Everything is a Race and Nakamoto Always Wins

TL;DR

This paper demonstrates that the worst-case attack for various longest chain protocols, including Proof-of-Work, Proof-of-Stake, and Proof-of-Space, is a race between adversaries and honest nodes, providing a unified security analysis.

Contribution

It introduces a unified method to analyze the security of different longest chain protocols by reducing attacks to a race scenario, and characterizes maximum adversary power for each protocol.

Findings

Longest chain attack is the worst attack across protocols.

Maximum tolerable adversary power depends on block time and network delay.

Unified analysis applies to Proof-of-Work, Proof-of-Stake, and Proof-of-Space protocols.

Abstract

Nakamoto invented the longest chain protocol, and claimed its security by analyzing the private double-spend attack, a race between the adversary and the honest nodes to grow a longer chain. But is it the worst attack? We answer the question in the affirmative for three classes of longest chain protocols, designed for different consensus models: 1) Nakamoto's original Proof-of-Work protocol; 2) Ouroboros and SnowWhite Proof-of-Stake protocols; 3) Chia Proof-of-Space protocol. As a consequence, exact characterization of the maximum tolerable adversary power is obtained for each protocol as a function of the average block time normalized by the network delay. The security analysis of these protocols is performed in a unified manner by a novel method of reducing all attacks to a race between the adversary and the honest nodes.