bitcoin-ng - usenix · 2017-07-14 · bitcoin-ng a scalable blockchain protocol nsdi, santa clara,...

Bitcoin-NG A Scalable Blockchain Protocol

NSDI, Santa Clara, CA, March 2016

Computer Science, Cornell University Initiative for Cryptocurrencies and Contracts

Ittay Eyal

Adem EfeGencer

Emin GünSirer

RobbertVan Renesse

IC3

2

Hardware

Security

Payment Services

Exchanges

Cryptocurrency

3

The Blockchain Promise

• Bank-to-bank settlements • Cheap remittance • Device-to-device payments (IoT)

4

The Blockchain Promise

• Bank-to-bank settlements • Cheap remittance • Device-to-device payments (IoT)

Requires a bigger and faster boat

5

Bitcoin-NG: A Scalable Blockchain Protocol• A replicated state machine (Monte-Carlo)• Extreme-churn robustness • High performance

(10x throughput, fraction of latency)

Evaluation • Novel performance metrics • Experiments with unmodified nodes

• Low latency • High throughput

6

Blockchain: A Replicated State Machine

𝐴𝐴1 → 𝐵𝐵1

Log

A B

𝐴𝐴1 → 𝐴𝐴2 𝐵𝐵1 → 𝐶𝐶1

C

7

The Blockchain

Log

block

header

𝑡𝑡

8

The Blockchain

Log

block

header

𝑡𝑡

9

The Blockchain

Log

hash( ) < target*

* target: a deterministic function of previous blocks

𝑡𝑡

10

The Blockchain

11

The Blockchain

12

The Blockchain

Exponential, withconstant mean interval

13

Incentive for Mining

• Internal Prize: • Minting• Fees

Wins proportional to computation power

14

Forks

• Natural in a distributed system

15

Fork Resolution

• Longest chain wins • Transactions are reverted • Double-spending a threat

16

Fork Resolution

A transaction is confirmed when it is buried “deep enough”

17

Security-Performance TradeoffNakamoto’s Blockchain exhibits a tradeoff: [Sompolinsky+’15, Lewenberg+’15]

Security Performance

18

Metrics

• Bandwidth

• Latency• Consensus delay

• Security • Mining power utilization • Fairness

19

Mining Power Utilization

∑∑( + )

𝑡𝑡

==> vulnerability to rollback

20

FairnessKnown Miner Sizes

[blockchain.info, April 2015]

20%

Presence:∑𝑎𝑎𝑎𝑎𝑎𝑎 ¬∑𝑎𝑎𝑎𝑎𝑎𝑎

= 80%∑𝑚𝑚𝑎𝑎𝑚𝑚𝑚𝑚 ¬∑𝑚𝑚𝑎𝑎𝑚𝑚𝑚𝑚

= 60%

Fairness: Actual presenceFair presence = 60%

80%= 3/4

==> tendency towards centralization

21

Block Frequency Experiments

==> More forks ==> worse security

• Increasing block frequency • Static bandwidth

22

Block Size Experiments

• Static block frequency • Increasing block size

==> More forks ==> worse security

23

Replicated state machine performance is typically bounded by single node performance

Can this be achieved for the blockchain model?

An Inherent Tradeoff?

Security Performance

24

Nakamoto Blocks

𝑡𝑡

25

Nakamoto Blocks

𝑡𝑡

26

Nakamoto Blocks

𝑡𝑡

27

Nakamoto Blocks

𝑡𝑡

epoch

Serialization

28

Nakamoto Blocks

𝑡𝑡

epoch

29

Nakamoto Blocks

𝑡𝑡

epoch

1. Leader election 2. Serialization

30

Bitcoin-NG

𝑡𝑡

epoch

Lead

er e

lect

ion

31

Bitcoin-NG

• Key blocks: • No content • Leader election

• Microblocks: • Only content • No contention

32

Bitcoin-NG

• PoW• public

key K

signedwith k

33

Bitcoin-NGlong exponential intervals (10 min)

short deterministic intervals (10 sec)

34

Bitcoin-NG Incentives Next miner: Include previous microblocksLeader: Place transactions in microblocks

Counting microblocks for chain selection breaks security (Selfish Mining)

35

Bitcoin-NG Incentives

fees

60%40%

Next miner: Include previous microblocksLeader: Place transactions in microblocks

Chain selection rule• Heaviest chain • Microblocks carry no weight

Fee distribution (exact bounds and analysis in paper)

36

Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up

# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060

~1000 standard clients (no virtualization) Implemented based on the Bitcoin-Core client

Infrastructure: 150 machines x 7 cores 1Gb network

37

Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up

# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060

Network emulation:

• Latency and BW: Based on our measurements [Croman+’15]

• Implementation: Virtual network interfaces and kernel rate limiting

• Validation: Block propagation matches known trends [Decker&Wattenhofer’13]

38

Test Bedsudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07b# Assign one side of each virtual ethernet link to a namespace: sudo ip link set vlo01b netns node-020-01sudo ip link set vlo02b netns node-020-02sudo ip link set vlo03b netns node-020-03sudo ip link set vlo04b netns node-020-04sudo ip link set vlo05b netns node-020-05sudo ip link set vlo06b netns node-020-06sudo ip link set vlo07b netns node-020-07# Bring links up: (10.2.1.100+i at namespaces; 10.2.1.0+i here): sudo ifconfig vlo01 10.2.1.1/24 upsudo ifconfig vlo02 10.2.2.1/24 upsudo ifconfig vlo03 10.2.3.1/24 upsudo ifconfig vlo04 10.2.4.1/24 upsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up

# Node node- 020-04 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20040sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.4.100:20041 # Node node- 020-05 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20050sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10.2.5.100:20051 # Node node- 020-06 :sudo iptables -A FORWARD -i eth e -- DETALER,DEHSILBATSE,WEN etats-TPECCA jsudo iptables -t nat -A PREROUTING -p tcp -d DETALER,DEHSILBA - TAND j--ot10 2 6 100:20060

Mining power distribution: Based on one-year statistics of operational Bitcoin system

Ratio

of

Min

ing

Pow

er

Temporal Miner Index (Descending power)

39

Block Frequency

Block frequency [1/sec]

ConsensusDelay

Bitcoin

Bitcoin-NG

good

40

Block Frequency

Block frequency [1/sec]

Fairness

Bitcoin

Bitcoin-NG

good

41

Block Frequency

Block frequency [1/sec]

MiningPowerUtilization Bitcoin

Bitcoin-NG

good

42

Block Size

Fairness

Bitcoin

Bitcoin-NG

good

Block size [byte]

43

Block Size

MiningPowerutilization

Bitcoin

Bitcoin-NG

good

Block size [byte]

44

Related Work “The Block Size Debate”Bitcoin-NG solves an inherent protocol shortcoming.

GHOST protocol, inclusive blockchainsPartial solutions. Perhaps could be used in concert with NG

Centralized solutions of the BFT consensus familyBitcoin-NG maintains Bitcoin’s weak model

Byzcoin, Hybrid Consensus Uses Bitcoin-NG’s technique with epoch-length quorums to improve security and latency even further.

45

Summary

sudo ip link add vlo04 type veth peer name vlo04bsudo ip link add vlo05 type veth peer name vlo05bsudo ip link add vlo06 type veth peer name vlo06bsudo ip link add vlo07 type veth peer name vlo07bsudo ifconfig vlo05 10.2.5.1/24 upsudo ifconfig vlo06 10.2.6.1/24 upsudo ifconfig vlo07 10.2.7.1/24 upsudo ip netns exec node-020-01 ifconfig vlo01b 10.2.1.100/24 upsudo ip netns exec node-020-02 ifconfig vlo02b 10.2.2.100/24 up

# Node node- 020-04 :sudo iptables -A FORWARD -i eth 0-olv o04-p

Bitcoin-NG

• High bandwidth • Low latency • Secure

Ittay Eyal, Adem Efe Gencer, Emin Gün Sirer, and RobbertVan Renesse. Bitcoin-NG, A Scalable Blockchain Protocol.

46

Security Concern

• Unlike Nakamoto’s chain, Bitcoin-NG’s leader is a sitting duck

• Only the leader’s key is static. Microblockgeneration can be distributed

47

Microblock Guarantees • With Nakamoto’s Blockchain:

fork by risking block prize • With Bitcoin-NG:

Free forking?

48

Microblock Guarantees

• Poison transaction cancels cheater reward • Poisoner receives nominal prize

• With Nakamoto’s Blockchain: fork by risking block prize

• With Bitcoin-NG: Free forking? No.

49

Incentive Compatibility

??

𝜋𝜋

50

Broken Chain Selection RuleNext miner: Include previous microblocks

Microblocks carry small weight? Leader: Place transactions in micro blocks

Leader gets fees?

??

51

Broken Chain Selection Rule

• Create secret chain:

• Always beat majority:

Next miner: Include previous microblocksMicroblocks carry small weight?

Leader: Place transactions in microblocksLeader gets fees?

52

Block Size

Block size [byte]

ConsensusDelay

BitcoinBitcoin-NG

good