Musings on the HashGraph Protocol: Its Security and Its Limitations

TL;DR

This paper provides a security proof for the HashGraph Protocol and introduces an adversarial strategy that demonstrates its potential to stall the protocol, highlighting both its strengths and limitations.

Contribution

It offers a rewritten security proof for HashGraph and reveals a novel attack strategy that can delay protocol commitment for exponential rounds.

Findings

Security proof aligns HashGraph with atomic broadcast standards

An adversarial attack can stall the protocol exponentially long

The attack confirms the exponential upper bound conjecture

Abstract

The HashGraph Protocol is a Byzantine fault tolerant atomic broadcast protocol. Its novel use of locally stored metadata allows parties to recover a consistent ordering of their log just by examining their local data, removing the need for a voting protocol. Our paper's first contribution is to present a rewritten proof of security for the HashGraph Protocol that follows the consistency and liveness paradigm used in the atomic broadcast literature. In our second contribution, we show a novel adversarial strategy that stalls the protocol from committing data to the log for an expected exponential number of rounds. This proves tight the exponential upper bound conjectured in the original paper. We believe that our proof of security will make it easier to compare HashGraph with other atomic broadcast protocols and to incorporate its ideas into new constructions. We also believe that our attack might inspire more research into similar attacks for other DAG-based atomic broadcast protocols.