Loading...

Loading...

Scroll

Categories

Tags

Monthly Archives

Keyword

Back

PHANTOM 5:PROOF

2018.07.09

Category

Tags

5. PROOF

5. 证明

We now turn to prove that the order converges, and that an attacker (with less than 50%) is unable to cause reorgs. We restate the theorem from Section 3:

我们现在来证明顺序会收敛,以及攻击者(少于50%)无法导致重组。我们将第3节的定理再复述一遍:

Theorem 5(PHANTOM scales). Given a block creation rate , and , if is equal to or greater than the network’s propagation delay diameter , then the security threshold of PHANTOM, parameterized with , is at least .

定理5(PHANTOM 可扩容) 给定出块率 ,如果 大于或等于网络的传播延迟直径 ,则以 参数化表示的 PHANTOM 的安全阈值至少为 .

Our proof relies on the following lemma, which states that if some block B has the property that its anticone contains no blue blocks, then all blue blocks in its past precede all blocks outside its past. We call this the Hourglass property:

我们的证明依赖下面的引理。该引理说的是,若某个区块 B 的反锥体内没有蓝色区块,则其过去集中所有蓝色块都在其过去集之外的所有块之前。我们把这称为沙漏特性:

Lemma 7. If for some , , then and , . We then write .

引理7: 如果对于某个 , , 那么 并且 , . 我们写作 .(译注:Hourglass 在英文中的意思即是“沙漏”。根据该引理, 的蓝色区块一定在 的过去集、将来集和 自身当中。具体原因见下面引理7的证明部分。因此所有的蓝色区块组成的形状就像一个沙漏,而 就是沙漏中间直径最小的两头相连的孔径。故将 称为沙漏区块。引理7换句话说,即沙漏区块的过去集里的蓝色区块在排序时一定在沙漏区块过去集以外的区块之前。)

Fig. 4: An example of a DAG with an Hourglass block . Here, the delay parameter is . As in Figure 3, the small circle near each block represents its score. The colouring of the DAG was done according to Algorithm 1. The greedily selected chain of blocks of highest score is marked with light-blue filling (note that this chain is not the longest one). Block has the property that all blue blocks are either in ’s past or in its future (in addition to itself). It is thus an Hourglass block.

图4: 含有一个沙漏区块 的 DAG 的例子。在这里,延迟参数是 。和图3一样,每个区块旁边的小圆圈代表它的得分。我们依据算法1对 DAG 着色。由贪婪算法选出的最高得分的区块组成的链被标为浅蓝填充色(注意这条链并不是最长的链)。区块 具有这样的性质:所有的蓝色区块要么在 的过去集中,要么在其将来集中(除了 自己)。因此它是一个沙漏区块。

译注:在图4里,区块 M 的得分是9;然而我们看到在 M 的过去集中却只有8个区块(即创世区块、B、C、D、F、I、J 和 K)被标注为蓝色。这并不是图有误。实际上当我们描述一个区块是否蓝色的时候,必须要先假设现在是站在哪个区块的视角来回答这个问题。回顾一下文章第2节中的步骤1和图3所描述的蓝色区块的选择算法。图4所标注的蓝色区块集记为 ,这等同于图中添加一个不存在的区块 V,然后让 M、R、U 作为 V 的父亲,最后从 V 的视角进行红蓝标注的结果。每个区块的得分是在该区块刚发布连入图的时候,从该区块本身的视角进行红蓝标注之后,该区块过去集中蓝色区块的数量。文章对于这一点并没有描述得很清楚,这是译者在 DAGlabs 的 Slack 频道讨论后得知的结果。原话是:“Aviv & Yonatan ‘s algorithm is an iteration procedure, when you check you must stand on ‘s viewpoint, that means is also blue on ‘s viewpoint. Same for .”。 从图4的拓扑结构,我们可以推断,当 M 发布的时候,图中只有 L 和 K 两个末端区块(tip),E 的孩子和 K 的孩子都还没发布出来(注意区块发布的时候一定会连接图里面所有的末端区块)。这个时候,从 M 的角度看,L 是蓝色的,于是 M 的过去集中的蓝色区块就包括了创世区块、B、C、D、F、I、J、K 和 L 九个区块。因此 M 的得分为9。

In Figure 4 we provide an example of an Hourglass block. The proof of this lemma is straightforward from the operation of Algorithm 2:

在图4中我们给出了沙漏区块的一个例子。通过算法2的操作可以直接证明该引理:

Proof of Lemma 7. First note that if , then . Indeed, Algorithm 1 defines a chain, (see Subsection 2.2). This chain necessarily intersects some block in anticone . And the intersection block must become blue itself, by lines (6-7). Thus, implies that and in particular .

引理7的证明: 首先注意到如果 ,则 。事实上,算法1定义了一条链, (见2.2节)。这条链一定会和 中的某个区块相交。根据算法的6-7行,相交的区块自身一定是蓝色。(译注:可以反过来理解。算法1在图中寻找一条从起始区块延伸至图末端的蓝色区块组成的链。如果 自己和其反锥体都是红色区块,那这条链就无法从起始区块延伸至末端了。)因此, 意味着 ,尤其是

Now, Algorithm 2 pushes a block into the queue only after it has pushed already all blocks in its past (lines 11 and 12). Therefore, pops out blocks according to a topological order. Now, there are no blue blocks in , hence if is a blue block then it must belong to , in which case it must have been pushed to the queue after was popped (unless ). Thus, if is blue, any block in was popped out before , and added to the ordered list before it (line 8). In particular, . On the other hand, if is not blue, it was necessarily pushed into the queue only by belonging to the past set of some blue block (lines 9-11). was popped out after (unless ), from the same argument as in the previous case. Thus, was pushed into the queue after was popped out, which in turn must have occurred after was popped out. In particular, in this case as well, .

现在,在算法2中,对任意一个区块来说,只有当该区块过去集中的所有区块都被压入队列之后,该区块才会被压入队列中(11和12行)。 因此, 会按照某种拓扑顺序弹出区块。 现在 中没有蓝色区块, 因此,如果 是蓝色区块,那么它一定属于 ,于是它一定会在 被弹出之后才被压入队列中(除非 )。 因此,如果 是蓝色,那么 中的任意一个区块都会在 之前被弹出,并在它之前被添加到有序列表 中(第8行)。 也就是说, 。 另一方面,如果 不是蓝色,它一定只能通过从属于某个蓝色区块 的过去集从而被压入队列中(第9-11行)。 是在 之后被弹出的(除非 ),证明思路和前一种情况一样。 因此, 被压入队列发生在 被弹出队列之后,而 被弹出又发生在 被弹出之后。 于是,这种情况下同样也有

Lemma 8. If is an Hourglass block in a DAG , then inherits the order from : .

引理8: 如果 是 DAG 中的一个沙漏区块,那么 继承来自 的顺序:

Proof. In the proof of the previous lemma we have shown that . By the recursive operation of Algorithm 1 (lines 6-7), this implies that inherits the colouring of on its past: .

证明: 在上一个引理的证明中,我们已经展示了 。算法1的递归操作(第6-7行)意味着 继承了 的过去集的着色:

Now, no block in is pushed into before is popped out, because blocks get pushed in only if they are blue (and no such block exists in ) or if a blue block in their future was pushed in-—and this too only happens after is popped out. Since the queue respects the topology, this means that all blocks in (which must be visited before ) are popped out before any block outside .

现在,在 中被弹出之前, 中没有区块被压入 。这是因为一个区块必须要满足以下两个条件之一才会被压入队列:要么该区块是蓝色(而这样的区块在 中并不存在);要么该区块将来集中的某个蓝色区块被压入队列——这也只能发生在 被弹出之后。因为队列遵循拓扑,所以 中的所有区块(它们肯定都在 之前被访问过)都会在 以外的任意区块之前被弹出。

The fact that blocks in are not pushed into the queue before all of is popped out, implies further that the order in which Algorithm 2 pushes blocks in into and out of depends only on , and not on the DAG . Hence, .

的所有区块被弹出之前, 中的区块不会被压入队列。这进一步意味着算法2将 里的区块压入和弹出 的顺序仅取决于 ,而不取决于 DAG 。因此,

The proof of Theorem 5 uses the occurrence of Hourglass blocks to secure all blocks in their past set.

定理5的证明利用沙漏区块来保证沙漏区块过去集里所有区块的安全性。

Proof of Therom 5. Let and assume that . We need to prove that and : , where , and assuming a fraction of at most can deviate arbitrarily from the mining pool.

定理5的证明: 假设 and assume that 。 我们需要证明对于 ,其中 ,并且假设不遵守挖矿协议的节点占比最多只有 (译注: 这里原文写成了, 应该是笔误)。

Fix and , and let be the first time after where an honest block was published such that is an Hourglass block and will forever remain so:

固定,并且假设 之后符合下面条件的一个诚实区块 被发布——该区块是 之后首个被发布的诚实的沙漏区块,并且之后也将一直保持为沙漏区块。我们将该区块的发布时间记为

is a random variable. By Lemma 9 it has finite expectation. In particular, (e.g., by Markov’s Inequality).

是一个随机变量。 根据引理9,它的期望值是有限的。 特别是, (比如,根据马尔可夫不等式)。

Assume that such a arrives, i.e., that a block is created and remains permanently an Hourglass block. Then, by Lemma 8, the order between all blocks in never changes, and in particular the order between and any other block never changes. Thus, . Therefore, implies .

假设这样的一个 出现了,也就是有一个区块 被创建并且永远保持为一个沙漏区块。 接着,根据引理8, 里面所有区块之前的顺序都永不改变,并且尤其是 和其它任意一个区块 之间的顺序都永不改变。 于是, 。 因此, 意味着

Lemma 9. Let . The expected waiting time for (defined in (2)) is finite, and moreover is upper bounded by a constant that does not depend on .

引理9: 假设 的期望等待时间(在(2)中定义)是有限的,并且其上限是一个不依赖 的常数。

Proof. Let denote the event defined by the following conditions:

证明: 将 记为满足下列条件的事件:

  1. Some block was created at some time by an honest node (i.e., ) and apart from no other block was created in the time interval . 1
  2. For some , the last blocks in , denoted , was created in the time interval , and dishonest miners created no blocks in this time interval.
  3. The score of ‘s chain is forever higher than the score of any chain that does not pass through : .
  1. 某个区块 在某个时刻 被一个诚实节点所创建(即 )并且除了 以外在时间区间 以内没有其它区块被创建。 1
  2. 对某个时间长度 来说, 的最后 个区块,记为 ,是在时间区间 内被创建的,并且在此时间区间内作弊矿工没有创建区块。
  3. 的链的得分永远比任意一条不穿过 的链的得分高: 。(译注:感觉这里的数学符号表达并不严谨,因为有可能 都不包含 。但我并不确定。可能需要详细理解下文断言3的证明。)

Claim 2 and 4 together imply the required result.

由断言2和4可共同推导出所需的结果(即引理9)。

The following claim states that the first two conditions in the above definition guarantee that as long as is blue no block in its anticone is blue:

下面的断言表示,上面定义中的前两个条件保证了只要 是蓝色的,它的反锥体中就没有区块是蓝色的:

Claim 1. Assume that for some block the first two conditions in the definition of hold true. Then, as long as is blue, all blue blocks have in their past: .

断言1: 假设某个区块 满足 定义中的前两个条件。那么,只要 是蓝色的,所有蓝色区块的过去集都会包含

(译注:断言1换句话说,也就是All blocks created by the attacker before are either in or in the anticone of all k+1 blocks in Last (including ) itself)

Proof of Claim 1. Let . If we’re done. Assume therefore that . Any block that was published before time belongs to . Any block that was created after by an honest node belongs to . As honest nodes did not create blocks in the interim, blocks in can only belong to the attacker. Now, since the attacker did not create new blocks while blocks in were created, all attacker blocks that were created before the interval and that do not belong to (hence belong to ) have all blocks in in their anticone; formally: . Thus, if , any block in suffers an anticone that is larger than (it contains ) and is therefore not in . In particular, .

断言 1 证明: 假设 ,如果已知 , 则我们无需讨论 。 因此假设 。 任何在 之前发布的块属于 。 任何在 之后由诚实节点创造的块属于 。 由于诚实的节点在此期间并未创建块,因此 中的块只能属于攻击者。 现在,因为攻击者没有在 中的区块被创建时生成新的区块, 所有在间隔之前创建的恶意块以及不属于的区块(因此属于) 会在它们的反锥体中包含所有中的区块; 形式上: 。 因此,如果 ,任何在 中的块会拥有一个大于 的反锥体(它由 组成),因此不在 中。 即, 。 (译注: oracle 的定义在SPECTRE的论文有提到, “ ; this is the DAG as observed by a hypothetical oracle node”, 意思是站在上帝(全局)视角下的DAG, 即所有节点看到的DAG的总和)

Claim 2. The waiting time for the event upper bounds .

断言 2: 事件 的等待时间的上界为

Proof of Claim 2. The previous claim implies that a block that satisfies the first two conditions is an Hourglass block in . The third condition implies that forever remains in the chain, and in particular forever remains blue. It is thus an Hourglass block in all DAGs .

断言 2 证明: 之前的断言表明一个满足前两个条件的块 是在 中的一个Hourglass块。 第三个条件表明 会永远在链中,尤其会永远是蓝色的。 因此它在所有的DAG中都是沙漏块 中。

Claim 3. If the first two conditions in the definition of hold true then the third one holds true with a positive probability.

断言3: 如果 定义中的前两个条件成立,则第三个条件以正概率成立.

Proof of Claim 3. Part I: We begin by assuming that the attacker did not publish any block in the time interval ; formally, we assume that .

断言 3 证明: 第一部分:我们首先假设攻击者在时间间隔 内没有发布任何块; 形式上,我们假设为

Let us compare the score of the honest chain to that of any chain that excludes . This gap is captured by the following definition: For a time , define

让我们比较诚实链和任何不包含 的链的得分。 以下定义可以看出这一差距:对于时间 ,定义

Let us focus first on the evolution of the process between time 0 and time . We refer to the lead ,that the attacker obtained at the end of this stage as “the premining gap”; see [8].

让我们首先关注时间从0到 之间的过程 的演变。 我们把攻击者在本阶段结束时所获得的最开始的 称作“预挖差距”; 参考【8】。

Let be the argmax of , and let be the latest block in , namely, the latest honest block which is blue in the attacker chain.

作为 取最大值时的参数 ,让 成为 中最新的块,即,在攻击者链上的蓝色的最新的诚实块。

Recall that for now we are assuming that all attacker blocks that were premined were kept secret until after time . Observe that at most k blocks that were created by the attacker before can be in and can contribute to the score of the attacker’s chain.

回想一下,现在我们假设所有被预挖的攻击者块都保密,直到时间 之后。 通过观察可知在时间 之前由攻击者创建的至多k个块可以在 中,并且可以贡献得分给攻击者链。

Thus, between and time , - i.e. during the premining phase – the score of the attacker chain grows only via the contribution of attacker blocks, and therefore at a rate of at most.2

因此,在时间 期间,即在预挖阶段 - 攻击者链的得分只能通过攻击者块的贡献增加,因此最多只有 的速率。

We only claim that the attacker’s highest scoring chain grows at a rate of at most, because every attacker block can increase the attacker’s highest scoring chain by 1 at most. Creating a single chain is indeed the optimal attack on the attacker side.

我们仅仅声明攻击者最高得分链最多以 的速率增长,因为每个恶意块只能给攻击者的最高分链加一分。 站在攻击者角度看, 创建单链其实是的最佳攻击方案。

Now, by the choice of (defined in 1), the probability of an arbitrary honest block having too large of an honest anticone is small: 3

现在,通过 (在定义 1中)的选择,任意诚实块 具有太大的诚实反锥体的概率是很小的: 3

This is because block creation follows a Poisson process, and because honest blocks that were created seconds before (after) belong to its past (future), hence are not in its anticone. Since any block that is blue in the honest chain contributes to its score, at any time interval, the score of the public chain grows at a rate of at least. And at most k honest blocks created in the premining stage contributed to the score of the attack chain.

这是因为块创建遵循泊松分布, 并且因为被创建于 之前(之后) 秒的诚实块属于它的过去集(未来集),因此不在它的反锥体中。 因为诚实链上任何蓝色的块都贡献得分,在任何时间间隔,公共链的得分至少以 的速率增长。 最多k个在预挖阶段创建的诚实块在攻击链上贡献得分。

Part III: From Part I and Part II we conclude that the random process is upper bounded by the premining race analyzed in [8]. Therein it was shown that the probability distribution over (the process’s state at the end of the premining stage) is dominated by the stationary probability distribution of a reflecting random walk over the non-negative integers with a bias of towards negative infinity. The stationary distribution exists because .4

第三部分: 来自第一部分和第二部分我们得出这样的结论:随机过程 是由[8]中分析的预挖竞争限定上限。 其中显示超过 的概率分布(在预挖阶段最后的进程阶段)是由一个在偏离率为 的非负整数上朝负无穷方向行进的反射随机游走的稳态概率分布决定的,

In particular, there is a positive probability that at time the premining gap, , was less than k, so that .5 Between times and the honest network contributed additional to the score of the public chain, namely, blocks . During the same time the score of any secret chain(s) did not increase at all, per the second condition in the definition of . Thus, . And by the first assumption, . All in all, with some positive probability, .

特别是,在 时有正概率预挖差距 会小于k,因此 5 在时间 之间,诚实网络为公开链贡献了额外的 分 ,即, 中的块。 在相同的时间内,根据定义中的第二个条件 ,任何秘密链的得分不再增加。 因此, 。 根据第一个假设, 。 总而言之,在某个正概率下,

Part IV: Let us turn to look at the evolution of at the second stage.

Assume that .

第四部分: 让我们来看看第二阶段 的演化。

假设

In Claim 1 we saw that for any such that , all blocks in ’s anticone are red in . This implies that, as long as is blue in the public DAG, only attacker blocks contribute to the score of the attacker’s chain: (indeed, note that all honest blocks created after time belong to ). Consequently, the attacker’s best chain grows at a rate of at most, as this interval ( ) as well, as long as . We have already seen that at any time interval the honest chain’s score grows at a rate of at least. Thus, starting at time , the race between the honest chain’s score and the attacker chain’s score can be modeled as a random walk over all integers with a bias of towards negative infinity.

在断言1中,我们我们看到,对于任何 ,例如 ,所有在 的反锥体中的区块在中是红色的。 这意味着,只要 在公共DAG中是蓝色的,仅仅攻击者块贡献攻击者链的得分: (实际上,注意在时间 之后创建的所有诚实区块属于 )。 所以,攻击者的最优链最多以 的速率增长,和这个时间间隔()一样,只要。 我们已经看到在任何时间间隔内,诚实块的得分至少以的速率增长。 因此,在时间时开始,在诚实链和攻击者链得分之间的竞争能建模为,一个在所有整数上朝负无穷行进的偏离率为的随机游走。

Since the random walk begins at the negative location , this supposedly implies that with a positive probability the walk will never return to the origin: . This in turn implies that will forever remain a blue block (and a chain block for that matter). However, to complete the analysis correctly, some careful attention is required:

因为随机遍历起始于负位置 ,据推测,这意味着在某个正概率下将永远不会游走回到原点: 。 这也表明了 将因此永远保持为蓝色块(以及主链块)。 然而,为了正确地完成分析,有些事情需要特别注意:

Note on the other hand that blocks created by honest nodes too do not contribute to the attacker chain’s score, even if they are red in . This is because we argued that at most blocks that were created by the attacker before time ( ) can be blue in , and this is regardless of ’s status within (we merely used the fact that was created by an honest node, we didn’t use the assumption that is blue in the honest chain).

注意,另一方面,由诚实结点创建的块也没有贡献攻击者链的得分,即使它们在 是红色的。 因为我们认为由攻击者在时间( )之前创建的至多 块在 中是蓝色的,并且这与 中的 的状态无关(我们仅仅链使用 由一个诚实节点创建的事实, 而没有使用在诚实链上是蓝色的假设 )。

Part V: First, we must account for the fact that not all honest nodes observe all honest blocks immediately, i.e., that might be a proper subset of . This might give the attacker an advantage, as he can create blocks, reveal them immediately to honest nodes, and these blocks do not compete with honest blocks unseen yet by these nodes. This advantage can be accounted for by assuming that the race begins only after the attacker was given additional seconds to create blocks while the honest network sat idle; see [8]. This fact does not change our general conclusion that , e.g., because there is a positive probability that the attacker did not create any block during these additional seconds.

第五部分: 首先,我们必须考虑到,不是所有的诚实节点都可以立即发现诚实块,也就是说, 可能是 的一个合适的子集。 这可能给攻击者带来优势,因为他可以创建区块,立即把他们展示给诚实块,这些块不会和仍没有被这些节点发现的块竞争。 这个优势只有在假设攻击者在诚实网络在空闲时获得额外秒时间创建块之后才考虑; 参考[8]. 这个事实没有改变我们的一般结论 ,例如,因为攻击者在这些额外 秒的时间内没有创建任何块。

Secondly, observe that the honest chain grows according to a random process that is not necessarily Poisson. Fortunately, a result from [9] shows that nevertheless we can treat the block race as if the honest score grows according to a Poisson process, and that this assumption can only increase the value of ; it is thus a worst case analysis.

第二,观察到诚实链的增长的随机过程不一定遵循Poisson分布。 幸运地是,[9]中的结果表明我们仍然可以认为区块竞争就好像诚实分数的增长遵循Poisson分布,并且这个假设仅可以增加 的值; 因此这是一个最坏的情况分析。

Part VI: Finally, we alleviate our assumption that the attacker published no block during the premining phase . Instead, consider any attacker block that belongs to . If then contributed to the score of the honest chain which passes through and maybe to the attacker chain as well, so its existence does not change the above analysis. Similarly, if , the fact that it was published has no consequence whatsoever on the score of the honest chain, and so we can ignore it and apply the same analysis as if it weren’t published.

第六部分: 最终,我们弱化了我们的假设,即攻击者在预挖阶段 时没有发布任何块。 代替的是,认为任何属于 的攻击者块 : 如果 贡献得分给通过 的诚实链,也可能贡献给攻击者链,因此它的存在不能改变以上的分析。 相似地,如果 ,它发布的事实对诚实链的得分没有任何影响,因此我们能忽略它并且采用相同的分析就好像它没有被发布。

Claim 4. The waiting time for the event is finite. Moreover, it is upper bounded by a constant that does not depend on .

断言 4. 事件 的等待时间是有限的。 而且,它的上限由一个不依赖于 的常数决定。

Proof of Claim 4. Let be an arbitrary honest block created in . The probability that no other block was created in the interval is given by . An arbitrary block satisfies the first condition in the definition of with a positive probability.

断言4 证明: 让 成为在 中创建的任意诚实块。 在时间间隔 内没有创建其他块的概率由 决定。 随机块 在正概率下满足 的第一个条件。

Given an arbitrary block satisfying the above condition, let be the creation time of the earliest block in . The probability that the attacker did not create any block in the interval is given by . In particular, given the first condition, the second one is satisfied with a positive probability.

给定任意块 满足上述条件,让 是在 中最早被创建块的创建时间。 在时间间隔 内攻击者没有创建其他块的概率由 决定。 特别是,给定第一个条件,第二个条件满足正概率。

Importantly, for any two blocks and created after and that satisfy , the satisfaction of the first condition with respect to is independent from its satisfaction with respect to . Consequently, the expected waiting time for the occurrence of a block which satisfies the first two conditions in the definition of is finite (see, for instance, Chapter 10.11 in [10]). Moreover, while the precise expected time may theoretically depend on , the above argument shows that , where const does not depend on . This completes the proof of Claim 4 and of Lemma 9.

重要的是,对于任意两个块 后创建,并且满足 ,满足关于 的第一个条件与满足 是独立的。 因此,满足 的定义中前两个条件的块出现的预期等待时间是有限的(参见,例如,章节10.11 [10])。 此外,尽管精确的预期时间 在理论上可能取决于,但上述论证表明 ,其中const不依赖于。 这完成了断言4和引理9的证明。

Theorem 5 guarantees that the probability of reorg with respect to a given block diminishes: . However, it does not guarantee anything about the convergence rate, i.e., the waiting time for a that satisfies , for some .[^18] Following the analysis in the proof of Claim 4, the waiting time for an Hourglass block can be upper bounded by a constant in the order of magnitude of , for some ; and after such a block is created, the analysis implies that converges to 0 at an exponential rate, due to the random walk dynamic.

定理5保证相对于给定区块 的重组概率会逐渐减小: 。 然而,它并不能保证收敛速率,即满足 的需要的等待时间 ,对于 。[^18]。 在断言4的证明分析中,沙漏块的等待时间的上界由一个在 数量级的常数限制,对于 ; 在这样一个块被创建之后,分析表明,由于随机遍历是动态的, 以指数速率收敛到0。

However, the analysis used in the proof is not tight. It relies on rather infrequent events which guarantee convergence in a straightforward way, namely, on the occurrence of Hourglass blocks. In practice the network is likely to converge much faster. Moreover, it can be shown that when there is no active attack, the convergence time is faster by orders-of-magnitude.

然而,在证明中使用的分析并不严密。 它依靠相当罕见的事件来保证以简单的方式进行收敛,即,出现沙漏块。 实际上,网络可能会更快地收敛。 此外,可以看出,当没有主动攻击时,收敛要快多个数量级。

  1. 然而,我们不能假设在此区间内没有区块被发布,因为攻击者可能会决定在此区间内发布他早前创建的区块。  2

  2. 注意我们的分析没有假设攻击者在单链上创建它的块。 

  3. 以下, 表示所有在 中的块由诚实结点创建的区块。  2

  4. 注意我们已经把 相乘来考虑一些罕见的事件,如有一些块创建事件突然发生,因此一些诚实块没有贡献公共链的得分。 

  5. 事实上,这个概率随着 增加而以对数形式递减。  2

Related Posts

Top