Understanding Proof of Stake in Blockchain Technology

Slide Note
Embed
Share

This lecture delves into the concept of Proof of Stake (PoS) as an energy-efficient alternative to Proof of Work (PoW) in blockchain protocols. It explores how PoS allows meaningful participation based on the stake individuals hold, replacing the need for energy-intensive mining. The lecture discusses vulnerabilities like the Nothing at Stake (NaS) attack and grinding attacks, highlighting the benefits and challenges of implementing PoS within the longest-chain protocol.

gcang
gcang Follow

Uploaded on Sep 21, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Lecture 1 Lecture 11 1: Proof of Stake : Proof of Stake PoW: energy inefficient PoS: Energy efficient alternative PoS version of longest-chain protocol

  2. This lecture This lecture Proof of Stake (PoS) energy efficient alternative replacement to PoW Simple way to implement PoS within the longest chain protocol Vulnerabilities nothing at stake (NaS) attack grinding attack

  3. Proof of Work Proof of Work Find nonce such that H(hash(parent.header), Merkle root of tx, nonce) < threshold Finding entails work Nonce is the proof Doing this work allows miners to participate meaningfully in the protocol PoW is a Sybile resistant leader election mechanism

  4. Proof of Stake Proof of Stake Allow meaningful participation based on stake block proposers own coins Level of participation proportional to stake higher probability of being a proposer Doing work is replaced by owning coins energy efficient capital efficient -- no need for mining hardware

  5. Idea 1 Idea 1 PoS attempt 1 H(hash(parent.header), Merkle root of tx, public key) < threshold x stake Problem: Grinding can try different set of tx such that Merkle root of tx works out correctly so probability not purely proportional to stake

  6. Idea 2 Idea 2 PoS attempt 2 H(hash(parent.header), public key) < threshold x stake Problem: Liveness just one trial to form a block unlike PoW where nonce can be tried at will

  7. Idea 3 Idea 3 PoS attempt 3 H(hash(parent.header), timestamp, public key) < threshold x stake

  8. Idea 3 Idea 3 PoS attempt 3 H(hash(parent.header), timestamp, public key) < threshold x stake Problem: 1. Block content is not tamper-resistant against an adaptive adversary 2. Public election: vulnerable to bribery/corruption

  9. Crypto Primitive Crypto Primitive Key-Evolving Signatures (KES) are signature schemes, where: pk remains the same sk updated in every step, old sk erased impossible to forge old signatures with new keys used for signing blocks helps achieve adaptive security

  10. Crypto Primitive Crypto Primitive Verifiable Random Function (VRF) VRF( sk , x ) ( y , ? ) Verify( pk , x , y , ?) True/False Public election private election

  11. Idea 4 Idea 4 PoS attempt 4 VRF(hash(parent.header), timestamp, secret key) < threshold x stake

  12. Nothing at Stake Nothing at Stake VRF(hash(parent.header), timestamp, secret key) < threshold x stake Longest chain rule parent is tip of longest chain Adversary deviates can grow on all blocks (even Genesis) No computation limit to deviation unlike PoW Nothing at Stake (NaS)

  13. NaS NaS Tree Tree Honest participants grow chain as a Poisson process growth rate linear in time Adversary grows a tree of blocks number of blocks grows exponentially in time NaS allows adversary to compete with honest participants unevenly

  14. NaS Tree and Longest Chain Longest chain NaS Tree G ???? A scalable PoS blockchain in the open setting, Fan and Zhou, 2016

  15. Security of Security of PoS PoS Longest Chain Longest Chain Honest participants grow chain as a Poisson process growth rate linear in time (1 ?)?? Adversary grows a NaS tree in private longest chain length ???? Security against Private attack 1 ? > ???? or ? < 1 1+? 27%

  16. Security Security Security against Private attack Secure against all attacks

  17. Boosting Security Threshold Boosting Security Threshold Security against all attacks Key idea: Reduce the number of randomness sources Idea 1: Only use randomness from genesis block VRF(hash(Genesis), timestamp, secret key) < threshold x stake

  18. Ouroboros Ouroboros Praos Praos G ?0 Epoch 1 ?1

  19. Ouroboros Ouroboros Praos Praos Epoch 2 5 days Repeat ?2 St tz, Rainer, et al. "Stake Shift in Major Cryptocurrencies: An Empirical Study." arXiv preprint arXiv:2001.04187 (2020).

  20. Ouroboros Ouroboros Praos Praos : Bribery Attack : Bribery Attack G ?0 Epoch 1 Bribe k+1 bribes for k-deep rule

  21. Boosting Security Threshold Boosting Security Threshold Security against all attacks Key idea: Reduce the number of randomness sources Idea 2: c-correlation

  22. c c- -correlation correlation Update the randomness of a block only at blocks with height multiples of c

  23. Analysis of private NaS Analysis of private NaS Godfather-block: height(b)%c=0 Only fork at the parents of godfather-blocks ?c=1/(1+?c): threshold for private NaS attack

  24. Dynamic stake Dynamic stake Flaw of static stake Prevent nodes from leaving and joining A coin with no actual stake can participate forever What if stake is updated immediately? Grinding attack: once the adversary is elected as a leader at round i, it can include transactions at round i to transfer all stake to a coin that has a higher chance of winning the election at round i + 1 What if stake is updated with a delay of s blocks? Long range attack: have a private chain with s blocks

  25. s s- -truncation truncation Stake is updated with a delay of s blocks Chain rule: When comparing two chains, both chains are truncated up to s blocks after the fork. Whichever truncated chain is mined in shorter time (and hence denser) is chosen to be mined on.

  26. Dynamic availability Dynamic availability

  27. Crypto Primitive Crypto Primitive Verifiable Delay Function (VRF) VDF( sk , x ) ( y , ? ) Takes L steps Verify( pk , x , y , ?) True/False Takes much less than L steps Proof of sequential work

  28. PoSAT PoSAT: : PoS PoS with arrow with arrow- -of of- -time time

Related


Proof of Stake: Energy-Efficient Alternative to Proof of Work

Proof of Stake: Energy-Efficient Alternative to Proof of Work

ctan
Blockchain Without Waste: Proof-of-Stake

Blockchain Without Waste: Proof-of-Stake

cherry
The Uncertain Promise of Blockchain for Government - OECD Working Paper

The Uncertain Promise of Blockchain for Government - OECD Working Paper

uhad
Perspectives on Justification and Proof in Mathematics Education Research

Perspectives on Justification and Proof in Mathematics Education Research

odie_460
Understanding Blockchain and Bitcoin Price Forecasting

Understanding Blockchain and Bitcoin Price Forecasting

lisand
Understanding Blockchain Technology: Challenges and Applications

Understanding Blockchain Technology: Challenges and Applications

carreras_y
Exploring Architecture and Challenges of Proof Assistants

Exploring Architecture and Challenges of Proof Assistants

niebuhr_a
Genealogical Proof Arguments and SAR Standard of Proof

Genealogical Proof Arguments and SAR Standard of Proof

covington_j
Understanding Blockchain Technology and Its Applications

Understanding Blockchain Technology and Its Applications

selah
Unveiling the Truth about Blockchain: Privacy, Technology & Potential

Unveiling the Truth about Blockchain: Privacy, Technology & Potential

aall833
Exploring Business Impacts of Blockchain Technology

Exploring Business Impacts of Blockchain Technology

quill
Blockchain for Disaster Risk Reduction (DRR) Processes: Enhancing Response and Resilience

Blockchain for Disaster Risk Reduction (DRR) Processes: Enhancing Response and Resilience

clay
Enhancing Global Supply Chain Security with Blockchain Technology

Enhancing Global Supply Chain Security with Blockchain Technology

german
Mathematical Proof Methods and Divisibility Rules

Mathematical Proof Methods and Divisibility Rules

azle161
Understanding Proof Techniques in Number Theory

Understanding Proof Techniques in Number Theory

dpett
Report on Wireless Blockchain Networks by SIG Chairs

Report on Wireless Blockchain Networks by SIG Chairs

gwendo
Understanding Blockchain Vulnerabilities to Quantum Attacks

Understanding Blockchain Vulnerabilities to Quantum Attacks

nars186
Understanding Blockchain Technology: A Comprehensive Overview

Understanding Blockchain Technology: A Comprehensive Overview

kyri_8
Understanding Blockchain Data Structures and Hyperledger Implementation

Understanding Blockchain Data Structures and Hyperledger Implementation

harold
Exploring Digital Currency and Blockchain Technology

Exploring Digital Currency and Blockchain Technology

tobildr
Understanding Exhaustive Proofs and Proof by Cases in Discrete Math

Understanding Exhaustive Proofs and Proof by Cases in Discrete Math

oluwase
Understanding Burden of Proof and Standards of Evidence in Legal Proceedings

Understanding Burden of Proof and Standards of Evidence in Legal Proceedings

hartline_n
Understanding Probabilistic Proof Systems in Complexity Theory

Understanding Probabilistic Proof Systems in Complexity Theory

brco192
Understanding Distributed Ledger Technology Concepts

Understanding Distributed Ledger Technology Concepts

mad_e

More Related Content