PHANTOM GHOSTDAG: a scalable generalization of Nakamoto consensus: September 2, 2021

Proceedings of the 3rd ACM Conference on Advances in Financial Technologies Pub Date : 2021-09-26 DOI:10.1145/3479722.3480990

Yonatan Sompolinsky, Shai Wyborski, Aviv Zohar

{"title":"PHANTOM GHOSTDAG: a scalable generalization of Nakamoto consensus: September 2, 2021","authors":"Yonatan Sompolinsky, Shai Wyborski, Aviv Zohar","doi":"10.1145/3479722.3480990","DOIUrl":null,"url":null,"abstract":"In 2008 Satoshi Nakamoto invented the basis for blockchain-based distributed ledgers. The core concept of this system is an open and anonymous network of nodes, or miners, which together maintain a public ledger of transactions. The ledger takes the form of a chain of blocks, the blockchain, where each block is a batch of new transactions collected from users. One primary problem with Satoshi's blockchain is its highly limited scalability. The security of Satoshi's longest chain rule, more generally known as the Bitcoin protocol, requires that all honest nodes be aware of each other's blocks very soon after the block's creation. To this end, the throughput of the system is artificially suppressed so that each block fully propagates before the next one is created, and that very few \"orphan blocks\" that fork the chain be created spontaneously. In this paper we present PHANTOM, a proof-of-work based protocol for a permissionless ledger that generalizes Nakamoto's blockchain to a direct acyclic graph of blocks (blockDAG). PHANTOM includes a parameter k that controls the level of tolerance of the protocol to blocks that were created concurrently, which can be set to accommodate higher throughput. It thus avoids the security-scalability tradeoff which Satoshi's protocol suffers from. PHANTOM solves an optimization problem over the blockDAG to distinguish between blocks mined properly by honest nodes and those created by non-cooperating nodes who chose to deviate from the mining protocol. Using this distinction, PHANTOM provides a robust total order on the blockDAG in a way that is eventually agreed upon by all honest nodes. Implementing PHANTOM requires solving an NP-hard problem, and to avoid this prohibitive computation, we devised an efficient greedy algorithm GHOSTDAG that captures the essence of PHANTOM. The GHOSTDAG protocol has been implemented as the underlying technology of the Kaspa cryptocurrency. The Kaspa network allows us to produce statistics about the performance of GHOSTDAG in real world scenarios. We provide an analysis of confirmation times obtained by observing the Kaspa network. We provide a formal proof of the security of GHOSTDAG, namely, that its ordering of blocks is irreversible up to an exponentially negligible factor. We discuss the properties of GHOSTDAG and how it compares to other DAG based protocols.","PeriodicalId":112726,"journal":{"name":"Proceedings of the 3rd ACM Conference on Advances in Financial Technologies","volume":"27 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-09-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd ACM Conference on Advances in Financial Technologies","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3479722.3480990","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

Abstract

In 2008 Satoshi Nakamoto invented the basis for blockchain-based distributed ledgers. The core concept of this system is an open and anonymous network of nodes, or miners, which together maintain a public ledger of transactions. The ledger takes the form of a chain of blocks, the blockchain, where each block is a batch of new transactions collected from users. One primary problem with Satoshi's blockchain is its highly limited scalability. The security of Satoshi's longest chain rule, more generally known as the Bitcoin protocol, requires that all honest nodes be aware of each other's blocks very soon after the block's creation. To this end, the throughput of the system is artificially suppressed so that each block fully propagates before the next one is created, and that very few "orphan blocks" that fork the chain be created spontaneously. In this paper we present PHANTOM, a proof-of-work based protocol for a permissionless ledger that generalizes Nakamoto's blockchain to a direct acyclic graph of blocks (blockDAG). PHANTOM includes a parameter k that controls the level of tolerance of the protocol to blocks that were created concurrently, which can be set to accommodate higher throughput. It thus avoids the security-scalability tradeoff which Satoshi's protocol suffers from. PHANTOM solves an optimization problem over the blockDAG to distinguish between blocks mined properly by honest nodes and those created by non-cooperating nodes who chose to deviate from the mining protocol. Using this distinction, PHANTOM provides a robust total order on the blockDAG in a way that is eventually agreed upon by all honest nodes. Implementing PHANTOM requires solving an NP-hard problem, and to avoid this prohibitive computation, we devised an efficient greedy algorithm GHOSTDAG that captures the essence of PHANTOM. The GHOSTDAG protocol has been implemented as the underlying technology of the Kaspa cryptocurrency. The Kaspa network allows us to produce statistics about the performance of GHOSTDAG in real world scenarios. We provide an analysis of confirmation times obtained by observing the Kaspa network. We provide a formal proof of the security of GHOSTDAG, namely, that its ordering of blocks is irreversible up to an exponentially negligible factor. We discuss the properties of GHOSTDAG and how it compares to other DAG based protocols.

查看原文本刊更多论文

PHANTOM GHOSTDAG:中本共识的可扩展概括:2021年9月2日

2008年，中本聪发明了基于区块链的分布式账本的基础。该系统的核心概念是一个开放和匿名的节点或矿工网络，它们共同维护交易的公共分类账。分类帐采用区块链的形式，即区块链，其中每个区块都是从用户那里收集的一批新交易。中本聪的区块链的一个主要问题是其高度有限的可扩展性。中本聪最长链规则的安全性，通常被称为比特币协议，要求所有诚实的节点在区块创建后很快就知道彼此的区块。为此，系统的吞吐量被人为地抑制，以便每个块在创建下一个块之前完全传播，并且很少有“孤儿块”自发地创建分叉链。在本文中，我们提出了PHANTOM，这是一种基于工作量证明的无权限分类账协议，它将中本聪的区块链推广到一个直接的无环块图(blockDAG)。PHANTOM包含一个参数k，用于控制协议对并发创建的块的容忍度，可以设置该参数以适应更高的吞吐量。因此，它避免了中本聪协议所遭受的安全-可扩展性权衡。PHANTOM通过blockDAG解决了一个优化问题，以区分由诚实节点正确挖掘的区块和由选择偏离挖掘协议的非合作节点创建的区块。利用这种区别，PHANTOM以一种最终由所有诚实节点同意的方式在blockDAG上提供了一个健壮的总订单。实现PHANTOM需要解决一个NP-hard问题，为了避免这种令人望而却步的计算，我们设计了一个高效的贪婪算法GHOSTDAG，它捕捉了PHANTOM的本质。GHOSTDAG协议已被实现为Kaspa加密货币的底层技术。Kaspa网络允许我们生成关于GHOSTDAG在真实场景中的性能的统计数据。我们提供了通过观察卡斯帕网络获得的确认时间的分析。我们提供了GHOSTDAG安全性的正式证明，即它的块排序是不可逆的，可忽略指数因子。我们讨论了GHOSTDAG的属性以及它与其他基于DAG的协议的比较。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 3rd ACM Conference on Advances in Financial Technologies

自引率

0.00%

发文量