Alternatives to Blockchains Sarah Meiklejohn (University College - - PowerPoint PPT Presentation

Alternatives to Blockchains

Sarah Meiklejohn (University College London)

2

fully decentralized cryptocurrencies

2

fully decentralized cryptocurrencies

tx tx(addrA→addrB)

2

fully decentralized cryptocurrencies

tx

(generate transaction ledger)

“mining”

(generate monetary supply)

tx(addrA→addrB)

2

fully decentralized cryptocurrencies

transparent pseudonyms append-only tx

(generate transaction ledger)

“mining”

(generate monetary supply)

tx(addrA→addrB)

3

issues with Bitcoin

lack of fungibility

4

issues with Bitcoin

hashing rates are out of control lack of fungibility

5

1.5 EH/s (1.5 x 1018 H/s)!

6

issues with Bitcoin

hashing rates are out of control lack of scalability lack of fungibility

7

1.5 EH/s (1.5 x 1018 H/s) to achieve 7 tx/s!

8

70GB and no end in sight!

9

issues with Bitcoin

hashing rates are out of control lack of consumer protection lack of fungibility lack of scalability

10

issues with Bitcoin

hashing rates are out of control attacks on mining / misaligned incentives lack of fungibility lack of scalability lack of consumer protection

11

issues with Bitcoin

hashing rates are out of control lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

11

issues with Bitcoin

hashing rates are out of control lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

12

alternate storage

Lightning Network

truncate after a certain amount of time?

13

issues with Bitcoin

hashing rates are out of control lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

14

alternate proof of …

15

proof of stake

(icon by lastspark for the noun project)

use of computational resources represents stake in system

• ther forms of stake?

15

proof of stake

(icon by lastspark for the noun project)

use of computational resources represents stake in system

• ther forms of stake?
• ld coins tx

“proof of burn” “proof of coin age”

15

proof of stake

(icon by lastspark for the noun project)

use of computational resources represents stake in system

• ther forms of stake?
• ld coins tx

“proof of burn” “proof of coin age”

coins

tx

coins

tx

coins

tx

coins

tx

“proof of use”

15

proof of stake

(icon by lastspark for the noun project)

use of computational resources represents stake in system

• ther forms of stake?
• ld coins tx

<time-lock coins>

tx

“proof of burn” “proof of coin age”

<vote on blocks>

tx

coins

tx

coins

tx

coins

tx

coins

tx

“proof of use” “security-deposit PoS”

15

proof of stake

(icon by lastspark for the noun project)

use of computational resources represents stake in system

• ther forms of stake?
• ld coins tx

<time-lock coins>

tx

“proof of burn” “proof of coin age”

<vote on blocks>

tx

coins

tx

coins

tx

coins

tx

coins

tx

“proof of use” “security-deposit PoS” are these secure? how can we tell?

16

proof of stake

(icon by lastspark for the noun project)

16

proof of stake

(icon by lastspark for the noun project)

?

16

proof of stake

(icon by lastspark for the noun project)

?

in proof-of-work, cost means you choose

16

proof of stake

(icon by lastspark for the noun project)

in proof-of-work, cost means you choose

16

proof of stake

(icon by lastspark for the noun project)

in proof-of-work, cost means you choose

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake” “stake grinding”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision

16

proof of stake

(icon by lastspark for the noun project)

“nothing at stake” “stake grinding”

in proof-of-work, cost means you choose in proof-of-stake, address with punishment how do miners get chosen? in proof-of-work, can’t influence this decision in proof-of-stake, address with stake modifiers

17

issues with Bitcoin

hashing rates are out of control lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

17

issues with Bitcoin

hashing rates are out of control not suitable for many applications! lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

18

issues with Bitcoin

hashing rates are out of control not suitable for many applications! lack of fungibility lack of scalability attacks on mining / misaligned incentives lack of consumer protection

19

monetary supply ledger

central distribute decentral decentral central central

transparent?

y y n

pseudonyms?

y y n

computation

high! low low RSCoin

RSCoin [DM NDSS’16]

20

mintette mintette mintette mintette bank user

(generate monetary supply) (generate transaction ledger)

21

mintette mintette mintette mintette bank user

21

mintette mintette mintette mintette bank user who are the mintettes? (anyone bank authorizes) who are the mintettes?

21

mintette mintette mintette mintette bank user how do mintettes collect txs? who are the mintettes? (anyone bank authorizes)

lower-level blocks

21

mintette mintette mintette mintette bank user how do mintettes collect txs? who are the mintettes? (anyone bank authorizes) lower-level blocks (chained transactions)

lower-level blocks

21

mintette mintette mintette mintette bank user consensus? how do mintettes collect txs? who are the mintettes? (anyone bank authorizes) (chained transactions)

lower-level blocks

21

mintette mintette mintette mintette bank user consensus? how do mintettes collect txs? higher-level blocks higher-level blocks (transactions + coingen + authorization) who are the mintettes? (anyone bank authorizes) (chained transactions)

lower-level blocks

21

mintette mintette mintette mintette bank user consensus? how do mintettes collect txs? consensus? higher-level blocks (transactions + coingen + authorization) who are the mintettes? (anyone bank authorizes) (chained transactions)

22

consensus

mintette1 mintette1 user

1 2 tx:

✓

3 4

service mintette1

✓

1 2

1

mintette2 mintette2 mintette2

1 tx

✓ ✓

2

tx tx

simple adaptation of Two-Phase Commit (2PC)

23

user

1 2 tx:

service

1 2

1

23

user

1 2 tx:

service

1 2

1

t r a n s a c t i o n s

23

user

1 2 tx:

service

1 2

1

t r a n s a c t i o n s

23

user

1 2 tx:

service

1 2

1

t r a n s a c t i o n s

mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette

23

user

1 2 tx:

service

1 2

1

t r a n s a c t i o n s

mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette

1 :

23

user

1 2 tx:

service

1 2

1

t r a n s a c t i o n s

mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette mintette

1 : 2 :

24

mintette1 mintette1 user

1 2 tx:

mintette1

1

service

1 2

1

24

mintette1 mintette1 user

1 2 tx:

mintette1

1

service

1 2

1

mintettes check for double spending… …using lists of unspent transaction outputs (utxo)

25

mintette1 mintette1 user

1 2 tx:

✓

mintette1

✓

1

2

service

1 2

1

signed ‘yes’ vote

26

mintette1 mintette1 user

1 2 tx:

✓

3

service mintette1

✓

1 2

1

mintette2 mintette2 mintette2

1 tx

✓ ✓

2

“bundle of evidence” contains ‘yes’ votes from majority of mintettes in shard

26

mintette1 mintette1 user

1 2 tx:

✓

3

service mintette1

✓

1 2

1

mintette2 mintette2 mintette2

1 tx

✓ ✓

2

“bundle of evidence” contains ‘yes’ votes from majority of mintettes in shard mintettes check validity of bundle by checking for signatures from authorized mintettes…

27

mintette1 mintette1 user

1 2 tx:

✓

3 4

service mintette1

✓

1 2

1

mintette2 mintette2 mintette2

1 tx

✓ ✓

2

tx tx

…and if satisfied they add transaction to be committed and send back receipt

28

consensus features

scalable!

T = set of txs generated per second Q = # mintettes per shard M = # mintettes

conceptually simple

• comm. per mintette per sec =

∑tx∈T 2(mtx+1)Q

scales infinitely as more mintettes are added!

M

29

each new mintette adds ≈ 75 tx/sec compared to Bitcoin’s 7

30

mintette mintette mintette mintette bank user consensus? how do mintettes collect txs? consensus? (2PC) lower-level blocks (chained transactions) who are the mintettes? (anyone bank authorizes) higher-level blocks (transactions + coingen + authorization)

30

mintette mintette mintette mintette bank user consensus? how do mintettes collect txs? (2PC) how do mintettes collect txs? (contacted based on shard) lower-level blocks (chained transactions) who are the mintettes? (anyone bank authorizes) higher-level blocks (transactions + coingen + authorization)

31

mintette mintette mintette mintette bank user

• collate transactions
• allocate fees

(-add coin generation)

• audit mintettes
• authorize mintettes

32

mintette mintette mintette mintette bank user

33

mintette mintette mintette mintette user

34

log server CA log server log server log server

(icon by parkjisun for the noun project)

Certificate Transparency

34

log server CA log server log server log server website

(icon by parkjisun for the noun project)

Certificate Transparency

34

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

Certificate Transparency

34

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

Certificate Transparency

34

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

Certificate Transparency

goal: don’t let clients accept bad certificates

35

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

auditor

35

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

auditor inclusion proof

35

log server CA log server log server log server client website

(icon by parkjisun for the noun project)

auditor inclusion proof

auditors (efficiently) determine if certificates are in the log

36

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor

36

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor

36

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor

monitors (inefficiently) detect bad certificates in the log

37

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor

37

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor gossip

37

log server CA log server log server log server client website monitor

(icon by parkjisun for the noun project)

auditor gossip

auditors and monitors ensure consistent view of log

38 (icon by parkjisun for the noun project)

goal: don’t let clients accept bad certificates

38 (icon by parkjisun for the noun project)

auditors (efficiently) determine if certificates are in the log

log server client auditor

inclusion proof

goal: don’t let clients accept bad certificates

38 (icon by parkjisun for the noun project)

auditors (efficiently) determine if certificates are in the log

log server client auditor

inclusion proof

+ auditors and monitors ensure consistent view of log

monitor auditor gossip

goal: don’t let clients accept bad certificates

38 (icon by parkjisun for the noun project)

auditors (efficiently) determine if certificates are in the log

log server client auditor

inclusion proof

+ auditors and monitors ensure consistent view of log ⇒ certificate is in monitor’s view of the log

monitor auditor gossip

goal: don’t let clients accept bad certificates

38 (icon by parkjisun for the noun project)

auditors (efficiently) determine if certificates are in the log

log server client auditor

inclusion proof

+ auditors and monitors ensure consistent view of log ⇒ certificate is in monitor’s view of the log

monitor auditor gossip

+ monitors (inefficiently) detect bad certificates in the log

log server monitor

goal: don’t let clients accept bad certificates

38 (icon by parkjisun for the noun project)

auditors (efficiently) determine if certificates are in the log

log server client auditor

inclusion proof

+ auditors and monitors ensure consistent view of log ⇒ certificate is in monitor’s view of the log

monitor auditor gossip

+ monitors (inefficiently) detect bad certificates in the log

log server monitor

goal: don’t let clients accept bad certificates ⇒

39

• paque

centralized transparent decentralized

39

• paque

centralized transparent decentralized

39

• paque

centralized transparent decentralized

39

RSCoin

• paque

centralized transparent decentralized

39

RSCoin

• paque

centralized transparent decentralized

39

RSCoin

• paque

centralized transparent decentralized

? ?

40

RSCoin

• paque

centralized transparent decentralized

40

RSCoin

• paque

centralized transparent decentralized

what is this distance? can we quantify it?

40

RSCoin

• paque

centralized transparent decentralized

what is this distance? can we quantify it? what security properties are even provided? accountable absolute non-existent

better consumer protection? better fairness?

40

RSCoin

• paque

centralized transparent decentralized

what is this distance? can we quantify it? what security properties are even provided? accountable absolute non-existent

better consumer protection? better fairness?

Thanks for listening!