Question introduction: How safe is Bitcoin at high throughput?
In order to ensure its security, Bitcoin adopts the longest chain rule and fixes the block size and block generation interval, resulting in its low throughput (<10Tps) and long block confirmation interval (6 blocks, each Each block takes an average of 10 minutes), which has been criticized for a long time, which has affected the large-scale use of the Bitcoin network.
At the beginning, people thought about increasing the throughput by increasing the block size (1M->4M) and reducing the block interval on the rule of Bitcoin’s longest chain, but this brought three big problem:
- Constant bifurcation ! Forking means that the security is reduced, and it is easy to cause double-flower attacks.
- Block rewards are affected by network delays : The block rewards of the entire network are not only related to computing power, but nodes with lower network delays are more likely to receive block rewards.
- Vulnerable to selfish mining attacks : malicious nodes do not publish after generating blocks until they are found to be longer than the main chain
The following figure illustrates that in a network with a small block generation interval (block generation rate is greater than the block propagation delay), the blockchain network is highly forked, at which time an attacker can secretly create 6 blocks (by red The dotted line marks), thus exceeding the scene of the main chain.
So, researchers began to think, how to ensure high throughput while also ensuring security?
In 2015, Israeli scholars Yonatan Sompolinsky and Aviv Zohar proposed a T he Greedy Heaviest-Observed Sub-Tree (GHOST) greedy heaviest observable subtree algorithm to solve this problem.
Paper link: Consensus algorithm related paper: Secure High-Rate Transaction Processing in Bitcoin 1
So how does GHOST do it?
The idea of GHOST is very simple. It changes the rules of Bitcoin’s longest chain and selects the fork node with the heaviest subtree each time it forks . For example (refer to the above picture), when the branch is 1B and 1A at 0, the sub-tree of 1A (it performs selfish mining) has 6 blocks (including 1A block), and the sub-tree of 1B has 12 blocks , 12>6, so choose 1B as the main chain block. This alleviates the problems caused by the fork, making the main chain continue to grow backwards.
In other words, the blocks outside the main chain are also included in the calculation power. The specific algorithm is as follows, input the entire tree structure of the blockchain, and output the final block B of the final main chain:
The algorithm starts from the Genesis block and selects the heaviest subtree each time it branches, until the main chain order is determined. Still taking the example in the picture, the final selected main chain is 0, 1B, 2C, 3D, 4B .
Can GHOST guarantee the unique main chain ? How is his security relative to Bitcoin ? What about the impact of the GHOST algorithm on throughput ? This involves the characteristics of GHOST.
GHOST features
1. Convergence characteristics : any block, after a long enough time, will eventually be completely discarded or adopted by the main chain. That is, after a long enough time, the main chain of any node will be the same .
2. Resist 51% attack : within a limited time, the probability that an attacker will be arbitrarily in block B of the main chain and be replaced off-chain is close to zero.
3. Throughput and security : As shown in the figure below, as the block generation speed λ (number of blocks generated per second) increases, the throughput of GHOST has not decreased much compared to the longest chain Longest Chain rule, and the security has not Any decline, but the security of the longest chain decreases exponentially
Front road
GHOST has improved TPS on the premise of ensuring security, so is it possible to further improve?
At the same time, because the non-main chain blocks are discarded, only the main chain blocks have block rewards. Such an incentive mechanism will cause miners to be unwilling to contribute computing power. How can this be solved?