formal analysis of a proof of stake
play

Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, - PowerPoint PPT Presentation

Sep 18, 2023 •320 likes •678 views

Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, Naipeng Dong, Guangdong Bai , Jin Song Dong National University of Singapore Griffith University Dec 12, 2018 Outline Problem Statement Background Tendermint

  1. Formal Analysis of a Proof-of-Stake Blockchain Wai Yan M. M. Thin, Naipeng Dong, Guangdong Bai , Jin Song Dong National University of Singapore Griffith University Dec 12, 2018

  2. Outline • Problem Statement • Background • Tendermint Consensus Algorithm • Formal Analysis • Conclusion 1

  3. Problem Statement • Consensus protocols and algorithms are being developed rapidly • They are fundamental to the chains • Formal analysis of these consensus protocols is necessary 2

  4. Background 3

  5. Background • Blockchain – sequence of blocks • Block – maintains the metadata (the hash value of itself, link to the previous block, signatures) and payload • Consensus algorithm – protocol used by the nodes in the network to agree on a new block 4

  6. Consensus Algorithms Proof-of-work - Nodes provide the proof by solving a mathematical problem (e.g. Bitcoin) - Rewarded for performing an operation agreed by majority - Not punished for performing a malicious operation - E.g. Bitcoin Proof-of-stake - Nodes provide a stake for voting/validating a new block - Stakes are slashed if a malicious activity is detected - E.g. Ethereum’s Casper, Tendermint Others: Delegated Proof-of-stake , Proof-of-burn … 5

  7. Focus on Proof-of-stake • Proof-of-work - Scalability concerns - Waste energy and resources (solving hash puzzles) • Proof-of-stake - Alternative to the wasteful proof-of-work - More scalable and robust against certain attacks (E.g. 51% attack) - Employed by popular blockchain systems - Peercoin, Ethereum’s Casper, Tendermint (Cosmos) 6

  8. Tendermint Consensus Algorithm 7

  9. Tendermint Consensus Algorithm • Proposals - A new block must be proposed by the correct proposer at each round, and gossiped to the other validators • Votes - Two phases of voting occur to ensure optimal Byzantine fault tolerance: pre-vote and pre-commit • Locks - Prevent two different blocks to be committed at two different rounds at the same height 8

  10. Tendermint Consensus Algorithm • Validators chosen in round-robin to become the proposer • Proposer in charge of proposing a block for the current round • Proposer/validators - Receive proposal/votes from neighbours - Validate the block in proposal/votes - Post a bond transaction to vote - Gossip the proposal/votes 9

  11. Tendermint Consensus Algorithm wait for T duration new height and state NewHeight proposal prevote ≥ 2/3 Propose Prevote Precommit Commit precommits < 2/3 precommits ≥ 2/3 commits 10

  12. Tendermint Consensus Algorithm wait for T duration new height and state NewHeight proposal prevote ≥ 2/3 Propose Prevote Precommit Commit precommits < 2/3 precommits ≥ 2/3 commits 11

  13. Tendermint Consensus Algorithm: Propose • Proposer broadcasts a proposal to its peers • If the proposer has already locked on a block during the Precommit of the previous round - Propose the block • Otherwise - Create a new block 12

  14. Tendermint Consensus Algorithm wait for T duration new height and state NewHeight proposal prevote ≥ 2/3 Propose Prevote Precommit Commit precommits < 2/3 precommits ≥ 2/3 commits 13

  15. Tendermint Consensus Algorithm: Prevote • Each validator will vote for a block and gossip it to the neighbours. • The block to be included is chosen in the following order: - A locked proposed block from prior rounds - A valid acceptable block from the current proposal - NIL if neither is available 14

  16. Tendermint Consensus Algorithm wait for T duration new height and state NewHeight proposal prevote ≥ 2/3 Propose Prevote Precommit Commit precommits < 2/3 precommits ≥ 2/3 commits 15

  17. Tendermint Consensus Algorithm: Precommit (1/2) • If validator has more than 2/3 of prevotes for an acceptable block - Releases the existing lock - Locks onto this block - Signs and broadcasts a precommit vote for this block - Packages the prevotes for the locked block into a proof-of-lock • Otherwise - Neither signs nor locks on any block 16

  18. Tendermint Consensus Algorithm: Precommit (2/2) • If received more than 2/3 of precommits for a block - Proceed to Commit phase for this round • Otherwise - Proceed to Propose phase for next round 17

  19. Tendermint Consensus Algorithm wait for T duration new height and state NewHeight proposal prevote ≥ 2/3 Propose Prevote Precommit Commit precommits < 2/3 precommits ≥ 2/3 commits 18

  20. Tendermint Consensus Algorithm: Commit • Receive the block from one of its peers • Sign and broadcast a commit to other peers • When > 2/3 commits of the block are received by the network - Proceed to NewHeight - Wait for a fixed duration to receive additional commits of the block - Proceed to Propose • At anytime during the protocol, if > 2/3 commits for a particular block is received, - Proceed to Commit 19

  21. Modelling & Checking 20

  22. Modelling & Checking • Built using CSP# and verified using PAT model checker • Two sets of verifications with 3 validators and 4 validators • Assumptions - All the nodes in the network are connected to each other - Existing nodes will not leave the network and no new nodes will join the network - All nodes have the same voting power/stake - No network latency 21

  23. Properties 1. Deadlockfree-ness (T1) 2. Ability to reach consensus (T2) 3. Immunity against block overwrites (A1) 4. Immunity against Invalid blocks (A2) 5. Immunity against Censorship attacks (A3) - The network can reach consensus even with the absence of malicious nodes in the voting process who refuse to broadcast or vote a valid block in order to censor a particular content of the block or censor the node itself 22

  24. Modelling BlockChain () = (||x:{0..N-1} @ (Propose(x); Prevote(x); Precommit(x); PreparePOL(x); Commit(x))); NextRound(); where P ; Q → process P followed by process Q P || Q → synchronous processes P and Q. 23

  25. Attacker Models (1/3) P0. BlockChain() P1. BlockChainWithMinorityOverwrite() SimulateMalicious(MINORITY, OVERWRITE_VOTING); BlockChain(); P2. BlockChainWithHalfOverwrite() SimulateMalicious(HALF, OVERWRITE_VOTING); BlockChain(); P3. BlockChainWithMajorityOverwrite() SimulateMalicious(MAJORITY, OVERWRITE_VOTING); BlockChain(); 24

  26. Attacker Models (2/3) P4. BlockChainWithMinorityInvalid() SimulateMalicious(MINORITY, INVALID_BLOCK_VOTING); BlockChain(); P5. BlockChainWithHalfInvalid() SimulateMalicious(HALF, INVALID_BLOCK_VOTING); BlockChain(); P6. BlockChainWithMajorityInvalid() SimulateMalicious(MAJORITY, INVALID_BLOCK_VOTING); BlockChain(); 25

  27. Attacker Models (3/3) P7. BlockChainWithMinority Censor () SimulateMalicious(MINORITY, NO_VOTING); BlockChain(); P8. BlockChainWithHalf Censor () SimulateMalicious(HALF, NO_VOTING); BlockChain(); P9. BlockChainWithMajority Censor () SimulateMalicious(MAJORITY, NO_VOTING); BlockChain(); 26

  28. Deadlockfree-ness (T1) Ability to reach consensus (T2) Immunity against block overwrites (A1) Verification Results Immunity against Invalid blocks (A2) Immunity against Censorship attacks (A3) T1 T2 A1 A2 A3 P0 BlockChain ✔︐ ✔︐ ✔︐ ✔︐ ✔︐ P1 (overwrite ≤ 1/3) ✔︐ ✔︐ ✔︐ ✘ P2 (1/3 < overwrite < 2/3) ✔︐ ✔︐ ✘ P3 (overwrite ≥ 2/3) ✔︐ ✔︐ P4 (invalid ≤ 1/3) ✔︐ ✔︐ ✔︐ ✘ P5 (1/3 < invalid < 2/3) ✔︐ ✔︐ ✘ P6 (invalid ≥ 2/3) ✔︐ ✔︐ P7 (no_vote ≤ 1/3) ✔︐ ✔︐ ✔︐ ✘ ✘ P8 (1/3 < no_vote < 2/3) ✔︐ ✘ ✘ P9 (no_vote ≥ 2/3) ✔︐ 27

  29. Benchmarks (1/3) Deadlock-free BlockChain MinorityForking HalfForking MajorityForking MinorityInvalid HalfInvalid MajorityInvalid MinorityCensor HalfCensor MajorityCensor 3 Validators 748 749 749 749 749 598 873 4 Validators 17,644 17,645 17,645 17,645 17,645 17,645 17,645 3,249 865 423 Visited States 5 Validators 4,279,260 4,279,261 4,279,261 4,279,261 4,279,261 4,279,261 4,279,261 314,709 4,125 1,335 6 Validators 3 Validators 1,972 1,973 1,973 1,973 1,973 1,385 1,824 4 Validators 103,000 103,001 103,001 103,001 103,001 103,001 103,001 13,201 2,385 937 Transistions 5 Validators 42,530,784 42,530,785 42,530,785 42,530,785 42,530,785 42,530,785 42,530,785 2,431,909 15,629 3,853 6 Validators 3 Validators 0.06 0.06 0.05 0.06 0.05 0.04 0.04 4 Validators 3.52 3.48 3.47 3.49 3.42 3.22 3.43 0.47 0.07 0.03 Time Taken(s) 5 Validators 1486.10 1430.37 1454.97 1531.58 1638.59 1512.43 1504.90 89.90 0.52 0.11 6 Validators 3 Validators 138.99 144.44 138.95 143.75 142.66 138.22 140.59 4 Validators 146.39 143.03 145.44 146.81 143.69 140.24 144.29 140.67 140.60 137.79 Memory Used (MB) 5 Validators 624.86 109.29 116.63 166.40 460.14 84.17 77.92 121.55 14.52 14.95 6 Validators LEGEND Distribution of validators Property being verified Validators Minority Half Majority BlockChain Model 3 1 - 2 Verified TRUE 4 1 2 3 Verified FALSE 5 1 3 4 Verification Invalid 6 2 3 4 Verification not run due to state space complexity 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies 3rd CryBlock @

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies 3rd CryBlock @

Proof-of-Stake at Stake: Predatory, Destructive Attack on PoS Cryptocurrencies 3rd CryBlock @ MobiCom 2020 25th September 2020, Virtual Suhyeon Lee (Speaker) and Seungjoo Kim* School of Cybersecurity, Korea University {orion-alpha,

648 views • 39 slides
on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE

on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE

Compounding of Wealth on Proof-of-Stake Cryptocurrencies JAEWAN HONG Proof of Stake VIRTUAL MINING TO REPLACE COMPUTATIONAL PUZZLES Why Virtual Mining? Power on meaningless computation Why Virtual Mining? Power on meaningless

820 views • 55 slides
Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security &amp;

Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security &amp;

Proof-of-Stake Sidechains Peter Ga i, Aggelos Kiayias, Dionysis Zindros IEEE Security &amp; Privacy 2019 Motivation Imagine a stake blockchain where you want both the safety of Bitcoin and the features of Ethereum We start with one

372 views • 21 slides
Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P.

Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P.

Proof of Honesty: Coalition-Proof Blockchain Validation without Proof of Work or Stake John P. Conley Vanderbilt University Sirius Sirius Group Group Meeting Meeting Cheriton School Cheriton School of of Computer Computer Science

444 views • 26 slides
Formal proof: current progress and outstanding challenges John Harrison Intel Corporation 5th

Formal proof: current progress and outstanding challenges John Harrison Intel Corporation 5th

Formal proof: current progress and outstanding challenges John Harrison Intel Corporation 5th May 2014 (11:0012:00) Summary of talk A century of formal proof Poincar e on formal proof From Principia Mathematica to the computer

1.06k views • 93 slides
Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap

Proof of Stake Recap Bitcoin Incentives Block subsidy Transaction fees Recap Proof of Work Mining Transactions UTXO Nakamoto Consensus Longest chain Recap Scripting Bitcoin Stack Machine Recap

4.84k views • 47 slides
A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S.

A Proof-of-Stake protocol for consensus on Bitcoin subchains M. Bartoletti Stefano Lande A. S. Podda University of Cagliari, Italy Workshop on Trusted Smart Contracts, 2017 Bitcoin Bitcoin is a popular cryptocurrency that uses a blockchain to

540 views • 20 slides
O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN

O UROBOROS P RAOS : A N ADAPTIVELY - SECURE , SEMI - SYNCHRONOUS PROOF - OF - STAKE BLOCKCHAIN Bernardo David Peter Gai Aggelos Kiayias Alexander Russell Tokyo Tech IOHK U. Edinburgh U. Connecticut &amp; IOHK &amp; IOHK Eurocrypt 2018

864 views • 60 slides
Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens

Verifying the seL4 Microkernel Formal Proof in Mathematics and Computer Science Lukas Stevens 21st June 2018 Outline 2. Design process of seL4 3. Formal methods of the correctness proof 4. Layers of the correctness proof 5. Conclusion 1 1.

754 views • 64 slides
Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias

Ouroboros Crypsinous Privacy-Preserving Proof-of-Stake Thomas Kerber Aggelos Kiayias t.kerber@ed.ac.uk akiayias@ed.ac.uk Markulf Kohlweiss Vassilis Zikas mkohlwei@ed.ac.uk vzikas@ed.ac.uk The University of Edinburgh &amp; IOHK May 17,

286 views • 28 slides
Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team

Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team

Welcome to the new pos pool concept www.simplepospool.com Simple Pos Pool was created by a team of passionate Proof of Stake lovers and build to make Proof of Stake possible for everyone. Each of us had their own coins and we sometimes

370 views • 21 slides
Towards a formal proof of the Jesse Han independence of the continuum The Flypitch project The

Towards a formal proof of the Jesse Han independence of the continuum The Flypitch project The

Towards a formal proof of the independence of the continuum hypothesis Towards a formal proof of the Jesse Han independence of the continuum The Flypitch project The path to a hypothesis proof Whats done A deep embedding of

552 views • 43 slides
Local proof transformations for flexible interpolation and proof reduction N. Sharygina Formal

Local proof transformations for flexible interpolation and proof reduction N. Sharygina Formal

Local proof transformations for flexible interpolation and proof reduction N. Sharygina Formal Verification and Security Group University of Lugano June 21, 2011 Natasha Sharygina (USI) Flexible Proof Transformation June 21, 2011 1 / 72

2.21k views • 186 slides
Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak

Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak

Proof-of-Stake Consensus Protocol for Cyber Supply Chain Data Provenance Xueping Liang, Deepak Tosh, Sachin She)y Old Dominion University Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security | cred-c.org

1.2k views • 28 slides
Black Hats can also benefit from Formal Methods jean-louis.lanet@inria.fr PROOF 2015 Saint

Black Hats can also benefit from Formal Methods jean-louis.lanet@inria.fr PROOF 2015 Saint

Black Hats can also benefit from Formal Methods jean-louis.lanet@inria.fr PROOF 2015 Saint Malo, September the 28th 1 Agenda Retro-futurism, Retrieving keys, Vulnerability analysis Fault enabled malware Conclusion 2 ZB

633 views • 37 slides
3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof

Griffith University 3515ICT Theory of Computation Some sample proofs 4-0 Proof types 1. Proof by construction 2. Proof by equivalence 3. Proof by contradiction 4. Proof by case analysis 5. Proof by induction

549 views • 11 slides
On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin

On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin

On the Feasibility of a Censorship Resistant Decentralized Name System Matthias Wachs Martin Schanzenbach Christian Grothoff Technische Universit at M unchen The Sixth International Symposium on Foundations &amp; Practice of Security

293 views • 12 slides
CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS

CENSORSHIP RESISTANCE CMSC 414 APR 17 2018 CENSORSHIP COMES IN MANY FORMS DROPPING PACKETS Network operators : Block traffic in their own networks/countries Off-path attackers : Inject TCP RST packets (next week) Routing-capable adversaries

654 views • 44 slides
Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech

Measuring and Circumventing Internet Censorship and Control Nick Feamster Georgia Tech http://www.cc.gatech.edu/~feamster/ Joint work with Sam Burnett, Santosh Vempala, Sathya Gunasekaran, Crisitan Lumezanu, Hans Klein, Wenke Lee, Phillipa

570 views • 38 slides
Rasmussen invariant and normalization of the canonical classes Taketo Sano The University of

Rasmussen invariant and normalization of the canonical classes Taketo Sano The University of

Rasmussen invariant and normalization of the canonical classes Taketo Sano The University of Tokyo 2018-12-26 Outline 1. Overview 2. Review: Khovanov homology theory 3. Generalized Lees class 4. Divisibility of Lees class and the

678 views • 37 slides
OPEN OBSERVATORY OF NETWORK INTERFERENCE (OONI) Vasilis Ververis (andz@torproject.org)

OPEN OBSERVATORY OF NETWORK INTERFERENCE (OONI) Vasilis Ververis (andz@torproject.org)

OPEN OBSERVATORY OF NETWORK INTERFERENCE (OONI) Vasilis Ververis (andz@torproject.org) Language: English, Portuguese Since 2012, OONI has collected millions of network measurements across more than 190 countries around the world, shedding

774 views • 32 slides
Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May

Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May

Bounding parameters in the web of swampland conjectures Niccol` o Cribiori Cortona Young, May 27th, 2020 Based on 2004.00030, with D. Andriot and D. Erkinger Introduction Niccol` o Cribiori Bounding parameters in the web of swampland

206 views • 20 slides
Cosmic censorship and the collapse of a scalar field in cylindrical symmetry Eoin Condron Dublin

Cosmic censorship and the collapse of a scalar field in cylindrical symmetry Eoin Condron Dublin

Cosmic censorship and the collapse of a scalar field in cylindrical symmetry Eoin Condron Dublin City University, Ireland Supported by the Irish Research Council for Science, Engineering and Technology April 4, 2012 Eoin Condron (DCU) Cosmic

396 views • 15 slides
Centrality Social and Technological Networks Rik Sarkar University of Edinburgh, 2017.

Centrality Social and Technological Networks Rik Sarkar University of Edinburgh, 2017.

Centrality Social and Technological Networks Rik Sarkar University of Edinburgh, 2017. Centrality How central is a node in a network? A noHon of importance of the node E.g. degree, pagerank, beweenness.. Degree centrality

215 views • 5 slides

More recommend