Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit, and even then, offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin's open membership by dynamically forming hash power-proportionate consensus groups that represent recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3f + 2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Due to these optimizations, ByzCoin achieves a throughput higher than PayPal currently handles, with a confirmation latency of 15-20 seconds.

[1]  Claus-Peter Schnorr,et al.  Efficient signature generation by smart cards , 2004, Journal of Cryptology.

[2]  Leslie Lamport,et al.  The Byzantine Generals Problem , 1982, TOPL.

[3]  Michael Dahlin,et al.  Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults , 2009, NSDI.

[4]  David Mazières The Stellar Consensus Protocol : A Federated Model for Internet-level Consensus , 2015 .

[5]  Sunny King,et al.  PPCoin: Peer-to-Peer Crypto-Currency with Proof-of-Stake , 2012 .

[6]  Ethan Heilman,et al.  Eclipse Attacks on Bitcoin's Peer-to-Peer Network , 2015, USENIX Security Symposium.

[7]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[8]  David Wolinsky,et al.  Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning , 2015, 2016 IEEE Symposium on Security and Privacy (SP).

[9]  Bryan Ford,et al.  An offline foundation for online accountable pseudonyms , 2008, SocialNets '08.

[10]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[11]  David Schwartz,et al.  The Ripple Protocol Consensus Algorithm , 2014 .

[12]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[13]  Paul Francis,et al.  Chunkyspread: Heterogeneous Unstructured Tree-Based Peer-to-Peer Multicast , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[14]  Emin Gün Sirer,et al.  Majority is not enough , 2013, Financial Cryptography.

[15]  Aviv Zohar,et al.  Accelerating Bitcoin's Transaction Processing. Fast Money Grows on Trees, Not Chains , 2013, IACR Cryptol. ePrint Arch..

[16]  Miguel Castro,et al.  SplitStream: high-bandwidth multicast in cooperative environments , 2003, SOSP '03.

[17]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[18]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[19]  Christian Decker,et al.  Bitcoin meets strong consistency , 2014, ICDCN.

[20]  Stephen E. Deering,et al.  Multicast routing in datagram internetworks and extended LANs , 1990, TOCS.

[21]  Liuba Shrira,et al.  HQ replication: a hybrid quorum protocol for byzantine fault tolerance , 2006, OSDI '06.

[22]  Laurent Vanbever,et al.  Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies , 2016, ArXiv.

[23]  Giuseppe Ateniese,et al.  Proofs of Space: When Space Is of the Essence , 2014, SCN.

[24]  Ramakrishna Kotla,et al.  Zyzzyva: speculative byzantine fault tolerance , 2007, TOCS.

[25]  Aviv Zohar,et al.  Optimal Selfish Mining Strategies in Bitcoin , 2015, Financial Cryptography.

[26]  Petr Kuznetsov,et al.  Stabilization, Safety, and Security of Distributed Systems , 2018, Lecture Notes in Computer Science.

[27]  Ramakrishna Kotla,et al.  Zyzzyva , 2007, SOSP.

[28]  Tanja Lange,et al.  High-speed high-security signatures , 2011, Journal of Cryptographic Engineering.

[29]  Jeffrey H. Meyerson,et al.  The Go Programming Language , 2014, IEEE Softw..

[30]  Kartik Nayak,et al.  Stubborn Mining: Generalizing Selfish Mining and Combining with an Eclipse Attack , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[31]  Brian W. Kernighan,et al.  The Go Programming Language , 2015 .

[32]  Pieter Wuille,et al.  Enabling Blockchain Innovations with Pegged Sidechains , 2014 .

[33]  Victor Shoup,et al.  Secure and Efficient Asynchronous Broadcast Protocols , 2001, CRYPTO.

[34]  Marko Vukolic,et al.  The Next 700 BFT Protocols , 2015, ACM Trans. Comput. Syst..

[35]  Rob Jansen,et al.  Shadow-Bitcoin: Scalable Simulation via Direct Execution of Multi-threaded Applications , 2015, IACR Cryptol. ePrint Arch..

[36]  Christian Decker,et al.  A Fast and Scalable Payment Network with Bitcoin Duplex Micropayment Channels , 2015, SSS.

[37]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[38]  Laurent Vanbever,et al.  Hijacking Bitcoin: Routing Attacks on Cryptocurrencies , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[39]  Hubert Ritzdorf,et al.  Tampering with the Delivery of Blocks and Transactions in Bitcoin , 2015, IACR Cryptol. ePrint Arch..

[40]  Michael K. Reiter,et al.  Fault-scalable Byzantine fault-tolerant services , 2005, SOSP '05.

[41]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[42]  Aggelos Kiayias,et al.  The Bitcoin Backbone Protocol: Analysis and Applications , 2015, EUROCRYPT.

[43]  Elaine Shi,et al.  On Scaling Decentralized Blockchains - (A Position Paper) , 2016, Financial Cryptography Workshops.

[44]  Emin Gün Sirer,et al.  Bitcoin-NG: A Scalable Blockchain Protocol , 2015, NSDI.

[45]  Ghassan O. Karame,et al.  Double-spending fast payments in bitcoin , 2012, CCS.

[46]  Daniel Davis Wood,et al.  ETHEREUM: A SECURE DECENTRALISED GENERALISED TRANSACTION LEDGER , 2014 .

[47]  Peter Kulchyski and , 2015 .

[48]  Marko Vukolic,et al.  The next 700 BFT protocols , 2010, EuroSys '10.

[49]  Ralph C. Merkle,et al.  Secrecy, authentication, and public key systems , 1979 .

[50]  Joseph J. LaViola,et al.  Byzantine Consensus from Moderately-Hard Puzzles : A Model for Bitcoin , 2014 .

[51]  Michael Kaminsky,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, S&P 2008.

[52]  Hubert Ritzdorf,et al.  On the Security and Performance of Proof of Work Blockchains , 2016, IACR Cryptol. ePrint Arch..

[53]  Ethan Buchman,et al.  Tendermint: Byzantine Fault Tolerance in the Age of Blockchains , 2016 .

[54]  Arjen K. Lenstra,et al.  A random zoo: sloth, unicorn, and trx , 2015, IACR Cryptol. ePrint Arch..

[55]  Yoad Lewenberg,et al.  Inclusive Block Chain Protocols , 2015, Financial Cryptography.

[56]  George Danezis,et al.  Centrally Banked Cryptocurrencies , 2015, NDSS.

[57]  John R. Douceur,et al.  The Sybil Attack , 2002, IPTPS.

[58]  Feng Xiao,et al.  SybilLimit: A Near-Optimal Social Network Defense against Sybil Attacks , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[59]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.