[PDF] Information propagation in the Bitcoin network ...

Agreement with Satoshi – On the Formalization of Nakamoto Consensus

Cryptology ePrint Archive: Report 2018/400
Date: 2018-05-01
Author(s): Nicholas Stifter, Aljosha Judmayer, Philipp Schindler, Alexei Zamyatin, Edgar Weippl

Link to Paper


Abstract
The term Nakamoto consensus is generally used to refer to Bitcoin's novel consensus mechanism, by which agreement on its underlying transaction ledger is reached. It is argued that this agreement protocol represents the core innovation behind Bitcoin, because it promises to facilitate the decentralization of trusted third parties. Specifically, Nakamoto consensus seeks to enable mutually distrusting entities with weak pseudonymous identities to reach eventual agreement while the set of participants may change over time. When the Bitcoin white paper was published in late 2008, it lacked a formal analysis of the protocol and the guarantees it claimed to provide. It would take the scientific community several years before first steps towards such a formalization of the Bitcoin protocol and Nakamoto consensus were presented. However, since then the number of works addressing this topic has grown substantially, providing many new and valuable insights. Herein, we present a coherent picture of advancements towards the formalization of Nakamoto consensus, as well as a contextualization in respect to previous research on the agreement problem and fault tolerant distributed computing. Thereby, we outline how Bitcoin's consensus mechanism sets itself apart from previous approaches and where it can provide new impulses and directions to the scientific community. Understanding the core properties and characteristics of Nakamoto consensus is of key importance, not only for assessing the security and reliability of various blockchain systems that are based on the fundamentals of this scheme, but also for designing future systems that aim to fulfill comparable goals.

References
[AAC+05] Amitanand S Aiyer, Lorenzo Alvisi, Allen Clement, Mike Dahlin, Jean-Philippe Martin, and Carl Porth. Bar fault tolerance for cooperative services. In ACM SIGOPS operating systems review, volume 39, pages 45–58. ACM, 2005.
[ABSFG08] Eduardo A Alchieri, Alysson Neves Bessani, Joni Silva Fraga, and Fab´ıola Greve. Byzantine consensus with unknown participants. In Proceedings of the 12th International Conference on Principles of Distributed Systems, pages 22–40. SpringerVerlag, 2008.
[AFJ06] Dana Angluin, Michael J Fischer, and Hong Jiang. Stabilizing consensus in mobile networks. In Distributed Computing in Sensor Systems, pages 37–50. Springer, 2006.
[AJK05] James Aspnes, Collin Jackson, and Arvind Krishnamurthy. Exposing computationally-challenged byzantine impostors. Department of Computer Science, Yale University, New Haven, CT, Tech. Rep, 2005.
[AMN+16] Ittai Abraham, Dahlia Malkhi, Kartik Nayak, Ling Ren, and Alexander Spiegelman. Solidus: An incentive-compatible cryptocurrency based on permissionless byzantine consensus. https://arxiv.org/abs/1612.02916, Dec 2016. Accessed: 2017-02-06.
[AS98] Yair Amir and Jonathan Stanton. The spread wide area group communication system. Technical report, TR CNDS-98-4, The Center for Networking and Distributed Systems, The Johns Hopkins University, 1998.
[Bag00] Walter Bagehot. The english constitution, volume 3. Kegan Paul, Trench, Trubner, 1900. ¨
[Ban98] Bela Ban. Design and implementation of a reliable group communication toolkit for java, 1998.
[BBRTP07] Roberto Baldoni, Marin Bertier, Michel Raynal, and Sara Tucci-Piergiovanni. Looking for a definition of dynamic distributed systems. In International Conference on Parallel Computing Technologies, pages 1–14. Springer, 2007.
[Bit] Bitcoin community. Bitcoin-core source code. https://github.com/bitcoin/bitcoin. Accessed: 2015-06-30.
[BJ87] Ken Birman and Thomas Joseph. Exploiting virtual synchrony in distributed systems. volume 21. ACM, 1987.
[BMC+15] Joseph Bonneau, Andrew Miller, Jeremy Clark, Arvind Narayanan, Joshua A Kroll, and Edward W Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In IEEE Symposium on Security and Privacy, 2015.
[BO83] Michael Ben-Or. Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In Proceedings of the second annual ACM symposium on Principles of distributed computing, pages 27–30. ACM, 1983.
[BPS16a] Iddo Bentov, Rafael Pass, and Elaine Shi. The sleepy model of consensus. https://eprint.iacr.org/2016/918.pdf, 2016. Accessed: 2016-11-08.
[BPS16b] Iddo Bentov, Rafael Pass, and Elaine Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2016-11-08.
[BR09] Franc¸ois Bonnet and Michel Raynal. The price of anonymity: Optimal consensus despite asynchrony, crash and anonymity. In Proceedings of the 23rd international conference on Distributed computing, pages 341–355. Springer-Verlag, 2009.
[Bre00] EA Brewer. Towards robust distributed systems. abstract. In Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing, page 7, 2000.
[BSAB+17] Shehar Bano, Alberto Sonnino, Mustafa Al-Bassam, Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn, and George Danezis. Consensus in the age of blockchains. arXiv:1711.03936, 2017. Accessed:2017-12-11.
[BT16] Zohir Bouzid and Corentin Travers. Anonymity-preserving failure detectors. In International Symposium on Distributed Computing, pages 173–186. Springer, 2016.
[Can00] Ran Canetti. Security and composition of multiparty cryptographic protocols. Journal of CRYPTOLOGY, 13(1):143–202, 2000.
[Can01] Ran Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Foundations of Computer Science, 2001. Proceedings. 42nd IEEE Symposium on, pages 136–145. IEEE, 2001.
[CFN90] David Chaum, Amos Fiat, and Moni Naor. Untraceable electronic cash. In Proceedings on Advances in cryptology, pages 319–327. Springer-Verlag New York, Inc., 1990.
[CGR07] Tushar D Chandra, Robert Griesemer, and Joshua Redstone. Paxos made live: an engineering perspective. In Proceedings of the twenty-sixth annual ACM symposium on Principles of distributed computing, pages 398–407. ACM, 2007.
[CGR11] Christian Cachin, Rachid Guerraoui, and Luis Rodrigues. Introduction to reliable and secure distributed programming. Springer Science & Business Media, 2011.
[CKS00] Christian Cachin, Klaus Kursawe, and Victor Shoup. Random oracles in constantinople: Practical asynchronous byzantine agreement using cryptography. In Proceedings of the nineteenth annual ACM symposium on Principles of distributed computing, pages 123–132. ACM, 2000.
[CL+99] Miguel Castro, Barbara Liskov, et al. Practical byzantine fault tolerance. In OSDI, volume 99, pages 173–186, 1999.
[CL02] Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS), 20(4):398–461, 2002.
[CNV04] Miguel Correia, Nuno Ferreira Neves, and Paulo Verissimo. How to tolerate half less one byzantine nodes in practical distributed systems. In Reliable Distributed Systems, 2004. Proceedings of the 23rd IEEE International Symposium on, pages 174–183. IEEE, 2004.
[Coo09] J. L. Coolidge. The gambler’s ruin. Annals of Mathematics, 10(4):181–192, 1909.
[Cri91] Flaviu Cristian. Reaching agreement on processor-group membrship in synchronous distributed systems. Distributed Computing, 4(4):175–187, 1991.
[CT96] Tushar Deepak Chandra and Sam Toueg. Unreliable failure detectors for reliable distributed systems. volume 43, pages 225–267. ACM, 1996.
[CV17] Christian Cachin and Marko Vukolic. Blockchain con- ´sensus protocols in the wild. arXiv:1707.01873, 2017. Accessed:2017-09-26.
[CVL10] Miguel Correia, Giuliana S Veronese, and Lau Cheuk Lung. Asynchronous byzantine consensus with 2f+ 1 processes. In Proceedings of the 2010 ACM symposium on applied computing, pages 475–480. ACM, 2010.
[CVNV11] Miguel Correia, Giuliana Santos Veronese, Nuno Ferreira Neves, and Paulo Verissimo. Byzantine consensus in asynchronous message-passing systems: a survey. volume 2, pages 141–161. Inderscience Publishers, 2011.
[CWA+09] Allen Clement, Edmund L Wong, Lorenzo Alvisi, Michael Dahlin, and Mirco Marchetti. Making byzantine fault tolerant systems tolerate byzantine faults. In NSDI, volume 9, pages 153–168, 2009.
[DDS87] Danny Dolev, Cynthia Dwork, and Larry Stockmeyer. On the minimal synchronism needed for distributed consensus. volume 34, pages 77–97. ACM, 1987.
[Dei] Wei Dei. b-money. http://www.weidai.com/bmoney.txt. Accessed on 03/03/2017.
[DGFGK10] Carole Delporte-Gallet, Hugues Fauconnier, Rachid Guerraoui, and Anne-Marie Kermarrec. Brief announcement: Byzantine agreement with homonyms. In Proceedings of the twentysecond annual ACM symposium on Parallelism in algorithms and architectures, pages 74–75. ACM, 2010.
[DGG02] Assia Doudou, Benoˆıt Garbinato, and Rachid Guerraoui. Encapsulating failure detection: From crash to byzantine failures. In International Conference on Reliable Software Technologies, pages 24–50. Springer, 2002.
[DGKR17] Bernardo David, Peter Gazi, Aggelos Kiayias, and Alexan- ˇder Russell. Ouroboros praos: An adaptively-secure, semisynchronous proof-of-stake protocol. Cryptology ePrint Archive, Report 2017/573, 2017. Accessed: 2017-06-29.
[DLP+86] Danny Dolev, Nancy A Lynch, Shlomit S Pinter, Eugene W Stark, and William E Weihl. Reaching approximate agreement in the presence of faults. volume 33, pages 499–516. ACM, 1986.
[DLS88] Cynthia Dwork, Nancy Lynch, and Larry Stockmeyer. Consensus in the presence of partial synchrony. volume 35, pages 288–323. ACM, 1988.
[DN92] Cynthia Dwork and Moni Naor. Pricing via processing or combatting junk mail. In Annual International Cryptology Conference, pages 139–147. Springer, 1992.
[Dol81] Danny Dolev. Unanimity in an unknown and unreliable environment. In Foundations of Computer Science, 1981. SFCS’81. 22nd Annual Symposium on, pages 159–168. IEEE, 1981.
[Dou02] John R Douceur. The sybil attack. In International Workshop on Peer-to-Peer Systems, pages 251–260. Springer, 2002.
[DSU04] Xavier Defago, Andr ´ e Schiper, and P ´ eter Urb ´ an. Total order ´ broadcast and multicast algorithms: Taxonomy and survey. ACM Computing Surveys (CSUR), 36(4):372–421, 2004.
[DW13] Christian Decker and Roger Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
[EGSvR16] Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, and Robbert van Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
[ES14] Ittay Eyal and Emin Gun Sirer. Majority is not enough: Bitcoin ¨ mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
[Fin04] Hal Finney. Reusable proofs of work (rpow). http://web.archive.org/web/20071222072154/http://rpow.net/, 2004. Accessed: 2016-04-31.
[Fis83] Michael J Fischer. The consensus problem in unreliable distributed systems (a brief survey). In International Conference on Fundamentals of Computation Theory, pages 127–140. Springer, 1983.
[FL82] Michael J FISCHER and Nancy A LYNCH. A lower bound for the time to assure interactive consistency. volume 14, Jun 1982.
[FLP85] Michael J Fischer, Nancy A Lynch, and Michael S Paterson. Impossibility of distributed consensus with one faulty process. volume 32, pages 374–382. ACM, 1985.
[Fuz08] Rachele Fuzzati. A formal approach to fault tolerant distributed consensus. PhD thesis, EPFL, 2008.
[GHM+17] Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, and Nickolai Zeldovich. Algorand: Scaling byzantine agreements for cryptocurrencies. Cryptology ePrint Archive, Report 2017/454, 2017. Accessed: 2017-06-29.
[GKL15] Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology-EUROCRYPT 2015, pages 281–310. Springer, 2015.
[GKL16] Juan A. Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol with chains of variable difficulty. http://eprint.iacr.org/2016/1048.pdf, 2016. Accessed: 2017-02-06.
[GKP17] Juan A. Garay, Aggelos Kiayias, and Giorgos Panagiotakos. Proofs of work for blockchain protocols. Cryptology ePrint Archive, Report 2017/775, 2017. http://eprint.iacr.org/2017/775.
[GKQV10] Rachid Guerraoui, Nikola Knezevi ˇ c, Vivien Qu ´ ema, and Marko ´ Vukolic. The next 700 bft protocols. In ´ Proceedings of the 5th European conference on Computer systems, pages 363–376. ACM, 2010.
[GKTZ12] Adam Groce, Jonathan Katz, Aishwarya Thiruvengadam, and Vassilis Zikas. Byzantine agreement with a rational adversary. pages 561–572. Springer, 2012.
[GKW+16] Arthur Gervais, Ghassan O Karame, Karl Wust, Vasileios ¨ Glykantzis, Hubert Ritzdorf, and Srdjan Capkun. On the security and performance of proof of work blockchains. https://eprint.iacr.org/2016/555.pdf, 2016. Accessed: 2016-08-10.
[GL02] Seth Gilbert and Nancy Lynch. Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services. volume 33, pages 51–59. ACM, 2002.
[GRKC15] Arthur Gervais, Hubert Ritzdorf, Ghassan O Karame, and Srdjan Capkun. Tampering with the delivery of blocks and transactions in bitcoin. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 692–705. ACM, 2015.
[Her88] Maurice P Herlihy. Impossibility and universality results for wait-free synchronization. In Proceedings of the seventh annual ACM Symposium on Principles of distributed computing, pages 276–290. ACM, 1988.
[Her91] Maurice Herlihy. Wait-free synchronization. ACM Transactions on Programming Languages and Systems (TOPLAS), 13(1):124–149, 1991.
[HKZG15] Ethan Heilman, Alison Kendler, Aviv Zohar, and Sharon Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
[Hoe07] Jaap-Henk Hoepman. Distributed double spending prevention. In Security Protocols Workshop, pages 152–165. Springer, 2007.
[HT94] Vassos Hadzilacos and Sam Toueg. A modular approach to fault-tolerant broadcasts and related problems. Cornell University Technical Report 94-1425, 1994.
[IT08] Hideaki Ishii and Roberto Tempo. Las vegas randomized algorithms in distributed consensus problems. In 2008 American Control Conference, pages 2579–2584. IEEE, 2008.
[JB99] Ari Juels and John G Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, volume 99, pages 151–165, 1999.
[KMMS01] Kim Potter Kihlstrom, Louise E Moser, and P Michael MelliarSmith. The securering group communication system. ACM Transactions on Information and System Security (TISSEC), 4(4):371–406, 2001.
[KMMS03] Kim Potter Kihlstrom, Louise E Moser, and P Michael MelliarSmith. Byzantine fault detectors for solving consensus. volume 46, pages 16–35. Br Computer Soc, 2003.
[KMTZ13] Jonathan Katz, Ueli Maurer, Bjorn Tackmann, and Vassilis ¨ Zikas. Universally composable synchronous computation. In TCC, volume 7785, pages 477–498. Springer, 2013.
[KP15] Aggelos Kiayias and Giorgos Panagiotakos. Speed-security tradeoff s in blockchain protocols. https://eprint.iacr.org/2015/1019.pdf, Oct 2015. Accessed: 2016-10-17.
[KP16] Aggelos Kiayias and Giorgos Panagiotakos. On trees, chains and fast transactions in the blockchain. http://eprint.iacr.org/2016/545.pdf, 2016. Accessed: 2017-02-06.
[KRDO16] Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. https://pdfs.semanticscholar.org/1c14/549f7ba7d6a000d79a7d12255eb11113e6fa.pdf, 2016. Accessed: 2017-02-20.
[Lam84] Leslie Lamport. Using time instead of timeout for fault-tolerant distributed systems. volume 6, pages 254–280. ACM, 1984.
[Lam98] Leslie Lamport. The part-time parliament. volume 16, pages 133–169. ACM, 1998.
[LCW+06] Harry C Li, Allen Clement, Edmund L Wong, Jeff Napper, Indrajit Roy, Lorenzo Alvisi, and Michael Dahlin. Bar gossip. In Proceedings of the 7th symposium on Operating systems design and implementation, pages 191–204. USENIX Association, 2006.
[LSM06] Brian Neil Levine, Clay Shields, and N Boris Margolin. A survey of solutions to the sybil attack. University of Massachusetts Amherst, Amherst, MA, 7, 2006.
[LSP82] Leslie Lamport, Robert Shostak, and Marshall Pease. The byzantine generals problem. volume 4, pages 382–401. ACM, 1982.
[LSZ15] Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
[LTKS15] Loi Luu, Jason Teutsch, Raghav Kulkarni, and Prateek Saxena. Demystifying incentives in the consensus computer. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 706–719. ACM, 2015.
[Lyn96] Nancy A Lynch. Distributed algorithms. Morgan Kaufmann, 1996.
[Mic16] Silvio Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
[Mic17] Silvio Micali. Byzantine agreement, made trivial. https://people.csail.mit.edu/silvio/SelectedApr 2017. Accessed:2018-02-21.
[MJ14] A Miller and LaViola JJ. Anonymous byzantine consensus from moderately-hard puzzles: A model for bitcoin. https://socrates1024.s3.amazonaws.com/consensus.pdf, 2014. Accessed: 2016-03-09.
[MMRT03] Dahlia Malkhi, Michael Merritt, Michael K Reiter, and Gadi Taubenfeld. Objects shared by byzantine processes. volume 16, pages 37–48. Springer, 2003.
[MPR01] Hugo Miranda, Alexandre Pinto, and Luıs Rodrigues. Appia, a flexible protocol kernel supporting multiple coordinated channels. In Distributed Computing Systems, 2001. 21st International Conference on., pages 707–710. IEEE, 2001.
[MR97] Dahlia Malkhi and Michael Reiter. Unreliable intrusion detection in distributed computations. In Computer Security Foundations Workshop, 1997. Proceedings., 10th, pages 116–124. IEEE, 1997.
[MRT00] Achour Mostefaoui, Michel Raynal, and Fred´ eric Tronel. From ´ binary consensus to multivalued consensus in asynchronous message-passing systems. Information Processing Letters, 73(5-6):207–212, 2000.
[MXC+16] Andrew Miller, Yu Xia, Kyle Croman, Elaine Shi, and Dawn Song. The honey badger of bft protocols. https://eprint.iacr.org/2016/199.pdf, 2016. Accessed: 2017-01-10.
[Nak08a] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2015-07-01.
[Nak08b] Satoshi Nakamoto. Bitcoin p2p e-cash paper, 2008.
[Nar16] Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton bitcoin book.pdf?a=1, 2016. Accessed: 2016-03-29.
[Nei94] Gil Neiger. Distributed consensus revisited. Information processing letters, 49(4):195–201, 1994.
[NG16] Christopher Natoli and Vincent Gramoli. The blockchain anomaly. In Network Computing and Applications (NCA), 2016 IEEE 15th International Symposium on, pages 310–317. IEEE, 2016.
[NKMS16] Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
[PS16a] Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. http://eprint.iacr.org/2016/916.pdf, 2016. Accessed: 2016-11-08.
[PS16b] Rafael Pass and Elaine Shi. Hybrid consensus: Scalable permissionless consensus. https://eprint.iacr.org/2016/917.pdf, Sep 2016. Accessed: 2016-10-17.
[PS17] Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. Cryptology ePrint Archive, Report 2017/913, 2017. Accessed:2017-09-26.
[PSL80] Marshall Pease, Robert Shostak, and Leslie Lamport. Reaching agreement in the presence of faults. volume 27, pages 228–234. ACM, 1980.
[PSs16] Rafael Pass, Lior Seeman, and abhi shelat. Analysis of the blockchain protocol in asynchronous networks. http://eprint.iacr.org/2016/454.pdf, 2016. Accessed: 2016-08-01.
[Rab83] Michael O Rabin. Randomized byzantine generals. In Foundations of Computer Science, 1983., 24th Annual Symposium on, pages 403–409. IEEE, 1983.
[Rei96] Michael K Reiter. A secure group membership protocol. volume 22, page 31, 1996.
[Ric93] Aleta M Ricciardi. The group membership problem in asynchronous systems. PhD thesis, Cornell University, 1993.
[Ros14] M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.
[RSW96] Ronald L Rivest, Adi Shamir, and David A Wagner. Time-lock puzzles and timed-release crypto. 1996.
[Sch90] Fred B Schneider. Implementing fault-tolerant services using the state machine approach: A tutorial. volume 22, pages 299–319. ACM, 1990.
[SLZ16] Yonatan Sompolinsky, Yoad Lewenberg, and Aviv Zohar. Spectre: A fast and scalable cryptocurrency protocol. Cryptology ePrint Archive, Report 2016/1159, 2016. Accessed: 2017-02-20.
[SSZ15] Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. http://arxiv.org/pdf/1507.06183.pdf, 2015. Accessed: 2016-08-22.
[SW16] David Stolz and Roger Wattenhofer. Byzantine agreement with median validity. In LIPIcs-Leibniz International Proceedings in Informatics, volume 46. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2016.
[Swa15] Tim Swanson. Consensus-as-a-service: a brief report on the emergence of permissioned, distributed ledger systems. http://www.ofnumbers.com/wp-content/uploads/2015/04/Permissioned-distributed-ledgers.pdf, Apr 2015. Accessed: 2017-10-03.
[SZ13] Yonatan Sompolinsky and Aviv Zohar. Accelerating bitcoin’s transaction processing. fast money grows on trees, not chains, 2013.
[SZ16] Yonatan Sompolinsky and Aviv Zohar. Bitcoin’s security model revisited. http://arxiv.org/pdf/1605.09193, 2016. Accessed: 2016-07-04.
[Sza14] Nick Szabo. The dawn of trustworthy computing. http://unenumerated.blogspot.co.at/2014/12/the-dawn-of-trustworthy-computing.html, 2014. Accessed: 2017-12-01.
[TS16] Florian Tschorsch and Bjorn Scheuermann. Bitcoin and ¨ beyond: A technical survey on decentralized digital currencies. In IEEE Communications Surveys Tutorials, volume PP, pages 1–1, 2016.
[VCB+13] Giuliana Santos Veronese, Miguel Correia, Alysson Neves Bessani, Lau Cheuk Lung, and Paulo Verissimo. Efficient byzantine fault-tolerance. volume 62, pages 16–30. IEEE, 2013.
[Ver03] Paulo Ver´ıssimo. Uncertainty and predictability: Can they be reconciled? In Future Directions in Distributed Computing, pages 108–113. Springer, 2003.
[Vuk15] Marko Vukolic. The quest for scalable blockchain fabric: ´ Proof-of-work vs. bft replication. In International Workshop on Open Problems in Network Security, pages 112–125. Springer, 2015.
[Vuk16] Marko Vukolic. Eventually returning to strong consistency. https://pdfs.semanticscholar.org/a6a1/b70305b27c556aac779fb65429db9c2e1ef2.pdf, 2016. Accessed: 2016-08-10.
[XWS+17] Xiwei Xu, Ingo Weber, Mark Staples, Liming Zhu, Jan Bosch, Len Bass, Cesare Pautasso, and Paul Rimba. A taxonomy of blockchain-based systems for architecture design. In Software Architecture (ICSA), 2017 IEEE International Conference on , pages 243–252. IEEE, 2017.
[YHKC+16] Jesse Yli-Huumo, Deokyoon Ko, Sujin Choi, Sooyong Park, and Kari Smolander. Where is current research on blockchain technology? – a systematic review. volume 11, page e0163477. Public Library of Science, 2016.
[ZP17] Ren Zhang and Bart Preneel. On the necessity of a prescribed block validity consensus: Analyzing bitcoin unlimited mining protocol. http://eprint.iacr.org/2017/686, 2017. Accessed: 2017-07-20.
submitted by dj-gutz to myrXiv [link] [comments]

Echoes of the Past: Recovering Blockchain Metrics From Merged Mining

Cryptology ePrint Archive: Report 2018/1134
Date: 2018-11-22
Author(s): Nicholas Stifter, Philipp Schindler, Aljosha Judmayer, Alexei Zamyatin, Andreas Kern, Edgar Weippl

Link to Paper


Abstract
So far, the topic of merged mining has mainly been considered in a security context, covering issues such as mining power centralization or crosschain attack scenarios. In this work we show that key information for determining blockchain metrics such as the fork rate can be recovered through data extracted from merge mined cryptocurrencies. Specifically, we reconstruct a long-ranging view of forks and stale blocks in Bitcoin from its merge mined child chains, and compare our results to previous findings that were derived from live measurements. Thereby, we show that live monitoring alone is not sufficient to capture a large majority of these events, as we are able to identify a non-negligible portion of stale blocks that were previously unaccounted for. Their authenticity is ensured by cryptographic evidence regarding both, their position in the respective blockchain, as well as the Proof-of-Work difficulty.
Furthermore, by applying this new technique to Litecoin and its child cryptocur rencies, we are able to provide the first extensive view and lower bound on the stale block and fork rate in the Litecoin network. Finally, we outline that a recovery of other important metrics and blockchain characteristics through merged mining may also be possible.

References
  1. C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10. [Online]. Available: http://diyhpl.us/∼bryan/papers2/bitcoin/Information% 20propagation%20in%20the%20Bitcoin%20network.pdf
  2. A. Gervais, G. O. Karame, K. Wust, V. Glykantzis, H. Ritzdo rf, and S. Capkun, “On the ¨ security and performance of proof of work blockchains,” in Proceedings of the 2016 ACM SIGSAC. ACM, 2016, pp. 3–16.
  3. A. E. Gencer, S. Basu, I. Eyal, R. van Renesse, and E. G. Sirer, “Decentralization in bitcoin and ethereum networks,” in Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC). Springer, 2018. [Online]. Available: http://fc18.ifca.ai/preproceedings/75.pdf
  4. I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454. [Online]. Available: http://arxiv.org/pdf/1311.0243
  5. K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” in 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016. [Online]. Available: http://eprint.iacr.org/2015/796.pdf
  6. A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” http://arxiv.org/pdf/1507.06183.pdf, 2015, accessed: 2016-08-22. [Online]. Available: http://arxiv.org/pdf/1507.06183.pdf
  7. J. Bonneau, “Why buy when you can rent? bribery attacks on bitcoin consensus,” in BITCOIN ’16: Proceedings of the 3rd Workshop on Bitcoin and Blockchain Research, February 2016. [Online]. Available: http://fc16.ifca.ai/bitcoin/papers/Bon16b.pdf
  8. K. Liao and J. Katz, “Incentivizing blockchain forks via whale transactions,” in International Conference on Financial Cryptography and Data Security. Springer, 2017, pp. 264–279. [Online]. Available: http://www.cs.umd.edu/∼jkatz/papers/whale-txs.pdf
  9. P. McCorry, A. Hicks, and S. Meiklejohn, “Smart contracts for bribing miners,” in 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018. [Online]. Available: http://fc18.ifca.ai/bitcoin/papers/bitcoin18-final14.pdf
  10. A. Zamyatin, N. Stifter, A. Judmayer, P. Schindler, E. Weippl, and W. J. Knottebelt, “(Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice,” in 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018. [Online]. Available: https://eprint.iacr.org/2018/087.pdf
  11. Blockchain.com, “Blockchain.com orphaned blocks,” https://www.blockchain.com/btc/orphaned-blocks, Blockchain.com, accessed: 2018-09-25.
  12. BitcoinChain.com, “Bitcoinchain bitcoin block explorer,” https://bitcoinchain.com/blockexplorer, BitcoinChain.com, accessed: 2018-09-25.
  13. ChainQuery.com, “A web based interface to the bitcoin api json-rpc,” http://chainquery.com/bitcoin-api, ChainQuery.com, accessed: 2018-09-25.
  14. L. Project, “Litecoin,” https://litecoin.org/, accessed: 2016-03-29.
  15. Y. Sompolinsky and A. Zohar, “Accelerating bitcoin’s transaction processing. fast money grows on trees, not chains,” p. 881, 2013. [Online]. Available: http://eprint.iacr.org/2013/881.pdf
  16. A. Miller and L. JJ, “Anonymous byzantine consensus from moderately-hard puzzles: A model for bitcoin,” https://socrates1024.s3.amazonaws.com/consensus.pdf, 2014, accessed: 2016-03-09. [Online]. Available: https://socrates1024.s3.amazonaws.com/consensus.pdf
  17. J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310. [Online]. Available: http://courses.cs.washington.edu/courses/cse454/15wi/papers/bitcoin765.pdf
  18. R. Pass and E. Shi, “Fruitchains: A fair blockchain,” http://eprint.iacr.org/2016/916.pdf, 2016, accessed: 2016-11-08. [Online]. Available: http://eprint.iacr.org/2016/916.pdf
  19. R. Pass, L. Seeman, and a. shelat, “Analysis of the blockchain protocol in asynchronous networks,” http://eprint.iacr.org/2016/454.pdf, 2016, accessed: 2016-08-01. [Online]. Available: http://eprint.iacr.org/2016/454.pdf
  20. K. Croman, C. Decker, I. Eyal, A. E. Gencer, A. Juels, A. Kosba, A. Miller, P. Saxena, E. Shi, and E. Gun, “On scaling decentralized blockchains,” in ¨ 3rd Workshop on Bitcoin and Blockchain Research, Financial Cryptography 16, 2016. [Online]. Available: http://www.tik.ee.ethz.ch/file/74bc987e6ab4a8478c04950616612f69/main.pdf
  21. A. Kiayias and G. Panagiotakos, “On trees, chains and fast transactions in the blockchain.” http://eprint.iacr.org/2016/545.pdf, 2016, accessed: 2017-02-06. [Online]. Available: http://eprint.iacr.org/2016/545.pdf
  22. Y. Sompolinsky, Y. Lewenberg, and A. Zohar, “Spectre: A fast and scalable cryptocurrency protocol,” Cryptology ePrint Archive, Report 2016/1159, 2016, accessed: 2017-02-20. [Online]. Available: http://eprint.iacr.org/2016/1159.pdf
  23. Y. Sompolinsky and A. Zohar, “Phantom: A scalable blockdag protocol,” Cryptology ePrint Archive, Report 2018/104, 2018, accessed:2018-01-31. [Online]. Available: https://eprint.iacr.org/2018/104.pdf
  24. Bitcoin community, “Bitcoin-core source code,” https://github.com/bitcoin/bitcoin, accessed: 2018-09-25.
  25. A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes,” http://cs.umd.edu/projects/coinscope/coinscope.pdf, May 2015, accsessed: 2016-03-09. [Online]. Available: http://cs.umd.edu/projects/coinscope/coinscope.pdf
  26. chainz.cryptoid.info/, “Chainz blockchain explorers,” chainz.cryptoid.info/, chainz.cryptoid.info/, accessed: 2018-09-25.
  27. Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven, “Bitcoin and cryptocurrency technologies,” http://bitcoinbook.cs.princeton.edu/, 2016, accessed: 2016-03-29. [Online]. Available: https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton bitcoin book.pdf
  28. A. Judmayer, A. Zamyatin, N. Stifter, A. G. Voyiatzis, and E. Weippl, “Merged mining: Curse or cure?” in CBT’17: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2017. [Online]. Available: https://eprint.iacr.org/2017/791.pdf
  29. M. Jakobsson and A. Juels, “Proofs of work and bread pudding protocols,” in Secure Information Networks. Springer, 1999, pp. 258–272. [Online]. Available: https://link.springer.com/content/pdf/10.1007/978-0-387-35568-9 18.pdf
  30. A. Judmayer, N. Stifter, K. Krombholz, and E. Weippl, “Blocks and chains: Introduction to bitcoin, cryptocurrencies, and their consensus mechanisms,” Synthesis Lectures on Information Security, Privacy, and Trust, 2017.
  31. A. Kiayias, A. Miller, and D. Zindros, “Non-interactive proofs of proof-of-work,” Cryptology ePrint Archive, Report 2017/963, 2017, accessed:2017-10-03. [Online]. Available: https://eprint.iacr.org/2017/963.pdf
  32. Namecoin community, “Namecoin source code - chainparams.cpp,” https://github.com/namecoin/namecoin-core/blob/fdfb20fc263a72acc2a3c460b56b64245c1bedcb/src/chainparams.cpp#L123, accessed: 2018-09-25.
  33. ——, “Namecoin source code - auxpow.cpp,” https://github.com/namecoin/namecoincore/blob/fdfb20fc263a72acc2a3c460b56b64245c1bedcb/src/auxpow.cpp#L177-L200, accessed: 2018-09-25.
  34. I0Coin community, “I0coin source code,” https://github.com/domob1812/i0coin, accessed: 2018-09-25.
  35. S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” https://bitcoin.org/bitcoin.pdf, Dec 2008, accessed: 2015-07-01. [Online]. Available: https://bitcoin.org/bitcoin.pdf
  36. N. T. Courtois and L. Bahack, “On subversive miner strategies and block withholding attack in bitcoin digital currency,” arXiv preprint arXiv:1402.1718, 2014, accessed: 2016-07-04. [Online]. Available: https://arxiv.org/pdf/1402.1718.pdf
  37. J. Gobel, P. Keeler, A. E. Krzesinski, and P. G. Taylor, “Bitcoin blockchain dynamics: the ¨ selfish-mine strategy in the presence of propagation delay,” http://arxiv.org/pdf/1505.05343.pdf, 2015, accessed: 2015-03-01. [Online]. Available: http://arxiv.org/pdf/1505.05343.pdf
  38. N. Developers, “Neo4j,” 2012.
  39. Gavin Andresen, “Bitcoin improvement proposal 34 (bip34): Block v2, height in coinbase,” https://github.com/bitcoin/bips/blob/mastebip-0034.mediawiki, accessed: 2018-09-25. [Online]. Available: https://github.com/bitcoin/bips/blob/mastebip-0034.mediawiki
  40. Matt Corello, “Fast internet bitcoin relay engine,” http://bitcoinfibre.org/, accessed: 2018-09-25. [Online]. Available: http://bitcoinfibre.org/
  41. Suhas Daftuar, “sendheaders message,” https://github.com/bitcoin/bips/wiki/Comments:BIP-0130, accessed: 2018-09-25. [Online]. Available: https://github.com/bitcoin/bips/wiki/Comments:BIP-0130
  42. R. Bowden, H. P. Keeler, A. E. Krzesinski, and P. G. Taylor, “Block arrivals in the bitcoin blockchain,” 2018. [Online]. Available: https://arxiv.org/pdf/1801.07447.pdf
  43. GeistGeld community, “Geistgeld source code,” https://github.com/Lolcust/GeistGeld, accessed: 2018-09-25.
  44. A. P. Ozisik, G. Bissias, and B. Levine, “Estimation of miner hash rates and consensus on blockchains,” arXiv preprint arXiv:1707.00082, 2017, accessed:2017-09-25. [Online]. Available: https://arxiv.org/pdf/1707.00082.pdf
  45. E. Duffield and D. Diaz, “Dash: A payments-focused cryptocurrency,” https://github.com/dashpay/dash/wiki/Whitepaper, Aug 2013, accessed: 2018-09-25. [Online]. Available: https://github.com/dashpay/dash/wiki/Whitepaper
  46. N. Van Saberhagen, “Cryptonote v 2.0,” https://cryptonote.org/whitepaper.pdf, Oct 2013. [Online]. Available: https://cryptonote.org/whitepaper.pdf
  47. G. Hall, “Guide: Merge mining 6 scrypt coins at full hashpower, simultaneously,” https://www.ccn.com/guide-simultaneously-mining-5-scrypt-coins-full-hashpowe, Apr 2014, accessed: 2018-09-25. [Online]. Available: https://www.ccn.com/guide-simultaneouslymining-5-scrypt-coins-full-hashpowe
  48. united-scrypt coin, “[ann][usc] first merged minable scryptcoin unitedscryptcoin,” https://bitcointalk.org/index.php?topic=353688.0, Nov 2013, accessed: 2018-09-25. [Online]. Available: https://bitcointalk.org/index.php?topic=353688.0
  49. J. A. D. Donet, C. Perez-Sola, and J. Herrera-Joancomart ´ ´ı, “The bitcoin p2p network,” in Financial Cryptography and Data Security. Springer, 2014, pp. 87–102. [Online]. Available: http://fc14.ifca.ai/bitcoin/papers/bitcoin14 submission 3.pdf
  50. M. Bartoletti and L. Pompianu, “An analysis of bitcoin op return metadata,” https://arxiv.org/pdf/1702.01024.pdf, 2017, accessed: 2017-03-09. [Online]. Available: https://arxiv.org/pdf/1702.01024.pdf
  51. R. Matzutt, J. Hiller, M. Henze, J. H. Ziegeldorf, D. Mullmann, O. Hohlfeld, and K. Wehrle, ¨ “A quantitative analysis of the impact of arbitrary blockchain content on bitcoin,” in Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC). Springer, 2018. [Online]. Available: http://fc18.ifca.ai/preproceedings/6.pdf
  52. M. Grundmann, T. Neudecker, and H. Hartenstein, “Exploiting transaction accumulation and double spends for topology inference in bitcoin,” in 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018. [Online]. Available: http://fc18.ifca.ai/bitcoin/papers/bitcoin18-final10.pdf
  53. A. Judmayer, N. Stifter, P. Schindler, and E. Weippl, “Pitchforks in cryptocurrencies: Enforcing rule changes through offensive forking- and consensus techniques (short paper),” in CBT’18: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2018. [Online]. Available: https://www.sba-research.org/wpcontent/uploads/2018/09/judmayer2018pitchfork 2018-09-05.pdf
submitted by dj-gutz to myrXiv [link] [comments]

Security of the Blockchain against Long Delay Attack

Cryptology ePrint Archive: Report 2018/800
Date: 2018-08-31
Author(s): Puwen Wei, Quan Yuan, Yuliang Zheng

Link to Paper


Abstract
The consensus protocol underlying Bitcoin (the blockchain) works remarkably well in practice. However proving its security in a formal setting has been an elusive goal. A recent analytical result by Pass, Seeman and shelat indicates that an idealized blockchain is indeed secure against attacks in an asynchronous network where messages are maliciously delayed by at most Δ≪1/npΔ≪1/np, with nn being the number of miners and pp the mining hardness. This paper improves upon the result by showing that if appropriate inconsistency tolerance is allowed the blockchain can withstand even more powerful external attacks in the honest miner setting. Specifically we prove that the blockchain is secure against long delay attacks with Δ≥1/npΔ≥1/np in an asynchronous network.

References
  1. Badertscher, C., Garay, J., Maurer, U., Tschudi, D., Zikas, V.: But why does it work? a rational protocol design treatment of bitcoin. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 34–65. Springer, Cham (2018)
  2. Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: Decentralized anonymous payment from bitcoin. IEEE Symposium on Security and Privacy pp. 459–474 (2014)
  3. Carlsten, M., Kalodner, H.A., Weinberg, S.M., Narayanan, A.: On the instability of bitcoin without the block reward. In: ACM CCS 2016. pp. 154–167. ACM Press, New York (2016)
  4. Daian, P., Pass, R., Shi, E.: Snow white: Provably secure proofs of stake. IACR Cryptology ePrint Archive, Report 2016/919 (2016)
  5. David, B., Gaˇzi, P., Kiayias, A., Russell, A.: Ouroboros Praos: An adaptivelysecure, semi-synchronous proof-of-stake protocol. In: Nielsen, J., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 66–98. Springer, Cham (2018)
  6. Decker, C., Wattenhofer, R.: Information propagation in the bitcoin network. In: 13th IEEE International Conference on Peer-to-Peer Computing. pp. 1–10. IEEE Computer Society Press (2013)
  7. Dubhashi, D.P., Panconesi, A.: Concentration of measure for the analysis of randomized algorithms. Cambridge University Press (2009)
  8. Eyal, I., Sirer, E.G.: Majority is not enough: Bitcoin mining is vulnerable. In: Christin, N., Safavi-Naini, R. (eds.) FC 2014. LNCS, vol. 8437, pp. 436–454. Springer, Berlin, Heidelberg (2014)
  9. Eyal, I., Sirer, E.G.: The miner’s dilemma. In: 2015 IEEE Symposium on Security and Privacy. vol. 2015-7, pp. 89–103. IEEE Computer Society Press (2015)
  10. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: Analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Berlin, Heidelberg (2015)
  11. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 291–323. Springer, Cham (2017)
  12. Gervais, A., Karame, G.O., Wust, K., Glykantzis, V., Ritzdorf, H., Capkun, S.: On the security and performance of proof of work blockchains. In: ACM CCS 2016. pp. 3–16. ACM Press (2016)
  13. Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: Scaling byzantine agreements for cryptocurrencies. IACR Cryptology ePrint Archive, Report 2017/454 (2017)
  14. Heilman, E., Kendler, A., Zohar, A., Goldberg, S.: Eclipse attacks on bitcoins peer-to-peer network. In: Jung, J. (ed.) 24th USENIX Security Symposium. pp. 129–144. USENIX Association (2015)
  15. Kiayias, A., Koutsoupias, E., Kyropoulou, M., Tselekounis, Y.: Blockchain mining games. In: 2016 ACM Conference on Economics and Computation. pp. 365–382. ACM Press (2016)
  16. Kiayias, A., Panagiotakos, G.: Speed-security tradeoffs in blockchain protocols. IACR Cryptology ePrint Archive: Report 2015/1019 (2016)
  17. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: A provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017) Security of the Blockchain against Long Delay Attack 23
  18. Miller, A., LaViola, J.J.: Anonymous byzantine consensus from moderately-hard puzzles: A model of bitcoin. University of Central Florida. Tech Report, CS-TR14-01 (2014)
  19. Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system (2008)
  20. Natoli, C., Gramoli, V.: The balance attack against proof-of-work blockchains: The R3 testbed as an example. Computing Research Repository (2016), arXiv:1612.09426
  21. Nayak, K., Kumar, S., Miller, A., Shi, E.: Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In: 2016 IEEE European Symposium on Security and Privacy. vol. 142, pp. 305–320. IEEE Computer Society Press (2016)
  22. Pass, R., Seeman, L., abhi shelat: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J., Nielsen, J. (eds.) Advances in Cryptology - EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer-Verlag, Cham (2017)
  23. Pass, R., Shi, E.: Fruitchains: A fair blockchain. In: ACM Symposium on Principles of Distributed Computing. pp. 315–324. ACM Press (2017)
  24. Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017)
  25. Pass, R., Shi, E.: Thunderella: Blockchains with optimistic instant confirmation. In: Nielsen., J., Rijmen, V. (eds.) EUROCRYPT 2018. vol. 10821, pp. 3–33. Springer (2018)
  26. Rosenfeld, M.: Analysis of bitcoin pooled mining reward systems. arXiv preprint:1112.4980 (2011), arXiv:1112.4980
  27. Sapirshtein, A., Sompolinsky, Y., Zohar, A.: Optimal selfish mining strategies in bitcoin. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 515–532. Springer, Berlin, Heidelberg (2016)
  28. Schrijvers, O., Bonneau, J., Boneh, D., Roughgarden, T.: Incentive compatibility of bitcoin mining pool reward functions. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 477–498. Springer, Berlin, Heidelberg (2016)
  29. Sompolinsky, Y., Zohar, A.: Secure high-rate transaction processing in bitcoin. IACR Cryptology ePrint Archive: Report 2013/881 (2017)
  30. Teutsch, J., Jain, S., Saxena, P.: When cryptocurrencies mine their own business. In: Grossklags, J., Preneel, B. (eds.) FC 2016. LNCS, vol. 9603, pp. 499–514. Springer, Berlin, Heidelberg (2016)
  31. Zohar, A.: Bitcoin: under the hood. In: Communications of the ACM. vol. 58, pp. 104–113. ACM Press (2015)
submitted by dj-gutz to myrXiv [link] [comments]

Merged Mining: Curse or Cure?

Cryptology ePrint Archive: Report 2017/791
Date: 2017-08-22
Author(s): Aljosha Judmayer, Alexei Zamyatin, Nicholas Stifter, Artemios Voyiatzis, Edgar Weippl

Link to Paper


Abstract
Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Although merged mining has been adopted by a number of cryptocurrencies already, to this date little is known about the effects and implications. We shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

References
  1. M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: A global naming and storage system secured by blockchains. In 2016 USENIX Annual Technical Conference (USENIX ATC 16), pages 181–194, Denver, CO, 2016. USENIX Association.
  2. L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-11-10.
  3. E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? doublespending attacks on fast payments in bitcoin. In CCS, 2012.
  4. A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. Miller, A. Poelstra, J. Timon, and P. Wuille. Enabling blockchain innovations with pegged ´ sidechains. http://newspaper23.com/ripped/2014/11/http-_____-___-_www___-blockstream___-com__-_sidechains.pdf, 2014. Accessed: 2016-11-10.
  5. I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake, 2016. https://eprint.iacr.org/2016/919.pdf.
  6. C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peerto-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
  7. C. Decker and R. Wattenhofer. Bitcoin transaction malleability and mtgox. In Computer Security-ESORICS 2014, pages 313–326. Springer, 2014.
  8. Dogecoin community. Dogecoin reference implementation. github.com/dogecoin/dogecoin. Accessed: 2016-11-10.
  9. I. Eyal. The miner’s dilemma. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 89–103. IEEE, 2015.
  10. I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
  11. P. Franco. Understanding Bitcoin: Cryptography, engineering and economics. John Wiley & Sons, 2014.
  12. A. Gervais, G. O. Karame, K. Wust, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the ¨ security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS ’16, pages 3–16, New York, NY, USA, 2016. ACM.
  13. E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
  14. Huntercoin developers. Huntercoin reference implementation. https://github.com/chronokings/huntercoin. Accessed: 2017-06-05.
  15. M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.
  16. H. Kalodner, M. Carlsten, P. Ellenbogen, J. Bonneau, and A. Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS, 2015.
  17. G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Capkun. Misbehavior in ˇ bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.
  18. A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. https://pdfs.semanticscholar.org/1c14/549f7ba7d6a000d79a7d12255eb11113e6fa.pdf, 2016. Accessed: 2017-02-20.
  19. Lerner, Sergio D. Rootstock plattform. http://www.the-blockchain.com/docs/Rootstock-WhitePaper-Overview.pdf. Accessed: 2017-06-05.
  20. Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
  21. Litecoin community. Litecoin reference implementation. github.com/litecoinproject/litecoin. Accessed: 2016-11-10.
  22. S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
  23. Myriad core developers. Myriadcoin reference implementation. https://github.com/myriadcoin/myriadcoin. Accessed: 2017-06-05.
  24. S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2016-11-10.
  25. S. Nakamoto. Merged mining specification. en.bitcoin.it/wiki/Merged_mining_specification, Apr 2011. Accessed: 2016-11-10.
  26. Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2016-11-10.
  27. A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, Princeton, NJ, USA, 2016.
  28. K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
  29. R. Pass and E. Shi. Hybrid consensus: Scalable permissionless consensus. https://eprint.iacr.org/2016/917.pdf, Sep 2016. Accessed: 2016-11-10.
  30. M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980, 2011.
  31. M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-11-10.
  32. A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal Selfish Mining Strategies in Bitcoin, pages 515–532. Springer Berlin Heidelberg, Berlin, Heidelberg, 2017.
  33. Sathoshi Nakamoto. Comment in ”bitdns and generalizing bitcoin” bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.
  34. O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.
  35. M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Bitcoin-NG: A Scalable Blockchain Protocol

arXiv:1510.02037
Date: 2015-11-11
Author(s): Ittay Eyal, Adem Efe Gencer, Emin Gun Sirer, Robbert van Renesse

Link to Paper


Abstract
Cryptocurrencies, based on and led by Bitcoin, have shown promise as infrastructure for pseudonymous online payments, cheap remittance, trustless digital asset exchange, and smart contracts. However, Bitcoin-derived blockchain protocols have inherent scalability limits that trade-off between throughput and latency and withhold the realization of this potential.This paper presents Bitcoin-NG, a new blockchain protocol designed to scale. Based on Bitcoin's blockchain protocol, Bitcoin-NG is Byzantine fault tolerant, is robust to extreme churn, and shares the same trust model obviating qualitative changes to the ecosystem.In addition to Bitcoin-NG, we introduce several novel metrics of interest in quantifying the security and efficiency of Bitcoin-like blockchain protocols. We implement Bitcoin-NG and perform large-scale experiments at 15% the size of the operational Bitcoin system, using unchanged clients of both protocols. These experiments demonstrate that Bitcoin-NG scales optimally, with bandwidth limited only by the capacity of the individual nodes and latency limited only by the propagation time of the network.

References
[1] Andresen, G. O(1) block propagation. https://gist.github.com/gavinandresen/#file-blockpropagation-md, retrieved July. 2015.
[2] Aspnes, J. Randomized protocols for asynchronous consensus. Distributed Computing 16, 2-3 (2003), 165–175.
[3] Back, A., Corallo, M., Dashjr, L., Friedenbach, M., Maxwell, G., Miller, A., Poelstra, A., Timn, J., and Wuille, P. Enabling blockchain innovations with pegged sidechains. http://cs.umd.edu/projects/coinscope/coinscope.pdf, 2014.
[4] Bamert, T., Decker, C., Elsen, L., Wattenhofer, R., and Welten, S. Have a snack, pay with Bitcoins. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on (2013), IEEE, pp. 1–5.
[5] Bellare, M., and Rogaway, P. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM conference on Computer and communications security (1993), ACM, pp. 62–73.
[6] Bitcoin community. Bitcoin source. https://github.com/bitcoin/bitcoin, retrieved Mar. 2015.
[7] Bitcoin community. Protocol rules. https://en.bitcoin.it/wiki/Protocol_rules, retrieved Sep. 2013.
[8] Bitcoin community. Protocol specification. https://en.bitcoin.it/wiki/Protocol_specification, retrieved Sep. 2013.
[9] BlockTrail. BlockTrail API. https://www.blocktrail.com/api/docs#api_data, retrieved Sep. 2015.
[10] Bonneau, J., Miller, A., Clark, J., Narayanan, A., Kroll, J. A., and Felten, E. W. Research perspectives on Bitcoin and second-generation cryptocurrencies. In Symposium on Security and Privacy (San Jose, CA, USA, 2015), IEEE.
[11] Buterin, V. Slasher: A punitive proof-of-stake algorithm. https://blog.ethereum.org/2014/01/15/slasher-a-punitive-proof-of-stake-algorithm/, January 2015.
[12] CNNMoney Staff. The Ashley Madison hack...in 2 minutes. http://money.cnn.com/2015/08/24/technology/ashley-madison-hack-in-2-minutes/, retrieved Sep. 2015.
[13] CoinDesk. Bitcoin venture capital. http://www.coindesk.com/bitcoin-venture-capital/, retrieved Sep. 2015.
[14] Colored Coins Project. Colored Coins. http://coloredcoins.org/, retrieved Sep. 2015.
[15] Corallo, M. High-speed Bitcoin relay network. http://sourceforge.net/p/bitcoin/mailman/message/31604935/, November 2013.
[16] Decker, C., and Wattenhofer, R. Information propagation in the Bitcoin network. In IEEE P2P (Trento, Italy, 2013).
[17] Decker, C., and Wattenhofer, R. A fast and scalable payment network with Bitcoin Duplex Micropayment Channels. In Stabilization, Safety, and Security of Distributed Systems - 17th International Symposium, SSS 2015, Edmonton, AB, Canada, August 18-21, 2015, Proceedings (2015), Springer, pp. 3–18.
[18] Dwork, C., Lynch, N. A., and Stockmeyer, L. J. Consensus in the presence of partial synchrony. J. ACM 35, 2 (1988), 288–323.
[19] Eyal, I., Birman, K., and van Renesse, R. Cache serializability: Reducing inconsistency in edge transactions. In 35th IEEE International Conference on Distributed Computing Systems, ICDCS 2015, Columbus, OH, USA, June 29 - July 2, 2015 (2015), pp. 686–695.
[20] Eyal, I., and Sirer, E. G. Bitcoin is broken. http://hackingdistributed.com/2013/11/04/bitcoin-is-broken/, 2013.
[21] Eyal, I., and Sirer, E. G. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security (Barbados, 2014).
[22] Garay, J. A., Kiayias, A., and Leonardos, N. The Bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology - EUROCRYPT 2015 - 34th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Sofia, Bulgaria, April 26-30, 2015, Proceedings, Part II (2015), pp. 281–310.
[23] Garcia-Molina, H. Elections in a distributed computing system. Computers, IEEE Transactions on 100, 1 (1982), 48–59.
[24] Hearn, M., and Spilman, J. Rapidly-adjusted (micro)payments to a pre-determined party. https://en.bitcoin.it/wiki/Contract, retrieved Sep. 2015.
[25] Heilman, E., Kendler, A., Zohar, A., and Goldberg, S. Eclipse attacks on Bitcoin’s peerto-peer network. In 24th USENIX Security Symposium, USENIX Security 15, Washington, D.C., USA, August 12-14, 2015. (2015), pp. 129–144.
[26] Kosba, A., Miller, A., Shi, E., Wen, Z., and Papamanthou, C. Hawk: The blockchain model of cryptography and privacy-preserving smart contracts. Cryptology ePrint Archive, Report 2015/675, 2015. http://eprint.iacr.org/.
[27] Kroll, J. A., Davey, I. C., and Felten, E. W. The economics of Bitcoin mining or, Bitcoin in the presence of adversaries. In Workshop on the Economics of Information Security (2013).
[28] Lamport, L. Using time instead of timeout for fault-tolerant distributed systems. ACM Transactions on Programming Languages and Systems 6, 2 (Apr. 1984), 254–280.
[29] Le Lann, G. Distributed systems-towards a formal approach. In IFIP Congress (1977), vol. 7, Toronto, pp. 155–160.
[30] Lewenberg, Y., Sompolinsky, Y., and Zohar, A. Inclusive block chain protocols. In Financial Cryptography (Puerto Rico, 2015).
[31] Litecoin Project. Litecoin, open source P2P digital currency. https://litecoin.org, retrieved Nov. 2014.
[32] Meiklejohn, S., Pomarole, M., Jordan, G., Levchenko, K., McCoy, D., Voelker, G. M., and Savage, S. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 Internet Measurement Conference, IMC 2013, Barcelona, Spain, October 23-25, 2013 (2013), pp. 127–140.
[33] Miller, A., and Jansen, R. Shadow-Bitcoin: Scalable simulation via direct execution of multithreaded applications. IACR Cryptology ePrint Archive 2015 (2015), 469.
[34] Miller, A., and Jr., L. J. J. Anonymous Byzantine consensus from moderately-hard puzzles: A model for Bitcoin. https://socrates1024.s3.amazonaws.com/consensus.pdf, 2009.
[35] Miller, A., Litton, J., Pachulski, A., Gupta, N., Levin, D., Spring, N., and Bhattacharjee, B. Preprint: Discovering Bitcoins public topology and influential nodes. http://cs.umd.edu/projects/coinscope/coinscope.pdf, 2015.
[36] Moraru, I., Andersen, D. G., and Kaminsky, M. Egalitarian Paxos. In ACM Symposium on Operating Systems Principles (2012).
[37] Nakamoto, S. Bitcoin: A peer-to-peer electronic cash system. http://www.bitcoin.org/ bitcoin.pdf, 2008.
[38] Nayak, K., Kumar, S., Miller, A., and Shi, E. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. IACR Cryptology ePrint Archive 2015 (2015), 796.
[39] Pazmino, J. E., and da Silva Rodrigues, C. K. ˜ Simply dividing a Bitcoin network node may reduce transaction verification time. The SIJ Transactions on Computer Networks and Communication Engineering (CNCE) 3, 2 (February 2015), 17–21.
[40] Pease, M. C., Shostak, R. E., and Lamport, L. Reaching agreement in the presence of faults. J. ACM 27, 2 (1980), 228–234.
[41] Peck, M. E. Adam Back says the Bitcoin fork is a coup. http://spectrum.ieee.org/tech-talk/computing/networks/the-bitcoin-for-is-a-coup, Aug 2015.
[42] Poon, J., and Dryja, T. The Bitcoin Lightning Network. http://lightning.network/lightning-network.pdf, February 2015. Draft 0.5.
[43] Sapirshtein, A., Sompolinsky, Y., and Zohar, A. Optimal selfish mining strategies in Bitcoin. CoRR abs/1507.06183 (2015).
[44] Schneider, F. B. Implementing fault-tolerant services using the state machine approach: A tutorial. ACM Computing Surveys 22, 4 (Dec. 1990), 299–319.
[45] Sompolinsky, Y., and Zohar, A. Accelerating Bitcoin’s transaction processing. fast money grows on trees, not chains. In Financial Cryptography (Puerto Rico, 2015).
[46] Sompolinsky, Y., and Zohar, A. Secure high-rate transaction processing in Bitcoin. In Financial Cryptography and Data Security - 19th International Conference, FC 2015, San Juan, Puerto Rico, January 26-30, 2015, Revised Selected Papers (2015), pp. 507–527.
[47] Stathakopoulou, C. A faster Bitcoin network. Tech. rep., ETH, Z¨urich, January 2015. Semester Thesis, supervised by C. Decker and R. Wattenhofer.
[48] Swanson, E. Bitcoin mining calculator. http://www.alloscomp.com/bitcoin/calculator, retrieved Sep. 2013.
[49] The Ethereum community. Ethereum white paper. https://github.com/ethereum/wiki/wiki/White-Paper, retrieved July. 2015.
[50] Wikipedia. List of cryptocurrencies. https://en.wikipedia.org/wiki/List_of_cryptocurrencies, retrieved Oct. 2013.
submitted by dj-gutz to myrXiv [link] [comments]

Deconstructing the Blockchain to Approach Physical Limits

arXiv:1810.08092
Date: 2018-11-08
Author(s): Vivek Bagaria, Sreeram Kannan, David Tse, Giulia Fanti, Pramod Viswanath

Link to Paper


Abstract
Transaction throughput, confirmation latency and confirmation reliability are fundamental performance measures of any blockchain system in addition to its security. In a decentralized setting, these measures are limited by two underlying physical network attributes: communication capacity and speed-of-light propagation delay. Existing systems operate far away from these physical limits. In this work we introduce Prism, a new proof-of-work blockchain protocol, which can achieve 1) security against up to 50% adversarial hashing power; 2) optimal throughput up to the capacity C of the network; 3) confirmation latency for honest transactions proportional to the propagation delay D, with confirmation error probability exponentially small in CD ; 4) eventual total ordering of all transactions. Our approach to the design of this protocol is based on deconstructing the blockchain into its basic functionalities and systematically scaling up these functionalities to approach their physical limits.

References
  1. Ethereum Wiki proof of stake faqs: Grinding attacks. https://github.com/ethereum/wiki/wiki/Proof-of-Stake-FAQs.
  2. David Aldous and Jim Fill. Reversible markov chains and random walks on graphs, 2002.
  3. Gavin Andresen. Weak block thoughts... bitcoin-dev. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html.
  4. Vivek Bagaria, Giulia Fanti, Sreeram Kannan, David Tse, and Pramod Viswanath. Prism++: a throughput-latency-security-incentive optimal proof of stake blockchain algorithm. In Working paper, 2018.
  5. Vitalik Buterin. On slow and fast block times, 2015. https://blog.ethereum.org/2015/09/14/on-slow-and-fast-block-times/.
  6. Alex de Vries. Bitcoin’s growing energy problem. Joule, 2(5):801–805, 2018.
  7. C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In IEEE P2P 2013 Proceedings, pages 1–10, Sept 2013.
  8. Ittay Eyal, Adem Efe Gencer, Emin G¨un Sirer, and Robbert Van Renesse. Bitcoinng: A scalable blockchain protocol. In NSDI, pages 45–59, 2016.
  9. Ittay Eyal and Emin G¨un Sirer. Majority is not enough: Bitcoin mining is vulnerable. Communications of the ACM, 61(7):95–102, 2018.
  10. Juan Garay, Aggelos Kiayias, and Nikos Leonardos. The bitcoin backbone protocol: Analysis and applications. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 281–310. Springer, 2015.
  11. Dina Katabi, Mark Handley, and Charlie Rohrs. Congestion control for high bandwidth-delay product networks. ACM SIGCOMM computer communication review, 32(4):89–102, 2002.
  12. Aggelos Kiayias, Alexander Russell, Bernardo David, and Roman Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
  13. Uri Klarman, Soumya Basu, Aleksandar Kuzmanovic, and Emin G¨un Sirer. bloxroute: A scalable trustless blockchain distribution network whitepaper.
  14. Yoad Lewenberg, Yoram Bachrach, Yonatan Sompolinsky, Aviv Zohar, and Jeffrey S Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
  15. Yoad Lewenberg, Yonatan Sompolinsky, and Aviv Zohar. Inclusive block chain protocols. In International Conference on Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
  16. Chenxing Li, Peilun Li, Wei Xu, Fan Long, and Andrew Chi-chih Yao. Scaling nakamoto consensus to thousands of transactions per second. arXiv preprint arXiv:1805.03870, 2018.
  17. Wenting Li, S´ebastien Andreina, Jens-Matthias Bohli, and Ghassan Karame. Securing proof-of-stake blockchain protocols. In Data Privacy Management, Cryptocurrencies and Blockchain Technology, pages 297–315. Springer, 2017.
  18. Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. 2008.
  19. Christopher Natoli and Vincent Gramoli. The balance attack against proof-of-work blockchains: The r3 testbed as an example. arXiv preprint arXiv:1612.09426, 2016.
  20. Kartik Nayak, Srijan Kumar, Andrew Miller, and Elaine Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In Security and Privacy (EuroS&P), 2016 IEEE European Symposium on, pages 305–320. IEEE, 2016.
  21. Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.
  22. Rafael Pass and Elaine Shi. Fruitchains: A fair blockchain. In Proceedings of the ACM Symposium on Principles of Distributed Computing. ACM, 2017.
  23. Rafael Pass and Elaine Shi. Hybrid consensus: Efficient consensus in the permissionless model. In LIPIcs-Leibniz International Proceedings in Informatics, volume 91. Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik, 2017.
  24. Rafael Pass and Elaine Shi. Thunderella: Blockchains with optimistic instant confirmation. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 3–33. Springer, 2018.
  25. Peter R Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
  26. Ayelet Sapirshtein, Yonatan Sompolinsky, and Aviv Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.
  27. Y Sompolinsky and A Zohar. Phantom: A scalable blockdag protocol, 2018.
  28. Yonatan Sompolinsky, Yoad Lewenberg, and Aviv Zohar. Spectre: A fast and scalable cryptocurrency protocol. IACR Cryptology ePrint Archive, 2016:1159, 2016.
  29. Yonatan Sompolinsky and Aviv Zohar. Secure high-rate transaction processing in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 507–527. Springer, 2015.
  30. Statoshi. Bandwidth usage. https://statoshi.info/dashboard/db/bandwidth-usage.
  31. TierNolan. Decoupling transactions and pow. Bitcoin Forum. https://bitcointalk.org/index.php?topic=179598.0.
submitted by dj-gutz to myrXiv [link] [comments]

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

arXiv:1605.07524
Date: 2017-03-24
Author(s): Maria Apostolaki, Aviv Zohar, Laurent Vanbever

Link to Paper


Abstract
As the most successful cryptocurrency to date, Bitcoin constitutes a target of choice for attackers. While many attack vectors have already been uncovered, one important vector has been left out though: attacking the currency via the Internet routing infrastructure itself. Indeed, by manipulating routing advertisements (BGP hijacks) or by naturally intercepting traffic, Autonomous Systems (ASes) can intercept and manipulate a large fraction of Bitcoin traffic. This paper presents the first taxonomy of routing attacks and their impact on Bitcoin, considering both small-scale attacks, targeting individual nodes, and large-scale attacks, targeting the network as a whole. While challenging, we show that two key properties make routing attacks practical: (i) the efficiency of routing manipulation; and (ii) the significant centralization of Bitcoin in terms of mining and routing. Specifically, we find that any network attacker can hijack few (<100) BGP prefixes to isolate ~50% of the mining power---even when considering that mining pools are heavily multi-homed. We also show that on-path network attackers can considerably slow down block propagation by interfering with few key Bitcoin messages. We demonstrate the feasibility of each attack against the deployed Bitcoin software. We also quantify their effectiveness on the current Bitcoin topology using data collected from a Bitcoin supernode combined with BGP routing data. The potential damage to Bitcoin is worrying. By isolating parts of the network or delaying block propagation, attackers can cause a significant amount of mining power to be wasted, leading to revenue losses and enabling a wide range of exploits such as double spending. To prevent such effects in practice, we provide both short and long-term countermeasures, some of which can be deployed immediately.

References
[1] “A Next-Generation Smart Contract and Decentralized Application Platform ,” https://github.com/ethereum/wiki/wiki/White-Paper.
[2] “Bitcoin Blockchain Statistics,” https://blockchain.info/.
[3] “bitnodes,” https://bitnodes.21.co/.
[4] “Bitnodes. Estimating the size of Bitcoin network,” https://bitnodes.21.co/.
[5] “CAIDA Macroscopic Internet Topology Data Kit.” https://www.caida.org/data/internet-topology-data-kit/.
[6] “Dyn Research. Pakistan hijacks YouTube.” http://research.dyn.com/2008/02/pakistan-hijacks-youtube-1/.
[7] “FALCON,” http://www.falcon-net.org/.
[8] “FIBRE,” http://bitcoinfibre.org/.
[9] “Litecoin ,” https://litecoin.org.
[10] “RIPE RIS Raw Data,” https://www.ripe.net/data-tools/stats/ris/ris-raw-data.
[11] “Routeviews Prefix to AS mappings Dataset (pfx2as) for IPv4 and IPv6.” https://www.caida.org/data/routing/routeviews-prefix2as.xml.
[12] “Scapy.” http://www.secdev.org/projects/scapy/.
[13] “The Relay Network,” http://bitcoinrelaynetwork.org/.
[14] “ZCash,” https://z.cash/.
[15] A. M. Antonopoulos, “The bitcoin network,” in Mastering Bitcoin. O’Reilly Media, Inc., 2013, ch. 6.
[16] H. Ballani, P. Francis, and X. Zhang, “A Study of Prefix Hijacking and Interception in the Internet,” ser. SIGCOMM ’07. New York, NY, USA: ACM, 2007, pp. 265–276.
[17] A. Boldyreva and R. Lychev, “Provable Security of S-BGP and Other Path Vector Protocols: Model, Analysis and Extensions,” ser. CCS ’12. New York, NY, USA: ACM, 2012, pp. 541–552.
[18] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten, “Sok: Research perspectives and challenges for bitcoin and cryptocurrencies,” in Security and Privacy (SP), 2015 IEEE Symposium on. IEEE, 2015, pp. 104–121.
[19] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger, D. Talayco, A. Vahdat, G. Varghese et al., “P4: Programming protocol-independent packet processors,” ACM SIGCOMM Computer Communication Review, vol. 44, no. 3, pp. 87–95, 2014.
[20] C. Decker and R. Wattenhofer, “Information propagation in the bitcoin network,” in Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on. IEEE, 2013, pp. 1–10.
[21] ——, Bitcoin Transaction Malleability and MtGox. Cham: Springer International Publishing, 2014, pp. 313–326. [Online]. Available: http://dx.doi.org/10.1007/978-3-319-11212-1_18
[22] M. Edman and P. Syverson, “As-awareness in tor path selection,” in Proceedings of the 16th ACM Conference on Computer and Communications Security, ser. CCS ’09, 2009.
[23] I. Eyal, “The miner’s dilemma,” in 2015 IEEE Symposium on Security and Privacy. IEEE, 2015, pp. 89–103.
[24] I. Eyal and E. G. Sirer, “Majority is not enough: Bitcoin mining is vulnerable,” in Financial Cryptography and Data Security. Springer, 2014, pp. 436–454.
[25] N. Feamster and R. Dingledine, “Location diversity in anonymity networks,” in WPES, Washington, DC, USA, October 2004.
[26] J. Garay, A. Kiayias, and N. Leonardos, “The bitcoin backbone protocol: Analysis and applications,” in Advances in Cryptology-EUROCRYPT 2015. Springer, 2015, pp. 281–310.
[27] A. Gervais, G. O. Karama, V. Capkun, and S. Capkun, “Is bitcoin a decentralized currency?” IEEE security & privacy, vol. 12, no. 3, pp. 54–60, 2014.
[28] A. Gervais, H. Ritzdorf, G. O. Karame, and S. Capkun, “Tampering with the delivery of blocks and transactions in bitcoin,” in Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, ser. CCS ’15. New York, NY, USA: ACM, 2015, pp. 692–705.
[29] P. Gill, M. Schapira, and S. Goldberg, “Let the Market Drive Deployment: A Strategy for Transitioning to BGP Security,” ser. SIGCOMM ’11. New York, NY, USA: ACM, 2011, pp. 14–25.
[30] S. Goldberg, M. Schapira, P. Hummon, and J. Rexford, “How Secure Are Secure Interdomain Routing Protocols,” in SIGCOMM, 2010.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg, “Eclipse attacks on bitcoin’s peer-to-peer network,” in 24th USENIX Security Symposium (USENIX Security 15), 2015, pp. 129–144.
[32] Y.-C. Hu, A. Perrig, and M. Sirbu, “SPV: Secure Path Vector Routing for Securing BGP,” ser. SIGCOMM ’04. New York, NY, USA: ACM, 2004, pp. 179–192.
[33] J. Karlin, S. Forrest, and J. Rexford, “Pretty Good BGP: Improving BGP by Cautiously Adopting Routes,” in Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols, ser. ICNP ’06. Washington, DC, USA: IEEE Computer Society, 2006, pp. 290–299.
[34] E. K. Kogias, P. Jovanovic, N. Gailly, I. Khoffi, L. Gasser, and B. Ford, “Enhancing bitcoin security and performance with strong consistency via collective signing,” in 25th USENIX Security Symposium (USENIX Security 16). Austin, TX: USENIX Association, 2016, pp. 279–296.
[35] J. A. Kroll, I. C. Davey, and E. W. Felten, “The economics of bitcoin mining, or bitcoin in the presence of adversaries.” Citeseer.
[36] A. Miller, J. Litton, A. Pachulski, N. Gupta, D. Levin, N. Spring, and B. Bhattacharjee, “Discovering bitcoin’s public topology and influential nodes.”
[37] S. J. Murdoch and P. Zielinski, “Sampled traffic analysis by Internet- ´ exchange-level adversaries,” in Privacy Enhancing Technologies: 7th International Symposium, PET 2007, N. Borisov and P. Golle, Eds. Springer-Verlag, LNCS 4776, 2007, pp. 167–183.
[38] K. Nayak, S. Kumar, A. Miller, and E. Shi, “Stubborn mining: Generalizing selfish mining and combining with an eclipse attack,” IACR Cryptology ePrint Archive, vol. 2015, p. 796, 2015.
[39] T. Neudecker, P. Andelfinger, and H. Hartenstein, “A simulation model for analysis of attacks on the bitcoin peer-to-peer network,” in IFIP/IEEE International Symposium on Internet Management. IEEE, 2015, pp. 1327–1332.
[40] P. v. Oorschot, T. Wan, and E. Kranakis, “On interdomain routing security and pretty secure bgp (psbgp),” ACM Trans. Inf. Syst. Secur., vol. 10, no. 3, Jul. 2007.
[41] A. Pilosov and T. Kapela, “Stealing The Internet. An Internet-Scale Man In The Middle Attack.” DEFCON 16.
[42] Y. Rekhter and T. Li, A Border Gateway Protocol 4 (BGP-4), IETF, Mar. 1995, rFC 1771.
[43] M. Rosenfeld, “Analysis of hashrate-based double spending,” arXiv preprint arXiv:1402.2009, 2014.
[44] A. Sapirshtein, Y. Sompolinsky, and A. Zohar, “Optimal selfish mining strategies in bitcoin,” CoRR, vol. abs/1507.06183, 2015.
[45] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza, “Zerocash: Decentralized anonymous payments from bitcoin,” in 2014 IEEE Symposium on Security and Privacy. IEEE, 2014, pp. 459–474.
[46] B. Schlinker, K. Zarifis, I. Cunha, N. Feamster, and E. Katz-Bassett, “Peering: An as for us,” in Proceedings of the 13th ACM Workshop on Hot Topics in Networks, ser. HotNets-XIII. New York, NY, USA: ACM, 2014, pp. 18:1–18:7.
[47] J. Schnelli, “BIP 151: Peer-to-Peer Communication Encryption,” Mar. 2016, https://github.com/bitcoin/bips/blob/mastebip-0151.mediawiki.
[48] X. Shi, Y. Xiang, Z. Wang, X. Yin, and J. Wu, “Detecting prefix hijackings in the Internet with Argus,” ser. IMC ’12. New York, NY, USA: ACM, 2012, pp. 15–28.
[49] Y. Sompolinsky and A. Zohar, “Secure high-rate transaction processing in bitcoin,” in Financial Cryptography and Data Security. Springer, 2015, pp. 507–527.
[50] Y. Sun, A. Edmundson, L. Vanbever, O. Li, J. Rexford, M. Chiang, and P. Mittal, “RAPTOR: Routing attacks on privacy in TOR.” in USENIX Security, 2015.
[51] A. Tonk, “Large scale BGP hijack out of India,” 2015, http://www.bgpmon.net/large-scale-bgp-hijack-out-of-india/.
[52] ——, “Massive route leak causes Internet slowdown,” 2015, http://www.bgpmon.net/massive-route-leak-cause-internet-slowdown/.
[53] L. Vanbever, O. Li, J. Rexford, and P. Mittal, “Anonymity on quicksand: Using BGP to compromise TOR,” in ACM HotNets, 2014.
[54] Z. Zhang, Y. Zhang, Y. C. Hu, and Z. M. Mao, “Practical defenses against BGP prefix hijacking,” ser. CoNEXT ’07. New York, NY, USA: ACM, 2007.
[55] Z. Zhang, Y. Zhang, Y. C. Hu, Z. M. Mao, and R. Bush, “iSPY: Detecting IP prefix hijacking on my own,” IEEE/ACM Trans. Netw., vol. 18, no. 6, pp. 1815–1828, Dec. 2010.
submitted by dj-gutz to myrXiv [link] [comments]

Merged Mining: Analysis of Effects and Implications

Date: 2017-08-24
Author(s): Alexei Zamyatin, Edgar Weippl

Link to Paper


Abstract
Merged mining refers to the concept of mining more than one cryptocurrency without necessitating additional proof-of-work effort. Merged mining was introduced in 2011 as a boostrapping mechanism for new cryptocurrencies and countermeasures against the fragmentation of mining power across competing systems. Although merged mining has already been adopted by a number of cryptocurrencies, to this date little is known about the effects and implications.
In this thesis, we shed light on this topic area by performing a comprehensive analysis of merged mining in practice. As part of this analysis, we present a block attribution scheme for mining pools to assist in the evaluation of mining centralization. Our findings disclose that mining pools in merge-mined cryptocurrencies have operated at the edge of, and even beyond, the security guarantees offered by the underlying Nakamoto consensus for extended periods. We discuss the implications and security considerations for these cryptocurrencies and the mining ecosystem as a whole, and link our findings to the intended effects of merged mining.

Bibliography
[1] Coinmarketcap. http://coinmarketcap.com/. Accessed 2017-09-28.
[2] P2pool. http://p2pool.org/. Accessed: 2017-05-10.
[3] M. Ali, J. Nelson, R. Shea, and M. J. Freedman. Blockstack: Design and implementation of a global naming system with blockchains. http://www.the-blockchain.com/docs/BlockstackDesignandImplementationofaGlobalNamingSystem.pdf, 2016. Accessed: 2016-03-29.
[4] G. Andersen. Comment in "faster blocks vs bigger blocks". https://bitcointalk.org/index.php?topic=673415.msg7658481#msg7658481, 2014. Accessed: 2017-05-10.
[5] G. Andersen. [bitcoin-dev] weak block thoughts... https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html, 2015. Accessed: 2017-05-10.
[6] L. Anderson, R. Holz, A. Ponomarev, P. Rimba, and I. Weber. New kids on the block: an analysis of modern blockchains. http://arxiv.org/pdf/1606.06530.pdf, 2016. Accessed: 2016-07-04.
[7] E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin. In CCS, 2012.
[8] A. Back, M. Corallo, L. Dashjr, M. Friedenbach, G. Maxwell, A. Miller, A. Poelstra, J. Timón, and P. Wuille. Enabling blockchain innovations with pegged sidechains. http://newspaper23.com/ripped/2014/11/http-_____-___-_www___-blockstream___-com__-_sidechains.pdf, 2014. Accessed: 2017-09-28.
[9] A. Back et al. Hashcash - a denial of service counter-measure. http://www.hashcash.org/papers/hashcash.pdf, 2002. Accessed: 2017-09-28.
[10] S. Barber, X. Boyen, E. Shi, and E. Uzun. Bitter to better - how to make bitcoin a better currency. In Financial cryptography and data security, pages 399–414. Springer, 2012.
[11] J. Becker, D. Breuker, T. Heide, J. Holler, H. P. Rauer, and R. Böhme. Can we afford integrity by proof-of-work? scenarios inspired by the bitcoin currency. In WEIS. Springer, 2012.
[12] I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2017-09-28.
[13] Bitcoin Community. Bitcoin developer guide- transaction data. https://bitcoin.org/en/developer-guide#term-merkle-tree. Accessed: 2017-06-05.
[14] Bitcoin Community. Bitcoin protocol documentation - merkle trees. https://en.bitcoin.it/wiki/Protocol_documentation#Merkle_Trees. Accessed: 2017-06-05.
[15] Bitcoin community. Bitcoin protocol rules. https://en.bitcoin.it/wiki/Protocol_rules. Accessed: 2017-08-22.
[16] V. Buterin. Chain interoperability. Technical report, Tech. rep. 1. R3CEV, 2016.
[17] W. Dai. bmoney. http://www.weidai.com/bmoney.txt, 1998. Accessed: 2017-09-28.
[18] C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
[19] C. Decker and R. Wattenhofer. Bitcoin transaction malleability and mtgox. In Computer Security-ESORICS 2014, pages 313–326. Springer, 2014.
[20] Dogecoin community. Dogecoin reference implementation. https://github.com/dogecoin/
[27] A. Gervais, G. Karame, S. Capkun, and V. Capkun. Is bitcoin a decentralized currency? volume 12, pages 54–60, 2014.
[28] A. Gervais, G. O. Karame, K. Wüst, V. Glykantzis, H. Ritzdorf, and S. Capkun. On the security and performance of proof of work blockchains. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pages 3–16. ACM, 2016.
[29] I. Giechaskiel, C. Cremers, and K. B. Rasmussen. On bitcoin security in the presence of broken cryptographic primitives. In European Symposium on Research in Computer Security (ESORICS), September 2016.
[30] J. Göbel, H. P. Keeler, A. E. Krzesinski, and P. G. Taylor. Bitcoin blockchain dynamics: The selfish-mine strategy in the presence of propagation delay. Performance Evaluation, 104:23–41, 2016.
[31] E. Heilman, A. Kendler, A. Zohar, and S. Goldberg. Eclipse attacks on bitcoin’s peer-to-peer network. In 24th USENIX Security Symposium (USENIX Security 15), pages 129–144, 2015.
[32] Huntercoin developers. Huntercoin reference implementation. https://github.com/chronokings/huntercoin. Accessed: 2017-06-05.
[33] B. Jakobsson and A. Juels. Proofs of work and bread pudding protocols, Apr. 8 2008. US Patent 7,356,696; Accessed: 2017-06-05.
[34] M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.
[35] A. Judmayer, N. Stifter, K. Krombholz, and E. Weippl. Blocks and chains: Introduction to bitcoin, cryptocurrencies, and their consensus mechanisms. Synthesis Lectures on Information Security, Privacy, & Trust, 9(1):1–123, 2017.
[36] A. Juels and J. G. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In NDSS, volume 99, pages 151–165, 1999.
[37] A. Juels and B. S. Kaliski Jr. Pors: Proofs of retrievability for large files. In Proceedings of the 14th ACM conference on Computer and communications security, pages 584–597. Acm, 2007.
[38] H. Kalodner, M. Carlsten, P. Ellenbogen, J. Bonneau, and A. Narayanan. An empirical study of namecoin and lessons for decentralized namespace design. In WEIS, 2015.
[39] G. O. Karame, E. Androulaki, and S. Capkun. Double-spending fast payments in bitcoin. In Proceedings of the 2012 ACM conference on Computer and communications security, pages 906–917. ACM, 2012.
[40] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Čapkun. Misbehavior in bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.
[41] A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
[42] S. King. Primecoin: Cryptocurrency with prime number proof-of-work. July 7th, 2013.
[43] T. Kluyver, B. Ragan-Kelley, F. Pérez, B. E. Granger, M. Bussonnier, J. Frederic, K. Kelley, J. B. Hamrick, J. Grout, S. Corlay, et al. Jupyter notebooks-a publishing format for reproducible computational workflows. In ELPUB, pages 87–90, 2016.
[44] Lerner, Sergio D. Rootstock plattform. http://www.the-blockchain.com/docs/Rootstock-WhitePaper-Overview.pdf. Accessed: 2017-06-05.
[45] Y. Lewenberg, Y. Bachrach, Y. Sompolinsky, A. Zohar, and J. S. Rosenschein. Bitcoin mining pools: A cooperative game theoretic analysis. In Proceedings of the 2015 International Conference on Autonomous Agents and Multiagent Systems, pages 919–927. International Foundation for Autonomous Agents and Multiagent Systems, 2015.
[46] Litecoin community. Litecoin reference implementation. https://github.com/litecoin-project/litecoin. Accessed: 2017-09-28.
[47] I. Maven. Apache maven project, 2011.
[48] G. Maxwell. Comment in "[bitcoin-dev] weak block thoughts...". https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011198.html, 2016. Accessed: 2017-05-10.
[49] S. Meiklejohn, M. Pomarole, G. Jordan, K. Levchenko, D. McCoy, G. M. Voelker, and S. Savage. A fistful of bitcoins: characterizing payments among men with no names. In Proceedings of the 2013 conference on Internet measurement conference, pages 127–140. ACM, 2013.
[50] S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
[51] A. Miller, A. Juels, E. Shi, B. Parno, and J. Katz. Permacoin: Repurposing bitcoin work for data preservation. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 475–490. IEEE, 2014.
[52] A. Miller, A. Kosba, J. Katz, and E. Shi. Nonoutsourceable scratch-off puzzles to discourage bitcoin mining coalitions. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pages 680–691. ACM, 2015.
[53] B. Momjian. PostgreSQL: introduction and concepts, volume 192. Addison-Wesley New York, 2001.
[54] Myriad core developers. Myriadcoin reference implementation. https://github.com/myriadcoin/myriadcoin. Accessed: 2017-06-05.
[55] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2017-09-28.
[56] S. Nakamoto. Merged mining specification. https://en.bitcoin.it/wiki/Merged_mining_specification, Apr 2011. Accessed: 2017-09-28.
[57] Namecoin Community. Merged mining. https://github.com/namecoin/wiki/blob/masteMerged-Mining.mediawiki#Goal_of_this_namecoin_change. Accessed: 2017-08-20.
[58] Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2017-09-28.
[59] A. Narayanan, J. Bonneau, E. Felten, A. Miller, and S. Goldfeder. Bitcoin and Cryptocurrency Technologies: A Comprehensive Introduction. Princeton University Press, 2016.
[60] K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
[61] K. J. O’Dwyer and D. Malone. Bitcoin mining and its energy footprint. 2014.
[62] R. Pass, L. Seeman, and A. Shelat. Analysis of the blockchain protocol in asynchronous networks. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 643–673. Springer, 2017.
[63] D. Pointcheval and J. Stern. Security arguments for digital signatures and blind signatures. Journal of cryptology, 13(3):361–396, 2000.
[64] Pseudonymous("TierNolan"). Decoupling transactions and pow. https://bitcointalk.org/index.php?topic=179598.0, 2013. Accessed: 2017-05-10.
[65] P. R. Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
[66] K. Rosenbaum. Weak blocks - the good and the bad. http://popeller.io/index.php/2016/01/19/weak-blocks-the-good-and-the-bad/, 2016. Accessed: 2017-05-10.
[67] K. Rosenbaum and R. Russell. Iblt and weak block propagation performance. Scaling Bitcoin Hong Kong (6 December 2015), 2015.
[68] M. Rosenfeld. Analysis of bitcoin pooled mining reward systems. arXiv preprint arXiv:1112.4980, 2011.
[69] M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.
[70] R. Russel. Weak block simulator for bitcoin. https://github.com/rustyrussell/weak-blocks, 2014. Accessed: 2017-05-10.
[71] A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. In International Conference on Financial Cryptography and Data Security, pages 515–532. Springer, 2016.
[72] Sathoshi Nakamoto. Comment in "bitdns and generalizing bitcoin" bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.
[73] O. Schrijvers, J. Bonneau, D. Boneh, and T. Roughgarden. Incentive compatibility of bitcoin mining pool reward functions. In FC ’16: Proceedings of the the 20th International Conference on Financial Cryptography, February 2016.
[74] B. Sengupta, S. Bag, S. Ruj, and K. Sakurai. Retricoin: Bitcoin based on compact proofs of retrievability. In Proceedings of the 17th International Conference on Distributed Computing and Networking, page 14. ACM, 2016.
[75] N. Szabo. Bit gold. http://unenumerated.blogspot.co.at/2005/12/bit-gold.html, 2005. Accessed: 2017-09-28.
[76] M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
[77] Unitus developers. Unitus reference implementation. https://github.com/unitusdev/unitus. Accessed: 2017-08-22.
[78] M. Vukolić. The quest for scalable blockchain fabric: Proof-of-work vs. bft replication. In International Workshop on Open Problems in Network Security, pages 112–125. Springer, 2015.
[79] P. Webb, D. Syer, J. Long, S. Nicoll, R. Winch, A. Wilkinson, M. Overdijk, C. Dupuis, and S. Deleuze. Spring boot reference guide. Technical report, 2013-2016.
[80] A. Zamyatin. Name-squatting in namecoin. (unpublished BSc thesis, Vienna University of Technology), 2015.
submitted by dj-gutz to myrXiv [link] [comments]

Boost Blockchain Broadcast Propagation with Tree Routing

arXiv:1810.12795
Date: 2018-10-30
Author(s): Jia Kan, Lingyi Zou, Bella Liu, Xin Huang

Link to Paper


Abstract
In recent years, with the rapid development and popularization of BitCoin, the research of blockchain technology has also shown growth. It has gradually become a new generation of distributed, non-centralized and trust-based technology solution. However, the blockchain operation is expensive and transaction is delayed. Take BitCoin as an example. On the one hand, a block is produced every ten minute. On the other hand, once the new block is generated, it takes a certain time to propagate world wide. The slow speed of propagation determines that BitCoin can not use too small block interval time. Ethereum also faces similar problems, so the concept of uncle block was introduced to reduce blockchain forks. This paper introduces a new tree structure based broadcast propagation routing model, providing a novel method to organize network nodes and message propagation mechanism. In oder to avoid the single node failure problem, the tree cluster routing is proposed. The research shows that the tree based routing can accelerate broadcast convergence time and reduce redundant traffic.

References
  1. Demers, A., Greene, D., Hauser, C., Irish, W., Larson, J., Shenker, S., ... & Terry, D. (1987, December). Epidemic algorithms for replicated database maintenance. In Proceedings of the sixth annual ACM Symposium on Principles of distributed computing (pp. 1-12). ACM.
  2. Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.
  3. Kan, J., Chen, S., & Huang, X. (2018). Improve Blockchain Performance using Graph Data Structure and Parallel Mining.
  4. Bi, W., Yang, H., & Zheng, M. (2018). An Accelerated Method for Message Propagation in Blockchain Networks. arXiv preprint arXiv:1809.00455.
  5. Delgado-Segura, S., Prez-Sol, C., Herrera-Joancomart, J., Navarro-Arribas, G., & Borrell, J. (2018). Cryptocurrency Networks: A New P2P Paradigm. Mobile Information Systems, 2018.
  6. Xie, H.,Wang, J. (2016). Study on Block Chain Technology and Its Applications[J]. Netinfo Security.(9):192-195
  7. Thomas J. Watson IBM Research Center. Research Division, & Golumbic, M. C. (1974). The general gossip problem.
  8. Swan, M. (2015). Blockchain: Blueprint for a new economy. ” O’Reilly Media, Inc.”.
  9. Decker, C., & Wattenhofer, R. (2013, September). Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on (pp. 1-10). IEEE.
  10. Lind, P.G. et al. (2007). Spreading gossip in social networks. Phys. Rev. E 76,
  11. Rosnow, R.L. (2001) Rumor and gossip in interpersonal interaction and beyond: A social exchange perspective. In Behaving badly: Aversive behaviours in interpersonal relationships. (Kowalski, R. M., ed), pp. 203232, American Psychological Association.
  12. Baumeister, R.F. et al. (2004). Gossip as cultural learning. Rev. Gen. Psychol. 8, 111-121
  13. Athreya, K. B., Ney, P. E., & Ney, P. E. (2004). Branching processes. Courier Corporation.
  14. Gu, X.L. (2018). Research Progress and Development Prospect of Block Chaining Technology[J].Information and computers.106-107+112
  15. Pourebrahimi, B., Vassiliadis, S., & Bertels, K. (2005). A survey of peer-to-peer networks. Proceedings of Annual Workshop on Circuits Systems & Signal Proessing, 94(8-10), 263 - 270.
submitted by dj-gutz to myrXiv [link] [comments]

Flux: Revisiting Near Blocks for Proof-of-Work Blockchains

Cryptology ePrint Archive: Report 2018/415
Date: 2018-05-29
Author(s): Alexei Zamyatin∗, Nicholas Stifter, Philipp Schindler, Edgar Weippl, William J. Knottenbelt∗

Link to Paper


Abstract
The term near or weak blocks describes Bitcoin blocks whose PoW does not meet the required target difficulty to be considered valid under the regular consensus rules of the protocol. Near blocks are generally associated with protocol improvement proposals striving towards shorter transaction confirmation times. Existing proposals assume miners will act rationally based solely on intrinsic incentives arising from the adoption of these changes, such as earlier detection of blockchain forks.
In this paper we present Flux, a protocol extension for proof-of-work blockchains that leverages on near blocks, a new block reward distribution mechanism, and an improved branch selection policy to incentivize honest participation of miners. Our protocol reduces mining variance, improves the responsiveness of the underlying blockchain in terms of transaction processing, and can be deployed without conflicting modifications to the underlying base protocol as a velvet fork. We perform an initial analysis of selfish mining which suggests Flux not only provides security guarantees similar to pure Nakamoto consensus, but potentially renders selfish mining strategies less profitable.

References
[1] Bitcoin Cash. https://www.bitcoincash.org/. Accessed: 2017-01-24.
[2] P2pool. http://p2pool.org/. Accessed: 2017-05-10.
[3] G. Andersen. Comment in ”faster blocks vs bigger blocks”. https://bitcointalk.org/index.php?topic=673415.msg7658481#msg7658481, 2014. Accessed: 2017-05-10.
[4] G. Andersen. [bitcoin-dev] weak block thoughts... https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011157.html, 2015. Accessed: 2017-05-10.
[5] E. Androulaki, S. Capkun, and G. O. Karame. Two bitcoins at the price of one? double-spending attacks on fast payments in bitcoin. In CCS, 2012.
[6] J. Becker, D. Breuker, T. Heide, J. Holler, H. P. Rauer, and R. Bohme. ¨ Can we afford integrity by proof-of-work? scenarios inspired by the bitcoin currency. In WEIS. Springer, 2012.
[7] I. Bentov, R. Pass, and E. Shi. Snow white: Provably secure proofs of stake. https://eprint.iacr.org/2016/919.pdf, 2016. Accessed: 2016-11-08.
[8] Bitcoin community. OP RETURN. https://en.bitcoin.it/wiki/OP\RETURN. Accessed: 2017-05-10.
[9] Bitcoin Wiki. Merged mining specification. [https://en.bitcoin.it/wiki/Merged\](https://en.bitcoin.it/wiki/Merged)) mining\ specification. Accessed: 2017-05-10.
[10] Blockchain.info. Hashrate Distribution in Bitcoin. https://blockchain.info/de/pools. Accessed: 2017-05-10.
[11] Blockchain.info. Unconfirmed bitcoin transactions. https://blockchain.info/unconfirmed-transactions. Accessed: 2017-05-10.
[12] J. Bonneau, A. Miller, J. Clark, A. Narayanan, J. A. Kroll, and E. W. Felten. Sok: Research perspectives and challenges for bitcoin and cryptocurrencies. In IEEE Symposium on Security and Privacy, 2015.
[13] V. Buterin. Ethereum: A next-generation smart contract and decentralized application platform. https://github.com/ethereum/wiki/wiki/White-Paper, 2014. Accessed: 2016-08-22.
[14] C. Decker and R. Wattenhofer. Information propagation in the bitcoin network. In Peer-to-Peer Computing (P2P), 2013 IEEE Thirteenth International Conference on, pages 1–10. IEEE, 2013.
[15] J. R. Douceur. The sybil attack. In International Workshop on Peer-toPeer Systems, pages 251–260. Springer, 2002.
[16] I. Eyal, A. E. Gencer, E. G. Sirer, and R. Renesse. Bitcoin-ng: A scalable blockchain protocol. In 13th USENIX Security Symposium on Networked Systems Design and Implementation (NSDI’16). USENIX Association, Mar 2016.
[17] I. Eyal and E. G. Sirer. Majority is not enough: Bitcoin mining is vulnerable. In Financial Cryptography and Data Security, pages 436–454. Springer, 2014.
[18] J. Garay, A. Kiayias, and N. Leonardos. The bitcoin backbone protocol: Analysis and applications. In Advances in Cryptology-EUROCRYPT 2015, pages 281–310. Springer, 2015.
[19] A. E. Gencer, S. Basu, I. Eyal, R. Renesse, and E. G. Sirer. Decentralization in bitcoin and ethereum networks. In Proceedings of the 22nd International Conference on Financial Cryptography and Data Security (FC). Springer, 2018.
[20] A. Gervais, G. Karame, S. Capkun, and V. Capkun. Is bitcoin a decentralized currency? volume 12, pages 54–60, 2014.
[21] A. Gervais, G. O. Karame, K. Wust, V. Glykantzis, H. Ritzdorf, ¨ and S. Capkun. On the security and performance of proof of work blockchains. https://eprint.iacr.org/2016/555.pdf, 2016. Accessed: 2016-08-10.
[22] M. Jakobsson and A. Juels. Proofs of work and bread pudding protocols. In Secure Information Networks, pages 258–272. Springer, 1999.
[23] A. Judmayer, A. Zamyatin, N. Stifter, A. G. Voyiatzis, and E. Weippl. Merged mining: Curse or cure? In CBT’17: Proceedings of the International Workshop on Cryptocurrencies and Blockchain Technology, Sep 2017.
[24] G. O. Karame, E. Androulaki, M. Roeschlin, A. Gervais, and S. Capkun. ˇ Misbehavior in bitcoin: A study of double-spending and accountability. volume 18, page 2. ACM, 2015.
[25] A. Kiayias, A. Miller, and D. Zindros. Non-interactive proofs of proof-of-work. Cryptology ePrint Archive, Report 2017/963, 2017. Accessed:2017-10-03.
[26] A. Kiayias, A. Russell, B. David, and R. Oliynykov. Ouroboros: A provably secure proof-of-stake blockchain protocol. In Annual International Cryptology Conference, pages 357–388. Springer, 2017.
[27] Y. Lewenberg, Y. Sompolinsky, and A. Zohar. Inclusive block chain protocols. In Financial Cryptography and Data Security, pages 528–547. Springer, 2015.
[28] Litecoin community. Litecoin reference implementation. https://github.com/litecoin-project/litecoin. Accessed: 2018-05-03.
[29] G. Maxwell. Comment in ”[bitcoin-dev] weak block thoughts...”. https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2015-Septembe011198.html, 2016. Accessed: 2017-05-10.
[30] S. Micali. Algorand: The efficient and democratic ledger. http://arxiv.org/abs/1607.01341, 2016. Accessed: 2017-02-09.
[31] S. Nakamoto. Bitcoin: A peer-to-peer electronic cash system. https://bitcoin.org/bitcoin.pdf, Dec 2008. Accessed: 2015-07-01.
[32] Namecoin community. Namecoin reference implementation. https://github.com/namecoin/namecoin. Accessed: 2017-05-10.
[33] Narayanan, Arvind and Bonneau, Joseph and Felten, Edward and Miller, Andrew and Goldfeder, Steven. Bitcoin and cryptocurrency technologies. https://d28rh4a8wq0iu5.cloudfront.net/bitcointech/readings/princeton bitcoin book.pdf?a=1, 2016. Accessed: 2016-03-29.
[34] K. Nayak, S. Kumar, A. Miller, and E. Shi. Stubborn mining: Generalizing selfish mining and combining with an eclipse attack. In 1st IEEE European Symposium on Security and Privacy, 2016. IEEE, 2016.
[35] K. J. O’Dwyer and D. Malone. Bitcoin mining and its energy footprint. 2014.
[36] R. Pass and E. Shi. Fruitchains: A fair blockchain. http://eprint.iacr.org/2016/916.pdf, 2016. Accessed: 2016-11-08.
[37] C. Perez-Sol ´ a, S. Delgado-Segura, G. Navarro-Arribas, and J. Herrera- ` Joancomart´ı. Double-spending prevention for bitcoin zero-confirmation transactions. http://eprint.iacr.org/2017/394, 2017. Accessed: 2017-06-
[38] Pseudonymous(”TierNolan”). Decoupling transactions and pow. https://bitcointalk.org/index.php?topic=179598.0, 2013. Accessed: 2017-05-10.
[39] P. R. Rizun. Subchains: A technique to scale bitcoin and improve the user experience. Ledger, 1:38–52, 2016.
[40] K. Rosenbaum. Weak blocks - the good and the bad. http://popeller.io/ index.php/2016/01/19/weak-blocks-the-good-and-the-bad/, 2016. Accessed: 2017-05-10.
[41] K. Rosenbaum and R. Russell. Iblt and weak block propagation performance. Scaling Bitcoin Hong Kong (6 December 2015), 2015.
[42] M. Rosenfeld. Analysis of hashrate-based double spending. http://arxiv.org/abs/1402.2009, 2014. Accessed: 2016-03-09.
[43] R. Russel. Weak block simulator for bitcoin. https://github.com/rustyrussell/weak-blocks, 2014. Accessed: 2017-05-10.
[44] A. Sapirshtein, Y. Sompolinsky, and A. Zohar. Optimal selfish mining strategies in bitcoin. http://arxiv.org/pdf/1507.06183.pdf, 2015. Accessed: 2016-08-22.
[45] E. B. Sasson, A. Chiesa, C. Garman, M. Green, I. Miers, E. Tromer, and M. Virza. Zerocash: Decentralized anonymous payments from bitcoin. In Security and Privacy (SP), 2014 IEEE Symposium on, pages 459–474. IEEE, 2014.
[46] Satoshi Nakamoto. Comment in ”bitdns and generalizing bitcoin” bitcointalk thread. https://bitcointalk.org/index.php?topic=1790.msg28696#msg28696. Accessed: 2017-06-05.
[47] Y. Sompolinsky, Y. Lewenberg, and A. Zohar. Spectre: A fast and scalable cryptocurrency protocol. Cryptology ePrint Archive, Report 2016/1159, 2016. Accessed: 2017-02-20.
[48] Y. Sompolinsky and A. Zohar. Secure high-rate transaction processing in bitcoin. In Financial Cryptography and Data Security, pages 507–527. Springer, 2015.
[49] Suhas Daftuar. Bitcoin merge commit: ”mining: Select transactions using feerate-with-ancestors”. https://github.com/bitcoin/bitcoin/pull/7600. Accessed: 2017-05-10.
[50] M. B. Taylor. Bitcoin and the age of bespoke silicon. In Proceedings of the 2013 International Conference on Compilers, Architectures and Synthesis for Embedded Systems, page 16. IEEE Press, 2013.
[51] F. Tschorsch and B. Scheuermann. Bitcoin and beyond: A technical survey on decentralized digital currencies. In IEEE Communications Surveys Tutorials, volume PP, pages 1–1, 2016.
[52] P. J. Van Laarhoven and E. H. Aarts. Simulated annealing. In Simulated annealing: Theory and applications, pages 7–15. Springer, 1987.
[53] A. Zamyatin, N. Stifter, A. Judmayer, P. Schindler, E. Weippl, and W. J. Knottebelt. (Short Paper) A Wild Velvet Fork Appears! Inclusive Blockchain Protocol Changes in Practice. In 5th Workshop on Bitcoin and Blockchain Research, Financial Cryptography and Data Security 18 (FC). Springer, 2018.
[54] F. Zhang, I. Eyal, R. Escriva, A. Juels, and R. Renesse. Rem: Resourceefficient mining for blockchains. http://eprint.iacr.org/2017/179, 2017. Accessed: 2017-03-24.
submitted by dj-gutz to myrXiv [link] [comments]

A single global economy of FAIL

I had a lot of fun with Jo_Bones insane vomit yesterday, that retarded chimp is a special one for sure. He inspired me to write some satire of his delusional CSWesque rant. I list some hilarious quotes from him at the end as well from the comment chain.
The original delusional rant

If all governments could agree on any single thing at any point in time, it would be an unprecedented moment in history. A "unicorn moonshot" so to speak. If the unicorn moonshot were to manifest as every government suddenly desiring to throw their already digital currencies into complete disarray and chose a technically inferior and non-compliant product in the process, then you can bet your ass they would use BSV for their fiscal policies. At the moment, here is what came up when I googled Central Banks for the first time today. Here's what came up when I googled fractional reserves. I then googled what reconciled means, and after my eyes rolled back in to my head out of sheer inability to digest the information I was reading, I decided BSV was the blockchain to solve all of this because I personally think this thing is an awesome high-school comp sci project.

If every central bank suddenly decided to relinquish state control of their monetary policy, and instead decided that the security model of 7 amateur software developers paid by an ex-felon hiding in Antigua who controls the #11 cryptocurrency on coinmarketcap was the answer, we could have the opportunity to use a strictly worse version of our current banking software and IT infrastructure. Instant transactions between bank accounts you own? Screw that, welcome to 10 minute block times! Did you fat finger that bill payment to the wrong sender? Too bad, it's gone forever! Welcome to immutability! It's a feature not a bug!

If you extrapolate how bad this is, suddenly taxes would be lower because digital monetary transactions would come to a screeching halt. Can't pay taxes on money you don't have, right? Suck that statists! The world would benefit from one giant economy of scale even though that phrase makes no sense in this context, and in reality is another buzzword I just simply don't have the time to try to understand. I forgot to Google that one I guess. This means prices around the globe would be out of control because we'd have to revert to a primal barter system! My chicken for your box of peaches! The possibilities to fuck over literally the entire world are endless!

Additionally, there would now be a high degree of transparency to how poorly BSV scales, since blocks take hours to propagate at 1GB sizes and that would only represent the hourly transactions of a town of 10,000 people, which would inevitably lead everyone to understand what 99.99% (AKA the non-mentally retarded "subset" of the population) already know.


In the comments I decided to change potential use cases from the utter nonsense I listed above to a couple different things.
https://www.reddit.com/bsv/comments/j9u2jt/a_single_global_economy_of_scale/g8ppeq7/?utm_source=share&utm_medium=web2x&context=3
Here I am demonstrating that I know currency lives in a database today:
The point is that they centrally issue and control their own tokens on the bitcoin network. I don’t see what’s so hard to understand about this. They already issue tokens on their own network. It’s just a different database.
Here I am 7 comments later saying those databases don't allow for digital cash when I just stated they did.
Your SQL databases don’t really allow for digital cash.
Shit maybe token issuance on BSV won't work time to pivot to:
But bank transfers still take days between Europe and Asia and have high fees precisely because all the banks maintain their own networks.
Think of the possibilities guys. You totally can't do this today, right?
so they can (for example) sell a YouTube video directly to the whole world, for their native national token... on the bitcoin network.
Crap, maybe there are some good points there. At least Bitcoin can push transactions out in seconds despite having a 10 minute block time! And wait until you see the block times if anyone ever does try to send a billion tx in a second!
These hashes cost bitcoin, but you can sell billions of them per second.
What do you mean risks of minority hash rate on BSV? Nobody has ever done a 51% attack and not been arrested! THEY'LL LOSE THEIR MINING EQUIPMENT!
Except that it’s illegal to attack another chain, and it’s public, and traceable and the punishment would be your company loses all its mining equipment.
I'm running out of use cases since they're getting shot down so fast. Here's a good one. Why pay $80 a month for internet in 1 transaction, when you can pay for internet 1.7trillion times every month for every data packet you get?
And the advantage of sending 0.0011p to someone might be that they’re providing a service to you, like a data packet.
But think of all the UnIqUe AnD gReAt FeAtUrEs on BSV. Really cutting edge stuff that SQL Server doesn't have due to being obsolete in the 90s, like the ability to append only instead of modify data elements! Also, watch the blockchain desync if you ever tried 1billion tx/sec!
The network scales to handle billions of TX/sec and the ledger is append only so it matches the criteria for keeping accurate records and/or updating them as needs be.
Time to pivot again since I'm being dismantled at every turn. What haven't I mentioned yet?
you haven’t solved the issue of the US dollar being the worlds default currency on which global trade relies.
Here is me doing my best Craig Wright technobabble nonsense impression. I know this is technically English but the words being strung together make no sense!
Once again you’ve really missed the point of all this. A data commodity that comes about through consensus of the network on ‘what value is’ contains a fraction of every part of the global economy.
Time to revert to some Craig Wright technobabble bullshit again:
Those in charge of producing dollars ultimately have an unfair advantage over those who don’t and they can game the system.
That’s a peer to peer internet model where producers get paid directly by consumers for the data they consume and miners get paid according to how fast and how efficiently and how accurately they can deliver the data.

Have I mentioned the fact I don't understand that blockchains are literally distributed databases?
Finally, you can send any kind of data in a bitcoin transaction. Not just fiat currencies issued by a government but audio, video, text, a webpage, etc.
And finally:
It’s very smart. Unlike you.
My transformation is complete.
submitted by pointedpointything to bsv [link] [comments]

Bitcoin Newcomers FAQ - Please read!

Welcome to the /Bitcoin Sticky FAQ

You've probably been hearing a lot about Bitcoin recently and are wondering what's the big deal? Most of your questions should be answered by the resources below but if you have additional questions feel free to ask them in the comments.
It all started with the release of the release of Satoshi Nakamoto's whitepaper however that will probably go over the head of most readers so we recommend the following videos for a good starting point for understanding how bitcoin works and a little about its long term potential:
Some other great resources include Lopp.net, the Princeton crypto series and James D'Angelo's Bitcoin 101 Blackboard series.
Some excellent writing on Bitcoin's value proposition and future can be found at the Satoshi Nakamoto Institute.
Some Bitcoin statistics can be found here and here. Developer resources can be found here. Peer-reviewed research papers can be found here.
Potential upcoming protocol improvements and scaling resources here and here.
The number of times Bitcoin was declared dead by the media can be found here (LOL!)

Key properties of Bitcoin

Where can I buy bitcoins?

Bitcoin.org and BuyBitcoinWorldwide.com are helpful sites for beginners. You can buy or sell any amount of bitcoin (even just a few dollars worth) and there are several easy methods to purchase bitcoin with cash, credit card or bank transfer. Some of the more popular resources are below, also check out the bitcoinity exchange resources for a larger list of options for purchases.
Here is a listing of local ATMs. If you would like your paycheck automatically converted to bitcoin use Bitwage.
Note: Bitcoins are valued at whatever market price people are willing to pay for them in balancing act of supply vs demand. Unlike traditional markets, bitcoin markets operate 24 hours per day, 365 days per year. Preev is a useful site that that shows how much various denominations of bitcoin are worth in different currencies. Alternatively you can just Google "1 bitcoin in (your local currency)".

Securing your bitcoins

With bitcoin you can "Be your own bank" and personally secure your bitcoins OR you can use third party companies aka "Bitcoin banks" which will hold the bitcoins for you.
Note: For increased security, use Two Factor Authentication (2FA) everywhere it is offered, including email!
2FA requires a second confirmation code to access your account making it much harder for thieves to gain access. Google Authenticator and Authy are the two most popular 2FA services, download links are below. Make sure you create backups of your 2FA codes.
Google Auth Authy OTP Auth
Android Android N/A
iOS iOS iOS

Watch out for scams

As mentioned above, Bitcoin is decentralized, which by definition means there is no official website or Twitter handle or spokesperson or CEO. However, all money attracts thieves. This combination unfortunately results in scammers running official sounding names or pretending to be an authority on YouTube or social media. Many scammers throughout the years have claimed to be the inventor of Bitcoin. Websites like bitcoin(dot)com and the btc subreddit are active scams. Almost all altcoins (shitcoins) are marketed heavily with big promises but are really just designed to separate you from your bitcoin. So be careful: any resource, including all linked in this document, may in the future turn evil. Don't trust, verify. Also as they say in our community "Not your keys, not your coins".

Where can I spend bitcoins?

Check out spendabit or bitcoin directory for millions of merchant options. Also you can spend bitcoin anywhere visa is accepted with bitcoin debit cards such as the CashApp card. Some other useful site are listed below.
Store Product
Gyft Gift cards for hundreds of retailers including Amazon, Target, Walmart, Starbucks, Whole Foods, CVS, Lowes, Home Depot, iTunes, Best Buy, Sears, Kohls, eBay, GameStop, etc.
Spendabit, Overstock and The Bitcoin Directory Retail shopping with millions of results
ShakePay Generate one time use Visa cards in seconds
NewEgg and Dell For all your electronics needs
Bitwa.la, Coinbills, Piixpay, Bitbill.eu, Bylls, Coins.ph, Bitrefill, LivingRoomofSatoshi, Coinsfer, and more Bill payment
Menufy, Takeaway and Thuisbezorgd NL Takeout delivered to your door
Expedia, Cheapair, Destinia, Abitsky, SkyTours, the Travel category on Gyft and 9flats For when you need to get away
Cryptostorm, Mullvad, and PIA VPN services
Namecheap, Porkbun Domain name registration
Stampnik Discounted USPS Priority, Express, First-Class mail postage
Coinmap and AirBitz are helpful to find local businesses accepting bitcoins. A good resource for UK residents is at wheretospendbitcoins.co.uk.
There are also lots of charities which accept bitcoin donations.

Merchant Resources

There are several benefits to accepting bitcoin as a payment option if you are a merchant;
If you are interested in accepting bitcoin as a payment method, there are several options available;

Can I mine bitcoin?

Mining bitcoins can be a fun learning experience, but be aware that you will most likely operate at a loss. Newcomers are often advised to stay away from mining unless they are only interested in it as a hobby similar to folding at home. If you want to learn more about mining you can read more here. Still have mining questions? The crew at /BitcoinMining would be happy to help you out.
If you want to contribute to the bitcoin network by hosting the blockchain and propagating transactions you can run a full node using this setup guide. If you would prefer to keep it simple there are several good options. You can view the global node distribution here.

Earning bitcoins

Just like any other form of money, you can also earn bitcoins by being paid to do a job.
Site Description
WorkingForBitcoins, Bitwage, Cryptogrind, Coinality, Bitgigs, /Jobs4Bitcoins, BitforTip, Rein Project Freelancing
Lolli Earn bitcoin when you shop online!
OpenBazaar, Purse.io, Bitify, /Bitmarket, 21 Market Marketplaces
/GirlsGoneBitcoin NSFW Adult services
A-ads, Coinzilla.io Advertising
You can also earn bitcoins by participating as a market maker on JoinMarket by allowing users to perform CoinJoin transactions with your bitcoins for a small fee (requires you to already have some bitcoins.

Bitcoin-Related Projects

The following is a short list of ongoing projects that might be worth taking a look at if you are interested in current development in the bitcoin space.
Project Description
Lightning Network Second layer scaling
Blockstream, Rootstock and Drivechain Sidechains
Hivemind and Augur Prediction markets
Tierion and Factom Records & Titles on the blockchain
BitMarkets, DropZone, Beaver and Open Bazaar Decentralized markets
JoinMarket and Wasabi Wallet CoinJoin implementation
Coinffeine and Bisq Decentralized bitcoin exchanges
Keybase Identity & Reputation management
Abra Global P2P money transmitter network
Bitcore Open source Bitcoin javascript library

Bitcoin Units

One Bitcoin is quite large (hundreds of £/$/€) so people often deal in smaller units. The most common subunits are listed below:
Unit Symbol Value Info
bitcoin BTC 1 bitcoin one bitcoin is equal to 100 million satoshis
millibitcoin mBTC 1,000 per bitcoin used as default unit in recent Electrum wallet releases
bit bit 1,000,000 per bitcoin colloquial "slang" term for microbitcoin (μBTC)
satoshi sat 100,000,000 per bitcoin smallest unit in bitcoin, named after the inventor
For example, assuming an arbitrary exchange rate of $10000 for one Bitcoin, a $10 meal would equal:
For more information check out the Bitcoin units wiki.
Still have questions? Feel free to ask in the comments below or stick around for our weekly Mentor Monday thread. If you decide to post a question in /Bitcoin, please use the search bar to see if it has been answered before, and remember to follow the community rules outlined on the sidebar to receive a better response. The mods are busy helping manage our community so please do not message them unless you notice problems with the functionality of the subreddit.
Note: This is a community created FAQ. If you notice anything missing from the FAQ or that requires clarification you can edit it here and it will be included in the next revision pending approval.
Welcome to the Bitcoin community and the new decentralized economy!
submitted by BitcoinFan7 to Bitcoin [link] [comments]

Bitcoin Fullnode Install Guide for Dummies ;-)

Bitcoin Fullnode Install Guide for Dummies ;-)
Feel free to stop at Level 0 or Level 1, which is fine. More advanced configs are offered to those with more tech savvy. This guide, obviously assumes a Windows 10 install, but other OSes work fine, just find a different guide. BTW, the "For Dummies" is a callback to a set of "tech" books in the 90's intended to be as easy as possible. It is in jest and not intended to insult the reader. Finally, if you dislike the formatting, a well formatted copy can be found here
There is a fairly small subset of Bitcoin users that run a full node. I think the idea of running a full node has gotten a bad rap over the years since there is so much talk about running on a Raspberry Pi, or getting zippy SSDs. Although all of this can be fun, it is often not really required at all. Here are some ways to run a full node starting with the very simple. I'll get into more complex configs, but these are all optional.

Tech Skill Level: 0 (the basics)

  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
In many cases, thats it. If your running a new machine with a fairly good internet connection, 8 or 9 hours will be enough to complete the "Initial Block Download" (IBD). This may fill up your drive a bit, but again, on most new machines, 300 GB of space isn't that hard to come by.

Tech Skill Level: 1 (encrypted wallet)

One thing we left out in the level-0 exercise is encrypting your wallet. It's easy enough to do well, but a bit more difficult to do right. The main challenge is that humans generate really poor passwords. If you want a good password, the best way is to use something called "diceware". Basically, you just grab 4 or 5 dice and each throw of the dice represents a certain word on a special list. The throw {1,4,5,3,1} for example would be the word camping on the EFF-diceware-wordlist. So you repeat this a few times until you have a list of 8 or so words which becomes the passphrase you use to encrypt your wallet. Write it down, it is always hard to remember at first. So at level-1 your list becomes:
  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Choose Encrypt Wallet from the Settings menu
  5. Enter your 8 word (or so) passphrase generated using the Diceware method

Wallet Encryption Dialog

Tech Skill Level: 2 (enable pruning if needed)

Though I said "300 GB of space isn't hard to come by", some times it actually is. If space is an issue, a simple way to fix it is to tell bitcoin to simple take less space. This is called "pruning" and can take that number from 300 GB down to below 5 GB. If you can't find 5 GB, then you'll have to read ahead to level-4 to add USB storage. But the good news is, enabling pruning is pretty easy, we just add another step to our working list:
  1. Download Bitcoin Core
  2. Launch the downloaded installer and install the app
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Do the wallet encryption steps here if you wish
  5. Choose Options from the Settings menu
  6. Choose Prune block storage to: and select the max size for the blocks to use
  7. Exit and restart the bitcoin application for the changes to take effect

Pruning Dialog
Note, even setting this to 1 GB will still leave you with about a 4.5 GB install. The blocks take up a lot of space, but the chainstate and other folders eat up at least 3.5 GB and they can't be pruned. Also, be aware, to disable pruning requires you to perform the entire IBD again. While pruned some other functions my be disabled as well, so just know that pruning does limit some functionality.

Tech Skill Level: 3 (verify the installer)

Although this is arguably something that should be done at level-0, some find the intricacies of comparing hash (thumbprint) values to be tedious and beyond the scope of a beginner. You will find these types of hash compares suggested quite often as a way to prevent running tainted programs. Programs are often tainted by bad disk or network performance, but most often, taint is malicious code inserted by viruses or malware. This is a way to guard yourself against those types of attacks.
What I cover here is a very basic comparison on the certificate, but a more thorough verification advised by mosts uses a program called Gpg4Win, and is beyond the scope of this beginners guide. But regardless, most users should strive to do this minimum level of validation.
  1. Download Bitcoin Core
  2. Launch the downloaded installer
  3. When prompted "Do you want to allow..." click Show more details
  4. In the details section select Show information about the publisher's certificate
  5. In the certificate window select the Details tab
  6. In the Details tab Subject should start with "CN = Bitcoin Core Code Signing Association"
  7. Ensure Thumbprint in Details reads ea27d3cefb3eb715ed214176a5d027e01ba1ee86
  8. If the checks pass, click OK to exit the certificate window and Yes to allow the installer to run.
  9. Launch the installed "Bitcoin Core" app and let it run overnight
  10. Do the wallet encryption steps here if you wish
  11. Do the optional pruning steps here if you wish

Certification Validation Windows
Note: The certificate used to sign the current Bitcoin installer is only valid from March 2020 to March 2021. After that point the thumbprint on the certificate will change. This is by design and intentional. If your reading this post after March 2021, then it is understood that the thumbprint has changed.

Tech Skill Level: 4 (use secondary storage)

We glossed over the "new machine with fairly good internet" part. Truth be known many people do not have fairly new machines, and find the IBD to take longer than the "over night" best wishes. For most people the slowdown is the disk access when calculating what is called chainstate. This requires fast random reads and writes to the disk. If you have an SSD disk, this will be no problem, but if you have a non-SSD "spinning" disk, random writes are always slow. Though an SSD will speed things up, they are pricey, so a nice middle ground may be a simple high-end USB key drive. You can get some with 10 to 15 MB/s random writes for $20 on Amazon. This is usually a order of magnitude faster than a "spinning" disk. And with pruning (see level-2), a small USB drive should be fine.
Once you decide on a drive, the tricky part will be to enable external storage. It requires editing a configuration file and adding a line. First, we want to create a directory on the key drive. You will need to determine the drive letter of your USB key drive. For the sake of this example, we will assume it is D:, but you must determine this yourself and correct the example. Once you know the drive letter, create a blank folder on the drive called Bitcoin. So for this example, creating Bitcoin on drive D: will create the path D:\Bitcoin. Once done, assuming that D: is your drive, here are the new steps including the edit of the configuration file:
  1. Download Bitcoin Core
  2. Launch the installer, verify it, then run it
  3. Launch the installed "Bitcoin Core" app and let it run overnight
  4. Do the wallet encryption steps here if you wish
  5. Do the optional pruning steps here if you wish
  6. Launch "Notepad" by typing "Notepad.exe" in the windows search bar then click Open
  7. Type the line datadir=D:\Bitcoin (depending on your drive letter) in the blank file
  8. Choose Save from the File menu in notepad
  9. Type %APPDATA%\Bitcoin\bitcoin.conf (note the percent signs) in the File name box
  10. Select All Files from the Save as type dropdown
  11. Click the Save button and overwrite the file if prompted
  12. Exit and restart the bitcoin application for the changes to take effect

Save As Dialog
Now that you've reached this level of technical expertise, there are many new configuration options that you can begin to modify if you wish. Most configuration data is contained in the bitcoin.conf file and learning how to maintain it is a key step for a node operator.

Tech Skill Level: 5 (all other customizations)

Here's a short list of various things you can ADD to your bitcoin.conf file. You generally just add a new line for each configuration settings.
  • addresstype=bech32
  • changetype=bech32
The addresstype / changetype allows your wallet to use the native-segwit (bech32) format. This is the most efficient and inexpensive way to spend bitcoin, and is a recommended configuration. The default uses something called p2sh-segwit which is more compatible with older wallets, but more expensive to spend.
  • minrelaytxfee=0.00000011
Changing the minrelaytxfee setting allows you to help propagate lower fee transactions. It will require more memory but TXN memory is capped at 300 MB by default anyways, so if you have enough memory, it is a good setting to choose.
  • dbcache=2048
The dbcache setting controls how many MB of memory the program will use for the chainstate database. Since this is a key bottleneck in the IBD, setting this value high (2048 MB) will greatly speed up the IBD, assuming you have the memory to spare
  • blocksdir=C:\Bitcoin
  • datadir=D:\Bitcoin
In level-4 we discussed moving the datadir to a fast external storage, but the majority of the space used for bitcoin is the blocks directory (blocksdir). Although you should always use for fastest storage for datadir, you are free to use slow storage for blocksdir. So if you only want to consume a small amount of your SSD (assumed D:) then you can keep your blocks on your slow "spinning" drive.
  • upnp=1
One of the harder challenges you may face running a node, is to get incoming connections. If you are lucky, you may find that your firewall and network HW support the uPnP protocol. If they do, this setting will allow bitcoin to configure uPnP to allow incoming connections to your node. Other methods exist to make your node reachable, but they are well beyond the scope of this guide.
submitted by brianddk to Bitcoin [link] [comments]

Bitcoins Erklärung: In nur 12 Min. Bitcoin verstehen ... BackPropagation in Neural Network with an Example (XOR) Using Multiple Micro:bits How transactions are verified in Bitcoin Blockchain ... Epidemic Information Propagation in Computer Networks ... Propagation Models

Information Propagation in the Bitcoin Network Christian Decker ETH Zurich { Distributed Computing Group { www.disco.ethz.ch. What is Bitcoin? + = What is Bitcoin? + = What is Bitcoin? + = What’s it worth? Oct 2010 Feb 2011 Jun 2011 Oct 2011 Feb 2012 Jun 2012 Oct 2012 Feb 2013 Jun 2013 0 50 100 150 200 250 300 Price [USD] USD / Bitcoin exchange price 150$/BTC. What’s it worth? Oct 2010 Feb ... -'Information propagation in the bitcoin network.' Network Diameter does not appear to be that important as there are some very long shortest paths in bitcoin, but those paths only represent a tiny faction of the overlay network. The bitcoin network appears to be extremely well connected for most of the nodes and with a long narrow tail very very poor connections. A block may take a long time ... We then use the gathered information to verify the conjecture that the propagation delay in the network is the primary cause for blockchain forks. Blockchain forks should be avoided as they are ... Instead Bitcoin relies on a network of volunteers that collectively implement a replicated ledger and verify transactions. In this paper we analyze how Bitcoin uses a multi-hop broadcast to propagate transactions and blocks through the network to update the ledger replicas. We then use the gathered information to verify the conjecture that the propagation delay in the network is the primary ... Information Propagation in the Bitcoin Network Christian Decker, Roger Wattenhofery ETH Zurich, Switzerland [email protected] yMicrosoft Research [email protected] Abstract—Bitcoin is a digital currency that unlike traditional currencies does not rely on a centralized authority. Instead Bit-coin relies on a network of volunteers that collectively implement a replicated ledger ...

[index] [40212] [11565] [21185] [51153] [12853] [34963] [46239] [9227] [1832] [36625]

Bitcoins Erklärung: In nur 12 Min. Bitcoin verstehen ...

partitioning the Bitcoin’s peer-to-peer network via routing-level attacks; e.g., a network adversary exploits a BGP vulnerability and performs a prefix hijacking attack (viz. Apostolaki et al. [3]). Introduction to disease models and network structure. Includes the firefighter problem, SIR models, k-thresholds. Table of Contents: 00:00 - Propagation in Networks 00:37 - Network Structure and ... Double spending and block propagation visualization in a bitcoin network ... P2P Network setup simulation in DECODE OS - Duration: 1:41. Dyne.org 161 views. 1:41. The incredible ibex defies ... Back Propagation in Neural Network with an example - Duration: 12:45. Naveen Kumar 248,989 views. 12:45. ... But how does bitcoin actually work? - Duration: 26:21. 3Blue1Brown Recommended for you ... ABSTRACT: Information propagation in networks can be performed using a variety of epidemic mechanisms such as SI, SIS or SIR (susceptible – infective – remov...

#