Understanding BlockDAGs and GHOSTDAG
  • Welcome!
  • Preface
  • Introduction
  • Part 1: BlockChains and BlockDAGs
    • Introduction
    • Chapter 1: From BFT to PoW
      • Byzantine Fault Tolerance
      • Proof-of-Work (PoW)
      • How PoW Works*
      • PoS Vs. PoW
      • Exercises
    • Chapter 2: the Block Chain Paradigm
      • A Graph Theory Primer
      • The Paradigm
      • Honesty and Rationality
      • Three Chain Selection Rules
      • Security Notions
      • Selfish Mining in Bitcoin
      • Safety
      • Liveness
      • Confirmation Times
      • Proving Bitcoin's Security*
      • Exercises
  • Part 2: The GHOSTDAG Protocol
    • Page 2
  • Supplementary Material
    • Math
      • Stuff You Should Know
        • Asymptotics, Growth, and Decay
        • Binomial Coefficients
        • The Binomial Formula
        • Geometric Sums and Series
      • Probability Theory
        • Probability Spaces
        • Random Variables
        • The Math of Block Creation
    • Computer Science
      • Stuff you Should Know
        • Asymptotic Notation
        • Negligible Functions
      • Cryptography
        • Random Oracles
        • Merkle Trees
        • One Time Pads
Powered by GitBook
On this page
  1. Part 1: BlockChains and BlockDAGs

Chapter 2: the Block Chain Paradigm

PreviousExercisesNextA Graph Theory Primer

Last updated 14 days ago

Your mental image of Bitcoin is probably along these lines: miners discover blocks, either by hearing about them from their peers or by creating them. Whenever a miner discovers a block, they broadcast it to their peers and start mining over it. If two competing blocks are created, the miner keeps mining above the block they heard about first, unless the chain above the other block becomes longer, in which case they switch.

If you don't have a mental image of Bitcoin, and don't feel like unpacking this condensed description, I recommend this video:

This description is not unreasonable, but it is rather clunky. It requires telling this story about entities, and take into consideration complex ideas like time. It also has a gaping hole: why should miners follow the rules at all? What justifies this assumption?

If you try to write a similar description for how a different protocol, say GHOST, works, you will find that, annoyingly enough, the description will be exactly the same except this fragment of a sentence: "...unless the chain above the other block becomes longer...".

The only thing different between the Bitcoin protocol, the GHOST protocol, or any other block chain protocol, is the way they handle conflicts. The idea of the block chain paradigm is to make the tie breaking rule abstract, but the rest concrete. The block chain paradigm capitalizes on this observation. It provides a chassis to fit different chain selection rules into, and tools to quantify how well these chain selection rules achieve certain properties.

The abstract approach has many advantages:

  • It draws a line between general properties of block chains, and properties unique to a specific block chain,

  • It allows us to define notions of security without appealing to a particular protocol or construction, we could then use these definitions to reason about any block chain, and

  • It is readily generalizable, setting the ground for exploring the blockDAG paradigm in the next chapter.

Once we understand what a chain selection rule is, we provide definitions and framework to reason about their security. In particular, we will talk about safety, liveness, and transaction finality (a.k.a. confirmation times). But before that, we will spend a bit of time pontification on what security even means.

Having built our understanding of the security of block chains in the abstract, we finally introduce the heaviest chain and GHOST rules, and discuss their security informally.

At this point the reader might garner some confidence in their understanding of security. This is definitely a problem. We fix that problem by discussing selfish mining, a (then) unexpected attack vector on Bitcoin that shows that no matter how solid you think your understanding of security is, there could always be attack vectors that are not prohibited by the definition, and still have undesirable consequences. Hopefully, this should instill some humility into the reader, that they will pass along to anyone who claims this or that idea is "secure" without having done their due diligence.

We conclude the chapter with a somewhat detailed sketch of the security proof of Bitcoin. This section is a bit more heavy on the math, but also completely skippable.