Paper 2018/1079
Analysis of Deterministic Longest-Chain Protocols
Elaine Shi
Abstract
Most classical consensus protocols rely on a leader to coordinate nodes’ voting efforts. One novel idea that stems from blockchain-style consensus is to rely, instead, on a “longest-chain” idea for such coordination. Such a longest-chain idea was initially considered in randomized protocols, where in each round, a node has some probability of being elected a leader who can propose the next block. Recently, well-known systems have started implementing the deterministic counterpart of such longest-chain protocols — the deterministic counterpart is especially attractive since it is even simpler to implement than their randomized cousins. A notable instantiation is the Aura protocol which is shipped with Parity’s open-source Ethereum implementation. Interestingly, mathematical analyses of deterministic, longest-chain protocols are lacking even though there exist several analyses of randomized versions. In this paper, we provide the first formal analysis of deterministic, longest-chain-style consensus. We show that a variant of the Aura protocol can defend against a Byzantine adversary that controls fewer than 1/3 fraction of the nodes, and this resilience parameter is tight by some technical interpretation. Based on insights gained through our mathematical treatment, we point out that Aura’s concrete instantiation actually fails to achieve the resiliene level they claim. Finally, while our tight proof for the longest-chain protocol is rather involved and non-trivial; we show that a variant of the “longest-chain” idea which we call “largest-set” enables a textbook construction that admits a simple proof (albeit with slower confirmation).
Metadata
- Available format(s)
- Publication info
- Published elsewhere. Minor revision. CSF 2019
- Keywords
- blockchainlongest-chain protocolsconsensusByzantine Fault Tolerance
- Contact author(s)
- runting @ gmail com
- History
- 2019-05-01: revised
- 2018-11-09: received
- See all versions
- Short URL
- https://ia.cr/2018/1079
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2018/1079, author = {Elaine Shi}, title = {Analysis of Deterministic Longest-Chain Protocols}, howpublished = {Cryptology {ePrint} Archive, Paper 2018/1079}, year = {2018}, url = {https://eprint.iacr.org/2018/1079} }