betting on consensus with fant mette
play

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, - PowerPoint PPT Presentation

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University College London CESC 2018, SF , October 11 2018 1 Bitcoin vs Traditional Consensus Bitcoin vs Traditional Consensus Open, participants


  1. Betting on Consensus with Fantômette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University College London CESC 2018, SF , October 11 2018 � 1

  2. Bitcoin vs Traditional Consensus

  3. Bitcoin vs Traditional Consensus • Open, participants unknown

  4. Bitcoin vs Traditional Consensus • Open, participants unknown • One message broadcast per round

  5. Bitcoin vs Traditional Consensus • Open, participants unknown • One message broadcast per round • Incentives at the core of its security

  6. Bitcoin vs Traditional Consensus • Open, participants unknown • One message broadcast per round • Incentives at the core of its security • High energy consumption

  7. Blockchain without PoW?

  8. Blockchain without PoW? • Proof-of-stake: computation stake

  9. Blockchain without PoW? • Proof-of-stake: computation stake • Can we get the same guarantees?

  10. Blockchain without PoW? • Proof-of-stake: computation stake • Can we get the same guarantees? • Problems: nothing at stake, grinding, long range attacks

  11. Blockchain without PoW? • Proof-of-stake: computation stake • Can we get the same guarantees? • Problems: nothing at stake, grinding, long range attacks • Proposed solutions: PBFT style (e.g. Algorand), cryptographic (e.g. Ouroboros, Snow-White)

  12. Blockchain without PoW? • Proof-of-stake: computation stake • Can we get the same guarantees? • Problems: nothing at stake, grinding, long range attacks • Proposed solutions: PBFT style (e.g. Algorand), cryptographic (e.g. Ouroboros, Snow-White) • Incentives rarely considered

  13. Incentives matter

  14. Incentives matter

  15. Incentives matter

  16. Incentives matter

  17. Incentives matter

  18. Incentives matter

  19. Incentives matter

  20. Model

  21. Model Rational Players

  22. Model Rational Players Byzantine (Malicious) Players

  23. Model Coalitions Rational Players Byzantine (Malicious) Players

  24. Model

  25. Model BAR Model

  26. Model BAR Model

  27. Model BAR Model Byzantine Altruistic Rational

  28. Model BAR Model

  29. Model BAR Model Robustness

  30. Model BAR Model Robustness

  31. Model BAR Model Robustness Resilience

  32. Model BAR Model Robustness Resilience Immunity

  33. Model Coalitions Rational Players Byzantine (Malicious) Players

  34. Model Coalitions Rational Players Byzantine (Malicious) Players

  35. Model Coalitions Rational Players Byzantine (Malicious) Players • Chain growth

  36. Model Coalitions Rational Players Byzantine (Malicious) Players • Chain growth • Chain quality

  37. Model Coalitions Rational Players Byzantine (Malicious) Players • Chain growth • Chain quality • Common prefix

  38. Fantômette Overview

  39. Fantômette Overview Leader Election

  40. Fantômette Overview Leader Election Instead of PoW: leader election

  41. Fantômette Overview Leader Election Instead of PoW: leader election Publicly Verifiable Proof of Eligibility

  42. Fantômette Overview Leader Election Instead of PoW: leader election Publicly Verifiable Proof of Eligibility One block elects at least one leader

  43. Fantômette Overview Leader Election Betting Scheme Instead of PoW: leader election Publicly Verifiable Proof of Eligibility One block elects at least one leader

  44. Fantômette Overview Leader Election Betting Scheme Instead of PoW: leader election Use incentives to move away from BFT-style Publicly Verifiable Proof of Eligibility One block elects at least one leader

  45. Fantômette Continuous Leader Election

  46. Fantômette Continuous Leader Election • Fair (Chain quality)

  47. Fantômette Continuous Leader Election • Fair (Chain quality) • Unpredictable

  48. Fantômette Continuous Leader Election • Fair (Chain quality) • Unpredictable • Privately unpredictable

  49. Fantômette Continuous Leader Election • Fair (Chain quality) • Unpredictable • Privately unpredictable • Liveness

  50. Fantômette Continuous Leader Election Random beacon Pseudo-randomly generated number associated within each block

  51. Fantômette Continuous Leader Election

  52. Fantômette Continuous Leader Election

  53. Fantômette Continuous Leader Election Initial Random Beacon Verifiable Random Function < target?

  54. Fantômette Continuous Leader Election Initial Random Beacon Verifiable Random Function < target? Verifiable Delay Function -> liveness

  55. Fantômette

  56. Fantômette • blockDAG (PHANTOM Sompolinski & Zohar)

  57. Fantômette • blockDAG (PHANTOM Sompolinski & Zohar) • A block bets on its parent block

  58. Fantômette • blockDAG (PHANTOM Sompolinski & Zohar) • A block bets on its parent block • A block references other blocks

  59. Fantômette • blockDAG (PHANTOM Sompolinski & Zohar) • A block bets on its parent block • A block references other blocks A C Genesis block B

  60. Fantômette • blockDAG (PHANTOM Sompolinski & Zohar) • A block bets on its parent block • A block references other blocks A C Genesis block B Notion of chain

  61. Fantômette A C G B D

  62. Fantômette • More connection = better score A C G B D

  63. Fantômette • More connection = better score • Break tie with the random beacon A C G B D

  64. Fantômette • More connection = better score • Break tie with the random beacon • Can only reference blocks with smaller score A C G B D

  65. Fantômette • More connection = better score • Break tie with the random beacon • Can only reference blocks with smaller score A C G B D

  66. Fantômette • More connection = better score • Break tie with the random beacon • Can only reference blocks with smaller score A C G B D

  67. Fantômette • More connection = better score • Break tie with the random beacon • Can only reference blocks with smaller score A C Main chain grows faster G B D

  68. Fantômette A C G B D

  69. Fantômette A C G B D E

  70. Fantômette A C G B D E

  71. Fantômette F A C G B D E

  72. Fantômette F A C G B D E

  73. Fantômette F A C G B D E Reward connectivity

  74. Fantômette F A C G B D E Reward connectivity Punishment if not well connected

  75. Security Robustness Incentive to reference other blocks More likely to win when following the protocol Publish block as fast as possible to get more references

  76. Security

  77. Security

  78. Security Chain Growth Convergence Common prefix

  79. Security Chain Growth Convergence Score of the main chain grows faster Common prefix

  80. Security Chain Growth Convergence Score of the main chain grows faster Common prefix Chain quality

  81. Security Chain Growth Convergence Score of the main chain grows faster Common prefix Chain quality Fair leader election

  82. Decentralized Checkpointing

  83. Decentralized Checkpointing 2/3+ X1 . . . . . . Y1 Z1 Genesis block X2 . . . . . . Y2 Z2 2/3+

  84. Decentralized Checkpointing 2/3+ X1 . . . . . . Y1 Z1 Genesis block X2 . . . . . . Y2 Z2 2/3+ Candidate Blocks

  85. Decentralized Checkpointing 2/3+ X1 . . . . . . Y1 Z1 Genesis block X2 . . . . . . Y2 Z2 2/3+ Candidate Blocks x1 and x2 are justified

  86. Decentralized Checkpointing 2/3+ X1 . . . . . . Y1 Z1 Genesis block X2 . . . . . . Y2 Z2 2/3+ Candidate Blocks x1 and x2 are justified x1 and x2 are finalized

  87. Simulations payo ff for altruistic players payo ff for altruistic players payo ff for coalition of rational payo ff for coalition of players Byzantine players

  88. Simulations Longest fork Chain Quality

  89. Conclusion • blockDAG : enforce accountability • Incentivize rational players to follow the protocol • Leverage incentive to have a blockchain type pos consensus

  90. Fantômette pre-print: https://arxiv.org/abs/1805.06786 sarah.azouvi.13@ucl.ac.uk @SarahAzouvi

  91. Fantômette pre-print: https://arxiv.org/abs/1805.06786 Questions? sarah.azouvi.13@ucl.ac.uk @SarahAzouvi

Recommend


More recommend