# About Chain Consensus

Proof-of-Stake (PoS). The aim is brute forcing partial hash collision for the 𝑏 first bits of the hash target which initiated with 0 𝑘 = 0000 ⏟ … … … .000 (k times).
Prerequisites:

- 1.Parameter 𝒔 is defined to distinguish between service names
- 2.Parameter 𝑏 is defined as the number of bits from the left side of bit-string
- 3.The notation of 𝐴 ≡b 𝐵 is defined for whether two sub bit-string of A,B from the left side (𝑖𝑛𝑑𝑒𝑥 0 𝑡𝑜 𝑏) are equal or not. The output of the comparison is True or False.
- 4.Notation || is defined as concatenation between two bit-string
- 5.𝑥 is a random bit-string
- 6.𝑉 is True if 𝐻 (𝑠 || 𝑥) starts with 𝑏 bits filled with zero.

Cost-function interactive algorithm between client and server [8]:

Input: 𝑠, 𝑥
Output: True, False

- 1.𝑆𝑒𝑟𝑣𝑒𝑟 𝑐𝑜𝑚𝑝𝑢𝑡𝑒𝑠 𝐶 = 𝐶ℎ𝑎𝑙𝑙𝑒𝑛𝑔𝑒 (𝑠, 𝑏) 𝑎𝑛𝑑 𝑠𝑒𝑛𝑑𝑠 𝑡𝑜 𝑡ℎ𝑒 𝑐𝑙𝑖𝑒𝑛𝑡
- 2.The client searches for 𝑥 such that 𝐻𝑎𝑠ℎ (𝑠 || 𝐶 || 𝑥) ≡𝑏 0 𝑘
- 3.𝐼𝑓 𝐻𝑎𝑠ℎ (𝑠 || 𝐶 || 𝑥) ≡𝑏 0 𝑘 𝑖𝑠 𝑇𝑟𝑢𝑒 𝑆𝑒𝑟𝑣𝑒𝑟 ← 𝐶𝑙𝑖𝑒𝑛𝑡 𝑠𝑒𝑛𝑑𝑠 𝑠, 𝑥
- 4.𝑆𝑒𝑟𝑣𝑒𝑟 𝑐𝑎𝑙𝑐𝑢𝑙𝑎𝑡𝑒𝑠 𝑉 = 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒 𝐻(𝑠 || 𝐶 || 𝑥) ≡𝑏 0 𝑘
- 5.𝐼𝑓 𝑉 = 𝑇𝑟𝑢𝑒 𝑅𝑒𝑡𝑢𝑟𝑛 𝑉 Else Return 𝐹𝑎𝑙𝑠𝑒

Cost-function non- interactive algorithm [8]

Input: 𝑠, 𝑥
Output: True, False

- 1.Client finds 𝑥 such that 𝐻 (𝑠 || 𝑥) ≡𝑏 0 𝑘
- 2.Client publishes 𝑠, 𝑥 9
- 3.𝐴𝑙𝑙 𝑛𝑜𝑑𝑒𝑠 𝑐𝑜𝑚𝑝𝑢𝑡𝑒 𝑉 = 𝐸𝑣𝑎𝑙𝑢𝑎𝑡𝑒 (𝑠 || 𝑥)
- 4.𝐼𝑓 𝑉 = 𝑇𝑟𝑢𝑒 𝑅𝑒𝑡𝑢𝑟𝑛 𝑉 Else 𝑅𝑒𝑡𝑢𝑟𝑛 𝐹𝑎𝑙𝑠𝑒

As far as all curves in Elliptic Curve Cryptography (ECC) are not efficiently secure therefore numerous standard organization evaluate how equations of curves are secure for example, NIST introduced fifteen curves as standardized to be used in industry and financial technology [20]. ECDSA is based on asymmetric ECC and is more efficient in processing and bandwidth sake of short keys and more performance compared with RSA or Elgamal cryptosystem [21]. We take a brief look at the elliptic curve cryptosystem but not with all details. (Appendix A) The elliptic curve is simplified form of Weierstrass equation over algebraic field 𝐾 as a form of

For cryptographic purposes, coefficients, and variables belong to field 𝐾 that can be prime finite field or binary field. All points lie on the equation plus with abstract notation ∞ forms an Abelian algebraic group with additive operation. This cryptosystem is based on the hardship of discrete logarithm elliptic curves. Curve 𝑒𝑑25519 (twisted Edwards curves) and 𝑒𝑐𝑝256𝑘1 are two well-tested and robust secure, applied cryptographic curves with specified parameters. 𝐸𝑐𝑝256𝑘1 was implemented in either Bitcoin and Ethereum but still, processing time, key size, memory usage and resistance against quantum attacks can be more optimized. Therefore, there are much controversial debates to new implementation for new digital signature schemes. The first exposed solution was changing to 𝑒𝑑25519 sake of optimized key features rather than 𝑒𝑐𝑝256𝑘1 with fast signing process and small signature and high level security [22]. Still 𝑒𝑑25519 is 11 vulnerable against quantum attack. Other alternatives can be evaluated for instance, Lamport signatures in Ethereum.

Input: 𝑌 2 = 𝑥 3 + aX + b , 𝑎, 𝑏, prime number 𝑍𝑝, Base point 𝐺, The order of subgroup 𝑛, cofactor ℎ Output: private and public key

- 1.𝑃𝑟𝑖𝑣𝑎𝑡𝑒 𝑘𝑒𝑦 ← 𝐶ℎ𝑜𝑜𝑠𝑒 𝑎 𝑟𝑎𝑛𝑑𝑜𝑚 𝑛𝑢𝑚𝑏𝑒𝑟 𝑎𝑚𝑜𝑛𝑔 {1, 2, 3, … . , 𝑛 − 1}
- 2.𝑃𝑢𝑏𝑙𝑖𝑐 𝑘𝑒𝑦 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 𝑝𝑟𝑖𝑣𝑎𝑡𝑒 𝑘𝑒𝑦 × 𝐺 ( 𝑛𝑜𝑡𝑒 𝑡ℎ𝑎𝑡 𝑡ℎ𝑒 𝑝𝑢𝑏𝑙𝑖𝑐 𝑘𝑒𝑦 𝑖𝑠 𝑝𝑜𝑖𝑛𝑡 𝑜𝑛 𝑐𝑢𝑟𝑣𝑒)
- 3.𝑅𝑒𝑡𝑢𝑟𝑛 private key and public key

Input: 𝑌 2 = 𝑥 3 + aX + b a, b, prime number ZP, Base point G, The Order of Subgroup = n, Private key, message=M Output: 𝑀, signature 1, signature 2

- 1.𝑟 ← 𝐶ℎ𝑜𝑜𝑠𝑒 𝑟𝑎𝑛𝑑𝑜𝑚 𝑖𝑛𝑡𝑒𝑔𝑒𝑟 𝑟 , 𝑟 ∈ [1, 𝑛 − 1]
- 2.𝑒 (𝑥𝑒 , 𝑦𝑒) ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 𝑟 × 𝐺
- 3.𝑆0 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 (𝑥𝑒 𝑚𝑜𝑑 𝑛)
- 4.𝐼𝑓 𝑆0 == 0 𝑡ℎ𝑒𝑛 Go to 1 Else 𝑆 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 [ 𝑟 −1 (𝑀

𝑆0 × 𝑝𝑟𝑖𝑣𝑎𝑡𝑒 𝑘𝑒𝑦) ] 𝑚𝑜𝑑 𝑛 (𝑟 −1 𝑖𝑠 𝑚𝑢𝑙𝑡𝑖𝑝𝑙𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑖𝑛𝑣𝑒𝑟𝑠𝑒)

- 5.𝑅𝑒𝑡𝑢𝑟𝑛 (𝑆0 , 𝑆)

Input: 𝑆, 𝑆0 , 𝑃𝑢𝑏𝑙𝑖𝑐 𝑘𝑒𝑦, 𝑀𝑒𝑠𝑠𝑎𝑔𝑒 = 𝑀 , 𝑜𝑟𝑑𝑒𝑟 𝑜𝑓 𝑠𝑢𝑏𝑔𝑟𝑜𝑢𝑝 = 𝑛 , 𝑏𝑎𝑠𝑒 𝑝𝑜𝑖𝑛𝑡 𝐺 Output: True, False

- 1.𝑉1 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 (𝑆 −1 × 𝑀) 𝑚𝑜𝑑 𝑛
- 2.𝑉2 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 (𝑆 −1 × 𝑆0) 𝑚𝑜𝑑 𝑛
- 3.𝑃 ← 𝐶𝑜𝑚𝑝𝑢𝑡𝑒 𝑉2 × 𝐺 + (𝑉2 × 𝑃𝑢𝑏𝑙𝑖𝑐 𝑘𝑒𝑦 )
- 4.𝐼𝑓 𝑥𝑝 == 𝑆0 (𝑚𝑜𝑑 𝑛) 𝑡ℎ𝑒𝑛 𝑅𝑒𝑡𝑢𝑟𝑛 𝑇𝑟𝑢𝑒 Else 𝑅𝑒𝑡𝑢𝑟𝑛 𝐹𝑎𝑙𝑠𝑒

Last modified 6mo ago