5. P2P network
● Each node has own view
● The goal is to have replicated subset of it across the
network
● In the presence of Byzantine adversaries!
● (so only honest nodes agree on the state)
● (and only eventually)
7. Minimal State
● Can answer the question „whether a transaction is valid
and so applicable“
● apply(min_state, tx): (MinimalState | Error)
● apply(apply(min_state, tx), tx) is always Error
● In Bitcoin UTXO set
8. Minimal State
● Transaction application is deterministic
● There's some initial (genesis) state hardcoded
● By applying the same sequence of transactions to the
genesis state, two honest nodes got the same minimal
state
● Thus we need for a guarantee every pair of honest nodes
is eventually applying the same sequence of transactions!
11. Block Generator Election
● random party
● sybil-resistant
● efficient(min communication)
solution
● each party has limited queries to random oracle
● random oracle answers „yes“ with adjustable probability
● replace random oracle with a hash function
13. GKL Model
● „The Bitcoin Backbone Protocol:Analysis and Applications“
by Garay / Kiayias / Leonardos
● slides: https://bitcoinschool.gr/slides/session2.pdf
Bitcoin consensus protocol properties:
● Common Prefix
● Chain Quality
● Chain Growth
14. Common Prefix
no matter the strategy of the adversary, the chains of two
honest parties will fork in the last k blocks with probability
exponentially decreasing with k
15. Chain Quality
any sequence of blocks in an honest party’s chain will
contain some number of honest blocks with overwhelming
probability
24. What app developer should know
● Rollbacks are possible!
● Transaction is always visible before inclusion
● Frontrunning / replay attacks
● Malleability
25. Modifications
● alternative consensus protocols (Proof-of-Stake etc)
● richer transactional models (NameCoin, Ethereum, ZCash)
● alternative log structures (Bitcoin-NG, GHOST,
TwinsChain)
● incentivization of certain activities (Permacoin, Rollerchain)
27. Bitcoin's Troughput (TPS)
● 7 ??? no
● 2-3 in fact
● 1/600 in worse case
https://www.reddit.com/r/Bitcoin/comments/3cgft7/large
st_transaction_ever_mined_999657_kb_consumes/
28. Basic assumption
● It should be possible to run a fullnode on a commodity
hardware
● HDD
● 1-2 GB RAM
● 1 Mbps at most
● Ethereum lost
● Bitcoin is doing hard to hold the assumption
32. Rollerchain
● Only last n full blocks to be stored collectively
and n state snapshots
● Each miner stores k state snapshots
33. Rollerchain
● New node can download a historical snapshot
● Fullblocks not needed for mining could be thrown away
● Blockheaders are to be stored forever, so must be small
34. Unload the chain
● Move things off-chain
● Sidechains
● Avoid all the transactions execution(RsCoin)
38. Slowing down processing
● Bitcoin: CVE-2013-2293 (fetching outputs from hdd)
● Ethereum: most of recent attacks (fetching account states)
39. Asymmetric schemes
● Not neccessary to hold the whole state
● Full security guarantees
● Reyzin, Meshkov, Chepurnoy, Ivanov
„Improving Authenticated Dynamic Dictionaries, with
Applications to Cryptocurrencies“
https://eprint.iacr.org/2016/994
42. Rational Behaviour
● Why store blocks for years after processing?
● Why to validate blocks (in PoW)?
● Why to work on a single chain (in PoS)?
43. Validationless (SPV) mining
● Start to mine on a header
● Trust other nodes regarding transactions
● https://bitcoin.org/en/alert/2015-07-04-spv-mining - 6
blocks starting with an invalid one
44. If no block reward
Carlsten, Kalodner, Weinberg, Narayan
„On the Instability of Bitcoin Without the Block Reward“
http://randomwalker.info/publications/mining_CCS.pdf