Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Economic Limits of Permissionless Consensus (2405.09173v2)

Published 15 May 2024 in cs.DC

Abstract: The purpose of a consensus protocol is to keep a distributed network of nodes "in sync," even in the presence of an unpredictable communication network and adversarial behavior by some of the participating nodes. In the permissionless setting, these nodes may be operated by unknown players, with each player free to use multiple identifiers and to start or stop running the protocol at any time. Establishing that a permissionless consensus protocol is "secure" thus requires both a distributed computing argument (that the protocol guarantees consistency and liveness unless the fraction of adversarial participation is sufficiently large) and an economic argument (that carrying out an attack would be prohibitively expensive for an attacker). There is a mature toolbox for assembling arguments of the former type; the goal of this paper is to lay the foundations for arguments of the latter type. An ideal permissionless consensus protocol would, in addition to satisfying standard consistency and liveness guarantees, render consistency violations prohibitively expensive for the attacker without collateral damage to honest participants. We make this idea precise with our notion of the EAAC (expensive to attack in the absence of collapse) property, and prove the following results: 1. In the synchronous and dynamically available setting, with an adversary that controls at least one-half of the overall resources, no protocol can be EAAC. 2. In the partially synchronous and quasi-permissionless setting, with an adversary that controls at least one-third of the overall resources, no protocol can be EAAC. 3. In the synchronous and quasi-permissionless setting, there is a proof-of-stake protocol that, provided the adversary controls less than two-thirds of the overall stake, satisfies the EAAC property. All three results are optimal with respect to the size of the adversary.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Joseph Bonneau. Why Buy When You Can Rent? - Bribery Attacks on Bitcoin-Style Consensus. In Financial Cryptography and Data Security: 20th International Conference, pages 19–26. Springer, 2016.
  2. Ethan Buchman. Tendermint: Byzantine fault tolerance in the age of blockchains. PhD thesis, 2016.
  3. Ethan Buchman and Jae Kwon and Zarko Milosevic. The latest gossip on BFT consensus. arXiv preprint arXiv:1807.04938, 2018.
  4. Eric Budish. The economic limits of bitcoin and the blockchain. Technical report, National Bureau of Economic Research, 2018.
  5. Eric Budish. Trust at scale: The economic limits of cryptocurrencies and blockchains. Technical report, Becker Friedman Institute, 2023.
  6. Vitalik Buterin. Slasher: A Punitive Proof-of-Stake Algorithm, 2014. Accessed on 4th April, 2024. URL: https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm.
  7. Vitalik Buterin. Proof-of-stake: How I learned to love weak subjectivity, 2014. Accessed on 8th February, 2024. URL: https://blog.ethereum.org/2014/11/25/proof-stake-learned-love-weak-subjectivity.
  8. Vitalik Buterin. A proof of stake design philosophy, 2016. Accessed on 12th February, 2024. URL: https://medium.com/@VitalikButerin/a-proof-of-stake-design-philosophy-506585978d51.
  9. Vitalik Buterin. Minimal slashing conditions, 2017. Accessed on 12th February, 2024. URL: https://medium.com/@VitalikButerin/minimal-slashing-conditions-20f0b500fc6c.
  10. Casper the friendly finality gadget. arXiv preprint arXiv:1710.09437, 2017.
  11. Introduction to reliable and secure distributed programming. Springer Science & Business Media, 2011.
  12. Practical byzantine fault tolerance. In OsDI, volume 99, pages 173–186, 1999.
  13. Algorand agreement: Super fast and partition resilient byzantine agreement. IACR Cryptol. ePrint Arch., 2018:377, 2018.
  14. Algorand. arXiv preprint arXiv:1607.01341, 2016.
  15. Polygraph: Accountable byzantine agreement. In 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS), pages 403–413. IEEE, 2021.
  16. As easy as abc: Optimal (a) ccountable (b) yzantine (c) onsensus is easy! Journal of Parallel and Distributed Computing, 181:104743, 2023.
  17. Crime and punishment in distributed byzantine decision tasks. In 2022 IEEE 42nd International Conference on Distributed Computing Systems (ICDCS), pages 34–44. IEEE, 2022.
  18. The chia network blockchain. 2019.
  19. Snow white: Robustly reconfigurable consensus and applications to provably secure proof of stake. In Financial Cryptography and Data Security: 23rd International Conference, pages 23–41. Springer, 2019.
  20. STAKESURE: Proof of Stake Mechanisms with Strong Cryptoeconomic Safety. arXiv preprint arXiv:2401.05797, 2024.
  21. Authenticated algorithms for Byzantine agreement. In SIAM Journal on Computing, vol 12, 4, pages 656-666, SIAM, 1983.
  22. Consensus in the presence of partial synchrony. Journal of the ACM, 35(2):288–323, 1988.
  23. Joshua S. Gans and Hanna Halaburda. “Zero cost” majority attacks on permissionless blockchains. SSRN preprint 4505460, 2023.
  24. The bitcoin backbone protocol: Analysis and applications. 2018.
  25. The microeconomics of cryptocurrencies. Journal of Economic Literature, 60(3):971–1013, 2022.
  26. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
  27. Jae Kwon. Tendermint: Consensus without Mining. 2014.
  28. The Byzantine generals problem. In Concurrency: the works of Leslie Lamport, pages 203–226, 2019.
  29. Can open decentralized ledgers be economically secure? IACR Cryptol. ePrint Arch., 2023:1516, 2023.
  30. Permissionless consensus. arXiv preprint arXiv:2304.14701, 2023.
  31. Nancy A Lynch. Distributed algorithms. Elsevier, 1996.
  32. Satoshi Nakamoto et al. Bitcoin: A peer-to-peer electronic cash system.(2008), 2008.
  33. Cogsworth: Byzantine view synchronization. 2021.
  34. The availability-accountability dilemma and its resolution via accountability gadgets. In International Conference on Financial Cryptography and Data Security, pages 541–559. Springer, 2022.
  35. Zlb: A blockchain to tolerate colluding majorities. arXiv preprint arXiv:2007.10541, 2020.
  36. {{\{{IA-CCF}}\}}: Individual accountability for permissioned ledgers. In 19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22), pages 467–491, 2022.
  37. Bft protocol forensics. In Proceedings of the 2021 ACM SIGSAC conference on computer and communications security, pages 1722–1743, 2021.
  38. Better safe than sorry: Recovering after adversarial majority. arXiv preprint arXiv:2310.06338, 2023.
  39. Bitcoin-enhanced proof-of-stake security: Possibilities and impossibilities. In 2023 IEEE Symposium on Security and Privacy (SP), pages 126–145. IEEE, 2023.
  40. Babylon: Reusing bitcoin mining to enhance proof-of-stake security. arXiv preprint arXiv:2201.07946, 2022.
  41. HotStuff: Bft consensus with linearity and responsiveness. In Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, pages 347–356, 2019.
Citations (4)
View on Semantic Scholar

Summary

  • The paper reveals that economic factors, including resource thresholds like 50% and 33.33%, are key to deterring attacks on permissionless consensus protocols.
  • The paper utilizes theoretical analysis to derive impossibility results in fully permissionless settings while proposing the PosT protocol for quasi-permissionless scenarios.
  • The paper demonstrates that incorporating multi-voting stages and extended timeouts can economically burden adversaries and enhance blockchain security.

Understanding the Security of Permissionless Consensus Protocols: Asymmetry in Blockchain Protocols

Overview

Blockchain technology powers cryptocurrencies like Bitcoin and Ethereum. A critical aspect of blockchain is its permissionless consensus protocols, which allow an evolving set of participants to agree on the state of the blockchain without needing a central authority. Unlike permissioned consensus protocols with a fixed set of known participants, permissionless protocols face unique challenges involving unknown participants, player inactivity, and the Sybil attack, where one participant pretends to be many.

This paper explores the economic aspects of permissionless consensus protocols, exploring the cost of attacks that disrupt the consensus. By understanding these economic consequences, we aim to design more secure blockchain protocols.

Challenges in Permissionless Consensus

Before diving into the main results, let's recapitulate the fundamental challenges in permissionless consensus:

  1. Unknown Players: The set of active participants isn’t fixed or known beforehand.
  2. Player Inactivity: Participants can enter or leave the protocol at any time.
  3. Sybil Attacks: A participant can present multiple identities.

These factors make security in permissionless consensus not just a computer science problem, but one that necessitates economic reasoning.

Economic Costs of Attacks

An attack's economic consequences are pivotal in deterrence. The paper uses several illustrative scenarios:

  1. No Consequences (Cheap Attack): An attack doesn't affect the adversary's resource valuation.
  2. Expensive Due to Collapse: The attack harms the entire system, including honest participants.
  3. Expensive Without Collapse: The attack is expensive solely for the adversary, sparing honest participants.

The goal is to develop protocols where attacks are "expensive without collapse," avoiding collateral damage to honest players.

Key Definitions

EAAC Protocol

An EAAC (Economically Asymmetric and Accountable) protocol ensures two conditions:

  • Honest participants’ investments are safeguarded.
  • Adversaries suffer economic losses sufficient to deter attacks.

Theoretical Insights

Impossibility Results

  1. Dynamically Available Setting:
    • Balance Threshold: If an adversary controls ≥50% of resources, no protocol can ensure both liveness and EAAC properties.
    • This holds true even with synchronous communications and time-invariant resource balances.
  2. Partially Synchronous Setting:
    • Balance Threshold: In settings where message delays are uncertain but eventually bounded, attackers controlling ≥33.33% of resources can't be economically deterred post-attack.

In essence, these results highlight the difficulty in designing protocols that are both fault-tolerant and capable of imposing meaningful economic losses on attackers in fully permissionless or semi-permissionless settings.

Possibility Results

Despite the grim outlook from the impossibility results, an intriguing development emerges in quasi-permissionless settings (where all honest, resource-holding players are always active). The paper presents PosT (Proof-of-Stake Tendermint), an adaptation of the Tendermint protocol:

  1. Key Mechanisms:
    • Epochs: Periodic intervals to fix validator sets.
    • Certificates of Guilt: Proof of Byzantine behavior produced during consistency violations.
    • Recovery Procedure: Uses a canonical protocol to achieve consensus on new states post-violation.
  2. Guardrails:
    • Three Voting Stages: Ensures messages confirming guilt are universally disseminated.
    • Extended Timeout Mechanisms: Account for worst-case network delays, ensuring validators operate within realistic, bounded timeframes.
  3. Outcomes:
    • Resilience: Achieves EAAC properties if adversaries control ≤67% of resources and assuming delays are bounded within a practical timeframe.
    • Economic Security: Even strong attackers suffer economically deterring attacks, especially in a partially synchronous setting.

Practical and Theoretical Implications

These findings underscore the intricate interplay between computer science and economics in blockchain protocol design. They suggest that while certain models expose vulnerabilities (like cheap attacks), enhancements such as extended timeouts, deliberate slashing mechanisms, and robust confirmation protocols can bolster security.

In practice:

  • Protocol developers can use these insights to enhance blockchain security paradigms, especially in dynamic and partially reliable networks.
  • The adoption of multi-vote stages and economic deterrents provides a viable approach to mitigate severe network and adversarial conditions.

Future Directions

Exploring protocols achieving EAAC under various practical constraints and refining economic models for adversarial behavior remain promising frontiers. The evolution of blockchain technology, through such rigorous analysis, paves the way for more secure, reliable, and economically robust decentralized systems.

Conclusion

This paper delves deep into the economics of consensus in blockchain systems, identifying key challenges and offering both sobering impossibility results and hopeful pathways for achieving economically secure permissionless protocols. With advancements like PosT and the rigorous frameworks outlined, the quest for secure, decentralized consensus continues with renewed vigor and insight.

File Document Download Save Streamline Icon: https://streamlinehq.com PDF File Document Download Save Streamline Icon: https://streamlinehq.com Markdown
Youtube Logo Streamline Icon: https://streamlinehq.com

YouTube