May 29, 2019

Various Questions about the Algorand Blockchain

By: Algorand

Algorand’s core technology is a visionary approach to blockchain and has been rigorously peer-reviewed and published as academic papers — view them here and here. A summary version of our core technology is also available.

While there are a number of resources available, we recognize that sometimes the pace of innovation in blockchain often outpaces the pace of understanding when it comes to the technical specifics of any given project. To further help our community understand how Algorand’s blockchain works, we have composed a short list of Q&As for questions that interested readers may encounter while learning about Algorand.

As we are committed to continuously develop and deploy our roadmap, we shall continue to address questions about our technology. Be sure to follow our official channels: TwitterLinkedInTelegramYouTube and Reddit.

Q1: Algorand’s consensus protocol is secure as long as malicious users control no more than 1/3 of the total stake. Suppose that S1000 (the set of all users present at round 1000) collectively own less than 1/3 of the total stake in round 2 million. Can an adversary, who corrupts S1000 at round 2 million, have them produce a different block for round 1000?

A: No. In a continuously running system, protecting the past against future compromises of secret keys is commonly referred to as forward security in the literature. Algorand’s consensus protocol achieves forward security by using ephemeral voting keys. Each voting message in the protocol is signed using a voting key that is deleted after its job is done, thus the name “ephemeral”. With this method, even if, in the future, an attacker manages to corrupt all users present in the system in an earlier round, these users would no longer have their voting keys necessary to generate any block that is different from the previously produced ones.

Q2: Can an adversary break Algorand’s consensus protocol by “bribing” users so that they do not delete their ephemeral keys?

A: No. A user is honest if he plans to follow and indeed follows the rules of the protocol. Honest users will thus delete their ephemeral keys. A user who does not do so is malicious, whether he is “bribed” or not. As long as, at any point in time, the honest users jointly hold more than 2/3 of the current total voting stake, Algorand’s consensus protocol is totally secure.

Moreover, it is hard to bribe people you do not know yet, and, in the Algorand protocol, voting users secretly select themselves, via an individual and cryptographically fair lottery.

Finally, a “bribe attack” conducted on a large scale is quite unrealistic, as it essentially assumes that the majority of stake-holders do not have any value about the security of the system and can be bought cheaply. In reality, it’s quite the opposite. Most people understand that if they are bribed to work against the system, they will lose all the value of their stake in the system. Thus bribing 1/3 of the total stake would cost at least 1/3 of the total value of the system, a costly mission to achieve.

Q3: What is Algorand’s guarantee about safety and liveness?

A: Algorand’s safety guarantee is that no fork can arise as long as 2/3 of the total stake are in honest hands. This guarantee also applies during a long partition of the network, when the adversary has total control over message delivery in the system. Accordingly, once a block is generated, it is immediately final and will not disappear from the blockchain, whether the network is partitioned or not.

Algorand’s liveness guarantee is that when the network is not partitioned, blocks are generated and finalized every few seconds. During a network partition, no blockchain can guarantee both safety and liveness. Algorand blockchain guarantees safety all the time, and automatically recovers liveness after the network partition is resolved.

Q4: What is more important, safety or liveness?

A: Both safety and liveness are crucial for a blockchain. Achieving safety without liveness is trivial and meaningless. A “protocol” where the users do not do anything and no block is generated is perfectly safe, but provides no liveness.

For example, consider the following over-simplification of Algorand: Step 1 and Step 2 are as usual; in Step 3, each user checks whether he has received more than 2/3 of the expected number of signatures from Step 2 for some candidate block B. If so then he marks B as the block for that round. That’s all. Such a “protocol” is trivially safe, but does not guarantee any liveness whatsoever. Indeed, it stalls when a round has a malicious block proposer.

Q5: What is Algorand’s current reward scheme?

A: The Algorand Foundation is responsible for the distribution of Algos — the native token of the Algorand platform. Every user is an equal member of the Algorand community and earns an amount of rewards proportional to their stake for every block that is committed to the chain. This initial approach is designed to encourage broad early participation in the ecosystem and to reward all users in the Algorand community, accelerating our path to decentralization.

Here at Algorand, we prefer to use the term “reward” rather than “incentive.” While an incentive is a technical economic term, a reward is a more colloquial expression, which makes sense even if you give it to everyone, as the Algorand Foundation plans to do initially. In the future, the foundation will introduce additional incentive mechanisms to ensure long term infrastructure support and health.

Q6: Where do the above-mentioned rewards come from?

A: For the first five years, rewards will come from a separate pool of tokens set aside by the Algorand Foundation for this purpose (learn more about our Token Dynamics). After that, rewards will come from accumulated transaction fees.

Q7: With what frequency are rewards distributed?

A: For all users, rewards virtually accumulate as the blockchain grows. But they are explicitly reflected in an account’s balance when the account is involved in a transaction (e.g., when the account sends or receives Algos).

Q8: Why does the Algorand Foundation use Dutch auctions to determine the token price?

A: A Dutch auction provides three main benefits: fairness, transparency and convenience.

A Dutch auction lets the market determines the fair price of tokens rather than having the price set by any specific entity. Also, in a Dutch auction, the token price is the same for all participants who have won any amount of tokens, treating participants fairly.

A Dutch auction makes it convenient for users to participate remotely. During such an auction users do not need to stay online the entire time. They can make a bid and then move offline, and even return online to make another bid later on.

Finally, Algo auctions are conducted on the Algorand blockchain for transparency. All bids are placed on the blockchain, so everybody can verify that the auction has been conducted properly.

Learn more about Algorand’s Dutch auctions here.