• Corpus ID: 14522813

# Byzantine Consensus from Moderately-Hard Puzzles : A Model for Bitcoin

@inproceedings{Miller2014ByzantineCF,
title={Byzantine Consensus from Moderately-Hard Puzzles : A Model for Bitcoin},
author={Andrew K. Miller and Joseph J. LaViola},
year={2014}
}
• Published 2014
• Computer Science
We present a formal model of synchronous processes without distinct identifiers (i.e., anonymous processes) that communicate using one-way public broadcasts. Our main contribution is a proof that the Bitcoin protocol achieves consensus in this model, except for a negligible probability, when Byzantine faults make up less than half the network. The protocol is scalable, since the running time and message complexity are all independent of the size of the network, instead depending only on the…
115 Citations

### A Formal Analysis of the Bitcoin Protocol

• Computer Science
Gabbrielli's Festschrift
• 2020
The theoretical results agree with the simulations performed on a probabilistic model checker that was extended with dynamic datatypes in order to have a faithful description of miners' behaviour and compute the probability that ledgers turn into a state with more severe inconsistencies.

### The Bitcoin Backbone Protocol: Analysis and Applications

• Computer Science, Mathematics
EUROCRYPT
• 2015
This work extracts and analyzes the core of the Bitcoin protocol, which is term the Bitcoin backbone, and proves two of its fundamental properties which are called common prefix and chain quality in the static setting where the number of players remains fixed.

### Solving Byzantine Problems in Synchronized Systems using Bitcoin

• Mathematics, Computer Science
• 2014
It is shown that bitcoin principles can be used to build a replicated state machine that toleratesBitcoin principles are applied to the Byzantine consensus problem and generalized to replicated state machines.

### Permissionless Consensus in the Resource Model

• Ben Terner
• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2020
This work proposes a new abstraction called resources and argues that in practice, several PoX variants appear to implement resources, and shows that for every graph consensus protocol that outputs a majority of honest vertices there exists a one-bit consensus protocol.

### Pseudonymous Broadcast and Secure Computation from Cryptographic Puzzles

• Computer Science, Mathematics
• 2015
Taking inspiration from Bitcoin, it is shown that precise bounds on computational power can be used in place of pre-existing setup to achieve weaker (but nontrivial) notions of security.

### Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing

• Computer Science
USENIX Security Symposium
• 2016
This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds, and achieves a throughput higher than PayPal currently handles, with a confirmation latency of 15-20 seconds.

### Recent Results on Fault-Tolerant Consensus in Message-Passing Networks

This paper surveys important works on fault-tolerant consensus in message-passing networks, and the focus is on results from the past decade, and categorizes the results into new problem formulations and practical applications.

### Catena: Efficient Non-equivocation via Bitcoin

• Computer Science, Mathematics
2017 IEEE Symposium on Security and Privacy (SP)
• 2017
Catena enables any number of thin clients, such as mobile phones, to efficiently agree on a log of application-specific statements managed by an adversarial server, and increases the bandwidth requirements of log auditors from 90GB to only tens of megabytes.

### UTXOs as a Proof of Membership for Byzantine Agreement Based Cryptocurrencies

• Computer Science, Mathematics
2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
• 2018
A solution that combines the best features of optimistic and pessimistic approaches is presented: the presence of Unspent Transaction Output (UTXO)owners and “the public-key as identities” principle to make UTXO owners self-organize in small Byzantine resilient committees “around” each new object (i.e., blocks and transactions) to decide on their validity.

### Catena: Preventing Lies with Bitcoin

• Computer Science, Mathematics
IACR Cryptol. ePrint Arch.
• 2016
Catena implements a log as an OP_RETURN transaction chain and prevents forks in the log by leveraging Bitcoin’s security against double spends, and can be used to secure many systems today such as public-key directories, Tor directory servers or software transparency schemes.

## References

SHOWING 1-10 OF 44 REFERENCES

### Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography

• Computer Science, Mathematics
Journal of Cryptology
• 2005
A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of new cryptographic protocols, specifically protocols for threshold signatures and coin-tossing based on the Diffie-Hellman problem.

### Randomized protocols for asynchronous consensus

• J. Aspnes
• Computer Science, Mathematics
Distributed Computing
• 2003
This work illustrates the history and structure of randomized asynchronous consensus protocols by giving detailed descriptions of several such protocols.

### A Simple and Efficient Randomized Byzantine Agreement Algorithm

• Computer Science
IEEE Transactions on Software Engineering
• 1985
It is argued that in many practical applications of Byzantine agreement, the randomized algorithm of this paper achieves superior performance.

### Agreement Among Unacquainted Byzantine Generals

TheBA problem introduced by Pease, Shostak and Lamport in [1] is one of the central problems in distributed computing and was extensively studied under various timing, topology, authentication and failure assumptions.

### Authenticated Algorithms for Byzantine Agreement

• Computer Science
SIAM J. Comput.
• 1983
This paper presents algorithms for reaching agreement based on authentication that require a total number of messages sent by correctly operating processors that is polynomial in both t and the number of processors, n.

### Exposing Computationally-Challenged Byzantine Impostors

• Computer Science
• 2005
Though the algorithms do not prevent Sybil attacks entirely, they suggest that Byzantine agreement and similar tools from the distributed computing literature are likely to help solve the problem of adversarial behavior by components of peer-to-peer systems.

### Lower bounds for randomized consensus under a weak adversary

• Computer Science, Mathematics
PODC '08
• 2008
It is shown that for every integer k, the probability that an f-resilient randomized consensus algorithm of n processes does not terminate with agreement within k(n-f) steps is at least 1/ck, for some constant c.

### Anonymous Agreement: The Janus Algorithm

• Computer Science
OPODIS
• 2011
Janus is presented, a new anonymous consensus algorithm that reaches decision after $O(\sqrt{n})$ writes in every solo execution and the set of values that can be proposed is unbounded and the algorithm tolerates an arbitrary number of crash failures.

### Hashcash - A Denial of Service Counter-Measure

This paper captures in one place the various applications, improvements suggested and related subsequent publications, and describes initial experience from experiments using hashcash.

### What Can Be Implemented Anonymously?

• Mathematics, Computer Science
DISC
• 2005
It is shown that a shared object has an obstruction-free implementation if and only if it satisfies a simple property called idempotence, and given a universal construction that implements any idempotsent object.