Blockchain protocols come with a variety of security guarantees. For example, BFT-inspired protocols such as Algorand tend to be secure in the partially synchronous setting, while longest chain protocols like Bitcoin will normally require stronger synchronicity to be secure. Another fundamental distinction, directly relevant to scalability solutions such as sharding, is whether or not a single untrusted user is able to point to *certificates*, which provide incontrovertible proof of block confirmation. Algorand produces such certificates, while Bitcoin does not. Are these properties accidental? Or are they inherent consequences of the paradigm of protocol design? Our aim in this paper is to understand what, fundamentally, governs the nature of security for permissionless blockchain protocols. Using the framework developed in (Lewis-Pye and Roughgarden, 2021), we prove general results showing that these questions relate directly to properties of the user selection process, i.e., the method (such as proof-of-work or proof-of-stake) which is used to select users with the task of updating state. Our results suffice to establish, for example, that the production of certificates is impossible for proof-of-work protocols, but is automatic for standard forms of proof-of-stake protocols. As a byproduct of our work, we also define a number of security notions and identify the equivalences and inequivalences among them.
翻译:链链协议包含各种各样的安全保障。 例如, 由 BFT 启发的协议, 如 Algorand 等, 通常在部分同步环境下是安全的, 而像 Bitcoin 这样的最长链协议通常要求更强烈的同步性才能安全。 另一个与可扩展性解决方案直接相关的根本性区别是, 直接与碎片法等可扩展性解决方案相关, 我们证明这些问题是否指向 * 认证*, 提供了不可辩驳的区块确认证明 。 Algorand 生成了这样的证书, 而 Bitcoin 则没有。 这些属性是意外的吗? 还是协议设计范式的内在后果? 我们本文的目的是了解什么从根本上规范无许可区链协议的安全性质。 使用在( Lewis- Pye 和 Broughgarden, 2021) 中开发的框架, 我们证明这些问题直接关系到用户选择过程的属性, 即用于选择用户更新协议设计的用户的方法( 如证明或证明)? 或者这些属性是协议的固有后果?? 我们本文中的目标是了解什么, 基本地规范 。
相关内容
微信扫码咨询专知VIP会员