Skip to main content
Springer Nature Link
Log in

Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake

  • Conference paper
  • First Online:
Financial Cryptography and Data Security (FC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11598))

Included in the following conference series:

Abstract

We present the a provably secure proof-of-stake protocol called Snow White. The primary application of Snow White is to be used as a “green” consensus alternative for a decentralized cryptocurrency system with open enrollement. We break down the task of designing Snow White into the following core challenges:

  1. 1.

    identify a core “permissioned” consensus protocol suitable for proof-of-stake; specifically the core consensus protocol should offer robustness in an Internet-scale, heterogeneous deployment;

  2. 2.

    propose a robust committee re-election mechanism such that as stake switches hands in the cryptocurrency system, the consensus committee can evolve in a timely manner and always reflect the most recent stake distribution; and

  3. 3.

    relying on the formal security of the underlying consensus protocol, prove the full end-to-end protocol to be secure—more specifically, we show that any consensus protocol satisfying the desired robustness properties can be used to construct proofs-of-stake consensus, as long as money does not switch hands too quickly.

Snow White was publicly released in September 2016. It provides the first formal, end-to-end proof of a proof-of-stake system in a truly decentralized, open-participation network, where nodes can join at any time (not necessarily at the creation of the system). We also give the first formal treatment of a well-known issue called “costless simulation” in our paper, proving both upper- and lower-bounds that characterize exactly what setup assumptions are needed to defend against costless simulation attacks. We refer the reader to our detailed chronological notes on a detailed comparison of Snow White and other prior and concurrent works, as well as how subsequent works (including Ethereum’s proof-of-stake design) have since extended and improved our ideas.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Subsequent works, including newer versions of Algorand [6] released after our publication, Ouroboros Praos [9], and the latest Ethereum’s proof-of-stake proposal [1] incorporated elements of this design and suggested improvements, e.g., for concrete security. See Sect. 1.3 for more discussions.

  2. 2.

    Suppose that except with negligible in \(\kappa \) probability, the underlying sleepy consensus guarantees consistency by chopping off the trailing \(\kappa \) blocks, and guarantees the existence of an honest block in every consecutive window of \(\kappa \) blocks.

  3. 3.

    Snow White’s approach of combining checkpointing and “bootstrapping through social consensus” to defend against costless simulation is simpler and more practical in real-world implementations (than relying on VRFs and erasure [6, 9]). Notably, our usage of checkpointing and “bootstrapping through social consensus” already exists in real-world cryptocurrencies.

  4. 4.

    As we discuss in our online full version [8], in practice, the next committee is read from a stabilized prefix of the blockchain and we know its total size a-priori. Therefore, assuming that an upper bound on the fraction of awake nodes (out of each committee) is known a-priori, we can set the difficulty parameter \(D_p\) accordingly to ensure that the expected block interval is sufficiently large w.r.t. to the maximum network delay (and if the upper bound is loose, then the confirmation time is proportionally slower). Although on the surface our analysis assumes a fixed expected block interval throughout, it easily generalizes to the case when the expected block interval varies by a known constant factor throughout (and is sufficiently large w.r.t. to the maximum network delay).

References

  1. Personal communication with Vitalik Buterin, and public talks on sharding by Vitalik Buterin (2018)

    Google Scholar 

  2. Bentov, I., Gabizon, A., Mizrahi, A.: Cryptocurrencies without proof of work. In: Clark, J., Meiklejohn, S., Ryan, P.Y.A., Wallach, D., Brenner, M., Rohloff, K. (eds.) FC 2016. LNCS, vol. 9604, pp. 142–157. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53357-4_10

    Chapter  Google Scholar 

  3. Bentov, I., Lee, C., Mizrahi, A., Rosenfeld, M.: Proof of activity: extending bitcoin’s proof of work via proof of stake. In: Proceedings of the ACM SIGMETRICS 2014 Workshop on Economics of Networked Systems, NetEcon (2014)

    Google Scholar 

  4. Bonneau, J., Clark, J., Goldfeder, S.: On bitcoin as a public randomness source. IACR Cryptology ePrint Archive 2015:1015 (2015)

    Google Scholar 

  5. Castro, M., Liskov, B.: Practical byzantine fault tolerance. In: OSDI (1999)

    Google Scholar 

  6. Chen, J., Micali, S.: Algorand: the efficient and democratic ledger (2016). https://arxiv.org/abs/1607.01341

  7. User “cunicula” and Meni Rosenfeld. Proof of stake brainstorming, August 2011. https://bitcointalk.org/index.php?topic=37194.0

  8. Daian, P., Pass, R., Shi, E.: Snow white: provably secure proofs of stake. Cryptology ePrint Archive, Report 2016/919, online full version of this paper (2016)

    Google Scholar 

  9. David, B., Gaži, P., Kiayias, A., Russell, A.: Ouroboros praos: an adaptively-secure, semi-synchronous proof-of-stake protocol. Cryptology ePrint Archive, Report 2017/573 (2017). http://eprint.iacr.org/2017/573

  10. Eyal, I., Sirer, E.G.: Majority is not enough: bitcoin mining is vulnerable. In: FC (2014)

    Google Scholar 

  11. Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10

    Chapter  Google Scholar 

  12. Hanke, T., Movahedi, M., Williams, D.: Dfinity technology overview series: Consensus system. https://dfinity.org/tech

  13. Kiayias, A., Russell, A., David, B., Oliynykov, R.: Ouroboros: a provably secure proof-of-stake blockchain protocol. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 357–388. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_12

    Chapter  Google Scholar 

  14. King, S., Nadal, S.: Ppcoin: peer-to-peer crypto-currency with proof-of-stake (2012). https://peercoin.net/assets/paper/peercoin-paper.pdf

  15. Kwon, J.: Tendermint: consensus without mining (2014). http://tendermint.com/docs/tendermint.pdf

  16. Maxwell, G., Poelstra, A.: Distributed consensus from proof of stake is impossible (2014). https://download.wpsoftware.net/bitcoin/pos.pdf

  17. Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)

    Google Scholar 

  18. Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22

    Chapter  MATH  Google Scholar 

  19. Pass, R., Shi, E.: Fruitchains: a fair blockchain (2016, manuscript)

    Google Scholar 

  20. Pass, R., Shi, E.: Hybrid consensus: efficient consensus in the permissionless model (2016, manuscript)

    Google Scholar 

  21. Pass, R., Shi, E.: The sleepy model of consensus (2016). http://eprint.iacr.org/2016/918

  22. Pass, R., Shi, E.: Rethinking large-scale consensus. In: CSF (2017)

    Google Scholar 

  23. Poelstra, A.: Distributed consensus from proof of stake is impossible. https://download.wpsoftware.net/bitcoin/alts.pdf

  24. User “QuantumMechanic”. Proof of stake instead of proof of work, July 2011. https://bitcointalk.org/index.php?topic=27787.0

  25. User “tacotime”. Netcoin proof-of-work and proof-of-stake hybrid design (2013). http://web.archive.org/web/20131213085759/www.netcoin.io/wiki/Netcoin_Proof-of-Work_and_Proof-of-Stake_Hybrid_Design

  26. Griffith, V., Buterin, V.: Casper the friendly finality gadget. https://arxiv.org/abs/1710.09437

Download references

Acknowledgments

We gratefully acknowledge Siqiu Yao and Yuncong Hu for lending critical help in building the simulator. We thank Lorenzo Alvisi for suggesting the name Snow White. We also thank Rachit Agarwal, Kai-Min Chung, and Ittay Eyal for helpful and supportive discussions.

Author information

Authors and Affiliations

  1. Cornell/CornellTech, New York, USA

    Phil Daian, Rafael Pass & Elaine Shi

Authors
  1. Phil Daian
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rafael Pass
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elaine Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elaine Shi .

Editor information

Editors and Affiliations

  1. Cheriton School of Computer Science, University of Waterloo, Waterloo, ON, Canada

    Ian Goldberg

  2. Tandy School of Computer Science, University of Tulsa, Tulsa, USA

    Tyler Moore

Rights and permissions

Reprints and permissions

Copyright information

© 2019 International Financial Cryptography Association

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Daian, P., Pass, R., Shi, E. (2019). Snow White: Robustly Reconfigurable Consensus and Applications to Provably Secure Proof of Stake. In: Goldberg, I., Moore, T. (eds) Financial Cryptography and Data Security. FC 2019. Lecture Notes in Computer Science(), vol 11598. Springer, Cham. https://doi.org/10.1007/978-3-030-32101-7_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-32101-7_2

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-32100-0

  • Online ISBN: 978-3-030-32101-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics