https://eprint.iacr.org/2018/104.pdfPHANTOM:
A Scalable BlockDAG protocol
Yonatan Sompolinsky and Aviv Zohar
School of Engineering and Computer Science,
The Hebrew University of Jerusalem, Israel
{yoni sompo,avivz}@cs.huji.ac.il
Abstract
In 2008 Satoshi Nakamoto invented the basis for what would come to be known as
blockchain technology. The core concept of this system is an open and anonymous network
of nodes, or miners, which together maintain a public ledger of transactions. The ledger takes
the form of a chain of blocks, the blockchain, where each block is a batch of new transactions
collected from users. One primary problem with Satoshi?s blockchain is its highly limited
scalability. The security of Satoshi?s longest chain rule, more generally known as the Bitcoin
protocol, requires that all honest nodes be aware of each other?s blocks in real time. To this
end, the throughput is artificially suppressed so that each block fully propagates before the next
one is created, and that no ?orphan blocks? that fork the chain be created spontaneously.
In this paper we present PHANTOM, a protocol for transaction confirmation that is secure
under any throughput that the network can support. PHANTOM thus does not suffer from
the security-scalability tradeoff which Satoshi?s protocol suffers from. PHANTOM utilizes a
Directed Acyclic Graph of blocks, aka blockDAG, a generalization of Satoshi?s chain which
better suits a setup of fast or large blocks. PHANTOM uses a greedy algorithm on the
blockDAG to distinguish between blocks mined properly by honest nodes and those mined
by non-cooperating nodes that deviated from the DAG mining protocol. Using this distinction,
PHANTOM provides a full order on the blockDAG in a way that is eventually agreed upon
by all honest nodes.
The Digital Reserve is closely watching this development for use in its implementation.
