Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Tragedy of Chain Commons

Ignacio Amores-Sesar, Mirza Ahad Baig, Seth Gilbert, Ray Neiheiser, Michelle X. Yeo

TL;DR

This work presents the first systematic study of BFT's decoupled setting, providing a formal framework to reason about the interaction between consensus and execution, and shows that the decoupled design enables a previously unidentified attack, which is term gaslighting.

Abstract

Byzantine Fault Tolerant (BFT) consensus forms the foundation of many modern blockchains striving for both high throughput and low latency. A growing bottleneck is transaction execution and validation on the critical path of consensus, which has led to modular decoupled designs that separate ordering from execution: Consensus orders only metadata, while transactions are executed and validated concurrently. While this approach improves performance, it can leave invalid transactions in the ledger, increasing storage costs and enabling new forms of strategic behavior. We present the first systematic study of this setting, providing a formal framework to reason about the interaction between consensus and execution. Using this framework, we show that the decoupled design enables a previously unidentified attack, which we term gaslighting. We prove a fundamental trade-off between resilience to this attack and resource capacity utilization, where both are impossible to achieve deterministically in the decoupled model. To address this trade-off, we discuss an intermediate model for leader-based protocols that is robust to gaslighting attacks while achieving high throughput and low latency.

The Tragedy of Chain Commons

TL;DR

This work presents the first systematic study of BFT's decoupled setting, providing a formal framework to reason about the interaction between consensus and execution, and shows that the decoupled design enables a previously unidentified attack, which is term gaslighting.

Abstract

Byzantine Fault Tolerant (BFT) consensus forms the foundation of many modern blockchains striving for both high throughput and low latency. A growing bottleneck is transaction execution and validation on the critical path of consensus, which has led to modular decoupled designs that separate ordering from execution: Consensus orders only metadata, while transactions are executed and validated concurrently. While this approach improves performance, it can leave invalid transactions in the ledger, increasing storage costs and enabling new forms of strategic behavior. We present the first systematic study of this setting, providing a formal framework to reason about the interaction between consensus and execution. Using this framework, we show that the decoupled design enables a previously unidentified attack, which we term gaslighting. We prove a fundamental trade-off between resilience to this attack and resource capacity utilization, where both are impossible to achieve deterministically in the decoupled model. To address this trade-off, we discuss an intermediate model for leader-based protocols that is robust to gaslighting attacks while achieving high throughput and low latency.
Paper Structure (20 sections, 16 theorems, 2 equations, 5 figures, 2 algorithms)

This paper contains 20 sections, 16 theorems, 2 equations, 5 figures, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related Work
  3. Model and Preliminaries
  4. Definitions
  5. Attacks on the Commons
  6. Lower Bounds
  7. Partial Coupling
  8. Discussion, Limitations and Future Work
  9. Gaslighting
  10. Partial coupling
  11. Omitted Proofs
  12. Proof of \ref{['lem:coupledCRRes']}
  13. Proof of \ref{['lem:decoupledCRRes']}
  14. Proof of \ref{['lem:lowCRRewActualCost']}
  15. Proof of \ref{['lem:noCostEnforceability']}
  16. ...and 5 more sections

Key Result

Lemma 1

There exists a block-creation algorithm $B$ such that, if the mempool is congested, then the block created by $B$ has $\mathsf{CR}_\mathsf{Res} = 1$ in the coupled setting.

Figures (5)

  • Figure 1: By moving execution and block construction from the critical path of consensus, the decoupled mode can produce blocks faster in the same time frame while also increasing the execution capacity. However, the parties do not know the exact state of the ledger at the time of creating a block
  • Figure 2: Coupled Setting
  • Figure 3: Decoupled Setting
  • Figure 4: Partial coupling for a set of Blocks $B1, B2, B3, B4$ and sets of tasks accessing resources $A,B,C,D,E,F$. During the creation of Block B2 (lower left), analysis of a task accessing resource $C$ can begin once the execution of the previous task accessing $C$ has completed. Similarly, at the creation of Block B3, the same applies to tasks accessing resource $A$. If resource $A$ is highly contended, such tasks can be placed earlier in the block (e.g., at the beginning of Block B3), ensuring that a task accessing $A$ can be analyzed within the block-creation window of Block B4. Note that execution is slightly shifted relative to consensus, since tentative execution can begin only after the initial block broadcast.
  • Figure 5: NFT Minting

Theorems & Definitions (28)

  • Definition 1: Block Capacity Utilization
  • Definition 2: Maximum Possible Block Capacity Utilization
  • Definition 3: Maximum Possible Block Cost Ratio
  • Definition 4: Congested Mempool
  • Definition 5: Reward
  • Definition 6: Reward distribution fairness
  • Definition 7: Cost Enforceability
  • Definition 8: Run
  • Definition 9: Throughput of runs
  • Definition 10: Throughput
  • ...and 18 more