For Nakamoto's longest-chain consensus protocol, whose proof-of-work (PoW) and proof-of-stake (PoS) variants power major blockchains such as Bitcoin and Cardano, we revisit the classic problem of the security-performance tradeoff: Given a network of nodes with finite communication- and computation-resources, against what fraction of adversary power is Nakamoto consensus (NC) secure for a given block production rate? State-of-the-art analyses of NC fail to answer this question, because their bounded-delay model does not capture the rate limits to nodes' processing of blocks, which cause congestion when blocks are released in quick succession. We develop a new analysis technique to prove a refined security-performance tradeoff for PoW NC in a bounded-capacity model. In this model, we show that, in contrast to the classic bounded-delay model, Nakamoto's private attack is no longer the worst attack, and a new attack we call the teasing strategy, that exploits congestion, is strictly worse. In PoS, equivocating blocks can exacerbate congestion, making traditional PoS NC insecure except at very low block production rates. To counter such equivocation spamming, we present a variant of PoS NC we call Blanking NC (BlaNC), which achieves the same resilience as PoW NC.

翻译：对于中本聪的最长链共识协议（其工作量证明（PoW）和权益证明（PoS）变体支撑着比特币和卡尔达诺等主要区块链），我们重新审视了安全与性能权衡这一经典问题：给定一个具有有限通信和计算资源的节点网络，对于特定的区块生成速率，中本聪共识（NC）能够抵御多大比例的攻击者算力？现有的NC前沿分析未能回答这个问题，因为它们的有界延迟模型未能捕捉到节点处理区块的速率限制，当区块快速连续发布时，这种限制会导致拥塞。我们开发了一种新的分析技术，以在有界容量模型中证明PoW NC的精细化安全-性能权衡。在该模型中，我们表明，与经典的有界延迟模型不同，中本聪的私挖攻击不再是最坏攻击，而我们称之为“戏弄策略”的一种利用拥塞的新攻击则更为严重。在PoS中，区块的模棱两可（equivocation）可能加剧拥塞，使得传统的PoS NC除了在极低的区块生成速率下之外都不安全。为了应对这种模棱两可的区块泛滥攻击，我们提出了一种PoS NC的变体，称之为“空白中本聪共识”（BlaNC），它能够达到与PoW NC相同的抗攻击能力。