Bitcoin is a peer-to-peer electronic cash system invented by Nakamoto in 2008. While it has attracted much research interest, its exact latency and security properties remain open. Existing analyses provide security and latency (or confirmation time) guarantees that are too loose for practical use. In fact the best known upper bounds are several orders of magnitude larger than a lower bound due to a well-known private-mining attack. This paper describes a continuous-time model for blockchains and develops a rigorous analysis that yields close upper and lower bounds for the latency--security trade-off. For example, when the adversary controls 10\% of the total mining power and the block propagation delays are within 10 seconds, a Bitcoin block is secured with less than $10^{-3}$ error probability if it is confirmed after four hours, or with less than $10^{-9}$ error probability if confirmed after ten hours. These confirmation times are about two hours away from their corresponding lower bounds. To establish such close bounds, the blockchain security question is reduced to a race between the Poisson adversarial mining process and a renewal process formed by a certain species of honest blocks. The moment generation functions of relevant renewal times are derived in closed form. The general formulas from the analysis are then applied to study the latency--security trade-off of several well-known proof-of-work longest-chain cryptocurrencies. Guidance is also provided on how to set parameters for different purposes.
翻译:Bitcoin是中本2008年发明的同行电子现金系统,它吸引了大量的研究兴趣,但其确切的延缓和安全特性仍然开放。现有的分析提供了安全和延缓(或确认时间)的保证,这些保证过于宽松,无法实际使用。事实上,最已知的上界是几个数量级,其规模大于已知私人采矿攻击造成的较低约束。本文描述的是块链的连续时间模式,并进行了严格的分析,为延缓-安全交易设定了近上下界限。例如,当对手控制总采矿力的10 ⁇ 和块传播延迟在10秒之内时,如果4小时后确认,则Bitcoin块的保障和延缓(或确认时间)时间太短于实际使用。如果在10小时后确认私人采矿攻击后确认,则其误差概率小于10 ⁇ -9 ⁇ /9美元。这些确认时间大约离其相应的较低界限2小时。为了确定这种近距离,封链式的安全问题将降低到Poisson对矿开采过程的争夺,而块传播延迟延延延延延延延拖延的拖延时间,则从某些交易的更新过程由诚实化的周期分析进行。