Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Dave: a decentralized, secure, and lively fraud-proof algorithm

Diego Nehab, Gabriel Coutinho de Paula, Augusto Teixeira

TL;DR

A new fraud-proof algorithm that offers an excellent balance between decentralization, security, and liveness is introduced, which ensures broad accessibility and the only way to break consensus is to censor the honest party for more than one challenge period, and the costs of engaging in the dispute are minimal.

Abstract

In this paper, we introduce a new fraud-proof algorithm that offers an unprecedented combination of decentralization, security, and liveness. The resources that must be mobilized by an honest participant to defeat an adversary grow only logarithmically with what the adversary ultimately loses. As a consequence, there is no need to introduce high bonds that prevent an adversary from creating too many Sybils. This makes the system very inclusive and frees participants from having to pool resources among themselves to engage the protocol. Finally, the maximum delay to finalization also grows only logarithmically with total adversarial expenditure, with the smallest multiplicative factor to date. In summary: the entire dispute completes in 2--5 challenge periods, the only way to break consensus is to censor the honest party for more than one challenge period, and the costs of engaging in the dispute are minimal.

Dave: a decentralized, secure, and lively fraud-proof algorithm

TL;DR

A new fraud-proof algorithm that offers an excellent balance between decentralization, security, and liveness is introduced, which ensures broad accessibility and the only way to break consensus is to censor the honest party for more than one challenge period, and the costs of engaging in the dispute are minimal.

Abstract

In this paper, we introduce a new fraud-proof algorithm that offers an unprecedented combination of decentralization, security, and liveness. The resources that must be mobilized by an honest participant to defeat an adversary grow only logarithmically with what the adversary ultimately loses. As a consequence, there is no need to introduce high bonds that prevent an adversary from creating too many Sybils. This makes the system very inclusive and frees participants from having to pool resources among themselves to engage the protocol. Finally, the maximum delay to finalization also grows only logarithmically with total adversarial expenditure, with the smallest multiplicative factor to date. In summary: the entire dispute completes in 2--5 challenge periods, the only way to break consensus is to censor the honest party for more than one challenge period, and the costs of engaging in the dispute are minimal.

Paper Structure

This paper contains 21 sections, 1 theorem, 59 equations, 4 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related work
  3. Threat and resource model
  4. Dave
  5. Computation model
  6. Structure of a claim
  7. Match between two claims
  8. Chess clock
  9. Partitioning claims into groups
  10. Worst-case delay in rounds
  11. Asymptotic bound on worst-case delay
  12. Maximum-delay strategy for adversary
  13. Worst-case delay by maximum-delay strategy
  14. Discussion
  15. Liveness
  16. ...and 6 more sections

Key Result

theorem 1

When groups have at most $G$ claims, and a claim can be demoted $K$ times before being eliminated, Dave settles a dispute involving $N$ claims in $O(K + \log_G N + \sqrt{K \log_GN}\,)$ rounds.

Figures (4)

  • Figure 1: The construction of the computation hash as a Merkle tree.
  • Figure 2: First 5 rounds in a possible dispute with $N=4$, $K=3$, and $G=2$. Arrows show the groups before each round.
  • Figure 3: Delay in rounds obtained by an adversary that uses the maximum-delay strategy of \ref{['strategy']}. Lines measure the maximum delay that can be achieved from $2$ to $2^{35}$ Sybils given a maximum demotion count $K$ and group size $G$. (Note the Sybils axis is in logarithmic scale.)
  • Figure 4: Example of the groups formed when $K=5$ and $G=10$. In the example, there are $33$ claims each with 0, 1, or 2 demotions, and $3$ claims each with 3, 4, or 5 demotions. Different groups are shown in different colors. The values borrowed from left ($\boldsymbol{a}_{\mkern-2muj, k}$) and right ($\boldsymbol{b}_{\mkern-2muj, k}$) have are also shown.

Theorems & Definitions (1)

  • theorem 1