R3 CTO Richard Brown recently published an interesting article. Among other issues, the story states explicitly permissionless blockchains have probabilistic confirmation of transactions. We want to clarify several parts of this problematic statement by describing how Concordium solves some of the challenges for Permissionless Blockchains.
Transactions confirmation are not probabilistic
Richard Brown claims that permissionless blockchains inherently only have probabilistic confirmation of transactions. To discuss this statement, it is essential first to understand what it exactly means. Taking Bitcoin as an example, the general rule there is to accept a transaction as soon as it is in a block that is six blocks deep in the chain. Bitcoin is supposed to be secure as long as less than 50% of the computing power is corrupted. If we are close to this limit and an attacker controls almost 50%, that attacker can win 7 blocks in a row with probability almost (1/2)^7 = 1/128. If that happens, the attacker can create a fork of the chain to exclude the previous 6 blocks and thereby invalidate the transaction. Hence, there is some probability (almost 1% in this case) that the confirmed transaction gets unconfirmed. In fact, winning seven blocks in a row is not the only option for the attacker, and several research papers are bounding the precise probabilities in different settings, but let's stick with the pure numbers for the purpose of this discussion.
We can now ask the question of whether this probabilistic nature applies to all permissionless blockchains. An important observation is that all systems based on cryptography are only probabilistic in some sense. For example, if digital signatures are used to sign transactions, an attacker can steal your money if they can forge a signature. Signatures should be unforgeable when a good signature scheme is used. But note that this does not mean it is impossible to forge a signature: A straightforward attack is that the attacker tries a random secret key and hopes that it matches your key. If it matches, the attacker can forge signatures easily. If your key has 256 bits, the probability that a random key equals yours is (1/2)^256. This probability is so incredibly small that people assume it never happens and thus they just say signatures are unforgeable (instead of probabilistically unforgeable). Going back to Bitcoin, one could easily modify the confirmation rule to wait for 256 blocks instead of 6 blocks. In that case, the failure probability would be smaller than the probability of guessing a random key. For that kind of system, it would thus be fair to say it has true finality.
The reason people only wait for six blocks instead of 256 is that it already takes 1 hour to wait for six blocks in Bitcoin. So they are trading security for speed. The real problem is thus not to remove the probabilistic nature, but to get finality faster.
For that purpose, Concordium has developed a finality layer that marks blocks as final much faster and, at the same time, offers a high-level of security. Led by Professor Jesper Buus Nielsen of the Concordium Blockchain Research Center Aarhus (COBRA) Concordium has created Afgjort (pronounced ow-gui-ort). This new finality layer ensures that blocks become quickly finalized with 100% certainty. Named after the Danish expression for "agreed upon", Afgjort [DMM+19] has been proven secure, meaning that there is a mathematical proof that Afgjort achieves the aspired finality guarantees.
Afgjort is executed by a subset of the nodes (the "committee"). This committee is currently selected based on their GTU-stake to ensure that those participants with the most stake participate in the finalization. Note that the chain is permissionless and everyone may run a node and hence participate in Afgjort as long as the selection criteria are met. A block is then declared finalized when a set of finalizers with sufficiently high, total stake votes for the block in the BA protocol. Thus finalization can be executed without knowing the total number of finalizers and who they are.
Moreover, this finality layer can be added on top of any blockchain protocol that meets the basic blockchain properties similar to those of Bitcoin [GKL15]. Afgjort is also compatible with efficient Proof-of-Stake (PoS) based blockchain protocols such as Ouroboros Praos [DGKR18], adding strong finalization guarantees and improved performance to these protocols so that they can serve as a solid basis for the Concordium blockchain.
Finality as a Service (FaaS)
It is unquestionably a significant challenge to engineer a high assurance implementation of a finality layer such as Afgjort and execute it over a blockchain protocol with a wide enough user base (and a proper stake distribution) guaranteeing that less than one-third of the committee is malicious.
While Concordium's engineering team is tackling this challenge, our researchers are already hard at work on one of the most innovative features of the Concordium blockchain: Finality as a Service (FaaS). Concordium's FaaS will make strong finality guarantees accessible to third party decentralized applications without the need for their users (or operators) to execute Afgjort.
Concordium's FaaS will allow third-party applications to submit data to be finalized by Afgjort running on Concordium's blockchain. For example, a third-party blockchain protocol can submit block hashes to have its blocks finalized by Concordium's FaaS.
As Richard Brown said, "the potential of blockchain to solve real problems in the enterprise, especially problems between businesses, is immense." Limiting this potential to the permissioned version of this technology could be inefficient from a pure business point of view, and when it comes to finality, it is simply inaccurate.
Needs are various; solutions are too, and, as always, it is crucial to find the right solution to the problem at hand. We invite users in general and business owners in particular to find the right match for their requirements by exploring the permissionless landscape.
[GKL15] The Bitcoin Backbone Protocol: Analysis and Applications. Juan A. Garay, Aggelos Kiayias, Nikos Leonardos. EUROCRYPT 2015.
[DGKR18] Ouroboros Praos: An Adaptively-Secure, Semi-synchronous Proof-of-Stake Blockchain. Bernardo David, Peter Gazi, Aggelos Kiayias, Alexander Russell. EUROCRYPT 2018.
[DMM+19] Afgjort: A Partially Synchronous Finality Layer for Blockchains. Thomas Dinsdale-Young, Bernardo Magri, Christian Matt, Jesper Buus Nielsen, Daniel Tschudi. https://eprint.iacr.org/2019/504
The views and opinions expressed in this article are those of the contributor and do not necessarily reflect the view of Blockchain. News. Investors should be well aware of the volatility of cryptocurrencies and conduct their own research before making investment decisions.