By Dennis Shasha, New York University, USA, shasha@courant.nyu.edu | Taegyun Kim, New York University, USA, taegyun.kim@nyu.edu | Joseph Bonneau, New York University, USA, jcb@cs.nyu.edu | Yan Michalevsky, Cryptosat Inc., USA, yan@cryptosat.io | Gil Shotan, Stanford University, USA, gilsho@cs.stanford.edu | Yonatan Winetraub, Cryptosat Inc., USA,
Blockchains are meant to provide an append-only sequence (ledger) of transactions. Security commonly relies on a consensus protocol in which forks in the sequence are either prevented completely or are exponentially unlikely to last more than a few blocks. This monograph proposes the design of algorithms and a system to achieve high performance (a few seconds from the time of initiation for transactions to enter the blockchain), the absence of forks, and a very low energy cost (a per transaction cost that is a factor of a billion or more less than bitcoin).
The foundational component of this setup is a group of satellites whose blockchain protocol code can be verified and burned into read-only memory. Because such satellites can perhaps be destroyed but cannot be captured (unlike even fortified terrestrial servers), a reasonable assumption is that the blockchain protocol code in the satellites may fail to make progress either permanently or intermittently but will not be traitorous.
A second component of this setup is a group of terrestrial sites whose job is to broadcast information about blocks and to summarize the blockchain ledger. These can be individuals who are eager to get a fee for service. Even if many of these behave traitorously (against their interests as fee-collectors), a small number of honest ones is sufficient to ensure safety and liveness.
A third component of this setup is a Mission Control entity which will act very occasionally to assign roles to terrestrial sites and time slots to satellites. These assignments will be multisigned using the digital signatures of a widely distributed group of human governors. A reasonable assumption on Mission Control is that, for reputational reasons, they will not send any signed message that would either contradict a previous message or attest to an incorrect affirmation. Because Mission Control needs to act very infrequently (to a first approximation, only when satellites fail), any actions of Mission Control can be carefully and publicly scrutinized.
Given these components and these reasonable assumptions, our protocol, called Bounce, will achieve ledger functionality for arbitrarily sized blocks at under five seconds per block (based on experiments done with the International Space Station) and at negligible energy cost.
This monograph will discuss the overall architecture and algorithms of such a system, the assumptions it makes, and the guarantees it gives.
Blockchains are meant to provide an append-only sequence (ledger) of transactions. Security commonly relies on a consensus protocol in which forks in the sequence are either prevented completely or are exponentially unlikely to last more than a few blocks. This monograph proposes the design of algorithms and a system to achieve high performance (a few seconds from the time of initiation for transactions to enter the blockchain), the absence of forks, and a very low energy cost (a per transaction cost that is a factor of a billion or more less than bitcoin).
The foundational component of this setup is a group of satellites whose blockchain protocol code can be verified and burned into read-only memory. Because such satellites can perhaps be destroyed but cannot be captured (unlike even fortified terrestrial servers), a reasonable assumption is that the blockchain protocol code in the satellites may fail to make progress either permanently or intermittently but will not be traitorous.
A second component of this setup is a group of terrestrial sites whose job is to broadcast information about blocks and to summarize the blockchain ledger. These can be individuals who are eager to get a fee for service. Even if many of these behave traitorously (against their interests as fee-collectors), a small number of honest ones is sufficient to ensure safety and liveness. The third component of this setup is a Mission Control entity which will act very occasionally to assign roles to terrestrial sites and time slots to satellites. These assignments will be multi-signed using the digital signatures of a widely distributed group of human governors.
Given these components and these reasonable assumptions, the protocol described in this monograph, called Bounce, will achieve ledger functionality for arbitrarily sized blocks at under five seconds per block and at negligible energy cost. This monograph will discuss the overall architecture and algorithms of such a system, the assumptions it makes, and the guarantees it gives.