Ouroboros, the Eternal Cycle in Cardano Consensus

Which blockchains use Ouroboros?

A consensus protocol is the system of parameters, which generates rules that order the behavior of network participants, to produce the distributed records.

Public blockchains are not controlled by a central authority, and for this reason, it is the consensus protocol that allows a single source of truth, a single registry, to be agreed upon. This is why blockchains are called trustless, as instead of requiring participants to trust each other, trust is built into the protocol.

Ouroboros is the name of Cardano’s Proof of Stake consensus algorithm, it is its Operating System.

Its name originates from Egyptian mythology, and goes back to the hieroglyphics found in a chamber of the pyramid of Unas, in 2300 BC, and is a symbol that shows a snake that engulfs its own tail and that symbolizes the eternal cycle.

This is how the protocol is developed that serves as the basis for self-propagating systems, which grow cyclically, supplanting existing systems.

A block is the unit used to transition to a new state in the ledger. If the majority of the network considers the proposed block valid, the new block will be stored in the blockchain, and will become the starting point for the next state transition.

Ouroboros was the first blockchain consensus protocol to be developed through peer-reviewed research, led by Prof. Aggelos Kiayias of the University of Edinburgh.

Ouroboros is a Proof of Stake (PoS) protocol, which is different from Proof of Work (PoW), like the one used by Bitcoin.

Instead of relying on miners to solve computationally complex equations to create new blocks, and reward the first to do so. The PoS protocol selects the validator nodes (in the case of Cardano, stakepools) to create new blocks, based on the weighted randomness in the staking that they control in the network, among other parameters of lesser impact.

Ouroboros divides Cardano time into slots (every second), blocks (every 20 seconds), epochs (every 5 days). The slot is the nomination space to sign a block. The slot leader (node ​​chosen by the protocol) is responsible for adding a block to the chain. There can only be one slot leader per slot. 

Each epoch includes 432,000 slots, (60 seconds x 60 minutes x 24 hours x 5 days). On average, the protocol design expects a block to be validated every 20 seconds, totaling 21,600 blocks per epoch (3 blocks per minute x 60 minutes x 24 hours x 5 days). It may happen that, due to various network issues (old versions of some nodes, or several disconnected nodes), fewer blocks result.

So you can see that the design foresees 20 slots per block. As many slots are created per block to ensure continuity in block production, since if a designated node is not available, another follows. So there is competition between nodes, and it is called ‘slot battle’ between validating nodes, and so the chain forks naturally all the time. Those little forks are quickly resolved and are only a few blocks long. The stakepool that “loses” the battle does not collect rewards.

The main feature of Ouroboros is the transparency for the selection of slot leaders, which are known in advance at the beginning of each epoch, and there is always only one per slot, to forge a block. In a later article I will explain the function of the stakepools and how the slot leader selection mechanism works.

Within the Ouroboros protocol, each node of the network stores a copy of the mempool, where the transactions queued to be validated are added, and if these are consistent with the existing transactions and with the chain of blocks, the node verifies the chain as valid. .

With PoS, the selection of the block creator (the signing slot leader) is in their operating system, their algorithm. This presents some problems for the purpose, that is, the immutability of the transaction, since the selection process of the block creator can be attacked, achieving the election in favor of the aggressor, being able to repeatedly be chosen again as block creator. If they master block creation, they could censor transactions.

There are two properties to maintain the integrity of any type of distributed ledger:

─ Latency: is the time it takes for a transaction to appear in a block on the blockchain

─ Finality: is the time it takes for a transaction to become immutable

Latency on Cardano is excellent. Blocks and transactions spread rapidly through the network, typically reaching 95% of the network within 5 seconds.

Many consider the transaction to be stable (unchangeable) as soon as they see it on the chain, and it is not. Finality is only ‘100% guaranteed’ after k blocks, where k is a protocol parameter. Currently, k = 2,160 blocks. Ouroboros Praos, Cardano’s current protocol, guarantees that there can be no forks of more than ‘k’ blocks.

That does not mean that you have to wait 2,160 blocks before considering a transaction stable.

What does it mean for a transaction to be stable? It means that any possible fork of the chain will necessarily include that transaction, and thus the operation would be lost on a new ‘dead’ blockchain. Forks occur when two (or more) versions of the chain compete. Eventually, only one will prevail.

Are forks that common? Yes, in Ouroboros Praos, the chain forks naturally all the time, and they are called ‘slot battles’ between validator nodes, as I explained before.

The problem is that attackers can also try to create artificial forks so that the network adopts a fake version. To be successful, they need a lot of staking, and a lot of power (i.e. hashing) to simulate as many forks as possible and hopefully get a favorable one adopted for them, to have a small chance of “breaking” Ouroboros. .

Developer Matthias Benkort (Twitter user @KtorZ) in a Tweet estimated that 5 blocks would already be enough to obtain an acceptable finality, but to be very cautious, around 70 blocks is a good measure to reach a high enough probability of immutability. .

The Cardano consensus protocol evolves over time. I will expose a summary of each implementation.

Ouroboros: Versions of an Evolving Protocol

The first three versions are already implemented, and the following ones do not have a defined roadmap with certain dates, but they are in the process of being implemented. 

Ouroboros Classic

It was the first implementation of the Ouroboros protocol, published in 2017, which differentiated Ouroboros from other PoS blockchains, in their ability to generate unbiased randomness in the leader selection algorithm, to forge blocks. Randomness prevents the formation of patterns, and is a fundamental part of maintaining the security of the protocol, since the unpredictable behavior cannot be exploited, and although Ouroboros guarantees transparency, it avoids coercion. Ouroboros was the first blockchain protocol to be developed with this kind of rigorous security analysis.

Ouroboros BFT

Ouroboros Byzantine Fault Tolerance was used by Cardano during the evolution of Byron, which was the transition to the new code base. Ouroboros BFT helped prepare the Cardano federated network for the launch of Shelley (stakepools) and, with that, its decentralization.

Instead of requiring nodes to be online all the time, Ouroboros BFT assumed a federated network of servers and asynchronous communication between servers.

Ouroboros Praos

This version, which is the current one, provided substantial security and scalability improvements. As with Ouroboros Classic, Ouroboros Praos processes transaction blocks by dividing chains into slots, which are added in epochs, however it is parsed in a semi-synchronous environment and is safe against adaptive attackers as it assumes adversaries can delay honest messages from participants for more than one space and that an adversary can send arbitrary messages to any participant at any time.

Praos ensures that a strong adversary cannot predict the next slot leader, and launch a focused attack (such as a DDoS attack) to subvert the protocol.

Ouroboros Genesis

It will further enhance Ouroboros Praos, by allowing participants to start from a block considered genesis, without the need for reliable checkpoints, or assumptions about past availability.

It will also provide a proof of universal composability of the protocol, meaning that the protocol can be composed with other protocols without losing its security properties. This contributes significantly to its security and sustainability, and that of the networks that use it.

In a Tweet on October 3, 2022, responding to a question, Charles Hoskinson said that the Ouroboros Genesis implementation will be in 2023.

Ouroboros Crypsinous

It will equip Genesis with privacy-preserving properties, achieving security against adaptive attacks by introducing a new technique based on SNARK and secure private key encryption.

Ouroboros Cronos

It will achieve two objectives. First, it will synchronize clocks securely through a novel mechanism and thus become independent of external time services. Second, it will provide a time source for other protocols, with cryptographic security.

Chronos will make the ledger more resistant to attacks that target time information.

Ouroboros Leios

Ouroboros Leios will significantly increase scalability and maintain the current level of decentralization, dividing the tasks related to validation and block production in two groups of nodes. However, each node can perform both tasks.

In addition to block producers, there will be a second group called Input Endorsers.

Between two blocks, multiple Input Endorsers will be randomly selected, with the task of endorsing the input to be included in the block, these being a second layer of security, which will process transactions and scripts before a slot leader (producing node ) validates them in a block, as long as it cryptographically verifies the right to prepare the input.

Although there is still no Research Paper on Leios, we can see a clear explanation in this video:

Ouroboros Omega 

It is the project that brings together all the research carried out on Ouroboros in recent years, and converges in a single protocol, highly scalable and efficient. 

Combines the best features of all Ouroboros versions so far developed, such as no dependency on an external clock, self-healing so it can gradually recover from 51% attacks, with the ability to boot from a given block considered Genesis, semi synchro , adaptive security, instant finality, among other features.

Charles Hoskinson referred to Omega in a Tweet on February 4, 2021: “Here’s a Teaser. Omega is the convergence of all the ideas we’ve had over the last six years. It’s gonna be good.” and then, on April 18, 2021 in another Tweet: “I recently approved an additional 1.5 million USD in IOG’s 2021 Budget to accelerate Ouroboros Omega research and delivery.” 

. . .

2 comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts