Table of Contents
Fetching ...

Rigorous and Generalized Proof of Security of Bitcoin Protocol with Bounded Network Delay

Christopher Blake, Chen Feng, Xuechao Wang, Qianyu Yu

TL;DR

The paper presents a rigorous security proof for Bitcoin under a $\Delta$-bounded delay model and generalizes to multi-type blocks with scores. It identifies and fixes a prior flaw by introducing a punctured arrival process and proves that security holds whenever the fully-delayed honest growth $\lambda_h$ exceeds the adversary growth $\lambda_a$, establishing $\lambda_h$ as the relevant growth benchmark. The main contributions include a generalized Nakamoto-interval framework, a proof that Nakamoto blocks persist with positive probability, and a bootstrap induction establishing infinitely many honest blocks with probability one in the security region. This strengthens theoretical guarantees for Bitcoin-like protocols under network delays and provides groundwork for related protocols like Merged Bitcoin.

Abstract

A proof of the security of the Bitcoin protocol is made rigorous, and simplified in certain parts. A computational model in which an adversary can delay transmission of blocks by time $Δ$ is considered. The protocol is generalized to allow blocks of different scores and a proof within this more general model is presented. An approach used in a previous paper that used random walk theory is shown through a counterexample to be incorrect; an approach involving a punctured block arrival process is shown to remedy this error. Thus, it is proven that with probability one, the Bitcoin protocol will have infinitely many honest blocks so long as the fully-delayed honest mining rate exceeds the adversary mining rate.

Rigorous and Generalized Proof of Security of Bitcoin Protocol with Bounded Network Delay

TL;DR

The paper presents a rigorous security proof for Bitcoin under a -bounded delay model and generalizes to multi-type blocks with scores. It identifies and fixes a prior flaw by introducing a punctured arrival process and proves that security holds whenever the fully-delayed honest growth exceeds the adversary growth , establishing as the relevant growth benchmark. The main contributions include a generalized Nakamoto-interval framework, a proof that Nakamoto blocks persist with positive probability, and a bootstrap induction establishing infinitely many honest blocks with probability one in the security region. This strengthens theoretical guarantees for Bitcoin-like protocols under network delays and provides groundwork for related protocols like Merged Bitcoin.

Abstract

A proof of the security of the Bitcoin protocol is made rigorous, and simplified in certain parts. A computational model in which an adversary can delay transmission of blocks by time is considered. The protocol is generalized to allow blocks of different scores and a proof within this more general model is presented. An approach used in a previous paper that used random walk theory is shown through a counterexample to be incorrect; an approach involving a punctured block arrival process is shown to remedy this error. Thus, it is proven that with probability one, the Bitcoin protocol will have infinitely many honest blocks so long as the fully-delayed honest mining rate exceeds the adversary mining rate.
Paper Structure (23 sections, 16 theorems, 83 equations, 2 figures)

This paper contains 23 sections, 16 theorems, 83 equations, 2 figures.

Key Result

Lemma 4

The score of the highest score honest block grows at least as fast as the fully-delayed honest chain.

Figures (2)

  • Figure 1: Diagram representing the past and future honest and adversary growth intervals used in the definitions of $E_{1}$ and $E_{2}$. Observe two things. First, the dishonest and honest growth intervals are the same length, even though they start and end at times offset by $\Delta$. Second, the honest score growth intervals do not overlap the honest loner interval; similarly, the dishonest score growth intervals do not intersect the dishonest loner interval. Hence, the event of being a loner interval and the events $E_{1}$ and $E_{2}$ are independent. Our proof depends on showing that with probability greater than $0$, when in the security region, honest score growth exceeds the dishonest score growth for all score growth intervals around a particular time $\tau_{q}$.
  • Figure 2: Figure representing the punctured arrival process. $B$ is the time-length of the part of each interval that is not deleted. Without loss of generality, we start this process at a time $t=0$. Recall that $\Delta$ is the maximum delay of the $\Delta$-delay model, and also is the length of each puncture. In this process, all honest blocks that arrive during these length $\Delta$ intervals are deleted. $B(i)$ is the$i$th total punctured score, which is the total score of the fully-delayed chain after the honest blocks in the punctured intervals are deleted. $S_{b,i}$ is the $i$th punctured interval score, which is the score growth of the fully-delayed honest blocks in each length $B$ interval. Observe that, due to the length $\Delta$ deletion, each $S_{B,i}$ is independent and identically distributed.

Theorems & Definitions (44)

  • Definition 1
  • Definition 2
  • Definition 3
  • Lemma 4
  • Lemma 5
  • Definition 6
  • Definition 7
  • Lemma 8
  • Definition 9
  • Definition 10
  • ...and 34 more