by Christopher Carr, Colin Boyd (NTNU), Xavier Boyen and Thomas Haines (QUT)
Bitcoin’s distributed ledger is an innovative way of solving the double spending problem in a decentralised system. However, it causes incompressible transaction delays and incentivises consolidation of mining power. We ask, is it possible to eliminate these problems without losing the decentralised principles that Bitcoin was built on?
Over eight years have gone by since Bitcoin’s deployment, and it is still going strong. While there are many explanations for its success, the innovative backbone structure – the blockchain -– which has inspired so many alternative systems, undoubtedly plays a leading role in this story.
Blockchains store the state of the transactions in the system. Users compete to form new blocks, which confirm both new and all existing transactions in the previous blocks. Those who create blocks first are rewarded with cash in the system.
Despite the blockchain innovation, there are some fundamental problems that lie in its design, which stem from the blockchain itself, and affect all similar systems.
Two major problems which are inherent to almost all blockchain models are:
1. Consolidation of power: Users are incentivised to form into groups to maximise their expected reward over time. Cartels formed in this manner are commonly referred to as mining pools.
2. Incompressible delays: All transactions have a delay before they can be considered confirmed within the system. In Bitcoin itself, this is exacerbated by block size restrictions, a source of heated debate within the community. Recently, almost all blocks have been full to capacity of transactions, and as of the time of writing have fees for posting transactions over 10 USD.
Previously, there has been a line of inquiry that looks at alternative ways of designing proofs-of-work to avoid mining pools. Miller, Kosba, Katz and Shi [1] create a proof-of-work system that allows for any pool member to cheat and reap all the rewards for themselves. Importantly, they show that a cheater can do this without any way of being caught, thus removing the incentive for mining pool formation. Lewenberg, Somplinsky and Zohar [2] design a system that allows for collections of transactions to be confirmed in such a way that overlapping blocks can be counted along with the transactions contained within them.
Our motivation stems from simultaneously addressing these two fundamental problems of consolidation of power and incompressible delays. In a joint research effort, which is a collaboration between the Norwegian University of Science and Technology [L1] and Queensland University of Technology [L2], we ask: “What happens if we remove blocks altogether?” Instead of collecting multiple transactions together, whenever you wish to create a transaction you simply reference two recent, existing transactions.
Once blocks are removed, we need a way of securing transactions against double spending. To achieve this, we look to the incentive mechanisms, and use these to promote the desired characteristics. We incentivise the collection of recent previous transactions by increasing the reward for doing so. This can also be thought of as a form of small blocks, but removing the enforced confirmation delay.
To highlight these aspects, Figure 1 shows a standard blockchain model, where transactions are collected together and formed into a block. Contrast this with Figure 2, which shows the block-less model, where transactions confirm only two previous transactions.
Figure 1: Blockchain model: Transactions (Tx) are collected together over some fixed average time interval and grouped into blocks, confirming the full group of transactions.
Figure 2: Blockchain free model: Transactions (Tx) are collected indivudually over a flexible time period and confirm previous transactions.
So far, we have developed a blockchain free system [3], and demonstrated the security of the system under the assumption of a majority of rational users. We show that the incentive mechanisms we put in place encourage transactions to finally group together at the head of the chain, where all previous transactions are confirmed from the leading transaction - a property we call convergence.
We believe this novel approach represents a large step forwards in tackling these highlighted blockchain problems. Our focus now is on addressing implementation decisions. The challenge is to select appropriate parameters that do not undermine the theoretical underpinnings. Our hope is that by designing and implementing a system in this way, we can get closer to the true ideal of a decentralised digital cash system.
Links:
[L1] http://www.ntnu.edu/iik/nacl-lab
[L2] https://kwz.me/Xd
References:
[1] A. Miller, et al: “Nonoutsourceable Scratch-Off Puzzles to Discourage Bitcoin Mining Coalitions”, ACM Conference on Computer and Communications Security 2015: 680-691.
[2] Y. Lewenberg, Y. Sompolinsky, A. Zohar: “Inclusive Block Chain Protocols”, Financial Cryptography 2015: 528-547.
[3] X. Boyen, C. Carr, T. Haines: “Blockchain-Free Cryptocurrencies: A Framework for Truly Decentralised Fast Transactions”, IACR Cryptology ePrint Archive 2016: 871 (2016).
Please contact:
Christopher Carr, NTNU, Norway
