Bitcoin Security Beyond Unbonding

101 Series

101 Series

Sep 3, 2022

PoS chains such as Cosmos zones can achieve Bitcoin-level safety for their transactions by using Babylon with a slow finality rule. To confirm a transaction via the slow finality rule, clients of the PoS chain wait until the timestamp of the PoS block containing the transaction becomes k-deep on Bitcoin. This way, clients can preserve the safety of high value transactions against double-spend attacks. Possibility of securing high-value transactions with Bitcoin enables Cosmos zones to support high value trades even at a low token valuation, thus facilitating the adoption of new zones for high value use-cases such as NFT transfers. By aggregating the Bitcoin timestamps of many Cosmos zones, Babylon enables these zones to simultaneously enjoy the same Bitcoin-level security provided by the slow finality rule.

Slow finality for Bitcoin safety

Figure 1: PoS blocks whose timestamps have become k-deep are depicted with a green checkmark. These blocks are said to be confirmed via the slow finality rule. Any PoS chain conflicting with these blocks will be identified as an attack chain and rejected since its timestamps will appear after the timestamps of the PoS blocks confirmed via the slow finality rule.

 In the previous blog post, we have seen how Babylon helps reduce the unbonding period by timestamping unbonding requests on Bitcoin. Once a Bitcoin block timestamping an unbonding request is confirmed, i.e., becomes k-deep in the longest chain of Bitcoin, an attacker cannot overwrite the timestamp of the PoS block carrying the unbonding request by forking Bitcoin. PoS chains can thus grant unbonding requests as soon as they are confirmed on Bitcoin, without exposing themselves to posterior corruption attacks

Unbonding request can be considered as an important transaction which is endowed with Bitcoin security through the timestamping process. Generalizing this process, we can attain a stronger notion of finality for certain important transactions: If a client waits until the timestamp of a PoS block becomes k-deep on Bitcoin, then that timestamp cannot be replaced by any conflicting block (unless Bitcoin itself loses security). This notion enables the client to obtain Bitcoin-level safety for transactions within such blocks, at the cost of a longer delay, lending it the name slow finality. This delay comes from the confirmation latency for the Bitcoin block (time to be k-deep) timestamping the PoS transactions. 

Use cases of slow finality

Protecting important transactions

Clients of a Cosmos zone have the option to use slow finality to attain Bitcoin-level safety for crucial, high-value transactions. Consider the purchase of an expensive car. If the merchant waits until the payment is timestamped by a k-deep block on Bitcoin before the shipment, it can avoid any double-spend risk by the buyer. This is because such an attack would require the buyer to fork not only the underlying Tendermint chain at the risk of getting slashed, but also Bitcoin itself to remove the timestamp of the Tendermint block containing the payment transaction. 

Bootstrapping new chains

An important use-case of slow finality is supporting high-value trades (e.g., NFT transfers) on new, bootstrapping Cosmos zones that initially have low token valuation. In the double-spend example above, an adversarial buyer might not hesitate to bribe the validators to fork the zone; since the financial impact of slashing would be small when the token has a low initial value. This results in the bootstrapping dilemma: the low initial valuation of the chain discourages users from high-value trades due to the safety attack risk, which in turn hampers any increase in the token value due to the low trade volume. With Babylon and slow finality, a double-spending adversary also incurs the cost of forking Bitcoin, which requires the purchase of tremendous amounts of hash power. Deterring the adversary from double-spend attacks, slow finality can thus break the bootstrapping dilemma by secure high value assets on the chain, and in turn, driving up the token value. 

Bitcoin security for all

Via slow finality, Cosmos zones can provide Bitcoin-level safety to important transactions. However, this requires timestamping blocks from many zones on Bitcoin, with a prohibitive bandwidth requirement if these chains opt to send timestamps directly to Bitcoin. In this context, by aggregating and sending checkpoints on behalf of many zones, Babylon enables the whole Cosmos ecosystem to share the security offered by Bitcoin.