The consolidated achievement of the open-source ecosystem, decentralized file-sharing, and public cryptocurrencies has inspired an understanding that decentralized internet protocols can be utilized to radically improve socio-economic infrastructure. We have seen specific blockchain applications like Bitcoin (a cryptocurrency), Zerocash (a cryptocurrency for privacy), and generalized smart contract platforms such as Ethereum, with countless distributed applications for the Ethereum Virtual Machine (EVM) such as Augur (a prediction market) and TheDAO (an investment club).
These blockchains have suffered from a number of drawbacks, including their gross energy inefficiency, poor or limited performance, and immature governance mechanisms. Recommendations to scale Bitcoin’s transaction throughput, such as Segregated-Witness and BitcoinNG, are vertical scaling solutions that remain limited by the capacity of a single physical machine, in order to ensure the property of complete auditability. The Lightning Network can help scale Bitcoin transaction volume by abandoning some transactions off the ledger completely, and is well suited for micropayments and privacy-preserving payment rails, but may not be suitable for more generalized scaling needs.
An ideal solution is one that permits numerous parallel blockchains to interoperate while retaining their security properties. This has demonstrated difficult, if not impossible, with proof-of-work. Merged mining, for instance, allows the work done to secure a parent chain to be reused on a child chain, but transactions must still be validated, in order, by each node, and a merge-mined blockchain is vulnerable to attack if a majority of the hashing power on the parent is not actively merge-mining the child.
Cosmos is a novel blockchain network architecture that addresses all of the above problems. It is a network interfacing many independent blockchains, called zones. The zones are controlled by Tendermint Core, which provides a high-performance, consistent, secure PBFT-like consensus engine, where strict fork-accountability ensures hold over the behavior of malicious actors. Tendermint Core’s BFT consensus algorithm is appropriate for scaling public proof-of-stake blockchains. Blockchains with other consensus models, including proof-of-work blockchains like Ethereum and Bitcoin, can be associated to the Cosmos network using adapter zones.
The primary zone on Cosmos is called the Cosmos Hub. The Cosmos Hub is a multi-asset proof-of-stake cryptocurrency with a simple governance mechanism which empowers the network to adapt and upgrade. In addition, the Cosmos Hub can be extended by associating other zones.
The hub and zones of the Cosmos network communicate with each other via an inter-blockchain communication (IBC) protocol, a sort of virtual UDP or TCP for blockchains. Tokens can be transferred from one zone to another securely and rapidly without the need for exchange liquidity between zones. Rather, all inter-zone token transfers go through the Cosmos Hub, which monitors the total amount of tokens held by each zone. The hub isolates each zone from the failure of other zones. Since anyone can connect a new zone to the Cosmos Hub, zones allow for future-compatibility with new blockchain innovations.
With Cosmos interoperability between blockchains can be accomplished. The potential of the internet of value, where assets are issued and controlled by different sets of validators, yet can be moved and traded seamlessly between blockchains without relying on trusted third parties can be realized.
In this segment, we describe the Tendermint consensus protocol and the interface used to build applications with it.
In classical Byzantine fault-tolerant (BFT) algorithms, each node has the same weight. In Tendermint, nodes have a non-negative amount of voting power, and nodes that have positive voting power are called validators. Validators participate in the consensus protocol by broadcasting cryptographic signatures, or votes, to agree upon the next block.
Validators’ voting powers are determined at Genesis or are changed deterministically by the blockchain, contingent on the application. For example, in a proof-of-stake application such as the Cosmos Hub, the voting power may be controlled by the measure of staking tokens fortified as collateral.
Tendermint is a partially synchronous BFT consensus protocol derived from the DLS consensus algorithm. Tendermint is notable for its simplicity, performance, and fork-accountability. The protocol requires a fixed known set of validators, where each validator is identified by their public key. Validators endeavor to come to a consensus on one block at a time, where a block is a list of transactions. Voting for consensus on a block continues in rounds. Each round has a round-leader, or proposer, who proposes a block. The validators then vote, in stages, on whether to acknowledge the proposed block or move on to the next round. The proposer for a round is picked deterministically from the ordered list of validators, in proportion to their voting power.
Tendermint’s security derives from its utilization of optimal Byzantine fault-tolerance via super-majority (>⅔) voting and a locking mechanism. Together, they ensure that:
- ≥⅓ voting power must be Byzantine to cause an infringement of security, where more than two values are committed.
- if any set of validators ever succeeds in violating safety, or even attempts to do so, they can be identified by the protocol. This incorporates both voting for conflicting blocks and broadcasting unjustified votes.
Despite its strong guarantees, Tendermint provides exceptional performance. In benchmarks of 64 nodes distributed across 7 datacenters on 5 continents, on commodity cloud instances, Tendermint consensus can process thousands of transactions per second, with commit latencies on the order of one to two seconds. Notably, the performance of well over a thousand transactions per second is maintained even in brutal adversarial conditions, with validators crashing or broadcasting maliciously crafted votes.
The major benefit of Tendermint’s consensus algorithm is simplified light client security, making it an ideal candidate for mobile and internet-of-things use cases. While a Bitcoin light client must sync chains of block headers and find the one with the most proof of work, Tendermint light clients need only to keep up with changes to the validator set, and then verify the >⅔ PreCommits in the latest block to determine the latest state.
Succinct light client proofs also enable inter-blockchain communication.
Tendermint has defensive measures for preventing certain notable attacks, like long-range-nothing-at-stake double spends and censorship.
The Tendermint consensus algorithm is implemented in a program called Tendermint Core. Tendermint Core is an application-agnostic “consensus engine” that can transform any deterministic Blackbox application into a distributedly duplicated blockchain. Tendermint Core connects to blockchain applications via the Application Blockchain Interface (ABCI). Thus, ABCI allows for blockchain applications to be modified in any language, not just the programming language that the consensus engine is written in. Moreover, ABCI makes it possible to easily swap out the consensus layer of any existing blockchain stack.
We draw an analogy with the well-known cryptocurrency Bitcoin. Bitcoin is a cryptocurrency blockchain where each node maintains a fully audited Unspent Transaction Output (UTXO) database. If one wanted to create a Bitcoin-like system on top of ABCI, Tendermint Core would be responsible for
- Sharing blocks and transactions between nodes
- Establishing a sanctioned/immutable order of transactions (the blockchain)
Meanwhile, the ABCI application would be in charge of
- Maintaining the UTXO database
- Validating cryptographic signatures of transactions
- Preventing transactions from spending non-existent assets
- Enabling clients to query the UTXO database
Tendermint is able to disintegrate the blockchain design by offering a very simple API between the application process and consensus process.