| The proof of stake(PoS)mechanism,which allows stakeholders to issue a block with a probability proportional to their wealth instead of computational power,is believed to be an energy-efficient alternative to proof of work(PoW).The privacy concern of PoS,however,is more subtle than its counterpart.Recently,Kohlweiss et al.have shown that current anonymous PoS(APoS)protocols do not suffice to protect the stakeholder’s identity and stake,and the loss of anonymity is theoretically inherent for any(deterministic)PoS protocol that provides liveness guarantees.In this paper,we focus on the possibility of providing the concrete stake privacy of PoS when considering the limitations of attacks in practice.Specifically,we introduce the notion of(Δtag,δ,∈)-privacy to quantify the concrete stake privacy of PoS.Our analysis of(Δtag,δ,∈)-privacy on Cardano shows to what extent the stake privacy can be broken in practice,which also implies possible parameters setting of rational(Δtag,δ,∈)-privacy for PoS in the real world.The data analysis of Cardano demonstrates that the(Δtag,δ,∈)-privacy of current APoS is not satisfying.The crux of the matter is the deterministic leader election predicate in current PoS construction.Inspired by differential privacy technique,we propose an efficient non-deterministic leader election predicate,which can be used as a plugin to APoS protocols to protect stakes against tagging attack.Based on our leader election predicate,we construct anonymous PoS with noise(APoS-N),which can offer better(Δtag,δ,∈)-privacy than state-of-the-art works,Furthermore,we propose a method of proving the basic security properties of PoS in the noise setting,which can minimize the impact of the noise on the security threshold.Such a method can also be applied to the setting of PoS with variable stakes,which is of independent interest. |
PDF Full Text Request