ebook img

Interactive Proof-of-stake PDF

0.16 MB·
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Interactive Proof-of-stake

Interactive Proof-of-stake AlexanderChepurnoy Abstract The paper examines decentralized cryptocurrency protocols that are based on the use of internal tokens as identity 6 tools. AnanalysisofsecurityproblemswithpopularProof-of-stakeconsensusprotocolsisprovided. Anewprotocol, 1 0 InteractiveProof-of-stake,isproposed.Themainideasoftheprotocolaretoreduceanumberofvariablesaminercan 2 iterateovertoaminimumandalsotobringacommunicationintoblockgeneration. Theprotocolischeckedagainst n a knownattacks. ItisshownthatInteractiveProof-of-stakeismoresecurethancurrentpureProof-of-stakeprotocols. J 1 Keywords: Cryptocurrency,Blockchainconsensusprotocols,Proof-of-stake,Peer-to-peernetworks 1 ] 1. Introduction Thentheconceptwasdevelopedintoseveralvariations R C havingsimilarproblemswiththeirsecuritymodels. . The core feature of Bitcoin is is the ability of s NeuCoin[6] and Nxt are the Proof-of-stake protocol c every network participant who contributes computa- [ examplesconsideredbelow. 2 tional resources to participate in a shared ledger cre- v ation process. A few years after the Nakamoto’s 5 1.1. NeuCoin 7 paper[1] described Proof-of-work and private fork at- 2 0 tack,someformalmodelswithcomprehensiveanalysis Neucoin uses the same transactional model as Bit- 0 . werepublished[2,3]. coin,withatransactionhavingmultipleinputsandout- 1 0 InaProof-of-worksystemparticipantssolvemoder- puts. Anunspentoutputholderhasarighttogeneratea 6 1 ately hard computational puzzles[3] to generate valid blockifhash(k)(cid:54)g∗vo∗δwheregisthetargetvalue : v blocks. Theprobabilityofgenerationisproportionalto readjusted on each block and stored in a block header, i X theircomputationalpower(withsomeexceptions[4,2]). vo is the unspent output value, and δ is the amount of r a Thepuzzlescouldbeviewedasidentitytoolsthatpre- timesincethecoinsweretouched. Thekernelkis: vent Sybil attacks in an anonymous environment. An alternative idea behind Proof-of-stake protocols uses k=t∪t ∪n ∪i ∪t ∪s (1) utxo utxo o block internal tokens of a cryptocurrency as identity tools. Intheformulafork,tisthecurrenttimestamp,t is Proof-of-stake was first implemented in PeerCoin[5]. utxo atimestampoftheoutput,n isanindexoftheoutput utxo initstransaction,i isanindexoftheoutputinitsblock, Emailaddress:[email protected](Alexander o Chepurnoy) tblockisatimestampofablockcontaininganoutput,and PreprintsubmittedtoLedgerJournal January12,2016 s is the stake modifier, a 64-bit string seeded from the 1.3. WhyProof-of-stakeMatters blockchain. Thereareseveralreasonstosearchforprotocolsbe- yondthewell-knownBitcoinconsensusprotocols.First 1.2. Nxt of all, Proof-of-stake provides an incentive to run a NxthasadifferenttransactionalmodelthanBitcoin, full-node[7]. Second, a new cryptocurrency using a with dedicated accounts holding balances. Accounts Proof-of-work consensus protocol could be destroyed are allowed to generate a block if the hit, an unsigned by Goldfinger attack[8]. Proof-of-work could also be numberconstructedfrom256-bitgenerationsignature, infeasible for private blockchains. While traditional islessthanthetarget: Byzantine Agreements[9] could work well for a net- works consisting of a few banks, Proof-of-stake seems f8bu(g)<t∗b∗δ (2) to be more suitable for large private blockchains with unequalgenerationrights. where f return the first 8 bytes of a byte array as 8bu an unsigned number, t is the base target of a previous 1.4. StructureofthePaper block, b is the account balance N blocks ago, and δ is Section 2 describes some problems with existing thedelayinsincethelastblock. Proof-of-stake consensus protocols. An alternative The generation signature in the formula above is a stake-based protocol, the Interactive Proof-of-stake, is deterministic value that depends on the value used to proposedinSection3. Thenovelapproachisdiscussed generatethepreviousblockg andtheaccount’spub- prev inSection4. lickeyk : pub g=hash(g ∪k ) prev pub 2. OpenProblemsWithExistingProof-of-stakeIm- Thebasetargetalsochangesbetweenblocks. Asthe plementations desirable delay between blocks is T seconds, the new base target can be calculated from the base target of a ManyattacksagainstProof-of-stakeconsensusproto- previousblockt : colshavebeenproposed. Followinglisthasbeencom- prev t=max(min(tprev∗δ,t ∗2),tprev) piledbasedonpapers[10,7],internetresources[11,12, T prev 2 Everyblockheadercontainsagenerationsignatureg 13]andprivateconversations. and a base target t. Cumulative difficulty d is used to c 1. GrindingAttacks determinethebestblockchain,withlargervaluescorre- Iterationsoversomeoftheparametersintheformu- spondingtobetterchains: lasgiveninSections1.1and1.2createthepossibil- (cid:88)1 ity for several attacks. In particular, as there are no d = (3) c t preciseglobalclocksinadistributednetworkanat- Ifeveryblockinachainisgeneratedwithin(T,2∗T) tacker can iterate over current time values to find a 2 secondsofthepreviousblock,d isproportionaltothe betteroptionthanarealtimestampofthelocalsys- c timeelapsedsincethegenesisblocktimestamp. tem. Inaddition,attackerscaniterateoverthepublic 2 keys (for Nxt) or unspent output parameters (Neu- forks). Aftersomenumberofconfirmations,atrans- coin). action recipient performs corresponding actions(for For example, with Neucoin’s dynamic kernels it is example,sendingoutgoods). Theattackertherefore possible to find a better kernel value by iterating contributestoF−1forksthatdonotcontainatrans- over the allowed range of current timestamps. As action. SimulationsofNxt-likeconsensusprotocols NeuCoin allows block time to be set up to 2 hours with explicit tree support show the attack could be laterthanaprevioustime,aselfishminercouldcal- eliminated by an increase in the number of confir- culate 7200 kernel values and immediately publish mations required before a transaction is considered block with a timestamp from the future. Assum- asnon-reversible[15]. ing that each network participant is selfish, the net- 3. HistoryAttacks work could publish all of the blocks extending cur- Attackers can buy unused private keys held a ma- rentblockchainwithinthenext2hours,causingtriv- jority of stake being online in the past, then a bet- ialsysteminstability. ter chain could be generated [12]. A checkpointing Nxt is free from time drifting as hit value is static. mechanismisneededtopreventthiskindofattack. However, it is possible to iterate over δ. To prevent 4. BribeAttacks this,Nxthasa15secondpropagationrule:incoming After an attacker sends a transaction to the net- blocks are propagated only if their timestamps are work, and some number k of confirmations a trans- within15secondsofthatofalastlocalblock. This action recipient performs a corresponding action, limitstheiterationrangetoatmost15values. such as sending goods out. Then a sender can pub- 2. Private-forkandNothing-at-Stakeattacks licly announce a reward for a better fork, revers- Compared to Proof-of-work protocols, it is ex- ing the last k + 1 blocks to remove the transaction tremely cheap to start a fork with Proof-of-stake. fromtheblockchain. Suchanattackisalsopossible Simulations show that short private forks are prof- withProof-of-workprotocol,butunsuccessfulattack itable for big stakeholders of Nxt[14]. Therefore, minerswouldlostalotofresourcesintheattack. In selfish miners have an incentive to build on top of contrast, bribed miners in a Proof-of-stake protocol every fork they encounter. However, as the number willneverloseanythingbecausetheycancontribute of forks increases exponentially with time, it is not tobothforksforverylittle[10]. viabletocontributetoallofthem,soanoderetains 2.1. WhyProof-of-stakeCryptocurrenciesWork bestforks. No practical implementations of the aforementioned With the network contributing to a tree that con- attacksarecurrentlyknown. Therearetworeasonsfor tainsFwidelyrecognizedforksNothing-at-Stakeat- this: tacksareemerging. Thisnewkindofattackismade by a peer who is willing to double-spend by vot- 1. SecurityThroughDefaultImplementation ingforanonlychaincontainingaspendingtransac- Nxt and private forks are discussed here. The tion(whereastherestofthenetworkworksonallF single existing Nxt protocol implementation, Nxt 3 Reference Software(NRS), stores only a single balance) pair. For monetary blockchains we can blockchain. A big stakeholder can earn more[14] considermonetarytokenstobebalanceunits. For by adding an explicit local blocktree storage to private non-monetary blockchains we can set cor- the software. Then she can distribute the modi- respondences in a genesis block so that network fiedsoftware. Nothing-at-Stakeattacksareonlya participants have transferable or non-transferable threatwhenamajorityofonlineareusingthemod- generationrights. ifiedsoftware. Thereisalittleincentivetomodify 2. Block headers contain some unique seed value asinglecopyevenbecausecurrentminingrewards known to all participants to determine the gener- aresmall. atorsofthenextblocks. 2. SecurityThroughCheckpoints 3. T accounts are needed to generate a single block. WithNRS,Nxthasafewhard-codedcheckpoints WeconsiderT =3. Toavoidnetworkpropagation and a 720-block reversal limit so only new nodes ofblockcandidatesdonothaveenoughsignatures, thataredownloadingthebestchainfromthegene- onlyoneaccountisallowedtosignandbroadcast sis block could suffer a successful History attack ablock,buteachblockmustcontainT tickets. For resulting in a fork not deeper than a hardcoded T = 3wedenotetickettypesasTicket1,Ticket2, checkpoint. Ticket3. Togenerateablockoneinstanceofeach typeisnecessary. Bothpracticalsecuritymeasuresareinappropriatefor 4. Eachticketismadeofacorrespondingblockseed, long-term use with decentralized cryptocurrency that a public key pk and the balance b of an account. is intended for global adoption. In contrast, private Using this data we can calculate a score s of a t blockchains can be assumed to be a running specific ticket. First, we calculate hash(seed∪ pk). Then protocolimplementationonmostoftheirnodes. the first byte of the digest is used to generate Ticket1, the second, to generate Ticket2, and the 3. InteractiveProof-of-stake thirdtogenerateTicket3. Thebytevalueisanun- signednumberm. If0 < m (cid:54) R,whereRissome There are two main idea behind this new protocol. constant,thens =m∗log b;otherwises =0. t 2 t First of all, a number of variables a miner can iterate 5. Forablockofheighthanaccountcangenerateup overisneededtobereducedtoaminimumtoincrease tothreeticketswithpositivescore: aninstanceof resistance to grinding attacks. Second, we would like Ticket1byusingtheseedofablockatheighth−2, to bring the communication process into block gener- aninstanceofTicket2,usingtheseedofablockat ation. It requires multiple parties for block creation heighth−1,andaninstanceofTicket3,usingthe withoutbroadcastingundersignedblockswithinthenet- seed of a block at height h. If a ticket’s score is work. Theproposalforthisprotocolisasfollows: positive, then the account signs it and broadcasts 1. The presence of accounts with non-zero is as- tothenetwork. Ticketsize(includingasignature) sumed. Accounts can be viewed as (public key, is about 100 bytes, so tickets can be propagated 4 aroundthenetworkquicklyandeffectively. Consider a scenario in which N accounts are on- A 6. Onlyoneticketperaccountperlastlblocksisal- line. Theticketgenerationcouldbeseenasatwo-step lowed. weightedlottery. First,arandomsubsetofaveragesize (R−1)∗NA willbechosenregardlessontheaccountstake. 7. OnlytheTicket1instancegeneratorformsablock 256 Then each account in the set will obtain some random containingtransactionsandthethreetickets. numberm(0<m(cid:54)R)togenerateaticketwithascore 8. Ablockchainbeginswiththreegenesisblocksin- m∗log b. stead of one to avoid breaking ticket generation 2 Consideringthemomentatwhichblockb (ofheight rulesforthefirstblockaftergenesis. h h)arrivesatanodethathasanaccountAonboard. Acan 9. Ifthethreeticketsofablockaregeneratedbyac- generateuptothreeticketswithpositivescores: anin- counts with public keys pk , pk , and pk then 1 2 3 stanceofTicket3forablockofheighth+1,aninstance the seed of that block is calculated as seed = ofTicket2forablockofheighth+2,andaninstanceof hash(seed ∪pk ∪pk ∪pk ),whereseed is prev 1 2 3 prev Ticket1forablockofheighth+3.Ticketswithpositive theseedofapreviousblock. scoreswillbebroadcastedimmediately. Atthemoment 10. A block’s score s is the sum of its ticket scores: b ofarrival,Asupposedlyalsohasticketsbasedonblocks s = s +s +s . Ablockchain’sscoreisthesum b t1 t2 t3 b ,b ,andb . Inparticular,Acouldhaveabetter of its block scores: s = (cid:80)s . The chain with h−3 h−2 h−1 bc b ticket than any of b ’s. In that case it is reasonable to h the greatest score wins. Block generators there- postpone b processing and wait for a better block for h forehaveanincentivetobuildblocksusingthebest some time. If A can generate a better block than b , A h ticketsavailable. will do so and broadcast that block instead of b pro- h 11. IfR<255,thenitispossibleforallminerstogen- cessing. eratemvaluesoutsidetherange,meaningnotick- etswillbegenerated. Someprotectionagainstthat 4. DiscussionoftheProtocol isrequiredforpureProof-of-stakesystems,forex- 4.1. TimeandBalance ample,ifthedelaysincethelastblockismorethan Theprotocoldoesnotincludetimestampsortimede- DsecondsthenforanewblockR=255,s =m.If ti lays and is therefore immune to time drifting attacks. Dislarge, achainwithouthangingproblemswill Theprotocol’sbalanceisstatic. Toimplementthepro- getablockwithabetter s values, andadditional ti tocol, we could use an account balance from N blocks blockswillbegeneratedduringthedelay. ago,asNxtdoes. 12. Block rewardis tobe split equallyamongst ticket generators. 4.2. TheProtocolSimulation 13. Itisnecessarytolimitblockgenerationfrequency. An executable simulation of the protocol has been Forexample,aminimumdelayafterthelastblock publishedonlineunderapublicdomainlicense[16]. and a propagation rule like the one used for Nxt Wealth distribution in Bitcoin is described by a couldbespecified. stretched exponential function[17]. For simplicity, a 5 negativeexponentialdistributionwithλ = 50wasused is published online[16]. We simulated a compe- tosimulateblockgeneration. Thesimulationconsisted tition between a network of 800 accounts and an of800accountssharingapproximately1.6billioncoins attacker. The network had an exponential wealth and generating 30,000 empty blocks (R = 16, l = 10). distribution (λ = 50) and approximately 1.6 bil- Theresultswereasfollows: lioncoins. Theattackerhadxpercentofanetwork stake,equallydividedintoPparts. ForR=16,l= 1. ≈89%ofaccountsgeneratedatleastoneticket 10,P ≈ 180 is the best choice; an attacker with 2. Poor(< 0.1%ofstake)andrich(> 0.7%)accounts x = 50 has ≈ 8.3% chance of generating a better helddisproportionallylowsharesoftickets chain of length 10 and no chance of generating a better chain of length 50. This means that a net- work with the given parameters is secure against privateforkattackbyrichestholdersof 1 ofonline 3 stake, for 50 confirmations. The same adversarial power against Nxt consensus protocol has ≈ 14% chance of generating a better chain of length 10 and≈ 1.7%chanceofgeneratingabetterchainof length50. Under conditions of optimal stake distribution, History attacks have the same chances of success 4.3. ResistancetoAttacks as the aforementioned private fork attacks if none 1. PrivateforksandHistoryattacks ofthepurchasedaccountsparticipateinblockgen- Even very rich single account can generate no erationaftertheattackhasbegun. Inpractice,both more than one ticket per l blocks. To maximize requirementsareunlikelytobemet,sothechance her chance of lottery participation, a large stake- of success will be lower than of a private fork at- holder needs to split her funds into (cid:29) 256 ac- tack. R+1 counts.Anattacker’saccountshaveabetterchance 2. Bribeattacks to generate a better fork if for a majority of pos- We consider a set of online accounts to be static sible clusters of size R an account controlled during a bribe attack. At the moment of bribe 256+1 by her has a greater balance than others. There- proposalthebestpossiblechainsuffixofk blocks fore, to maximize a chance of an attack success hasalreadybeengeneratedandthereforecannotbe on a cryptocurrency with exponential distribution substituted. An attacker can offer a bribe in ad- ofwealththebeststrategyistosplitstakeequally vanceofanattacktopostponebestticketpublish- into as small as possible number of parts while ing, but the ticket reward will be lost if the attack enough to generate all the tickets with no hang- fails. Also collusion between more parties is re- ing. The tool for simulating this kind of attack quiredthaninexistingProof-of-stakeprotocols. 6 3. GrindingandIterationattacks 6. FurtherWork Forcing block seeds to choose more attacker ac- 6.1. DynamicRCalculation counts in the future is the only method of attack. ItcanbedifficulttosetthebestsinglestaticRvalue As block seeds depend on the public keys of all fortheentirelifespanofablockchainsystem.Themore threeticketgenerators,anattacker’saccountsneed sophisticated option is to dynamically change R based togeneratemorethanthreebestpossibleticketsfor ongenerationprocesscharacteristics. Thiscouldmake ablocktoiterateoverthem. Thusgrindingattacks privateforkattackshardertoperform. arehardertoperformincomparisonwithNxtand Neucoin. 6.2. Proof-of-workTickets Tickets could be used in Proof-of-Work protocols 4.4. BlockTrees aimingtospreadrewardsmoreevenlyandreduceself- ishminingattack[4]probability. Wearguethereisnoincentiveevenforalargestake- holdertomodifythenodesoftwareaimingtocontribute 6.3. AHybridProtocol tomultiplechains.Evenifshehasenoughstaketocom- TheInteractiveProof-of-stakeprotocolcanbeusedin petewiththerestofthenetwork,sheiswhetherworking combinationwithProof-of-work.EmptyProof-of-work onherownchainornetwork’s. However,ifthemajor- blockscouldactasrandombeacons[19]togeneratethe ity of miners are already working on multiple chains, tickets for the next S blocks. They could also act as thebeststrategyforasinglemineristocontributetoall decentralized voting tools toenforce chain selection in ofthem. a Proof-of-stake blocktree. External random beacons could eliminate grinding atacks. Chain selection en- forcementforablocktreeviadecentralizedvotingcould 5. RelatedWork eliminateforksdeeperthanS blocks.Ahybridprotocol would remind Bitcoin-NG[20] with many stakeholders Theprospectofhavingmultipleblockgeneratorswas (rather than a single miner) working on microblocks. raised in the Proof-of-activity proposal[7], which con- This way the network participants have Proof-of-work sidered extending Proof-of-work via additional stake- securityguarantees,fastblocksandanincentivetorun holder signatures. The Chains-of-activity proposal[10] afull-node. extendstheProof-of-activitylotterytoapureProof-of- stake protocol, in which each block provides a single 7. Conclusion randombitandasequenceofrandombitsdeterminesa futureblockgenerator. TheTendermintwhitepaper[18] We have analyzed possible security problems of offers Byzantine Agreements to participants who have current Proof-of-stake blockchain consensus protocols madesecuritydeposits. compilingacomprehensivelistofattacksknownatthe 7 moment of writing the paper. A new pure Proof-of- towards Nxt or any competitor of it at the moment of stake protocol with multiple block generators, Interac- writingthepaper(December,2015). tiveProof-os-stake,isproposed.Ithasaminimumnum- berofvariablesaminercaniterateover.Ithasnotimes- References tampsortimedelaysexplicitlystated. Instead,thenew protocol operates as a weighted lottery where multiple References winners create a block. We have checked the protocol [1] S. Nakamoto, Bitcoin: A peer-to-peer electronic cash system against known attacks list. Results show that a global (2008). cryptocurrencyrunningtheprotocolisimmunetoapri- URLhttps://bitcoin.org/bitcoin.pdf vate fork attack made with up to 1 of network’s on- [2] J.Garay,A.K.B,N.Leonardos,TheBitcoinBackboneProto- 3 col:AnalysisandApplications(2015). linestake(for50confirmations);abribeattackbecomes [3] A. Miller, J. L. Jr, Anonymous Byzantine Consensus from more tricky and requires more parties to collude with Moderately-HardPuzzles:AModelforBitcoin(2014). aparticipantlosingaticketrewardincaseoffailedat- [4] I. Eyal, G. Emin, Majority is not Enough : Bitcoin Min- ing is Vulnerable, Financial Cryptography and Data Secu- tack;grindingattacksarepossibleoverpublickeysonly rity(Jan)(2014)436–454.arXiv:1311.0243,doi:10.1007/ andhardertoperformthaninNxtandNeuCoin. How- 978-3-662-45472-5{\_}28. ever, we do not claim the security of our protocol is URLhttp://arxiv.org/pdf/1311.0243v1.pdf betterorthesamethanthatofProof-of-workprotocols. [5] S.King,S.Nadal,PPCoin:Peer-to-PeerCrypto-Currencywith Proof-of-Stake(2012). Nevertheless, thenewprotocolcouldbeusefulforpri- URLhttp://ppcoin.org/static/ppcoin-paper.pdf vateblockchainsandhybrid(Proof-of-workmixedwith [6] K. Davarpanah, D. Kaufman, O. Pubellier, NeuCoin: the Proof-of-stake)protocols. First Secure, Cost-efficient and Decentralized Cryptocurrency (2015). URL http://www.neucoin.org/en/whitepaper/ Acknowledgement download I would like to thank Benjamin Cordez, Charles [7] I.Bentov,C.Lee,A.Mizrahi,M.Rosenfeld,ProofofActivity: ExtendingBitcoinsProofofWorkviaProofofStake(2013). Hoskinson,SergueiPopov(a.k.a. mthcl),SergeyK.and URLhttp://eprint.iacr.org/2014/452.pdf DmitryM.fortheirfeedback. [8] J.S.U.Bonneau,A.U.o.M.Miller,J.C.U.Clark,A.P.U. Narayanan, J. P. U. Kroll, E. P. U. Felten, SoK : Research AuthorContributions PerspectivesandChallengesforBitcoinandCryptocurrencies (2015).doi:10.1109/SP.2015.14. AlexanderChepurnoyproposedtheprotocol,didthe URL http://www.ieee-security.org/TC/SP2015/ paperandsimulationtools. papers-archived/6949a104.pdf [9] C. Cachin, K. Kursawe, V. Shoup, Random Oracles in Con- stantinople: PracticalAsynchronousByzantineAgreementUs- ConflictofInterest ing Cryptography, Journal of Cryptology 18 (3) (2005) 219– 246.doi:10.1007/s00145-005-0318-0. The author used to be an Nxt core developer since [10] I. Bentov, A. Gabizon, A. Mizrahi, Cryptocurrencies without April, 2014 until May, 2015. That should not be con- ProofofWork(2014).arXiv:1406.5694. sidered as the author is biased positively or negatively URLhttp://arxiv.org/pdf/1406.5694.pdf 8 [11] V.Buterin,OnStake(2014). URLhttps://blog.ethereum.org/2014/07/05/stake/ [12] V. Buterin, Proof of Stake: How I Learned to Love Weak Subjectivity-EthereumBlog(2014). URL https://blog.ethereum.org/2014/11/25/ proof-stake-learned-love-weak-subjectivity/ [13] A.Poelstra,OnStakeandConsensus(2015). URL https://download.wpsoftware.net/bitcoin/ pos.pdf [14] Andruiman, PoS forging algorithms: formal approach and multibranchforging,Tech.rep.(2014). URL https://github.com/ConsensusResearch/ articles-papers/blob/master/multibranch/ multibranch.pdf [15] Andruiman,PoSforgingalgorithms:multi-strategyforgingand relatedsecurityissues. URL https://github.com/ConsensusResearch/ articles-papers/blob/master/multistrategy/ multistrategy.pdf [16] A.Chepurnoy,InteractiveProof-of-Stakesimulationtools. URLhttps://github.com/kushti/common-pos [17] D. Kondor, M. Po´sfai, I. Csabai, G. Vattay, Do the Rich Get Richer?AnEmpiricalAnalysisoftheBitcoinTransactionNet- work (2014). arXiv:1308.3892, doi:10.1371/journal. pone.0086197. [18] J.Kwon,TenderMint:ConsensuswithoutMining. URL http://tendermint.com/docs/ tendermint{_}v04.pdf [19] J.Bonneau,S.Goldfeder,J.Clark,OnBitcoinasapublicran- domnesssource. URLhttps://eprint.iacr.org/2015/1015.pdf [20] I.Eyal,A.E.Gencer,E.G.Sirer,R.vanRenesse,Bitcoin-NG: AScalableBlockchainProtocol(2015).arXiv:1510.02037. URLhttp://arxiv.org/abs/1510.02037 9

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.