Model Checking Bitcoin and other Proof-of-Work Consensus Protocols (original) (raw)
Related papers
The Bitcoin Backbone Protocol with Chains of Variable Difficulty
Advances in Cryptology – CRYPTO 2017, 2017
Bitcoin's innovative and distributedly maintained blockchain data structure hinges on the adequate degree of difficulty of so-called "proofs of work," which miners have to produce in order for transactions to be inserted. Importantly, these proofs of work have to be hard enough so that miners have an opportunity to unify their views in the presence of an adversary who interferes but has bounded computational power, but easy enough to be solvable regularly and enable the miners to make progress. As such, as the miners' population evolves over time, so should the difficulty of these proofs. Bitcoin provides this adjustment mechanism, with empirical evidence of a constant block generation rate against such population changes. In this paper we provide the first formal analysis of Bitcoin's target (re)calculation function in the cryptographic setting, i.e., against all possible adversaries aiming to subvert the protocol's properties. We extend the q-bounded synchronous model of the Bitcoin backbone protocol [Eurocrypt 2015], which posed the basic properties of Bitcoin's underlying blockchain data structure and shows how a robust public transaction ledger can be built on top of them, to environments that may introduce or suspend parties in each round. We provide a set of necessary conditions with respect to the way the population evolves under which the "Bitcoin backbone with chains of variable difficulty" provides a robust transaction ledger in the presence of an actively malicious adversary controlling a fraction of the miners The full version of this paper can be found at the Cryptology ePrint Archive [12].
Modeling and Verification of the Bitcoin Protocol
Electronic Proceedings in Theoretical Computer Science, 2015
Bitcoin is a popular digital currency for online payments, realized as a decentralized peer-to-peer electronic cash system. Bitcoin keeps a ledger of all transactions; the majority of the participants decides on the correct ledger. Since there is no trusted third party to guard against double spending, and inspired by its popularity, we would like to investigate the correctness of the Bitcoin protocol. Double spending is an important threat to electronic payment systems. Double spending would happen if one user could force a majority to believe that a ledger without his previous payment is the correct one. We are interested in the probability of success of such a double spending attack, which is linked to the computational power of the attacker. This paper examines the Bitcoin protocol and provides its formalization as an UPPAAL model. The model will be used to show how double spending can be done if the parties in the Bitcoin protocol behave maliciously, and with what probability double spending occurs.
Proofs of Work for Blockchain Protocols
2017
One of the most impactful applications of proofs of work (POW) currently is in the design of blockchain protocols such as Bitcoin. Yet, despite the wide recognition of POWs as the fundamental cryptographic tool in this context, there is no known cryptographic formulation that implies the security of the Bitcoin blockchain protocol. Indeed, all previous works formally arguing the security of the Bitcoin protocol relied on direct proofs in the random oracle model, thus circumventing the di culty of isolating the required properties of the core POW primitive. In this work we ll this gap by providing a formulation of the POW primitive that implies the security of the Bitcoin blockchain protocol in the standard model. Our primitive entails a number of properties that parallel an e cient non-interactive proof system: completeness and fast veri cation, security against malicious provers (termed hardness against tampering and chosen message attacks ) and security for honest provers (termed ...
A Template for Alternative Proof of Work for Cryptocurrencies
2021
Many popular cryptocurrencies, such as Bitcoin, form consensus through a method known as Proof of Work. Problematically, current implementations of Proof of Work require immense amounts of energy consumption, where a majority of this energy is spent solely on securing consensus. Our focus is not to directly decrease energy consumption, but to allow for more useful and pragmatic computation to come from Proof of Work, such that energy is saved by not running these computational tasks separately. In this paper, we create a template for Proof of Work protocols, such that if followed, can guarantee similar security assurances as to the Proof of Work present in Bitcoin. Secondarily, we also develop “useful” prototypes based on this template. Keywords—Cryptocurrencies, PoW, Oracle, Factorization, Hash.
Modeling Bitcoin Protocols with Probabilistic Logic Programming
2018
Bitcoin is one of the first decentralized, peer to peer, payment systems based on the so-called Proof-of-Work (PoW). PoW is an algorithm that requires the computation of a hard function in order to gain access to a resource but, at the same time, the correctness of the computed result should be easily checked. The use of a PoW removes the necessity of a centralized third party and so the consistency of the network may be altered directly by the involved users. Peers, to solve the PoW more efficiently, usually organize themselves into mining pools, to increase the overall computational power: this situation, unfortunately, leads to a network centralization. In this paper we consider two typical scenarios of a Bitcoin network and we model them by probabilistic logic programming (PLP): the centralization of the hashing power by large pools and the “double spending attack”. In the first one, we verify the effectiveness of a protocol that attempts to discourage the formation of large poo...
Multi-stage Proof-of-Works: Properties and Vulnerabilities
2021
Since its appearance in 2008, Bitcoin has attracted considerable attention. So far, it has been the most successful cryptocurrency, with the highest market capitalization. Nevertheless, due to the method it uses to append new transactions and blocks to the blockchain, based on a Proof-ofWork, Bitcoin suffers from poor scalability, which strongly limits the number of transactions per second and, hence, its adoption as a global payment layer for everyday uses. In this paper we analyze some recent proposals to address this issue. In particular, we focus our attention on permissionless blockchain protocols, whose distributed consensus algorithm lies on a Proof-of-Work composed of k > 1 sequential hash-puzzles, instead of a single one. Such protocols are referred to as multi-stage Proof-of-Works. We consider a simplified scenario, commonly used in the blockchain literature, in which the number of miners, their hashing powers, and the difficulty values of the hash-puzzles are constant ...
Nonlinear Proof-Of-Work: Improving the Energy Efficiency of Bitcoin Mining
Journal of construction project management and innovation, 2020
Bitcoin is probably the most well-known blockchain system in existence. It employs the proofof-work (PoW) consensus algorithm to add transactions to the blockchain. This process is better known as Bitcoin mining. PoW requires miners to compete in solving a cryptographic puzzle before being allowed to add a block of transactions to the blockchain. This mining process is energy-intensive and results in high energy wastage. The underlying cause of this energy inefficiency is the result of the current implementation of the PoW algorithm. PoW assigns the same cryptographic puzzle to all miners, creating a linear probability of success between the miner's computational power as a proportion of the total computational power of the network. To address this energy inefficiency of the PoW mining process, the researchers investigated whether a nonlinear probability of success, between the miner's computation power and its probability of success, will result in better energy usage. A nonlinear proof-ofwork (nlPoW) algorithm was constructed by using a design science approach to derive the requirements for and structure of the algorithm. The Bitcoin mining process was tested through statistical simulation, comparing the performance of nlPoW with PoW. Preliminary results, simulating a network of 1000 miners with identical computational power, indicate that nlPoW reduce the number of hash computations, and therefore the energy consumption, required by Bitcoin mining. The findings are significant because nlPoW does not reduce the degree of decentralised consensus, or trade energy usage for some other resource as is the case with many other attempts to address the energy consumption problem in PoW.
2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018
Bitcoin is the first secure decentralized electronic currency system. However, it is known to be inefficient due to its proof-of-work (PoW) consensus algorithm and has the potential hazard of double spending. In this paper, we aim to reduce the probability of double spending by decreasing the probability of consecutive winning. We first formalize a PoW-based decentralized secure network model in order to present a quantitative analysis. Next, to resolve the risk of double spending, we propose the personalized difficulty adjustment (PDA) mechanism which modifies the difficulty of each participant such that those who win more blocks in the past few rounds have a smaller probability to win in the next round. To analyze the performance of the PDA mechanism, we observe that the system can be modeled by a high-order Markov chain. Finally, we show that PDA effectively decreases the probability of consecutive winning and results in a more trustworthy PoW-based system.
Blockchain and Consensus from Proofs of Work without Random Oracles
2018
One of the most impactful applications of proofs of work (POW) currently is in the design of blockchain protocols such as Bitcoin. Yet, despite the wide recognition of POWs as the fundamental cryptographic tool in this context, there is no known cryptographic formulation that implies the security of the Bitcoin blockchain protocol. Indeed, all previous works formally arguing the security of the Bitcoin protocol relied on direct proofs in the random oracle model, thus circumventing the di culty of isolating the required properties of the core POW primitive. In this work we ll this gap by providing a formulation of the POW primitive that implies the security of the Bitcoin blockchain protocol in the standard model. Our primitive entails a number of properties that parallel an e cient non-interactive proof system: completeness and fast veri cation, security against malicious provers (termed hardness against tampering and chosen message attacks ) and e ciency and security for honest pro...
Effective Selfish Mining Defense Strategies to Improve Bitcoin Dependability
Applied Sciences
Selfish mining is a typical malicious attack targeting the blockchain-based bitcoin system, an emerging crypto asset. Because of the non-incentive compatibility of the bitcoin mining protocol, the attackers are able to collect unfair mining rewards by intentionally withholding blocks. The existing works on selfish mining mostly focused on cryptography design, and malicious behavior detection based on different approaches, such as machine learning or timestamp. Most defense strategies show their effectiveness in the perspective of reward reduced. No work has been performed to design a defense strategy that aims to improve bitcoin dependability and provide a framework for quantitively evaluating the improvement. In this paper, we contribute by proposing two network-wide defensive strategies: the dynamic difficulty adjustment algorithm (DDAA) and the acceptance limitation policy (ALP). The DDAA increases the mining difficulty dynamically once a selfish mining behavior is detected, whil...