-
Everything is a Race and Nakamoto Always Wins
Authors:
Amir Dembo,
Sreeram Kannan,
Ertem Nusret Tas,
David Tse,
Pramod Viswanath,
Xuechao Wang,
Ofer Zeitouni
Abstract:
Nakamoto invented the longest chain protocol, and claimed its security by analyzing the private double-spend attack, a race between the adversary and the honest nodes to grow a longer chain. But is it the worst attack? We answer the question in the affirmative for three classes of longest chain protocols, designed for different consensus models: 1) Nakamoto's original Proof-of-Work protocol; 2) Ou…
▽ More
Nakamoto invented the longest chain protocol, and claimed its security by analyzing the private double-spend attack, a race between the adversary and the honest nodes to grow a longer chain. But is it the worst attack? We answer the question in the affirmative for three classes of longest chain protocols, designed for different consensus models: 1) Nakamoto's original Proof-of-Work protocol; 2) Ouroboros and SnowWhite Proof-of-Stake protocols; 3) Chia Proof-of-Space protocol. As a consequence, exact characterization of the maximum tolerable adversary power is obtained for each protocol as a function of the average block time normalized by the network delay. The security analysis of these protocols is performed in a unified manner by a novel method of reducing all attacks to a race between the adversary and the honest nodes.
△ Less
Submitted 30 August, 2020; v1 submitted 21 May, 2020;
originally announced May 2020.
-
Proof-of-Stake Longest Chain Protocols: Security vs Predictability
Authors:
Vivek Bagaria,
Amir Dembo,
Sreeram Kannan,
Sewoong Oh,
David Tse,
Pramod Viswanath,
Xuechao Wang,
Ofer Zeitouni
Abstract:
The Nakamoto longest chain protocol is remarkably simple and has been proven to provide security against any adversary with less than 50% of the total hashing power. Proof-of-stake (PoS) protocols are an energy efficient alternative; however existing protocols adopting Nakamoto's longest chain design achieve provable security only by allowing long-term predictability (which have serious security i…
▽ More
The Nakamoto longest chain protocol is remarkably simple and has been proven to provide security against any adversary with less than 50% of the total hashing power. Proof-of-stake (PoS) protocols are an energy efficient alternative; however existing protocols adopting Nakamoto's longest chain design achieve provable security only by allowing long-term predictability (which have serious security implications). In this paper, we prove that a natural longest chain PoS protocol with similar predictability as Nakamoto's PoW protocol can achieve security against any adversary with less than 1/(1+e) fraction of the total stake. Moreover we propose a new family of longest chain PoS protocols that achieve security against a 50% adversary, while only requiring short-term predictability. Our proofs present a new approach to analyzing the formal security of blockchains, based on a notion of adversary-proof convergence.
△ Less
Submitted 22 February, 2020; v1 submitted 5 October, 2019;
originally announced October 2019.
-
Extremal Cuts of Sparse Random Graphs
Authors:
Amir Dembo,
Andrea Montanari,
Subhabrata Sen
Abstract:
For Erdős-Rényi random graphs with average degree $γ$, and uniformly random $γ$-regular graph on $n$ vertices, we prove that with high probability the size of both the Max-Cut and maximum bisection are $n\Big(\fracγ{4} + {\sf P}_* \sqrt{\fracγ{4}} + o(\sqrtγ)\Big) + o(n)$ while the size of the minimum bisection is $n\Big(\fracγ{4}-{\sf P}_*\sqrt{\fracγ{4}} + o(\sqrtγ)\Big) + o(n)$. Our derivation…
▽ More
For Erdős-Rényi random graphs with average degree $γ$, and uniformly random $γ$-regular graph on $n$ vertices, we prove that with high probability the size of both the Max-Cut and maximum bisection are $n\Big(\fracγ{4} + {\sf P}_* \sqrt{\fracγ{4}} + o(\sqrtγ)\Big) + o(n)$ while the size of the minimum bisection is $n\Big(\fracγ{4}-{\sf P}_*\sqrt{\fracγ{4}} + o(\sqrtγ)\Big) + o(n)$. Our derivation relates the free energy of the anti-ferromagnetic Ising model on such graphs to that of the Sherrington-Kirkpatrick model, with ${\sf P}_* \approx 0.7632$ standing for the ground state energy of the latter, expressed analytically via Parisi's formula.
△ Less
Submitted 5 May, 2015; v1 submitted 12 March, 2015;
originally announced March 2015.
-
Factor models on locally tree-like graphs
Authors:
Amir Dembo,
Andrea Montanari,
Nike Sun
Abstract:
We consider homogeneous factor models on uniformly sparse graph sequences converging locally to a (unimodular) random tree $T$, and study the existence of the free energy density $φ$, the limit of the log-partition function divided by the number of vertices $n$ as $n$ tends to infinity. We provide a new interpolation scheme and use it to prove existence of, and to explicitly compute, the quantity…
▽ More
We consider homogeneous factor models on uniformly sparse graph sequences converging locally to a (unimodular) random tree $T$, and study the existence of the free energy density $φ$, the limit of the log-partition function divided by the number of vertices $n$ as $n$ tends to infinity. We provide a new interpolation scheme and use it to prove existence of, and to explicitly compute, the quantity $φ$ subject to uniqueness of a relevant Gibbs measure for the factor model on $T$. By way of example we compute $φ$ for the independent set (or hard-core) model at low fugacity, for the ferromagnetic Ising model at all parameter values, and for the ferromagnetic Potts model with both weak enough and strong enough interactions. Even beyond uniqueness regimes our interpolation provides useful explicit bounds on $φ$. In the regimes in which we establish existence of the limit, we show that it coincides with the Bethe free energy functional evaluated at a suitable fixed point of the belief propagation (Bethe) recursions on $T$. In the special case that $T$ has a Galton-Watson law, this formula coincides with the nonrigorous "Bethe prediction" obtained by statistical physicists using the "replica" or "cavity" methods. Thus our work is a rigorous generalization of these heuristic calculations to the broader class of sparse graph sequences converging locally to trees. We also provide a variational characterization for the Bethe prediction in this general setting, which is of independent interest.
△ Less
Submitted 16 December, 2013; v1 submitted 21 October, 2011;
originally announced October 2011.
-
Source Coding, Large Deviations, and Approximate Pattern Matching
Authors:
A. Dembo,
I. Kontoyiannis
Abstract:
We present a development of parts of rate-distortion theory and pattern- matching algorithms for lossy data compression, centered around a lossy version of the Asymptotic Equipartition Property (AEP). This treatment closely parallels the corresponding development in lossless compression, a point of view that was advanced in an important paper of Wyner and Ziv in 1989. In the lossless case we rev…
▽ More
We present a development of parts of rate-distortion theory and pattern- matching algorithms for lossy data compression, centered around a lossy version of the Asymptotic Equipartition Property (AEP). This treatment closely parallels the corresponding development in lossless compression, a point of view that was advanced in an important paper of Wyner and Ziv in 1989. In the lossless case we review how the AEP underlies the analysis of the Lempel-Ziv algorithm by viewing it as a random code and reducing it to the idealized Shannon code. This also provides information about the redundancy of the Lempel-Ziv algorithm and about the asymptotic behavior of several relevant quantities. In the lossy case we give various versions of the statement of the generalized AEP and we outline the general methodology of its proof via large deviations. Its relationship with Barron's generalized AEP is also discussed. The lossy AEP is applied to: (i) prove strengthened versions of Shannon's source coding theorem and universal coding theorems; (ii) characterize the performance of mismatched codebooks; (iii) analyze the performance of pattern- matching algorithms for lossy compression; (iv) determine the first order asymptotics of waiting times (with distortion) between stationary processes; (v) characterize the best achievable rate of weighted codebooks as an optimal sphere-covering exponent. We then present a refinement to the lossy AEP and use it to: (i) prove second order coding theorems; (ii) characterize which sources are easier to compress; (iii) determine the second order asymptotics of waiting times; (iv) determine the precise asymptotic behavior of longest match-lengths. Extensions to random fields are also given.
△ Less
Submitted 1 March, 2001;
originally announced March 2001.
-
Critical Behavior in Lossy Source Coding
Authors:
Amir Dembo,
Ioannis Kontoyiannis
Abstract:
The following critical phenomenon was recently discovered. When a memoryless source is compressed using a variable-length fixed-distortion code, the fastest convergence rate of the (pointwise) compression ratio to the optimal $R(D)$ bits/symbol is either $O(\sqrt{n})$ or $O(\log n)$. We show it is always $O(\sqrt{n})$, except for discrete, uniformly distributed sources.
The following critical phenomenon was recently discovered. When a memoryless source is compressed using a variable-length fixed-distortion code, the fastest convergence rate of the (pointwise) compression ratio to the optimal $R(D)$ bits/symbol is either $O(\sqrt{n})$ or $O(\log n)$. We show it is always $O(\sqrt{n})$, except for discrete, uniformly distributed sources.
△ Less
Submitted 1 September, 2000;
originally announced September 2000.