Researchers have discovered a series of theoretical attacks against Bitcoin's Nakamoto consensus; the most damaging ones are selfish mining, double-spending, and consistency delay attacks. These attacks have one common cause: block withholding. This paper proposes Crystal, which leverages quorum certificates to resist block withholding misbehavior. Crystal continuously elects committees from miners and requires each block to have a quorum certificate, i.e., a set of signatures issued by members of its committee. Consequently, an attacker has to publish its blocks to obtain quorum certificates, rendering block withholding impossible. To build Crystal, we design a novel two-round committee election in a Sybil-resistant, unpredictable and non-interactive way, and a reward mechanism to incentivize miners to follow the protocol. Our analysis and evaluations show that Crystal can significantly mitigate selfish mining and double-spending attacks. For example, in Bitcoin, an attacker with 30% of the total computation power will succeed in double-spending attacks with a probability of 15.6% to break the 6-confirmation rule; however, in Crystal, the success probability for the same attacker falls to 0.62%. We provide formal end-to-end safety proofs for Crystal, ensuring no unknown attacks will be introduced. To the best of our knowledge, Crystal is the first protocol that prevents selfish mining and double-spending attacks while providing safety proof.

翻译：研究人员已发现一系列针对比特币中本聪共识的理论攻击，其中最具破坏性的攻击包括自私挖矿、双重支付和一致性延迟攻击。这些攻击有一个共同原因：区块扣留。本文提出Crystal方案，利用仲裁证书来抵抗区块扣留不当行为。Crystal持续从矿工中选举委员会，并要求每个区块均需获取仲裁证书（即由该委员会成员签发的一组签名）。因此，攻击者必须发布其区块才能获得仲裁证书，这使得区块扣留无法实现。为构建Crystal，我们设计了一种新型的两轮委员会选举机制，该机制具有抗女巫攻击、不可预测性和无交互性，并提出一种激励矿工遵循协议的奖励机制。分析与评估表明，Crystal能显著缓解自私挖矿和双重支付攻击。例如，在比特币中，拥有总算力30%的攻击者通过双花攻击打破6次确认规则的成功概率为15.6%；而在Crystal中，同一攻击者的成功概率降至0.62%。我们为Crystal提供了形式化的端到端安全性证明，确保不会引入未知攻击。据我们所知，Crystal是首个在提供安全性证明的同时有效防止自私挖矿和双重支付攻击的协议。