The Velvet Path to Superlight Blockchain Clients
Aggelos Kiayias, Andrianna Polydouri, Dionysis Zindros
AFT '21
27th September, 2021
Preliminaries
Light clients
Simplified Payment Verification (SPV)
Light clients
SPV protocol
- not efficient enough
- data grow linearly to the size of the chain
Superlight clients
-
logarithmic amount of data to the size of the chain
- Superblock NIPoPoWs
- FlyClient
Superblock NIPoPoWs
- all valid blocks:
- "luckier" μ-level superblocks:
Superblock NIPoPoWs
Ideal superblock distribution
Superblock NIPoPoWs
Proof contains only some superblock headers...
Superblock NIPoPoWs
Consensus Protocol changes
- interlink data struture in block header
- pointers to every most recent superblock
Consensus Protocol Update
Hard fork
- not backwards compatible
- change block header contents
- unupgraded parties do not accept upgraded blocks and vice versa
- may lead to permanent fork
Soft fork
- backwards compatible
- auxiliary data (possibly) in coinbase transaction
- unupgraded parties accept upgraded blocks but not vice versa
- generally believed as less dangerous
Consensus Protocol Update
Velvet fork
- backwards compatible
- protocol changes come as a recommendation
- e.g. auxiliary data in coinbase transaction
- unupgraded parties accept upgraded blocks and vice versa
- only a minority of miners needs to upgrade
magic!
Our Contributions
Superblocks under Velvet Fork
"Superblocks protocol can be deployed as-is under velvet fork"
Superblocks under Velvet Fork
Is there a way to attack?
False super-pointers could...
- not point to the most recent previous superblock
- point to a block of a fork chain
Superblocks under Velvet Fork
"Thorny" blocks
Is there a way to attack?
Superblocks under Velvet Fork
The Chainsewing Attack
cut-and-paste portions of the honest chain
Superblocks under Velvet Fork
A specific Chainsewing Attack
cut-and-paste portions of the honest chain
skip honest upgraded blocks of attacked level
Superblocks under Velvet Fork
The patch
honest miners ignore unupgraded and thorny blocks while updating the interlink
Superblocks under Velvet Fork
Combined Attack
Suppression & Chainsewing
Superblocks under Velvet Fork
Security
velvet honest majority assumption
Superblocks under Velvet Fork
Intuition
Superblocks under Velvet Fork
Security
simple chain quality does not suffice!
the adversary may attack only some superblocks...
FlyClient under Velvet Fork
Consensus rule update: MMR chain commitments
FlyClient under Velvet Fork
"FlyClient protocol can be deployed as-is under velvet fork"
Combined attack
Suppression & Chainsewing
Thank you!
Questions?
andriannapolyd@gmail.com
Copy of NIPoPoWs under Velvet Fork
By andrian
Copy of NIPoPoWs under Velvet Fork
- 312