Abstract
The permissionless clock synchronization problem asks how it is possible for a population of parties to maintain a system-wide synchronized clock, while their participation rate fluctuates—possibly very widely—over time. The underlying assumption is that parties experience the passage of time with roughly the same speed, but however they may disengage and engage with the protocol following arbitrary (and even chosen adversarially) participation patterns. This (classical) problem has received renewed attention due to the advent of blockchain protocols, and recently it has been solved in the setting of proof of stake, i.e., when parties are assumed to have access to a trusted PKI setup [Badertscher et al., Eurocrypt ’21].
In this work, we present the first proof-of-work (PoW)-based permissionless clock synchronization protocol. Our construction assumes a public setup (e.g., a CRS) and relies on an honest majority of computational power that, for the first time, is described in a fine-grain timing model that does not utilize a global clock that exports the current time to all parties. As a secondary result of independent interest, our protocol gives rise to the first PoW-based ledger consensus protocol that does not rely on an external clock for the time-stamping of transactions and adjustment of the PoW difficulty.
J. Garay—Research supported by NSF grants no. 2001082 and 2055694.
Y. Shen—Work supported by Input Output – IOHK through their funding of the Edinburgh Blockchain Technology Lab.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We note that the problem of joining parties in the context of clock synchronization was considered, but only conditionally on the new party agreed upon and approved by a sufficient number of participants; see [16].
- 2.
The protocol implements such clock by having nodes querying other nodes in the network and possibly seeking user input—it has no way of deriving a clock from the protocol operation itself. See [12] for more details.
- 3.
A function \(f:\mathbb {R}\rightarrow \mathbb {R}\) is within a (U, L)-linear envelope if and only if it holds that \(L\cdot x \le f(x)\le U \cdot x\), for all x.
- 4.
As such, our clock functionality is a more natural model of the real world compared to [3]’s, as it allows \(\mathcal {A}\) to manipulate the clock in both directions, backward, and forward; in [3], only forward manipulation is allowed. Nonetheless, this does not result in a more powerful adversary.
- 5.
In Bitcoin’s original implementation, miners will adjust their time based on three different sources: (1) their local system clock; (2) the median of clock values from peers; (3) the human operator (if the first two disagrees).
- 6.
The first interval in particular lies between the beginning of the execution and the first time parties adjust their clock.
- 7.
We will adopt the same target for simplicity. Indeed, maintaining a constant ratio between the difficulty level of blocks and that of beacons will work.
- 8.
Beacons generated in previous intervals are stale in that \(\textsf{P}\) has already passed the synchronization point associated with these beacons, and they will never be used in the future. We list them for completeness.
- 9.
If \(\textsf{P}\) passes multiple local rounds in nominal round \(r\), we require that all of these timestamps should satisfy the predicate.
- 10.
While most of the previous work considers common prefix in terms of number of blocks, we note that these two definitions are equivalent. This is due to the fact that if the protocol guarantees security, then the block generation rate is somewhat steady (cf. [11]) and thus the number of blocks generated during a period of time can be inferred from its length and the highest mining speed.
References
Abraham, I., Devadas, S., Dolev, D., Nayak, K., Ren, L.: Synchronous Byzantine agreement with expected O(1) rounds, expected \(O(n^2)\) communication, and optimal resilience. In: Goldberg, I., Moore, T. (eds.) FC 2019. LNCS, vol. 11598, pp. 320–334. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32101-7_20
Badertscher, C., Gaži, P., Kiayias, A., Russell, A., Zikas, V.: Ouroboros genesis: composable proof-of-stake blockchains with dynamic availability. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 913–930. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3243734.3243848
Badertscher, C., Gaži, P., Kiayias, A., Russell, A., Zikas, V.: Dynamic ad hoc clock synchronization. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12698, pp. 399–428. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77883-5_14
Badertscher, C., Maurer, U., Tschudi, D., Zikas, V.: Bitcoin as a transaction ledger: a composable treatment. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 324–356. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_11
Bagaria, V., Kannan, S., Tse, D., Fanti, G., Viswanath, P.: Prism: deconstructing the blockchain to approach physical limits. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, CCS 2019, pp. 585–602. Association for Computing Machinery, New York (2019). https://doi.org/10.1145/3319535.3363213
Bahack, L.: Theoretical bitcoin attacks with less than half of the computational power (draft). Cryptology ePrint Archive, Report 2013/868 (2013). https://ia.cr/2013/868
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: 42nd Annual Symposium on Foundations of Computer Science, FOCS 2001, 14–17 October 2001, Las Vegas, Nevada, USA, pp. 136–145. IEEE Computer Society (2001). https://doi.org/10.1109/SFCS.2001.959888
Dolev, D., Halpern, J.Y., Strong, H.R.: On the possibility and impossibility of achieving clock synchronization. J. Comput. Syst. Sci. 32(2), 230–250 (1986). https://doi.org/10.1016/0022-0000(86)90028-0
Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988). https://doi.org/10.1145/42282.42283
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol with chains of variable difficulty. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 291–323. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_10
Garay, J., Kiayias, A., Leonardos, N.: Full analysis of Nakamoto consensus in bounded-delay networks. Cryptology ePrint Archive, Report 2020/277 (2020). https://ia.cr/2020/277
Garay, J., Kiayias, A., Ostrovsky, R.M., Panagiotakos, G., Zikas, V.: Resource-restricted cryptography: revisiting MPC bounds in the proof-of-work era. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 129–158. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_5
Garay, J., Kiayias, A., Shen, Y.: Permissionless clock synchronization with public setup. Cryptology ePrint Archive, Report 2022/1220 (2022). https://eprint.iacr.org/2022/1220
Garay, J., Kiayias, A.: SoK: a consensus taxonomy in the blockchain era. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 284–318. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_13
Halpern, J.Y., Simons, B., Strong, R., Dolev, D.: Fault-tolerant clock synchronization. In: Proceedings of the Third Annual ACM Symposium on Principles of Distributed Computing, PODC 1984, pp. 89–102. Association for Computing Machinery, New York (1984). https://doi.org/10.1145/800222.806739
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. Commun. ACM 21(7), 558–565 (1978). https://doi.org/10.1145/359545.359563
Lamport, L., Melliar-Smith, P.M.: Byzantine clock synchronization. In: Proceedings of the Third Annual ACM Symposium on Principles of Distributed Computing, PODC 1984, pp. 68–74. Association for Computing Machinery, New York (1984). https://doi.org/10.1145/800222.806737
Lenzen, C., Loss, J.: Optimal clock synchronization with signatures. In: Proceedings of the 2022 ACM Symposium on Principles of Distributed Computing, PODC 2022, pp. 440–449. Association for Computing Machinery, New York (2022). https://doi.org/10.1145/3519270.3538444
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008). http://bitcoin.org/bitcoin.pdf
Pass, R., Seeman, L., Shelat, A.: Analysis of the blockchain protocol in asynchronous networks. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017, Part II. LNCS, vol. 10211, pp. 643–673. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_22
Pass, R., Shi, E.: Fruitchains: a fair blockchain. In: Proceedings of the ACM Symposium on Principles of Distributed Computing, PODC 2017, pp. 315–324. Association for Computing Machinery, New York (2017). https://doi.org/10.1145/3087801.3087809
Pass, R., Shi, E.: Rethinking large-scale consensus. In: 30th IEEE Computer Security Foundations Symposium, CSF 2017, Santa Barbara, CA, USA, 21–25 August 2017, pp. 115–129. IEEE Computer Society (2017). https://doi.org/10.1109/CSF.2017.37
Srikanth, T.K., Toueg, S.: Optimal clock synchronization. J. ACM 34(3), 626–645 (1987). https://doi.org/10.1145/28869.28876
Welch, J.L., Lynch, N.: A new fault-tolerant algorithm for clock synchronization. Inf. Comput. 77(1), 1–36 (1988)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Glossary
A Glossary
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Garay, J., Kiayias, A., Shen, Y. (2022). Permissionless Clock Synchronization with Public Setup. In: Kiltz, E., Vaikuntanathan, V. (eds) Theory of Cryptography. TCC 2022. Lecture Notes in Computer Science, vol 13749. Springer, Cham. https://doi.org/10.1007/978-3-031-22368-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-031-22368-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-22367-9
Online ISBN: 978-3-031-22368-6
eBook Packages: Computer ScienceComputer Science (R0)