Comparative Study of Byzantine Fault Tolerant Consensus Algorithms on Permissioned Blockchains April 2020 Isitan Gorkey Chakir El Moussaoui Vincent Wijdeveld EEMCS EEMCS EEMCS TU Delft TU Delft TU Delft Delft, Netherlands Delft, Netherlands Delft, Netherlands [email protected] [email protected] [email protected] Supervised by Supervised by Erik Sennema Zekeriya Erkin Miray Aysen EEMCS EEMCS EEMCS TU Delft TU Delft TU Delft Delft, Netherlands Delft, Netherlands Delft, Netherlands [email protected] [email protected] [email protected] Abstract—Blockchain is a technology that is in use increasingly. process of answering the research question consists of first Although owing its common use to the cryptocurrencies there giving an overview of the blockchain. Then the consensus is more to the blockchain technology than just the monetary algorithms used in blockchain technologies will be discussed use. One of these uses is by smaller groups of participants under the control of a central authority, for instance at a followed by the trust models between nodes, the incentive company. Such private blockchains use permissioned blockchain mechanisms, and scalability analysis. Lastly, the comparison consensus algorithms as the participants need the permission of permissioned consensus algorithms will be discussed and a of the authority to be able to join the system. This paper will conclusion will be drawn to the paper. give an overview of the blockchain technology, investigate permis- sioned and permissionless blockchain, and focus on permissioned blockchains to analyze it in terms of, e.g. trust models between II. AN OVERVIEW OF BLOCKCHAIN the nodes, incentives, number of nodes & parties involved, and Blockchain [4] is a sequence of blocks, where each block scalability regarding the number of transactions. Index Terms—Blockchain, Byzantine Fault Tolerance, Consensus keeps a list of transactions. Each block consists of a header Algorithms, Cryptocurrency, Permissioned and a body. The header contains the following information about the block which can be seen in Figure 1: I. INTRODUCTION • Block version: indicates the set of block validation rules Blockchain is a technology that is being used in increasingly to follow. more platforms [1]. The idea of blockchain was first • Merkle tree root hash: the hash value of the Merkle tree introduced by Haber and Stornetta in 1990 [2], the first root, which is recursively derived from the hash value of conceptualization of it did not happen until 2008 when the transactions in the block, as can be seen in Figure 1. Nakamoto applied blockchain as the underlying technology of • Timestamp: the time passed in seconds from January 1, Bitcoin [3]. Bitcoin made it possible to make safe monetary 1970 until the creation of the block (universal time). transactions without the need for a central authority such as a • nBits: the target threshold of a valid hash. The gener- bank, which remarked the strength of blockchain technology. ated hash needs nBits or a lower amount of 0’s at the In the following years, blockchain technology has been used beginning of the generated hash. in more fields from payment processing to online voting. • Nonce: a 4-byte field, which usually starts with 0 and increases for every hash calculation. The main research question of this paper is: How the con- • Previous block hash: a 256-bit hash value that points to sensus algorithms that are used in permissioned blockchains the previous block. compare against each other. The subquestions investigated The hash of the previous block is contained in the block to answer this question are: How do consensus algorithms header, a block has only one previous block. The first block compare against each other in the means of incentives, number of a blockchain is called the genesis block. The genesis block of nodes & parties involved, scalability regarding the number has no previous block. of transactions, and trust models between the nodes. The 1 Block N Block N + 1 Block Header Block Header Block Time Block Time nBits Nonce nBits Nonce Version Stamp Version Stamp Previous Block Merkle Tree Previous Block Merkle Tree Hash Root Hash Hash Root Hash Body Body Hash1 Hash2 Hash1 Hash2 Transaction Transaction Counter Counter Tx1 Tx2 Tx3 Tx4 Tx1 Tx2 Tx3 Tx4 Fig. 1. An example of a block structure in a blockchain The body consists of a transaction counter and a list of trans- Permissionless blockchains do, however, suffer from several actions. The maximum number of transactions that a block can drawbacks due to their fully replicated and open nature [5]: contain depends on the maximum block size and the size of 1) They have low performance in terms of the ability to the transactions that is set for the specific implementation of process a high throughput of transaction requests. For blockchain. Bitcoin, for example, has a maximum block size example, Bitcoin is currently able to process only about of 1 MB and a block is mined every 10 minutes on average. 7 transactions per second (TPS). This results in a maximum processing time of 7 transactions 2) Data stored in permissionless blockchains is publicly per second. One solution to increase the transaction throughput accessible as it is fully replicated among all peers. is to make use of larger blocks. This, however, means that if Without implementing additional measures on top of the all blocks are filled the blockchain will grow twice as fast as original protocol, permissionless blockchains suffer from before. This can make it significantly more costly to run a full confidentiality issues. bitcoin miner node in the future. Doubling the block size can 3) Due to forking, permissionless blockchains with the thus result in a higher barrier of entry for node administrators consensus protocols Proof of Work, Proof of Stake and and lower the number of nodes ran on the network. This could Proof of Authority never reach consensus finality, that cause centralisation which is undesirable as it is contradictory is, they have forks resulting in more waiting time for to the decentralized nature of the system. a block to be deemed valid as they go by one of the chains of the fork [6]. This chain could be chosen A. Permissionless Blockchain by different parameters based on implementation, such Permissionless blockchains [5] are open for any entity to as the length of the chain. When forking is possible, participate in by running a local instance of the protocol transactions committed in dropped chains of the fork using their digital signature (public key). There is no need might be revoked. for participants to publicize their real identities. The first To avoid these drawbacks, permissioned blockchains were permissionless blockchain was Bitcoin [3]. introduced. There are some advantages to the fully replicated immutable B. Permissioned Blockchain data store of the permissionless blockchains and their open Permissioned blockchains have evolved as an alternative to nature, which are [5]: permissionless blockchains. In [7] Vukolic´ stated that ”this 1) No need to have full trust in any single entity in the happened in order to address the need for running blockchain network or a third party. technology among a set of known and identifiable participants 2) Each entity in the network is identified by its digital that have to be explicitly admitted to the blockchain network”. signature. There is no need for real identities. This makes the permissionless blockchains pseudonymous. The permissioned blockchain [7] concept is best used in 3) Blockchains are fully replicated immutable data stores business applications of the blockchain technology. Even that aim to ensure integrity and non-repudiation. though the nodes do not necessarily trust each other or any 2 third parties, they are still required to identify themselves, confirmable by the other nodes and the proof should be which is usually the case within business circles. The notion infeasible to forge. of smart contracts [5] was introduced by Ethereum [8] and are 1) Proof of Work used in applications that require trustworthy and decentralized Proof of Work (PoW) was first introduced by Satoshi execution of business logic involving multiple entities. Nakamoto in the implementation of the Bitcoin network [3]. The reason permissioned blockchains provide enhancements Within a decentralized network [4], there needs to be some over their permissionless counterparts is that they facilitate node in the network that records the transactions, creates enterprise-grade use cases [5], such as: a block, and sends it to all other nodes in the network for 1) The participation in the consensus protocol is limited to them to attach it to their own blockchain. The created block a specific group of nodes that require explicit system will then be recorded by all other nodes in the network. This configuration in terms of permission from the authority, so called block creation is rewarded with a block reward software, and hardware. This results in permissioned which will be discussed in section V. The easiest and the blockchains being able to use Byzantine Fault Tolerant fairest way to select such a node is random selection. But (BFT) protocols, which generally have better throughput randomly selecting such a node is vulnerable to attacks. To and transaction latency. [9]. avoid this, a node must do a lot of work in the form of 2) Falazi et al. [5] noted that ”Permissioned blockchains are computer calculations to be selected. The idea behind this is generally better in terms of confidentiality since sensitive that a node which has done a lot of work would not be likely transactions can be isolated from public access.” to attack the network. 3) For permissioned blockchains forks and non-final deci- sions could be avoided. For example, Byzantine consen- In Bitcoin, each node of the network is calculating a hash sus algorithms reach consensus with finality [10].