Proof-of-Stake Longest Chain Protocols Revisited

The Nakamoto longest chain protocol has served Bitcoin well in its decade long existence. It is remarkably simple and uses only basic cryptographic primitives, but its proof-of-work framework is energy wasting. Proof-of-stake (PoS) protocols are an energy efficient alternative; however they are significantly complicated and promise weaker security guarantees. An effort to mimic the Nakamoto protocol directly in the PoS setting is made in [10] with security shown only for a class of purely private attacks. In this paper we demonstrate a new, and fatal, attack on the protocol of [10]. This attack motivates the design of a new family of Nakamoto-style longest chain PoS protocols, with a formal proof of their security against all possible attacks in a general security model.



page 1

page 2

page 3

page 4


Everything is a Race and Nakamoto Always Wins

Nakamoto invented the longest chain protocol, and claimed its security b...

Risk Framework for Bitcoin Custody Operation with the Revault Protocol

Our contributions with this paper are twofold. First, we elucidate the m...

Modelling Agent-Skipping Attacks in Message Forwarding Protocols

Message forwarding protocols are protocols in which a chain of agents ha...

Selfish Behavior in the Tezos Proof-of-Stake Protocol

Proof-of-Stake consensus protocols give rise to complex modeling challen...

Private Attacks in Longest Chain Proof-of-stake Protocols with Single Secret Leader Elections

Single Secret Leader Elections have recently been proposed as an improve...

TaiJi: Longest Chain Availability with BFT Fast Confirmation

Most state machine replication protocols are either based on the 40-year...

Towards a Game-Theoretic Security Analysis of Off-Chain Protocols

Off-chain protocols constitute one of the most promising approaches to s...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.