Mechanising Blockchain Consensus George Prlea and Ilya Sergey - - PowerPoint PPT Presentation

mechanising blockchain consensus
SMART_READER_LITE
LIVE PREVIEW

Mechanising Blockchain Consensus George Prlea and Ilya Sergey - - PowerPoint PPT Presentation

Jan 08, 2023 920 likes •1.32k views

Mechanising Blockchain Consensus George Prlea and Ilya Sergey Monday, 8 January 2018 CPP2018 1 Context Hundreds of deployed public blockchains $600 625 675 735 755 780 820 billion total market cap (7 day progression since Jan 1 st )

slide-1
SLIDE 1

Mechanising Blockchain Consensus

George Pîrlea and Ilya Sergey

Monday, 8 January 2018 CPP2018 1

slide-2
SLIDE 2

Context

  • Hundreds of deployed public

blockchains

  • $600 625 675 735 755 780 820

billion total market cap (7 day progression since Jan 1st)

Monday, 8 January 2018 CPP2018 2

slide-3
SLIDE 3

This work

  • Formalised a blockchain consensus protocol in Coq
  • Proved eventual consistency in a clique topology

Monday, 8 January 2018 CPP2018 3

slide-4
SLIDE 4

Motivation

  • 1. Understand blockchain consensus
  • what it is
  • how it works: example
  • why it works: our formalisation
  • 2. Lay foundation for verified practical implementation
  • verified Byzantine-tolerant consensus layer
  • platform for verified smart contracts

Monday, 8 January 2018 CPP2018 4

Future work

slide-5
SLIDE 5

What it does

Monday, 8 January 2018 CPP2018 5

slide-6
SLIDE 6

blockchain consensus protocol

  • transforms a set of

transactions into a globally-agreed sequence

  • “distributed timestamp

server” (Nakamoto2008)

Monday, 8 January 2018 CPP2018 6

transactions can be anything

slide-7
SLIDE 7

Monday, 8 January 2018 CPP2018 7

slide-8
SLIDE 8

Monday, 8 January 2018 CPP2018 8

slide-9
SLIDE 9

GB = genesis block

Monday, 8 January 2018 CPP2018 9

slide-10
SLIDE 10

How it works

Monday, 8 January 2018 CPP2018 10

slide-11
SLIDE 11
  • distributed
  • multiple nodes
  • all start with same GB

Monday, 8 January 2018 CPP2018 11

what everyone eventually agrees on view of all participants’ state

slide-12
SLIDE 12
  • distributed
  • multiple nodes
  • message-passing
  • ver a network
  • all start with same GB

Monday, 8 January 2018 CPP2018 12

slide-13
SLIDE 13
  • distributed
  • multiple nodes
  • message-passing
  • ver a network
  • all start with same GB
  • have a transaction pool

Monday, 8 January 2018 CPP2018 13

slide-14
SLIDE 14
  • distributed
  • multiple nodes
  • message-passing
  • ver a network
  • all start with same GB
  • have a transaction pool
  • can mint blocks

Monday, 8 January 2018 CPP2018 14

slide-15
SLIDE 15
  • distributed => concurrent
  • multiple nodes
  • message-passing over

a network

  • multiple transactions can

be issued and propagated concurrently

Monday, 8 January 2018 CPP2018 15

slide-16
SLIDE 16
  • distributed => concurrent
  • multiple nodes
  • message-passing over

a network

  • blocks can be minted

without full knowledge of all transactions

Monday, 8 January 2018 CPP2018 16

slide-17
SLIDE 17
  • chain fork has happened,

but nodes don’t know

Monday, 8 January 2018 CPP2018 17

slide-18
SLIDE 18

Monday, 8 January 2018 CPP2018 18

  • as block messages

propagate, nodes become aware of the fork

slide-19
SLIDE 19

Problem: need to choose

  • blockchain “promise” =
  • ne globally-agreed chain
  • each node must choose
  • ne chain
  • nodes with the same

information must choose the same chain

Monday, 8 January 2018 CPP2018 19

slide-20
SLIDE 20

Problem: need to choose

  • blockchain “promise” =
  • ne globally-agreed chain
  • each node must choose
  • ne chain
  • nodes with the same

information must choose the same chain

Monday, 8 January 2018 CPP2018 20

slide-21
SLIDE 21

Problem: need to choose

  • blockchain “promise” =
  • ne globally-agreed chain
  • each node must choose
  • ne chain
  • nodes with the same

information must choose the same chain

Monday, 8 January 2018 CPP2018 21

slide-22
SLIDE 22

Problem: need to choose

  • blockchain “promise” =
  • ne globally-agreed chain
  • each node must choose
  • ne chain
  • nodes with the same

information must choose the same chain

Monday, 8 January 2018 CPP2018 22

slide-23
SLIDE 23

Solution: fork choice rule

  • Fork choice rule (FCR, >):
  • given two blockchains, says which one is “heavier”
  • imposes a strict total order on all possible blockchains
  • same FCR shared by all nodes
  • Nodes adopt “heaviest” chain they know

Monday, 8 January 2018 CPP2018 23

slide-24
SLIDE 24

… > [GB, A, C] > … > [GB, A, B] > … > [GB, A] > … > [GB] > …

Monday, 8 January 2018 CPP2018 24

FCR (>)

Bitcoin: FCR based on “most cumulative work”

slide-25
SLIDE 25
  • distributed
  • multiple nodes
  • all start with GB
  • message-passing over a

network

  • equipped with same FCR
  • quiescent consistency: when

all block messages have been delivered, everyone agrees

Monday, 8 January 2018 CPP2018 25

Quiescent consistency

slide-26
SLIDE 26

Why it works

Monday, 8 January 2018 CPP2018 26

slide-27
SLIDE 27
  • blocks, chains, block forests

Definitions

  • hashes are collision-free
  • FCR imposes strict total order

Parameters and assumptions

  • local state + messages “in flight” = global

Invariant

  • when all block messages are delivered,

everyone agrees

Quiescent consistency

Monday, 8 January 2018 CPP2018 27

slide-28
SLIDE 28

Blocks and chains

Monday, 8 January 2018 CPP2018 28

links blocks together proof that this block was minted in accordance to the rules of the protocol proof-of-work proof-of-stake

slide-29
SLIDE 29

Minting and verifying

Monday, 8 January 2018 CPP2018 29

try to generate a proof = “ask the protocol for permission” to mint validate a proof = ensure protocol rules were followed

slide-30
SLIDE 30

Resolving conflict

Monday, 8 January 2018 CPP2018 30

slide-31
SLIDE 31

Assumptions

  • Hash functions are collision-free
  • FCR imposes a strict total order on all blockchains

Monday, 8 January 2018 CPP2018 31

slide-32
SLIDE 32

Invariant: local state + “in-flight” = global

Monday, 8 January 2018 CPP2018 32

global system step

slide-33
SLIDE 33

Invariant: local state + “in-flight” = global

Monday, 8 January 2018 CPP2018 32

global system step

slide-34
SLIDE 34

Invariant is inductive

state 1 state 2 state 3 state 4 state 5

Monday, 8 January 2018 CPP2018 34

system step invariant holds invariant holds system step invariant holds system step invariant holds system step invariant holds

slide-35
SLIDE 35

Invariant implies QC

  • QC: when all blocks delivered, everyone agrees

How:

  • local state + “in-flight” = global
  • use FCR to extract “heaviest” chain out of local state
  • since everyone has same state & same FCR

➢consensus

Monday, 8 January 2018 CPP2018 35

slide-36
SLIDE 36

Reusable components

  • Reference implementation of block forests
  • Per-node protocol logic
  • Network semantics
  • Clique invariant, QC property, various theorems

https://github.com/certichain/toychain

Monday, 8 January 2018 CPP2018 36

slide-37
SLIDE 37

Future work

  • Network semantics with nodes joining/leaving at will
  • Improved invariants:
  • non-clique topologies
  • network partitions
  • Byzantine faults
  • Verified smart contracts platform

Monday, 8 January 2018 CPP2018 37

slide-38
SLIDE 38

Take away

  • Formalisation of a blockchain consensus protocol in Coq:
  • minimal set of required security primitives
  • per-node protocol logic & data structures
  • network semantics
  • global eventual consistency in a clique topology

https://github.com/certichain/toychain

Monday, 8 January 2018 CPP2018 38