New kids on the block: an analysis of modern blockchains Luke Anderson∗, Ralph Holz∗, Alexander Ponomarev†, Paul Rimba†, Ingo Weber† ∗University of Sydney, Sydney, Australia †Data61/CSIRO, Sydney, Australia ∗{l.anderson,ralph.holz}@sydney.edu.au †fi[email protected] ABSTRACT a network of untrusted nodes. A majority of these nodes Half a decade after Bitcoin became the first widely used need to act faithfully to the respective blockchain pro- cryptocurrency, blockchains are receiving considerable in- tocol in order to secure the operation of the blockchain terest from industry and the research community. Modern as a whole. blockchains feature services such as name registration and Bitcoin’s asset is the Bitcoin currency (BTC) and the smart contracts. Some employ new forms of consensus, such trusted centralised entity it attempts to replace is the as proof-of-stake instead of proof-of-work. However, these traditional bank. Newer blockchains provide more intri- blockchains are so far relatively poorly investigated, despite cate features, such as Namecoin’s attempt at providing the fact that they move considerable assets. In this paper, we decentralised name registration, or Ethereum’s globally explore three representative, modern blockchains—Ethereum, distributed Ethereum Virtual Machine that allows ex- Namecoin, and Peercoin. Our focus is on the features that ecuting code in the form of so-called smart contracts set them apart from the pure currency use case of Bitcoin. on the Ethereum network. Perceptions of blockchains We investigate the blockchains’ activity in terms of trans- are varied, with opinions ranging from highly sceptical actions and usage patterns, identifying some curiosities in to enthusiastic. Success of the technology would have the process. For Ethereum, we are mostly interested in the broad implications for legislation, policy-making, and smart contract functionality it offers. We also carry out a financial processes, due to the inherently decentralised brief analysis of issues that are introduced by negligent de- nature of the technology. We believe it is too early to sign of smart contracts. In the case of Namecoin, our focus make a definitive call; however, blockchains are already is how the name registration is used and has developed over used to move assets on a large scale. Now is the time to time. For Peercoin, we are interested in the use of proof- investigate them: at the time of writing, the total value of-stake, as this consensus algorithm is poorly understood of all existing bitcoin currency equates roughly USD 7B; yet used to move considerable value. Finally, we relate the Ethereum’s Ether follows in second place with approx- 1 above to the fundamental characteristics of the underlying imately USD 750M . peer-to-peer networks. We present a crawler for Ethereum In this paper, we carry out analyses for three block- and give statistics on the network size. For Peercoin and chains that have considerably extended Bitcoin’s origi- Namecoin, we identify the relatively small size of the net- nal mechanism. Ethereum has added a Turing-complete works and the weak bootstrapping process. scripting language that makes it possible to define pro- grams that are executed by participants of the blockchain. Categories and Subject Descriptors Namecoin has added a decentralised name registration arXiv:1606.06530v1 [cs.CR] 21 Jun 2016 service. Peercoin, finally, has made a switch to a new C.2.2 [Computer-Communication Networks]: Net- consensus mechanism to ensure the security of the blockchain, work Protocols; C.2.4 [Computer-Communication namely proof-of-stake. For the blockchains whose asset Networks]: Distributed Systems is a service that is provided in a decentralised fashion— General Terms Namecoin and Ethereum—we focus on how the service is used and supported by the blockchain. An analy- Measurement, Experimentation, Human Factors sis of Ethereum is one of our main contributions: we show the development of the blockchain and give fun- 1. INTRODUCTION damental statistics that describe its use. In particular, Since the advent of Nakamoto’s Bitcoin in 2008 [14], a we explore the smart contracts and uncover oddities, diverse range of blockchain implementations have emerged. including some security-related (so far low-impact) is- The common goal of blockchain-based technologies is to sues. We also provide a first analysis of similarity be- decentralise control of a particular asset, typically re- placing one or a small set of trusted central entities with 1Data from http://coinmarketcap.com/ on 3/5/2016. 1 tween contracts on the blockchain, which gives hints at they are connected to. This is insufficient to prevent how they have been developed. For the ‘pure-currency’ double-spending, however, as an attacker could always blockchain, Peercoin, we investigate how much the new try to partition the network and spend the same coin in- proof-of-stake algorithm is involved in moving currency dependently in each partition. Hence, Bitcoin requires around. Finally, we investigate briefly some core prop- all nodes to achieve consensus regarding which trans- erties of the networks that keep these blockchains run- actions have been made or rejected, e.g., due to insuf- ning, including peer crawling data and tests of the boot- ficient balance. This is solved by block mining. Nodes strapping process. collect transactions into a block and compute a hash The remainder of this paper is organised as follows. over the whole block, together with a nonce of their In the next section, we provide the necessary back- choosing. A block will only be accepted by the entire ground to understand the blockchains we investigate network if the hash value, interpreted as a number, is and discuss previous related work. Section3 presents smaller than a given target value, which depends on the our methodology and provides an overview of our data previous blocks’ hash values, and which each node can sets. Section4 presents our results for Ethereum, Name- compute independently and deterministically. coin, and Peercoin. We offer our conclusions in Section When a miner finds a valid hash, the block header 5. containing the valid hash is announced to the network. Other miners in the network then validate the new block 2. BACKGROUND AND RELATED WORK header before accepting it. Acceptance is indicated by We provide the necessary background on blockchain miners starting to work on subsequent blocks, incorpo- technology in this section and discuss related work. rating the newly mined block as the parent. To mine a block, a node must thus invest computational resources 2.1 Background to find a nonce that when used in the hashing process will yield the necessary block hash. A blockchain is an append-only, public ledger that It may occasionally happen that two miners find a keeps track of transactions relating to an asset. In Bit- block at the same time (a ‘fork’). In that case, the coin, for instance, a transaction is the transfer of some blockchain is not ‘in consensus’ until the next block is amount of Bitcoin currency (BTC) from one account found, which takes one of the two candidates as its cho- to another. An account is expressed as a public key; sen previous block. The new, longest blockchain is then ownership of the corresponding private key proves own- accepted by the network as the ‘consensus view’. ership of the account. Transactions are grouped into By requiring not just one, but a number of blocks to blocks, which are cryptographically linked—i.e., block have been found since the first inclusion of a transac- n contains a hash value of block n − 1. Transactions tion, it becomes exceedingly unlikely that an attacker is are digitally signed: only the holder of the private key able to forge a different, longer blockchain that contains can create a valid signature, but all participants of the a different set of transactions: to change a transaction blockchain can verify its validity with the known pub- in an already confirmed block, one must recompute the lic key2. All participants maintain the entire history hashes for all subsequent blocks. Bitcoin’s author sug- of the blockchain, and in most blockchains every par- gested that an attacker would need to control strictly ticipant knows the ownership status of all assets and more than 50% of the network’s computational power all accounts. However, one typically does not know the for this attack to succeed [14], although more recent re- identity of an account owner by only looking at this search has identified attacks that succeed with less [6]. data. A major assumption is that miners are incentivised to A serious problem that all early crypto-currency pro- act faithfully. As a reward for mining a block, a miner posals shared was the need to maintain a trusted au- may assign a certain amount of thus newly generated thority that could issue cryptographic coins and track currency to itself in the new block. In Bitcoin, the ex- transactions so as to ensure that no digital coin could act amount is currently 25 BTC and this reward halves be spent twice, and that the payer is able to transact at certain intervals (52,500 blocks), with the next halv- if her balance permits. One of Bitcoin’s declared goals ing expected to occur in July 2016. Senders of trans- was to remove this central authority. The key insight actions may also choose to pay transaction fees that was that double-spending can be prevented if all partic- the block miner can claim. The input of a transaction ipants in the digital currency are able to maintain the must be the output of a previous transaction (except same, correct view of all transactions in the network. for the aforementioned currency generation). The out- Proof-of-work Bitcoin introduced the blockchain as put is one or more currency values with the public keys a cryptographic ledger that stores all transactions ever of the receivers, all signed by the sender.