Projects per year

## Abstract / Description of output

Blockchain data structures maintained via the longest-chain rule have emerged as a powerful algorithmic tool for consensus algorithms. The technique—popularized by the Bitcoin protocol—has proven to be remarkably flexible and now supports consensus algorithms in a wide variety of settings. Despite such broad applicability and adoption, current analytic understanding of the technique is highly dependent on details of the protocol’s leader election scheme. A particular challenge appears in the proof-of-stake setting, where existing analyses suffer from quadratic dependence on suffix length. We describe an axiomatic theory of blockchain dynamics that permits rigorous reasoning about the longestchain rule in quite general circumstances and establish bounds—optimal to within a constant—on the probability of a consistency violation. This settles a critical open question in the proof-of-stake setting where we achieve linear consistency for the first time. Operationally, blockchain consensus protocols achieve consistency by instructing parties to remove a suffx of a certain length from their local blockchain. While the analysis of Bitcoin guarantees consistency with error 2

^{-k}by removing*O*(*k*) blocks, recent work on proof-of-stake (PoS) blockchains has suffered from quadratic dependence: (PoS) blockchain protocols, exemplified by Ouroboros (Crypto 2017), Ouroboros Praos (Eurocrypt 2018) and Sleepy Consensus (Asiacrypt 2017), can only establish that the length of this suffx should be Θ(*k*^{2}). This consistency guarantee is a fundamental design parameter for these systems, as the length of the suffix is a lower bound for the time required to wait for transactions to settle. Whether this gap is an intrinsic limitation of PoS—due to issues such as the “nothing-at-stake” problem—has been an urgent open question, as deployed PoS blockchains further rely on consistency for protocol correctness: in particular, security of the protocol itself relies on this parameter. Our general theory directly improves the required suffix length from Θ(*k*^{2}) to Θ(*k*). Thus we show, for the first time, how PoS protocols can match proof-of-work blockchain protocols for exponentially decreasing consistency error. Our analysis focuses on the articulation of a two-dimensional stochastic process that captures the features of interest, an exact recursive closed form for the critical functional of the process, and tail bounds established for associated generating functions that dominate the failure events. Finally, the analysis provides an explicit polynomial-time algorithm for exactly computing the exponentially-decaying error function which can directly inform practice.Original language | English |
---|---|

Title of host publication | Proceedings of the 2020 ACM-SIAM Symposium on Discrete Algorithms |

Pages | 1135-1154 |

Number of pages | 20 |

ISBN (Electronic) | 978-1-61197-599-4 |

DOIs | |

Publication status | Published - 8 Jan 2020 |

Event | ACM-SIAM Symposium on Discrete Algorithms (SODA20) - Salt Lake City, United States Duration: 5 Jan 2020 → 8 Jan 2020 Conference number: 2020 https://www.siam.org/conferences/cm/conference/soda20 |

### Conference

Conference | ACM-SIAM Symposium on Discrete Algorithms (SODA20) |
---|---|

Abbreviated title | SODA |

Country/Territory | United States |

City | Salt Lake City |

Period | 5/01/20 → 8/01/20 |

Internet address |

## Fingerprint

Dive into the research topics of 'The Combinatorics of the Longest-Chain Rule: Linear Consistency for Proof-of-Stake Blockchains'. Together they form a unique fingerprint.## Projects

- 1 Finished