Wednesday, April 12, 2017

Hybrid Consensus and Fair Proof-of-Work

Bitcoin’s proof-of-work (PoW) distributed consensus has attracted the attention of bitcoin enthusiasts and those who are interested in the blockchain technology in general. Apart from its brilliant decentralization property, it has a critical limitation when efficiency is considered, as transactions cannot be confirmed in a matter of seconds. During 2016, the hybrid consensus approach was proposed to address this issue, at least partly, via introduction of a community whose responsibility is to validate transactions. Nevertheless, there are still some issues related to the hybrid consensus approach including fairness of the process of election of committee members, selfish mining and incentives for the hybrid consensus scheme and others.

A group of developers recently introduced an alternative to the conventional PoW protocol, which they named fair-proof-of-work (fPoW), to further improve the hybrid consensus approach via addressing issues related to selfish mining and fair election of committee members. Through their published paper, they also presented the incentives for adopting their improved concept of hybrid consensus. They also utilized this consensus to create privacy preserving constructions, including preserving identity and content, to render the improved consensus more powerful and applicable. The paper also formally proved the security of their proposed hybrid scheme. This new hybrid consensus scheme is expected to be adopted by blockchains that seek high efficiency, decentralization and preservation of privacy of users.

An Overview of the Newly Proposed Hybrid Consensus Protocol:
The team of developers modified the originally proposed hybrid consensus protocol. The following are features of their proposed hybrid consensus protocol:

Transaction Privacy: the transactions are solely accessible to the rotating committee members. However committee members cannot see the identity of the sender or receiver of transactions.

An excellently efficient permissionless model: the protocol offers a permissionless model that permits nodes to join and leave the network dynamically. Along conventional constructions, a permissionless model is translated into inconvenient efficiency levels when it comes to confirmation of transactions. Nevertheless, when the rotating committee is elected from a snailchain, transactions can be validated via committee members, which maximizes efficiency. Just like the originally described hybrid consensus, this protocol’s confirmation time is influenced by actual delay, rather than hypothetical upper bound of delay.

Forking free: In a conventional blockchain, forking can occur under certain circumstances, yet forking wastes considerable amounts of time and energy, which undermines the fairness of the process of committee election. Users would have to wait for creation of sufficient amount of new blocks for a transaction to be confirmed. Energy consumed by miners who follow a faulty block will be wasted in vain, due to the same reason, fairness is at stake. Moreover, whenever forking exists, selfish mining will exist too. Even though forking is possible in the originally proposed hybrid consensus, forking can be prevented in the newly proposed hybrid consensus protocol .

Security: Compared with previous hybrid consensus protocols, the new protocol is characterized by the following security properties:

1. Tolerated corruption: The new protocol requires approximately 2/3 of all nodes to be honest to achieve a chain quality of 2/3, so as to guarantee that 2/3 of members of the BFT committee are honest.

2. Loose assumption in response to mildly agile corruption: A hybrid consensus allows an adversary to exhibit mildly agile corruption, i.e. they can select nodes to corrupt as per the environment’s configuration. τ -agility denotes that an adversary will have to wait for τ amount of time to successfully corrupt an honest node. In the new protocol, τ assumptions are much looser than is the case with previous hybrid consensus protocols.

3. Prevention of selfish mining.

4. Prevention of retroactive attacks.
Fairness in competition: with the absence of forking, selfish mining is not possible. Moreover, with the newly proposed fPoW, improved fairness levels are guaranteed to committee candidates.
Arbitrary combination between PoS and PoW: POA16 is an adaptive version of fPoW which provides means to arbitrarily combine PoS and PoW.

Chain quality & tolerated corruption: The new protocol’s demand for chain quality along with tolerated corruption goes along the same line of the originally described hybrid consensus. Approximately, 2/3 of all nodes have to be honest to achieve a 2/3 chain quality in order to perform PBFT in a safe manner.