Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Bitcoin-NG A Scalable Blockchain Protocol
NSDI, Santa Clara, CA, March 2016
Computer Science, Cornell University Initiative for Cryptocurrencies and Contracts
Ittay Eyal
Adem EfeGencer
Emin GünSirer
RobbertVan Renesse
IC3
2
Hardware
Security
Payment Services
Exchanges
Cryptocurrency
3
The Blockchain Promise
• Bank-to-bank settlements • Cheap remittance • Device-to-device payments (IoT)
4
The Blockchain Promise
• Bank-to-bank settlements • Cheap remittance • Device-to-device payments (IoT)
Requires a bigger and faster boat
5
Bitcoin-NG: A Scalable Blockchain Protocol• A replicated state machine (Monte-Carlo)• Extreme-churn robustness • High performance
(10x throughput, fraction of latency)
Evaluation • Novel performance metrics • Experiments with unmodified nodes
• Low latency • High throughput
6
Blockchain: A Replicated State Machine
𝐴𝐴1 → 𝐵𝐵1
Log
A B
𝐴𝐴1 → 𝐴𝐴2 𝐵𝐵1 → 𝐶𝐶1
C
7
The Blockchain
Log
block
header
𝑡𝑡
8
The Blockchain
Log
block
header
𝑡𝑡
9
The Blockchain
Log
hash( ) < target*
* target: a deterministic function of previous blocks
𝑡𝑡
10
The Blockchain
11
The Blockchain
12
The Blockchain
Exponential, withconstant mean interval
13
Incentive for Mining
• Internal Prize: • Minting• Fees
Wins proportional to computation power
14
Forks
• Natural in a distributed system
15
Fork Resolution
• Longest chain wins • Transactions are reverted • Double-spending a threat
16
Fork Resolution
A transaction is confirmed when it is buried “deep enough”
17
Security-Performance TradeoffNakamoto’s Blockchain exhibits a tradeoff: [Sompolinsky+’15, Lewenberg+’15]
Security Performance
18
Metrics
• Bandwidth
• Latency• Consensus delay
• Security • Mining power utilization • Fairness
19
Mining Power Utilization
∑∑( + )
𝑡𝑡
==> vulnerability to rollback
20
FairnessKnown Miner Sizes
[blockchain.info, April 2015]
20%
Presence:∑𝑎𝑎𝑎𝑎𝑎𝑎 ¬∑𝑎𝑎𝑎𝑎𝑎𝑎
= 80%∑𝑚𝑚𝑎𝑎𝑚𝑚𝑚𝑚 ¬∑𝑚𝑚𝑎𝑎𝑚𝑚𝑚𝑚
= 60%
Fairness: Actual presenceFair presence = 60%
80%= 3/4
==> tendency towards centralization
21
Block Frequency Experiments
==> More forks ==> worse security
• Increasing block frequency • Static bandwidth
22
Block Size Experiments
• Static block frequency • Increasing block size
==> More forks ==> worse security
23
Replicated state machine performance is typically bounded by single node performance
Can this be achieved for the blockchain model?
An Inherent Tradeoff?
Security Performance
24
Nakamoto Blocks
𝑡𝑡
25
Nakamoto Blocks
𝑡𝑡
26
Nakamoto Blocks
𝑡𝑡
27
Nakamoto Blocks
𝑡𝑡
epoch
Serialization
28
Nakamoto Blocks
𝑡𝑡
epoch
29
Nakamoto Blocks
𝑡𝑡
epoch
1. Leader election 2. Serialization
30
Bitcoin-NG
𝑡𝑡
epoch
Lead
er e
lect
ion
31
Bitcoin-NG
• Key blocks: • No content • Leader election
• Microblocks: • Only content • No contention
32
Bitcoin-NG
• PoW• public
key K
signedwith k
33
Bitcoin-NGlong exponential intervals (10 min)
short deterministic intervals (10 sec)
34
Bitcoin-NG Incentives Next miner: Include previous microblocksLeader: Place transactions in microblocks
Counting microblocks for chain selection breaks security (Selfish Mining)
35
Bitcoin-NG Incentives
fees
60%40%
Next miner: Include previous microblocksLeader: Place transactions in microblocks
Chain selection rule• Heaviest chain • Microblocks carry no weight
Fee distribution (exact bounds and analysis in paper)
36
Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up
# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060
~1000 standard clients (no virtualization) Implemented based on the Bitcoin-Core client
Infrastructure: 150 machines x 7 cores 1Gb network
37
Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up
# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060
Network emulation:
• Latency and BW: Based on our measurements [Croman+’15]
• Implementation: Virtual network interfaces and kernel rate limiting
• Validation: Block propagation matches known trends [Decker&Wattenhofer’13]
38
Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up
# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060
Mining power distribution: Based on one-year statistics of operational Bitcoin system
Ratio
of
Min
ing
Pow
er
Temporal Miner Index (Descending power)
39
Block Frequency
Block frequency [1/sec]
ConsensusDelay
Bitcoin
Bitcoin-NG
good
40
Block Frequency
Block frequency [1/sec]
Fairness
Bitcoin
Bitcoin-NG
good
41
Block Frequency
Block frequency [1/sec]
MiningPowerUtilization Bitcoin
Bitcoin-NG
good
42
Block Size
Fairness
Bitcoin
Bitcoin-NG
good
Block size [byte]
43
Block Size
MiningPowerutilization
Bitcoin
Bitcoin-NG
good
Block size [byte]
44
Related Work “The Block Size Debate”Bitcoin-NG solves an inherent protocol shortcoming.
GHOST protocol, inclusive blockchainsPartial solutions. Perhaps could be used in concert with NG
Centralized solutions of the BFT consensus familyBitcoin-NG maintains Bitcoin’s weak model
Byzcoin, Hybrid Consensus Uses Bitcoin-NG’s technique with epoch-length quorums to improve security and latency even further.
45
Summary
sudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07bsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up
# Node node- 020-04 :sudo iptables -A FORWARD -i eth 0-olv o04-p
Bitcoin-NG
• High bandwidth • Low latency • Secure
Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and RobbertVan Renesse. Bitcoin-NG, A Scalable Blockchain Protocol.
46
Security Concern
• Unlike Nakamoto’s chain, Bitcoin-NG’s leader is a sitting duck
• Only the leader’s key is static. Microblockgeneration can be distributed
47
Microblock Guarantees • With Nakamoto’s Blockchain:
fork by risking block prize • With Bitcoin-NG:
Free forking?
48
Microblock Guarantees
• Poison transaction cancels cheater reward • Poisoner receives nominal prize
• With Nakamoto’s Blockchain: fork by risking block prize
• With Bitcoin-NG: Free forking? No.
49
Incentive Compatibility
??
𝜋𝜋
50
Broken Chain Selection RuleNext miner: Include previous microblocks
Microblocks carry small weight? Leader: Place transactions in micro blocks
Leader gets fees?
??
51
Broken Chain Selection Rule
• Create secret chain:
• Always beat majority:
Next miner: Include previous microblocksMicroblocks carry small weight?
Leader: Place transactions in microblocksLeader gets fees?
52
Block Size
Block size [byte]
ConsensusDelay
BitcoinBitcoin-NG
good