Author: Sooraj
Source: Twitter post
Bitcoin is the only blockchain that offers Dynamic participation for validator nodes in a decentralized environment. None of the PoS blockchains can offer this but Ouroborus Genesis will make Cardano the first PoS blockchain with this capability.
How? Here's a Thread...
Ouroboros Genesis is a highly anticipated upgrade to the consensus protocol of Cardano in 2022. This upgrade is designed to address the issues of costless simulation and the bootstrapping problem and mitigate the threat of long-range attacks in a decentralized, open environment.
To understand how Ouroborus Genesis will give Cardano the same security guarantees of Bitcoin.
We need to start from the basics to understand this topic from a first principles perspective!
For that let's start form Bitcoin
Bitcoin uses an immutable ledger with strong security guarantees through PoW This provides a high level of security & enables a decentralized and secure network structure Which allows parties to join and leave the network at will (a.k.a. Dynamic Availability)
So, how does that work? PoW uses computational resources, specifically the process of hashing, to produce new blocks, meaning, adding a block to the Bitcoin blockchain requires using processing power, resulting in energy consumption for each block added to the chain.
The difficulty of producing a chain increases with its length, making it computationally expensive to produce blocks. Meaning, adding blocks to a blockchain requires processing power, so a longer blockchain uses more energy, and nodes will always choose it over a shorter one.
This expense, which is in the form of electricity costs, prevents dishonest nodes from producing multiple different blocks. As a result, nodes will always adopt the chain with the most energy consumed - commonly referred to as the “longest chain.”
This makes it easier for the new nodes joining the system to select the honest chain, which in turn allows the network (validators) to join & leave the network at any given time and keep the network secure. In short, this enables the dynamic availability of the Bitcoin network.
But PoW comes with some problems. As PoW relies on puzzle-solving, that becomes harder as more parties join the network. This leads to an ever-increasing demand for energy, which has become a major concern for the future of the network and it also creates "Composability issues".
Composability refers to the ability of different protocols or systems to work together seamlessly, without introducing unintended consequences or breaking their intended functionality. But in the case of Bitcoin, reliance on PoW creates composability issues.
In PoW blockchains, issues can arise when other protocols use the same cryptographic puzzle-solving process as mining. Miners can potentially try to double the value of their effort by using the same hash query for both chains, leading to inefficiencies & security vulnerabilities.
Due to these limitations of PoW, the search was on for an alternative mechanism to secure the ledger. This led to the introduction of proof-of-stake (PoS) systems, which use virtual resources (stake) to secure the network instead of physical resources (hashing power).
PoS systems are based on the idea that PoS systems can enhance scalability & energy efficiency while preserving security features of the ledger, by allowing parties to extend the blockchain based on the number of coins they own instead of relying on computing power.
Although several PoS-based proposals have been developed over time with formal security proofs. It does come with some trade-offs, in particular, these protocols can restrict the dynamic availability of participants compared to PoW-based systems. Why? let's dig a bit deeper!
Although PoS protocols are more scalable & energy efficient, they currently have some fundamental drawbacks. Among these are:
- the nothing-at-stake / costless simulation problem
- long-range attacks
- and the Bootstrapping problem
As no physical resources are needed to produce blocks in PoS, it is possible to build an alternative history of the blockchain and create multiple competing chains at no cost, where in PoW, energy costs must be incurred for each competing chain.
The nothing-at-stake problem/costless simulation occurs when a block producer evaluates the likelihood of two branches A and B, of a blockchain and decides to work on both rather than just one.
This results in the block producer having a higher expected reward and no chain containing the highest stake leading to the network not reaching a consensus on the canonical branch. The costless simulation then results in another problem known as long-range attacks.
Here the attacker builds a long chain by forking from an earlier point in the primary blockchain and continues to add blocks to this chain. This makes it difficult for new participants to determine which chain to support.
To mitigate this, checkpoints are established along the blockchain and any fork starting before a checkpoint is considered invalid. However, for new participants or validators who have been offline for a period of time, it can be difficult to determine the longest chain.
This makes them vulnerable to joining a malicious chain and this gives rise to the “Bootstrapping Problem” where new validators joining the network potentially end up joining the malicious chain increasing the network’s vulnerability to long-range attacks.
So how does PoS survive?
So now let's take a look at how PoS-BFT protocols like (Ethereum, Algorand, etc.) try to solve the problem of costless simulation. In PoS BFT protocols, the consensus is reached among the nodes running the protocol on all blocks.
This eliminates the occurrence of forks, and thereby, the need to resolve disagreements. However, in order to effectively operate the protocol must be aware of the level of participation of nodes in the network at any given time.
Because its impossible to make the network dynamically available & also know the level of participation at the same time. With PBFT; you throw away dynamic availability. On top of that Ethereum implements measures like freezing staked coins & slashing to deter malicious activity.
This disincentivizes the involvement of honest parties with smaller stakes in the network, thereby decreasing the decentralization of the Ethereum network. So now let's take a look at how Cardano is taking the problem of Costless Simulation with the Ouroborus praos protocol.
Ouroboros Praos is the current consensus mechanism used in Cardano, and it takes a different approach to ensure the security and integrity of the network compared to traditional consensus mechanisms like Proof of Work (PoW) or PoS-BFT protocols.
Key word: Verifiable Random Function (VRF) A verifiable random function is a cryptographic function that takes a series of inputs, computes them and produces a pseudorandom output along with a proof of authenticity that can be verified by anyone. How is it used by Praos?
It uses a VRF to elect a node as the slot leader for each block. Here's how it works: Before each epoch, a stake distribution snapshot is taken, the previous epoch’s randomness seed is used as input for the VRF of each node, this is used to generate a pseudo-random number.
The node with the highest number becomes the slot leader and creates the block, encrypting the number into the block header. All other nodes use their own VRF to validate the election outcome.
The protocol restricts that a slot leader cannot extend the chain with multiple blocks for the same slot, therefore all honest parties extend their chain by at most one block per slot. This prevents malicious behaviour of slot leaders.
The outcome of the slot leader election is not revealed until the block is signed or the node wins itself. At the end of each epoch, all the numbers encrypted into the block headers are combined and it is used to calculate the randomness seed for the next epoch.
This creates an endless cycle of
- Stake distribution snapshot
- VRF generation
- and randomness seed calculation
that repeats throughout each epoch
The blockchain is maintained through the longest chain rule, meaning, the slot leaders add a block to the end of the longest chain they have observed and then broadcast it to the network. But how does Ouroboros praos resist long-range attacks?
In praos, a form of rolling checkpointing is employed to prevent a long-range attack. This is known as the "bounded-depth longest-chain rule” i.e., the nodes adopt a valid new chain. Only if it is longer & does not fork by more than "k" blocks from the local chain.
But this comes with two main limitations,
1st one:
- The Online parties maintain a moving checkpoint
Meaning, the newly joined parties would need trusted advice. This is not desirable when it comes to decentralization (The bootstrapping problem).
2nd one :
- There is a fixed & known lower bound on participation
Meaning, protocol must be aware of the minimum no: of participants at any given time. Meaning, no flexible participation. The protocol might be stalled if there is a sudden drop in the no: of validator nodes.
This is most probably the reason why Cardano stalled for ca. 7 minutes during the event last month, which caused a huge number of nodes (>50%) to go offline, and when those nodes came back online the protocol picked it from there and started producing blocks again.
Because of the above mentioned limitations of the "Ouroborus praos" Cardano cannot currently allow dynamic participation, the ability of validators to join or leave the network in a flexible, constantly changing manner without disrupting the functioning of the network.
And as a matter of fact, none of the PoS blockchains can allow dynamic participation. Protocols like Algorand would stall if there was a sudden drop in participation of more than 30% of nodes at any given time, but Ouroborus genesis can enable dynamic participation. How?
Ouroboros Genesis introduces the Plenitude Rule. A game-changing "chain selection solution" that solves the bootstrapping problem by allowing the new nodes joining the network to detect the honest chain, without any trusted information. So how does it work?
Researchers have proved that, if the majority of parties follow the protocol, then at any sufficiently long time segment, the honest chain will be denser, especially after a fork, meaning, adversarial chains shortly after forking exhibit a less dense block distribution.
So when multiple chains of similar length are available, the Plenitude Rule looks for the point at which the chains diverge regarding their block distribution, it then divides the most recent past from the history of the chain into periods.
And then determines which chain has the densest block distribution, after the divergence point/forking, then the nodes in the network can adopt a chain, which also has the densest block distribution after forking.
So with Ouroborus Genesis, the nodes that are new to the network or have been offline for a while can re-join and be guaranteed to download the correct version of the chain, as long as there are enough honest parties (an assumption that Bitcoin also makes).
Furthermore, with Plenitude Rule "Ouroborus genesis" makes it possible to guarantee that no one can counterfeit their way into creating a block during someone else’s slot, making it impossible for a single node to create a fake chain.
So “The Genesis version” of the Ouroborus protocol will be the first PoS protocol that is mathematically proven to guarantee persistence & liveness in both synchronous & semi-synchronous settings under the assumption of an honest majority participating. just like Bitcoin.
TL;DR
Ouroboros Genesis will make Cardano more secure than other PoS protocols - that requires at least 2/3 honest participants (e.g. Ethereum Casper, Algorand) and is equally secure as Bitcoin but with much lower energy expenditure & better performance.
No comments:
Post a Comment