Bootstrapping the Blockchain - Directly

The Bitcoin backbone protocol [Eurocrypt 2015] extracts basic properties of Bitcoin's underlying {\em blockchain} data structure, such as ``common prefix'' and ``chain quality,'' and shows how fundamental applications including consensus and a robust public transaction ledger can be built on top of them. The underlying assumptions are ``proofs of work'' (POWs), adversarial hashing power strictly less than 1/21/2 {\em and} no adversarial pre-computation---or, alternatively, the existence of an unpredictable ``genesis'' block.

In this paper we show how to remove the latter assumption, presenting a ``bootstrapped'' Bitcoin-like blockchain protocol relying on POWs that builds genesis blocks ``from scratch'' in the presence of adversarial pre-computation. The only known previous result in the same setting (unauthenticated parties, no trusted setup) [Crypto 2015] is indirect in the sense of creating a PKI first and then employing conventional PKI-based authenticated communication.

With our construction we establish that consensus can be solved directly by a blockchain protocol {\em without} trusted setup assuming an honest majority (in terms of computational power). % We also formalize {\em miner unlinkability}, a privacy property for blockchain protocols, and demonstrate that our protocol retains the same level of miner unlinkability as Bitcoin itself.