2021-11-10: last of 17 revisions
2018-01-30: received
See all versions
Short URL
https://ia.cr/2018/104
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2018/104,
      author = {Yonatan Sompolinsky and Shai Wyborski and Aviv Zohar},
      title = {PHANTOM and GHOSTDAG:  A Scalable Generalization of Nakamoto Consensus},
      howpublished = {Cryptology ePrint Archive, Paper 2018/104},
      year = {2018},
      note = {\url{https://eprint.iacr.org/2018/104}},
      url = {https://eprint.iacr.org/2018/104}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.