BlackCoin Whitepaper

Tuesday, June 26, 2018
Download document
Save for later
Add to list

BlackCoin’s Proof-of-Stake Protocol v2 Pavel Vasin www.blackcoin.co Abstract—The current Proof of Stake protocol has several common definition. The initial distribution of the currency is potential security issues: coin age can be abused by malicious usually obtained through a period of PoW mining. nodes to gain significant network weight to perform a successful double spend. Additionally, due to coin age, honest nodes can abuse the system by staking only on a periodical basis. This A. Related work does not secure the network. Lastly: in the current system all The first PoS based currency was PeerCoin [3] which is components of a stake of proof are predictable enough to allow still in a period of PoW mining. Further development of the pre-computation of future proof-of-stakes. In this paper a system PeerCoin PoS protocol lead to NovaCoin [4] which uses a is proposed to solve said issues. hybrid PoS / PoW system. I. I NTRODUCTION BlackCoin is the first crypto currency that uses a pure PoS based protocol which is based on the development of the above Currently in the crypto currency community it is common described projects. understanding that Proof-of-Stake has yet to prove its security, economic value, and overall energy efficiency over time. III. S ECURITY I SSUES IN P O S BlackCoin was originally created as an experiment to prove that the concept of Proof-Of-Stake is valid; insisting it has real Besides the clear advantage of PoS over PoW as a method world applications in the future of crypto currencies. For the used to establish consensus on the network, there exist prob- past 120 days BlackCoin has proven to be a secure system for lems that have yet to be solved that can greatly improve the 15-20 million dollars market cap that the system currently network security. proudly maintains. As we expect the BlackCoin ecosystem to grow in the future, we want to ensure that the Proof-of- A. Coin Age Stake system is as secure as it can be. This is why we will be introducing PoS Protocol v2.0, also known as PoS 2.0. In In the PeerCoin protocol block generation is based on coin the future we will continue to expand and reinforce the new age which is a factor that increases the weight of unspent coins system to ensure that attack vectors get closed before they can linearly over time; the proof that has to be provided together be abused maliciously. with a new block and has to satisfy the following condition: This paper is organized as follows. Section II explains the benefits of the Proof-of-Stake concept. In Section III we proofhash < coins · age ·target (1) | {z } describe the flaws of the current implementation which are coin age then addressed in Section IV. Finally we give a summary in Section V. The proof hash corresponds to the hash of an obfuscation sum that depends on a stake modifier, the unspent output, and II. P ROOF - OF -S TAKE the current time. Consensus in a decentralized digital currency like Bitcoin With this system it is possible for an attacker to save up [1] is achieved by requiring generated blocks to contain a proof enough coin age to become the node with the highest weight that the node which generated the block solved a computational on the network. If the attack were to be malicious the attacker hard task. Unfortunately the concept of the Proof-of-Work could then fork the blockchain and perform a double-spend. (PoW) based system tends to lean towards eventual self- After this is done however, a second double-spend would destruction [2]. require the attacker to save up coin age again, as the stake resets when the block was generated. Proof-of-stake (PoS) aims to replace the way of achieving consensus in a distributed system; instead of solving the Proof- It is worth mentioning that this situation is highly improb- of-Work, the node which generates a block has to provide a able and that the incentive is questionable (saving enough coin proof that it has access to a certain amount of coins before age to be the highest weight on the network would either take being accepted by the network. Generating a block involves a lot of time or a lot of coins, and thus money, to make sending coins to oneself, which proves the ownership. The this happen. Next to that, performing such an attack would required amount of coins (also called target) is specified by probably devalue the system itself so it wouldn’t be profitable the network through a difficulty adjustment process similar to to do the attack in the long run.) PoW that ensures an approximate, constant block time. Another problem with coin age are greedy honest nodes. As in PoW, the block generation process will be rewarded These are nodes that have no malicious intent but they keep through transaction fees and a supply model specified by the their coins off the network and only stake every once in a underlying protocol; which can also be seen as interest rate by while to get their stake reward. The current system actually

encourages abusive behaviour of these nodes by keeping their Bitcoin node offline until it accumulates enough coin age to get the Past limit: median time of last 11 blocks reward in a short period of time and then shut down the node Future limit: +2 hours again. Granularity: 1 second Expected block time: 10 minutes B. Blockchain Precomputation and Long Range Attacks At the time of writing of this paper there is no known solu- Blackcoin (New rules) tion for secure timestamping in a largely distributed network. Past limit: time of last block The current block timestamp rules give an attacker a degree Future limit: +15 seconds of freedom in choosing the proof hash described in Eq. 1 and Granularity: 16 seconds therefore increase the probability of a successful attempt to Expected block time: 64 seconds fork from several blocks in the past. In addition, the current stake modifier doesn’t obfuscate the D. Hash Function hash function enough to prevent the attacker from precomput- ing future proofs. An individual who is seeking to maliciously The original NovaCoin protocol called for the use of attack the network would therefore be able to calculate the ”Scrypt” [5] as its Proof-Of-Work; also being used as the next interval for the future proof-of-stake solutions, allowing block hash. However there are some issues with that previous that individual to generate a few blocks in a row and execute implementation. Using Scrypt offers no real advantage to a malicious attack that could harm the network. Proof-Of-Stake; and is far slower than some alternatives. Since BlackCoin is no longer in PoW phase, the only major change would have to occur in the algorithm for determining the block IV. C HANGES IN THE P ROTOCOL hash. Therefore the block hash has been changed back to In the following we will describe the changes in the SHA256d. To reflect this the block version has been increased BlackCoin protocol that address the problems described in the to version 7. previous section. V. S UMMARY A. Taking the Coin Age out of the equation. The proposed changes are intended to improve security in The most secure way to perform a Proof of Stake system is BlackCoin’s PoS protocol and were made with optimization by having as many nodes online as possible. The more nodes in mind. With the new protocol possible attack vectors are that are staking, the less possibility for security issues like reduced to a minimum and the incentive to support the network 51% attacks, and the faster the actual network will perform by having a full node running continuously is clearly increased. transactions through these nodes. This will allow BlackCoin and PoS to continue to scale for mass adoption while plugging and mitigating potential risks. Thus, taking out the coin age will require all nodes to be online more to get their stake reward. Saving up coin age is no longer a possibility with the new system that calculates the VI. ACKNOWLEDGEMENTS chance of staking as follows: Many thanks to Rob ’Soepkip’ Schins, Maarten Visser, Steven ’McKie’ McKie, and Patrick Doetsch for helping out proofhash < coins · target (2) with the write up of the protocol v2 changes. Note that the system in Eq. 2 will not change the actual R EFERENCES stake reward. [1] Satoshi Nakamoto. Bitcoin: A peer-to-peer electronic cash system. bitcoin.org, 2008. B. Changing the Stake Modifier [2] Nicolas T. Courtois. On the longest chain rule and programmed self- destruction of crypto currencies, 2014. In order to mitigate the possibility of the pre-computation [3] Sunny King and Scott Nadal. Ppcoin: Peer-to-peer crypto-currency with attack, the stake modifier will be changed at every modifier proof-of-stake. peercoin.net, 2013. interval – to better obfuscate any calculations that would be [4] NovaCoin. http://coinwiki.info/en/novacoin. made to pinpoint the time for the next proof-of-stake. [5] Scrypt proof of work. https://en.bitcoin.it/wiki/scrypt proof of work. C. Block Timestamp Rules Appropriate changes have been made to the block times- tamps to work more efficiently with PoS. The expected block time was increased from original 60 seconds to match the granularity. Note that it is assumed that nodes have an external source of time, and if the internal time of a node deviates too much from the general consensus then there is a high prob- ability that blocks generated by this node will get orphaned. The proposed changes below outline the modifications to the block timestamp rules.