Table of Contents
Fetching ...

Fast Deterministically Safe Proof-of-Work Consensus

Ali Farahbakhsh, Giuliano Losa, Youer Pu, Lorenzo Alvisi, Ittay Eyal

TL;DR

Sieve-MMR targets deterministic safety and constant expected latency in fully permissionless blockchains by decoupling consensus from messaging and introducing a DPoW-backed, time-travel-resilient broadcast (TTRB) to filter antique history. The core innovation is Sieve, which implements TTRB using a DAG of DPoW evaluations and two filtering modes (Online-Sieve and Bootstrap-Sieve) to defend against time-travel attacks. By layering MMR on top of Sieve, the authors obtain Sieve-MMR, the first TOB protocol in a fully permissionless setting with deterministic safety and low latency, tolerant to a $\rho$-bounded adversary with $0\le\rho\le\tfrac{1}{2}$ and enabling constant-step progress. The work provides concrete DPoW construction, analyzes correctness via a Sieve invariant (SI), and discusses practical considerations and future directions toward scalable, real-world deployment.

Abstract

Permissionless blockchains achieve consensus while allowing unknown nodes to join and leave the system at any time. They typically come in two flavors: proof of work (PoW) and proof of stake (PoS), and both are vulnerable to attacks. PoS protocols suffer from long-range attacks, wherein attackers alter execution history at little cost, and PoW protocols are vulnerable to attackers with enough computational power to subvert execution history. PoS protocols respond by relying on external mechanisms like social consensus; PoW protocols either fall back to probabilistic guarantees, or are slow. We present Sieve-MMR, the first fully-permissionless protocol with deterministic security and constant expected latency that does not rely on external mechanisms. We obtain Sieve-MMR by porting a PoS protocol (MMR) to the PoW setting. From MMR we inherit constant expected latency and deterministic security, and proof-of-work gives us resilience against long-range attacks. The main challenge to porting MMR to the PoW setting is what we call time-travel attacks, where attackers use PoWs generated in the distant past to increase their perceived PoW power in the present. We respond by proposing Sieve, a novel algorithm that implements a new broadcast primitive we dub time-travel-resilient broadcast (TTRB). Sieve relies on a black-box, deterministic PoW primitive to implement TTRB, which we use as the messaging layer for MMR.

Fast Deterministically Safe Proof-of-Work Consensus

TL;DR

Sieve-MMR targets deterministic safety and constant expected latency in fully permissionless blockchains by decoupling consensus from messaging and introducing a DPoW-backed, time-travel-resilient broadcast (TTRB) to filter antique history. The core innovation is Sieve, which implements TTRB using a DAG of DPoW evaluations and two filtering modes (Online-Sieve and Bootstrap-Sieve) to defend against time-travel attacks. By layering MMR on top of Sieve, the authors obtain Sieve-MMR, the first TOB protocol in a fully permissionless setting with deterministic safety and low latency, tolerant to a -bounded adversary with and enabling constant-step progress. The work provides concrete DPoW construction, analyzes correctness via a Sieve invariant (SI), and discusses practical considerations and future directions toward scalable, real-world deployment.

Abstract

Permissionless blockchains achieve consensus while allowing unknown nodes to join and leave the system at any time. They typically come in two flavors: proof of work (PoW) and proof of stake (PoS), and both are vulnerable to attacks. PoS protocols suffer from long-range attacks, wherein attackers alter execution history at little cost, and PoW protocols are vulnerable to attackers with enough computational power to subvert execution history. PoS protocols respond by relying on external mechanisms like social consensus; PoW protocols either fall back to probabilistic guarantees, or are slow. We present Sieve-MMR, the first fully-permissionless protocol with deterministic security and constant expected latency that does not rely on external mechanisms. We obtain Sieve-MMR by porting a PoS protocol (MMR) to the PoW setting. From MMR we inherit constant expected latency and deterministic security, and proof-of-work gives us resilience against long-range attacks. The main challenge to porting MMR to the PoW setting is what we call time-travel attacks, where attackers use PoWs generated in the distant past to increase their perceived PoW power in the present. We respond by proposing Sieve, a novel algorithm that implements a new broadcast primitive we dub time-travel-resilient broadcast (TTRB). Sieve relies on a black-box, deterministic PoW primitive to implement TTRB, which we use as the messaging layer for MMR.
Paper Structure (33 sections, 15 theorems, 5 figures, 4 algorithms)

This paper contains 33 sections, 15 theorems, 5 figures, 4 algorithms.

Key Result

Lemma 1

The Sieve Invariant and the Sieve algorithm together imply TTRB.

Figures (5)

  • Figure 1: Example of time-travel attack. Although active correct nodes form a majority among active nodes in Step 1 ( i.e., 2 out of 3), correct nodes in Step 2 receive as many Byzantine messages as correct messages ( i.e., 2 out of 4).
  • Figure 2: Protocol stack of the Sieve-MMR algorithm.
  • Figure 3: Example execution in which correct nodes $n_1$ and $n_2$ use Online-Sieve and a Byzantine node $n_3$ produces an antique message ⓑ. When building their timestamp-$2$ messages at $t=6$, correct nodes must filter out ⓑ.
  • Figure 4: An execution showing that Online-Sieve on its own is not enough. It shows what a new node $n$ joining at step 2 sees; $n$ has to identify antique messages---there are none---but applying Online-Sieve at step 1 and then at step 2 ends up discarding correct timestamp-1 messages.
  • Figure 5: An example execution showing Bootstrap-Sieve in action. A newly joining correct node $n$ at step 2 should identify $b$ as an antique timestamp-1 message.

Theorems & Definitions (38)

  • Definition 1
  • Definition 2: TTRB implementation
  • Definition 3: Consistent successor
  • Definition 4: DAG of messages consistent with a set of timestamp-$s$ messages
  • Definition 5: Sieve Invariant
  • Lemma 1
  • proof
  • Lemma 2
  • proof
  • Lemma 3
  • ...and 28 more