On Bitcoin cash's target recalculation functions

Abstract

Bitcoin Cash, created in 2017, is a "hard fork" from Bitcoin responding to the need for allowing a higher transaction volume. This is achieved by a larger block size, as well as a new difficulty adjustment (target recalculation) function that acts more frequently (as opposed to Bitcoin's difficulty adjustment happening about every two weeks), resulting in a potentially different target for each block. While seemingly achieving its goal in practice, to our knowledge there is no formal analysis to back this proposal up. In this paper we provide the first formal cryptographic analysis of Bitcoin Cash's target recalculation functions---both ASERT and SMA (current and former recalculation functions, respectively)---against all possible adversaries. The main distinction with respect to Bitcoin's is that they are no longer epoch-based, and as such previous analyses fail to hold. We overcome this technical obstacle by introducing a new set of analytical tools focusing on the "calibration" of blocks' timestamps in sliding windows, which yield a measure of closeness to the initial block generation rate. With that measure, we then follow the analytical approach developed in the Bitcoin backbone protocol [Eurocrypt 2015 and follow-ups] to first establish the basic properties of the blockchain data structure, from which the properties of a robust transaction ledger (namely, Consistency and Liveness) can be derived. We compare our analytical results with data from the Bitcoin Cash network, and conclude that in order to satisfy security (namely, properties satisfied except with negligible probability in the security parameter) considerably larger parameter values should be used with respect to the ones used in practice.