Cryptology ePrint Archive: Report 2020/1122

The Velvet Path to Superlight Blockchain Clients

Aggelos Kiayias and Andrianna Polydouri and Dionysis Zindros

Abstract: Superlight blockchain clients learn facts about the blockchain state while requiring merely polylogarithmic communication in the total number of blocks. For proof-of-work blockchains, two known constructions exist: Superblock and FlyClient. Unfortunately, none of them can be deployed to existing blockchains, as they require consensus changes and at least a soft fork to implement. In this paper, we investigate how a blockchain can be upgraded to support superblock clients without a soft fork. We show that it is possible to implement the needed changes without modifying the consensus protocol and by requiring only a minority of miners to upgrade, a process termed a “velvet fork” in the literature. While previous work conjectured that superblock clients can be safely deployed using velvet forks as-is, we show that previous constructions are insecure, and that using velvet techniques to interlink a blockchain can pose insidious security risks. We describe a novel class of attacks, called “chain-sewing”, which arise in the velvet fork setting: an adversary can cut-and-paste portions of various chains from independent temporary forks, sewing them together to fool a superlight client into accepting a false claim. We show how previous velvet fork constructions can be attacked via chain- sewing. Next, we put forth the first provably secure velvet superblock client construction which we show secure against adversaries that are bounded by 1/3 of the upgraded honest miner population. Like non-velvet superlight clients, our approach allows proving generic predicates about chains using infix proofs and as such can be adopted in practice for fast synchronization of transactions and accounts.

Category / Keywords: cryptographic protocols / cryptographic protocols, blockchains, superlight clients, velvet fork

Date: received 16 Sep 2020

Contact author: andriannapolyd at gmail com, dionyziz@di uoa gr , Aggelos Kiayias@ed ac uk

Available format(s): PDF | BibTeX Citation

Version: 20200921:081703 (All versions of this report)

Short URL: ia.cr/2020/1122


[ Cryptology ePrint archive ]