Breaking the Impossible Blockchain Triangle and Realizing the World’s Blockchain 3.0 Project
“The blockchain system is now facing its own impossible triangle: decentralization, security and high performance.”
Author: Rui Guo, Ultrain Co-founder&CEO
I. What is the blockchain 3.0 project?
In recent years, the concept of blockchain has become increasingly high profile. More people have asked me why there isn’t a large-scale commercial blockchain application yet. I can only regretfully tell everyone that although a disruptive business model is available in blockchain, the underlying technology of its public chain is not yet mature enough to support large-scale commercial applications.
The most prominent technical problem is low system performance. For example, every Ethereum’s running applications only has a processing capacity of about 20 to 25 transactions per second. For an application with 10 million active daily users, its TPS peak is generally required to be around 2,000 to 3,000. Therefore, the existing blockchain 1.0 and blockchain 2.0 systems represented by Bitcoin and Ethereum are completely unable to support large-scale commercial applications.
And why is the limitation of TPS so difficult to break? Much like the CAP problem that all distributed systems face during design, the blockchain system also faces its own impossible triangle: decentralization, security and high performance.
The challenge to decentralized design is how to guarantee decentralization of the network. This requires that the network is a peer-to-peer network where machines have equal status and there is no special central node. To ensure the decentralization of the network, the network should be open without access control, so that everyone can join it and the network will not be controlled by one or more centers.
The challenge with security design is how to guarantee that the network is secure and to prevent it from being hacked by malicious users. In an open and economically linked network, there are people who wish to legitimately join it by buying machines, but also malicious users who will try to profit from attacking the network. Then, how can we ensure the network security against an internal malicious user? This has gone beyond the traditional security architecture and is a challenge for security design.
The challenge facing high-performance design is to ensure the best performance of the network and the lowest energy consumption.
In the case of Bitcoin, its design goal is to establish a decentralized currency system, which requires a completely decentralized open network. To protect the security of the entire network, Bitcoin adopts a proof of work (POW) mechanism where every node in the network should mine by guessing the hash value, participate in the consensus, and record all the data. This makes it extremely costly for malicious users to attack the Bitcoin network. However, although Bitcoin has guaranteed network security, it makes compromise in system performance. At present, the operation and maintenance cost of the Bitcoin network is 10 billion yuan per year, while the TPS is only 7 transactions per second.
To solve this problem, BM proposed its own ideas in 2014 in the form of a consensus mechanism for DPOS. The core of the DPOS mechanism is to select a small number of nodes that participate in consensus in a large-scale network based on the number of Tokens held by each node. The DPOS then reaches a consensus and generate blocks among these nodes, rather than generating blocks in the whole network as is the case with Bitcoin. The latest iteration of DPOS, EOS, selects 21 nodes per round, generates a block every 0.5 seconds, and confirms the block in about 3 minutes. According to the community’s latest EOS performance test report, its TPS is about 3,000 transactions per second.
However, this solution has many drawbacks, the most important of which has two aspects. One, it is very difficult for these 21 nodes to resist large-scale DDoS attacks. Two, blockchain emphasizes a completely decentralized peer-to-peer network, where people in the network are equal and there is no specialization. EOS design deviates from this concept by making these 21 nodes become special. Therefore, it is difficult to avoid problems such as corruption, collusion and central control through the 21 nodes. This is why the industry regards EOS more as a “semi-centralized” network. In the impossible triangle of the blockchain, EOS lays emphasis on efficiency at the expense of some decentralization and security.
Further improving the performance of the blockchain system and breaking the impossible triangle of blockchain without affecting decentralization and security will require major innovations and breakthroughs in technology; i.e., blockchain 3.0. In recent years, especially since the start of 2018, many teams around the world have made attempts, the most prominent of which are Dfinity, Oasis, Thunderlla, Algorand, Zilliqa, and Ultrain, each of which I will analyze here.
II. Analysis of major blockchain 3.0 projects
Dfinity: A new idea of consensus based on threshold signature technology
Dfinity was launched in Silicon Valley in 2016. Its founder, Dominic Williams, is one of the core members of the Ethereum Early Cryptography Association. The most prominent contribution of Dfinity is the introduction of cryptographic threshold signature technology into consensus algorithms. The consensus idea of Dfinity is as follows: First, the nodes of the whole network are randomly divided into N groups. At the beginning of each round of consensus, the block generation nodes and the witness nodes are randomly selected. After the block generation nodes complete the generation of blocks, the witness nodes witness which block will be chosen as the final chain on the block. At the same time, in the process of block generation, the next block generation node is randomly determined, so that the consensus continues to be executed in the forward direction. To improve system security because there is no power consumption of the POW as a security guarantee, Dfinity’s block generation nodes and witness nodes are not single nodes, but groups of nodes. For example, the block generation node of each round is a group of nodes that comprises 400 machines to execute block generation. Threshold signature technology guarantees a data block. After being signed by more than 51% machines (i.e., at least 201) in the group, it can generate data blocks that can be verified by the outside world and generate the random number used for selection of the next round of nodes. In this way, attack difficulty is greatly increased because an attack is against a group of nodes rather than one.
In the field of cryptography, VRF (verifiable random functions) and threshold signature belong to different key categories. The major technology feature of Dfinity is to find a function that satisfies the characteristics of both VRF and the threshold signature, and thus guarantee that its algorithm can be implemented. Based on this consensus, Dfinity claims that its TPS has reached hundreds of transactions per second, and the time to confirm each block is 7.5 seconds.
Dfinity’s consensus mechanism is very clever, but it is nevertheless flawed. Since the establishment process of the “group” in the threshold signature is very complicated, each group needs to be kept for a long time after it is established. At this time, there is a potential economic game problem, i.e., the group signature can be predicted by the collusion of multiple members and the cost of this collusion is very low. Group members can know which group they belong to and use various methods, including the Internet, to quickly find members who are in the same group and then collude with them. They can collaboratively calculate the group’s private key and quickly predict the next round of random numbers, thus undermining the fairness of the network. Because it is very difficult to find this kind of attack, zero attack cost can be achieved. We have already submitted this question to the Dfinity team and have not yet received a response.
In terms of progress, Dfinity has now set up a running network on the company’s intranet and recorded and published the network’s running video.
Algorand: High TPS consensus based on random algorithm
Algorand is the Blockchain Consensus Agreement released in May 2017 by MIT professor Sivio Micali, a Turing Award winner. Its main idea is to achieve high TPS on a completely decentralized network by combining random and BFT algorithms.
Algorand’s consensus process is as follows:
1. The first step is role confirmation phase: When each consensus round begins in a large-scale network, each node first uses VRF to generate a voucher and then uses this voucher to randomly select the nodes which participate in that round of consensus. These nodes are called “voters”, and the one with the smallest voucher value is selected as the “proposer”.
2. The second step is grading consensus phase: The proposer is responsible for assembling the candidate blocks of that round, and then the voters reach a consensus on the leader of the current round and confirm the candidate blocks received in that round.
3. The third step is binary Byzantine phase: The verifier votes for the candidate block, i.e., either to accept it (believing there is no problem in the block) or reject it (believing the block has an error such as double spend, thus refusing to accept the block and replacing it with an empty block)
4. They system broadcasts the blocks identified in this round to the entire network.
Algorand improves the system’s TPS and ensures network security by randomly selecting the consensus nodes in each round. According to the data given in the paper, the consensus transaction is 750 Mbytes per hour and calculated according to length 250 bytes per Bitcoin transaction: 75010241024/60/60/250=873.8 TPS.
However, there is still some room for improvement:
1. Algorand’s main function now is transfer transactions and its function can be benchmarked as Bitcoin. As the most important smart contract improvement in blockchain 2.0, Algorand does not discuss how to support smart contracts in the Algorand network in their paper.
2. The premise of the Algorand network is that the number of honest “voters” is more than two-thirds, but there is no discussion on how to guarantee this.
3. Algorand’s algorithm requires a completely random selection of nodes at each substep in each phase, leading to high complexity.
After the publication of the paper, Algorand has organized its team to quickly step up R&D, and the community is currently awaiting the release of Algorand’s project.
Thunderlla: a combination of POW and POS
The core founder of Thunderlla is Elaine Shi, a professor of computer science at Cornell University. When the Accelerator node and the three-quarters of the committee nodes in the network are honest nodes and the network status is good, Thunderlla can implement fast asynchronous processing and confirm within less than 1 second to respond instantly to transactions. When there is an anomaly in the network, such as a Byzantine failure, it starts the cool-down mechanism and switches to the traditional blockchain consensus (slow chain) to ensure the security and sustainability of the network. It then automatically switches back to fast mode when the network is restored. As a result, most of the time and in most situations, the network can achieve a processing speed that is 1,000 times faster than the current blockchain processing speed and resist 49% of malicious nodes through the slow chain when a problem occurs. Here the slow chain can be Bitcoin, Ethereum, or any other blockchain, which generates instant response in a friendly environment and is safe and reliable in a malicious environment.
This algorithm is a mixture of POS and POW, and it aims to inherit the advantages of both. However, several key issues are not explicitly mentioned, such as how to ensure that three-quarters of the committee member nodes are honest and how to motivate committee members and remove malicious ones. Additionally, the restart mode is still not clear (e.g. how to choose the next accelerator).
In terms of progress, Thunderlla has not announced any further progress after the publication of the paper.
Ekiden of Oasis Lab: Performance enhancements based on trusted environments
This project was launched in 2018 and its founder, Dawn Song, is an associate professor of computer science at the University of California, Berkeley. Ekiden’s main idea is to separate the consensus layer from the computing layer. The computing layer is composed of the hardware that meets TEE (Trusted Execution Environment, such as Intel’s SGX), and the calculation of the smart contract is fed into the TEE to execute. The consensus layer uses POW or POS and only verifies TEE calculations and reaches a consensus. This method has two characteristics: One, the calculation node and the consensus node are separated, and the calculation node can execute arbitrarily complex logic. The calculation result is mutually verified by a small number of trusted computing nodes, so execution efficiency is high — basically equivalent to the execution efficiency on a single machine. And in parallel with multiple machines, it can execute different contracts. Two, privacy protection is provided. Only the encrypted data state (even encrypted contract code) is stored in the chain. Decryption is only performed in the TEE, and the calculation result from the TEE returns to the chain in encrypted state.
In terms of the overall design of Ekiden, its security relies on the TEE. Although it solves the security problem, there are potential security risks. For example, in March 2017, researchers from Graz University of Technology cracked the protection of SGX. Therefore, whether the security relying on a single hardware is reliable needs to be verified after a certain amount of time.
The principle of TEE is that the private key is stored at the chip manufacturer. For example, for SGX, the private key is stored at Intel. Therefore, the chip manufacturer is a centralized node, and so the concept of complete decentralization of the blockchain is not realized.
In terms of progress, Ekiden proceeds fast. On its website, users can submit their own machine configuration to apply for the test network, but there is no data on the performance of the test network.
Zilliqa: High TPS based on sharding
Zilliqa is the first public-chain project to launch a sharding-enabled test network. Its function is the relatively simple transfer transaction. Its core idea is to greatly enhance TPS through sharding. Assuming that the traditional blockchain is a main chain it can be regarded as a single-core CPU that can only process data serially. If the main chain is composed of multiple sub-chains, it can be regarded as a multi-core CPU processor, and its performance can improve by several times.
However, this algorithm still has the following shortcomings:
1. Zilliqa applies sharding in data processing instead of data storage. It improves performance in data calculation, but will bring efficiency problems in data storage, synchronization, sharing and so on, which will greatly restrict the room for performance improvements. At the same time, the realization of the upper-level smart contract will be extremely difficult. This method is more suitable for specific application scenarios, such as scientific computing, but it is unfavorable for developers to use.
2. Cross-sharding is not formed. There is no detailed description on how to manage global data and states. For the realization of all shards, the most important problem to be solved is how to deal with cross-sharding, and Zilliqa has no solution yet.
At present, Zilliqa has already launched its test network, and the test data of the internal network shows a TPS of 2,000 transactions per second in the case of 6 shards and 3,600 machines.
III. New generation of blockchain 3.0 : Ultrain
To break the blockchain’s impossible triangle, Ultrain has made its own contribution and proposed a new R-POS consensus.
Similar to the DPOS consensus mechanism adopted by EOS, a group of people based on the number of tokens vote to select a small group comprising a fixed number of members who make decisions. This small group takes it in turns to make decisions. Under the R-POS mechanism, several group members are randomly selected to make their own proposals simultaneously, and then group members are randomly selected at the number 10 times as the previous one to judge whether the previous proposals are correct. Ultimately these group members integrate the correct proposals to form the final decision.
The core idea of R-POS is to change the selection of the consensus participation nodes from entrusted selection to random selection based on DPOS, and thus ensure that the nodes of the entire network can be selected into the minority nodes participating in the current round of consensus. This not only protects the decentralization of the network, but also greatly improves performance. At the same time, Ultrain guarantees further improvements in R-POS in security and performance by introducing parallel technology, sharding technology, device fingerprint technology, and multiple cryptography improvements.
A brief introduction to the R-POS consensus process is set out below:
Each round of R-POS consensus process is divided into four phases, and the consensus time of each round is 10 seconds:
The first phase is therole confirmation phase: randomly select the nodes in the entire network of Ultrain and determine the roles of each node in the current round of consensus by applying the VRF function. In each round of consensus, the roles of nodes are divided into three types:
1) Block generation node: assembles the candidate blocks in the current round. Multiple nodes will be selected as the block generation nodes in each round.
2) Voting node: manages voting in the next phase to confirm the identity of the block generation nodes of the current round.
3) Listening node: does not participate in block generation; records block data after block generation is determined.
In each round, the probability that a single node is selected as a block generation node or a voting node depends on the input parameters of the VRF, including the number of Tokens locked by the node, the performance of the machine, and the credibility of the machine. The higher the three parameters, the higher the probability. Regarding the credibility of the machine, a hardware fingerprint that cannot be tampered with will be generated for each node. Based on the hardware fingerprint, the credibility of each node will be generated. Nodes that consistently show good behavior are more likely to be selected.
Ultrain increases the difficulty of external and internal attacks by randomly selecting nodes. Based on the credibility of device fingerprints, it establishes a model for the credibility of a single node, which increases the difficulty of witch attacks. The device needs to accumulate the credibility score to increase the probability of being selected, which takes time, i.e. using the time resources consumed to be equivalent to the computing power consumed by Hash mining. Thus, system security is improved. Finally, based on the punishment mechanism locked by the Token, the cost of malicious attacks is increased, thereby improving the overall security of the Ultrain network using multiple mechanisms.
The second phase is the parallel consensus phase. The block generation nodes selected assemble the candidate blocks of the current round in parallel. Then, the voting node reaches a consensus on the block generation nodes in the current round to determine that the block has been received by most of the nodes.
Ultrain’s originality lies in the change from one block generation node to multiple for block generation in parallel, which greatly improves the system’s TPS. As multiple nodes generate blocks at the same time, even if a block generation node is attacked, the system will not generate an empty block as long as one node reaches a consensus, thereby improving system activity. The core technical challenge in achieving the target lies in the parallel BA algorithm and the possible high number of network storms. To solve this problem, Ultrain introduces redundant coding technology to divide the message into multiple transmissions, ensuring the largest number of messages are broadcast using limited network bandwidth, optimizing network throughput.
Ultrain introduces threshold encryption technology to allow candidate blocks to be delivered in small chunks. Before each node receives enough messages, it is impossible to know the content of messages, which avoids the inclined passing of consensus messages, and improves fairness.
The third phase is the parallel BA phase where voting nodes are randomly selected again. The voting nodes will reach a consensus on candidate blocks in the parallel consensus phase and ensure that all people accept the same block combination. The candidate blocks that reach a consensus are combined into the final block generation block for this round of consensus.
The fourth phase is to broadcast the blocks identified in this round to the whole network and complete the current round of consensus.
The above sections explain the consensus operation in the case of single-sharding. To improve the efficiency of the consensus, Ultrain also introduces sharding technology for both data calculation and data storage. The core idea is that when processing across-shard execution, the data needs to be stored across the shards redundantly, improving overall consensus efficiency.
The core technology of the Ultrain Consensus is VRF+BFT. The introduction of parallel technology and sharding technology greatly improves system performance, expands system security through device credibility, and further improves system performance based on maintaining a POW security level.
Ultrain released the concept network of R-POS in early July 2018. We deployed the Ultrain system on the 1,000 nodes of the public Amazon cloud. After actual testing, the network can reach an average of 3,000 TPS with a confirmation time of 10 seconds. Its performance far exceeds the existing blockchain 3.0 project. It is expected that sharding technology will be deployed after the system is launched in the public network in April next year. By then, the TPS of the network can be improved by dozens of times.
The landing of the Blockchain 3.0 project is the only way for the blockchain to empower the real economy. It is hoped that all the public chain teams around the world can develop rapidly and solve the problem that the existing blockchain public chain cannot support large-scale commercial applications.
The blockchain technology is expected help the real economy establish a new business model and substantially boost productivity.