A. Motivation for a New Consensus Protocol

Most of the existing generic blockchain consensus protocols have certain limitations. For example, Proof of Work (PoW) is highly resource-intensive and difficult to apply for large-scale online systems [13]. Employing Proof of Stake (PoS) in crowdsourcing systems may compromise the rights of nodes [14] as it suffers from security, fairness, and centralization issues. Delegated Proof of Stake (DPoS) handles the fairness issue by democratic voting, but still, it has some degree of centralization [15]. Moreover, employing DPoS cannot avoid collusion among stakeholders. Therefore, an application-specific blockchain consensus protocol is highly desirable, considering the peculiarities of crowdsourcing systems [16], [17]. To address the security and trust challenges, some recent studies [18]–​[20] have proposed blockchain-based consensus protocols for crowdsourcing applications that also strive to handle accountability, credible crowdsourcing, free riding, and false reporting, and compelling trust management issues. These studies were the prime motivation behind this work.

Several drawbacks are identified in the existing blockcha-in-based crowdsourcing consensus protocols. For example, Proof of Trust (PoT) elects a leader from ledger nodes using Reliable-Replicated-Redundant And Fault-Tolerant (RAFT) and validators from crowdsourcing service participants based on trust values [18]. However, PoT analyzes some of the security attacks, including sybil, DDoS, and collusion through simulations, and theoretically describes a few of the security properties. An improved PoT is a reputation-based protocol in which a high reputation worker is selected as a miner of the block, and verification nodes are also selected based on reputation [19]. However, the reputation calculation is based on the historical interaction of a miner and feedback of other nodes that may not be reliable. It is based on simulation techniques and analyzes collusion attacks. Mobile Crowdsourcing (MCS) chain is based on the total payment for block generation which informally analyzes security properties [20]. The consensus protocol of zkCrowd is based on DPoS and Practical Byzantine Fault Tolerance (PBFT) and is validated using simulation techniques, which favors voters having more tokens [21]. The RAFT and PBFT used in the existing blockchain-based crow-dsourcing consensus protocols are formally verified [22]–​[24], therefore, PoT and zkCrowd are partially verified. The existing blockchain-based crowdsourcing consensus protocols discussed-above employ simulation techniques that do not assure the models’ correctness as simulations are performed on limited data set.

B. Challenges

The weaknesses of the existing blockchain-based crowdsourcing consensus protocols present the following challenges.

1. How to design a secure and trustworthy consensus protocol that applies to crowdsourcing services?

   1. How to prevent security attacks, such as blockchain fork, invalid block insertion, and selfish mining?

   2. How to select trusted leader and validators to prevent their malicious behaviors?

2. How to ensure the correctness of the blockchain-based crowdsourcing consensus protocol?

C. Contributions

This research work aims to present a formally verified Secure and Trustworthy Blockchain-based Cr-owdsourcing (STBC) consensus protocol to deal with the above-discussed challenges. The consensus protocol is nam-ed as STBC because we have defined the security properties of the protocol and trustworthy selection process of a leader and validators based on trust factors. The peculiarities of the STBC consensus protocol are:

1. It records the activities of service providers and consumers, e.g., post, receive, and perform tasks as transactions, and the transactions that gain maximum votes are included in the proposed block.

2. The service consumers have to escrow deposit when they post a task, and the service providers get their share from the escrowed deposit after the successful completion of a task. When the service providers and consumers perform activities, their activity rate is incremented.

3. It selects a trusted leader from blockchain management nodes to propose a block and trusted validators from blockchain management nodes, crowdsourcing service providers, and consumers to validate and vote for the transactions and the block. The trusted leader and validators have to escrow deposit to prevent malicious behaviors.

4. Unlike the existing consensus protocols of blockchain-based crowdsourcing [18]–​[21], the selection criteria of a leader and the validators are different. While the leader is selected based on three trust factors (i.e., deposit ratio, activity rate, missed rate), the validators are chosen based on deposit ratio and activity rate.

The STBC consensus protocol prevents blockchain fork, selfish mining, and invalid block insertion attacks. In STBC consensus protocol, at most one block is proposed in every round, which avoids the possibility of a blockchain fork. If multiple nodes propose a block simultaneously, then blockchain can fork. A single leader is selected to propose a block in each round of consensus to prevent this situation. A successfully generated block that is accepted by a majority of the validators is only added in the blockchain. In this way, all the nodes record the same block, which ensures the absence of a fork. Moreover, only the block of a trusted leader is added to the blockchain which prevents selfish mining attack. If a leader acts maliciously to add an invalid block, the consensus protocol resists it by adding no block.

The guarantee of correctness of any system is essential, especially critical and real-time systems. As a crowdsourcing system involves several critical tasks, therefore its correctness has vital importance. Formal methods are rigorous mathematical techniques to model computer systems that help designers verify the system’s properties and assist in system testing to increase the confidence of correctness of a system. Model checking is an important formal methods-based technique used for the formal verification of critical systems. It is automatic, effective, and requires less human intervention. Therefore, it is utilized in this work.

The main contributions of this work are summarized below:

1. Security: The proposed consensus protocol provides security by defining security properties, i.e., safety and fault tolerance to prevent blockchain fork and selfish mining attacks. It is secure when at most $\left \lfloor{ \frac {n-1}{3}}\right \rfloor $ nodes are faulty. Here n denotes the total number of nodes. This ratio is assumed similar to most of the byzantine fault tolerance (BFT) consensus protocols.

2. Trustworthy: We presented an improved trust model based on several new factors such as deposit ratio, activity rate, and missed rate. The leader and validators’ trust properties are defined to prevent blockchain fork, selfish mining, and invalid block insertion attacks.

3. Fairness: The proposed consensus protocol provides a fair environment for the selection of leaders and validators. The activity rate is included to prevent rich nodes dominating the network. The introduction of missed rate of a node will increase its chances to be selected as a leader. The trust values update mechanism enforces nodes to obey protocol rules; because in the case of malicious activity, in addition to trust values, they also lose their deposit as a punishment.

4. Energy-saving: The protocol saves energy as a single leader is supposed to propose a block in every round.

5. Correctness: The correctness of the proposed consensus protocol is ensured utilizing a formal methods-based technique, i.e., model checking. The formal specification of the proposed STBC protocol is performed using CSP#. Furthermore, the PAT model checker is applied for the formal verification of safety, fault tolerance, leader trust, and validators’ trust properties. Linear Temporal Logic (LTL) is utilized to specify the security and trust properties.

The rest of the paper is organized as follows: Section II establishes the background knowledge; Section III discusses the related work; Section IV presents the system model; Section V defines the formal model of the proposed protocol; Section VI describes the results; and finally Section VII presents the conclusion and future work.

A. Blockchain Technology

Blockchain technology was introduced by an unknown person Satoshi Nakamoto, as a distributed, peer-to-peer, decentralized, and a linked structure to address the issue of double-spending [13]. Figure 2 represents an example of blockchain. The transactions are grouped and ordered in a structure called a block. In addition to transactions, a block contains its hash and the previous block hash. The variable Prev. Block Hash in the current block in Figure 2 is used to link the block to its previous block which prevents alteration of blocks and insertion of a block between existing blocks. The miners are responsible for adding the blocks in chronological order. In the blockchain, any node can initiate a transaction and broadcast it to the nodes of the network. The network nodes validate transactions and the miner of the block adds the validated transactions to the blockchain. The number of transactions in a block depends upon the size of a block.

FIGURE 2.

An example of blockchain.

Show All

Blockchain have applications in various fields, for example, healthcare [29], banking sector [30], insurance companies [31], and crowdsourcing [32]. In this work blockchain is exploited for crowdsourcing systems, as it helps to provide accountability, transparency, and immutability to avoid unfaithful and dishonest behaviors.

B. Formal Modeling and Verification

Formal modeling and verification of consensus protocols is important to ensure their correctness. Model checking is the formal methods-based technique that is effectively used for formal verification. Model checking involves verifying whether a formal model of the system satisfies the desired properties. Model checking technique is useful to reveal the errors that cannot be identified using testing and simulation techniques. In this work, we use the model checking technique because in comparison to other techniques, e.g., theorem proving, it is more effective, automatic, and needs less human involvement. Model checking technique is useful to check partial specifications. However, the state explosion problem is a big limitation of the model checking approach [33], as the state of the model grows infinitely large with the increase of variables, distinct values, and components.

CSP# is a formal specification language used for the formal modeling of concurrent aspects of critical systems. The high-level modeling constructs such as sequential/parallel composition, channels, and interleaving are combined with low-level C# constructs, e.g., variables, if-then-else, and arrays. The syntax of CSP# can be described as:\begin{align*} \begin{array}{lll}&~~ {Proc} ::= \mathrm {SKIP} & ~\,\!~\hspace {-0.4em} (\text {termination}) \\ & | \mathrm {STOP} & (\text {deadlock}) \\ & | ev \{program\} \rightarrow {Proc} & (\text {operation prefixing})\\ & | ev \rightarrow {Proc} & (\text {event prefixing})\\ & | [\,guard]\, {Proc} & (\text {state guard}) \\ & | {Proc_{1}} \;\vert \vert \; {Proc_{2}} & (\text {parallel composition}) \\ & | {Proc_{1}} \;\vert \vert \vert \; {Proc_{2}} & (\text {interleaving}) \\ & | {Proc_{1}}; {Proc_{2}} & (\text {sequential} \; \text {composition})\\ & | ch ? a \rightarrow {Proc(a)} & (\text {channel input})\\ & | ch ! a \rightarrow {Proc} & (\text {channel output})\\ & | {Proc_{1}} \;\Box \; {Proc_{2}} & (\text {external} \; \text {choice})\\ & | {Proc_{1}} \;\sqcap \; {Proc_{2}} & (\text {internal} \; \text {choice})\\ & | \mathrm {if} \; guard \; \mathrm {then} \; {Proc_{1}}\; \mathrm {else}\; Proc_{2} & (\text {boolean} \; \text {statement})\\ & | {Proc_{1}} \;\triangleright \; {Proc_{2}} & (\text {timeout})\\ & | {Proc_{1}} \;\triangle \; {Proc_{2}} & (\text {interrupt}) \end{array}\end{align*} View Source\begin{align*} \begin{array}{lll}&~~ {Proc} ::= \mathrm {SKIP} & ~\,\!~\hspace {-0.4em} (\text {termination}) \\ & | \mathrm {STOP} & (\text {deadlock}) \\ & | ev \{program\} \rightarrow {Proc} & (\text {operation prefixing})\\ & | ev \rightarrow {Proc} & (\text {event prefixing})\\ & | [\,guard]\, {Proc} & (\text {state guard}) \\ & | {Proc_{1}} \;\vert \vert \; {Proc_{2}} & (\text {parallel composition}) \\ & | {Proc_{1}} \;\vert \vert \vert \; {Proc_{2}} & (\text {interleaving}) \\ & | {Proc_{1}}; {Proc_{2}} & (\text {sequential} \; \text {composition})\\ & | ch ? a \rightarrow {Proc(a)} & (\text {channel input})\\ & | ch ! a \rightarrow {Proc} & (\text {channel output})\\ & | {Proc_{1}} \;\Box \; {Proc_{2}} & (\text {external} \; \text {choice})\\ & | {Proc_{1}} \;\sqcap \; {Proc_{2}} & (\text {internal} \; \text {choice})\\ & | \mathrm {if} \; guard \; \mathrm {then} \; {Proc_{1}}\; \mathrm {else}\; Proc_{2} & (\text {boolean} \; \text {statement})\\ & | {Proc_{1}} \;\triangleright \; {Proc_{2}} & (\text {timeout})\\ & | {Proc_{1}} \;\triangle \; {Proc_{2}} & (\text {interrupt}) \end{array}\end{align*} where Proc, $Proc_{1}$ and $Proc_{2}$ are processes, guard represents a condition, ev is an event, program describes a piece of code that executes atomically and ch denotes a synchronized communication channel.

Assertions are used to query properties about the behavior of a system. Various types of assertions are supported in PAT, such as, deadlock-freeness, divergence-free, nonterminating, reachability and LTL. Deadlock-freeness and LTL assertions are used in this work.

C. Deadlock-Freeness

This assertion checks whether a process Proc is deadlock-free or not.

#assert Proc() deadlockfree;

D. Linear Temporal Logic (LTL)

LTL is used to specify properties to be checked on a formal model. LTL extends predicate or propositional logic by modalities and provide a way to mathematically represent linear time properties. PAT supports the full syntax of LTL. For a process Proc(), the below assertion checks whether Proc() satisfies the LTL formula $\phi $ .

#assert Proc() $\models \phi $ ;

The syntax of LTL is defined according to following rules:\begin{equation*} \phi = ev\, |\, prop\, |\, \phi _{1} \, \land \, \phi _{2} |\, \neg \, \phi | \, \Box \, \phi |\, \lozenge \, \phi |\, \bigcirc \, \phi |\, \phi _{1}\, \cup \, \phi _{2}\end{equation*} View Source\begin{equation*} \phi = ev\, |\, prop\, |\, \phi _{1} \, \land \, \phi _{2} |\, \neg \, \phi | \, \Box \, \phi |\, \lozenge \, \phi |\, \bigcirc \, \phi |\, \phi _{1}\, \cup \, \phi _{2}\end{equation*} where ev is an event, $prop$ is an atomic proposition, $\Box $ is read as always, $\lozenge $ is read as eventually, $\bigcirc $ is read as next, and $\cup $ is read as until. An LTL formula $\Box \phi $ defines that $\phi $ must hold on the entire respective path while $\lozenge \phi $ represents that $\phi $ eventually holds on the respective path. An LTL formula $\bigcirc \phi $ describes that $\phi $ must hold at next state whereas $\phi _{1} \cup \phi _{2}$ shows that $\phi _{2}$ holds at the current position or at some future position and $\phi _{1}$ has to hold before that state. From that position $\phi _{2}$ does not necessarily has to hold any more.

A. Blockchain Consensus Protocols

Some important blockchain consensus protocols are briefly described here. PoW is the first consensus algorithm that is used in Bitcoin [13]. It is based on complicated computation where every node of the network continuously computes a hash value of every block header using different nonce values until the calculated hash value becomes less than or equal to a certain target value. When a node gets the desired value, other nodes of the network verifies its correctness, and the block is added to the blockchain. However, it is highly resource-intensive and has low throughput.

PoS is an alternative to PoW that requires much less energy to be consumed [14]. In this mechanism, a node is selected based on its stake to propose a block. However, it favors rich nodes in the network. In this way, centralization can occur in the network. Several solutions are proposed to address this issue. For example, Peercoin [34] uses coin age selection procedure, Blackcoin [35] is based on randomization and Bitshares [36] uses Delegated Proof of Stake (DPoS) [15] in which stakeholders select delegates based on voting for the generation and validation of a block, however, it has some degree of centralization.

PBFT is proposed for tolerating byzantine faults [37]. It can tolerate 1/3 byzantine faults. The consensus is divided into three phases, i.e., pre-prepare, prepared, and commit. A node can transit from one phase to another phase after getting 2/3 votes from other nodes. Tendermint is another BFT consensus protocol [38]. However, the BFT protocols are suitable for small networks and have poor scalability. The survey of several other blockchain consensus protocols is provided in [39].

B. Blockchain-Based Crowdsourcing Consensus Protocols

Recently, the integration of blockchain technology and crow-dsourcing has gained the attention of the research community. PoT is a consensus protocol built upon the idea of blockchain technology to handle the accountability issue in crowdsourcing services [18]. The protocol utilizes RAFT [22] to elect a leader from ledger nodes and selects service participants as validators of transactions based on trust values. The PoT protocol addresses the issue of scalability associated with BFT and Paxos-based algorithms. It considers the unfaithful behavior of nodes that is not addressed in BFT algorithms. The security attacks, including, sybil, collusion, and DDoS are analyzed in the work. As RAFT is formally verified through TLA proof system and Coq proof assistant [22], [23], therefore, PoT is defined as partially verified in Table 1. However, PoT cannot preserve privacy of users. An improved PoT consensus algorithm is presented for crowdsourcing using blockchain as an underlying technology [19]. In this protocol, a high reputation worker is selected as a miner of the block. The calculation of reputation is based on the historical interaction of a miner and feedback of other nodes which may not be reliable. It analyzes the collusion attacks and does not provide a mechanism to evaluate task solutions. Further, privacy and reliability are also not addressed in this work.

TABLE 1 Summary of Blockchain-Based Crowdsourcing Consensus Protocols

MCS-Chain is presented as a blockchain-based mobile crowdsourcing platform for decentralized and distributed tr-ust management [20]. The trust evaluation mechanism is defined which allows users to select reliable workers. A consensus protocol is presented in MCS-Chain for block generation to improve the efficiency of the blockchain. In the protocol, a new block is created when the total payment which needs to be recorded into the next block exceeds the defined threshold. The centralization and fork issues are addressed in the work which guarantee that even if several blocks are generated simultaneously, a unique block is added to the blockchain. The liveness, safety, fault tolerance, and decentralization are demonstrated theoretically but the system lacks in privacy and anonymity of users and workers.

The zkCrowd, a hybrid blockchain-based crowdsourcing platform is proposed to balance transaction transparency and privacy [21]. The zkCrowd consists of a public chain to manage public tasks and multiple subchains to handle private tasks. DPoS is implemented on the public blockchain to elect validators. The alternative validators which are not elected in the public chain are elected as subchain validators in a round-robin manner using PBFT on private subchains. The zkCrowd is resilient against a 51% attack, sybil attack, privacy leakage, free riding and false reporting, and byzantine failures. As continuous-time Markov chain models are defined for PBFT and are formally verified through PRISM model checker [24], therefore, zkCrowd is termed as partially verified in Table 1. However, zkCrowd lacks in defining cross-communication between public and private chains, privacy protection of answers, and a proper reward distribution mechanism. On the public chain, voters having more tokens have more influence on the network. Further, if there are a large number of private tasks then an issue of scalability can occur. The comparison of the above-discussed consensus protocols is provided in Table 1. Unlike [18]–​[21], the proposed protocol is formally verified.

C. Blockchain-Based Crowdsourcing Systems

3) Dispute Arbitration

A blockchain-based scheme for fine-grained authorization in data crowdsourcing (BC-FGA-DCrowd) is proposed in [59]. The scheme resists internal malicious actions and external sybil and DDoS attacks. The feasibility of the scheme is tested on the Ethereum network, however, it lacks in defining a proper function for evaluating the quality of data. A decentralized oracle-based game is proposed to decide the truth of queries and to resolve disputes [60]. In crowdsourcing, the quality of completed tasks and fairness in the evaluation of tasks are addressed using blockchain technology [61]. An arbitration mechanism is described for the realization of business services and to avoid security attacks, e.g., false reporting and free-riding but it lacks privacy analysis.

The comparison of the discussed research work in terms of security and trust is provided in Table 2. It is observed in the literature that there are very few blockchain-based crowdsourcing consensus protocols and some of these are partially verified [18], [21]. To the best of our knowledge, this is the first work which utilizes CSP# for the formal specification of a blockchain-based crowdsourcing consensus protocol and the PAT model checker for the verification of security and trust properties.

TABLE 2 Comparison of Blockchain-Based Crowdsourcing Systems

A. System Architecture

The architecture of the blockchain-based crowdsourcing system (BBCS) is represented in Figure 3. It consists of four actors: service consumer, service provider, blockchain management nodes, and validator nodes. The service consumers request for services by posting a task to the crowdsourcing platform. A service consumer can check the status of a task by sending a query to the blockchain. Service providers provide services by receiving a task through a crowdsourcing platform. A service provider can send a query to the blockchain to get information about the task payment. The blockchain management nodes are responsible for managing blockchain, e.g., proposing and validating blocks. In every round of consensus, a trusted leader is elected from the blockchain management nodes to propose and add a block to the blockchain. The validators validate and vote for transactions and blocks. The blockchain management nodes, service consumers, and providers can serve as validators.

FIGURE 3.

Architecture of the system.

Show All

B. Design of Consensus Protocol

1) Crowdsourcing Consensus Protocol

The overview of the proposed STBC consensus protocol is presented in Figure 4. The consensus process starts with the initialization of nodes that can perform the transactions. The blockchain management node having the highest trust value is selected as a leader for the current round. The trust is calculated based on deposit ratio, activity rate, and missed rate.The trusted validators are selected from blockchain management nodes, crowdsourcing service providers, and consumers to validate and vote for the transactions and the block to avoid malicious behaviors. The validator’s trust is calculated based on deposit ratio and activity rate. The process of selection of leader and validators runs in parallel to save time. After the process of selection, the trusted validators vote for transactions and broadcast votes. The leader prepares the block by including the transactions that gain the majority of the votes from validators. The leader then broadcasts the block to the validators and they vote for the block. If the majority of the validators accept the block then the leader adds the block in the blockchain and all the nodes update their ledger. The trust values and deposit of leader and validators are updated and the consensus process enters into the next round. If the block is rejected, then the leader and validators lose the trust and deposit, and the consensus protocol moves to the next round.

FIGURE 4.

Overview of STBC consensus protocol.

Show All

C. Properties and Attacks

In this work, we have defined security and trust properties, i.e., safety, fault tolerance, trusted leader, and trusted validators to prevent security attacks, such as blockchain fork, selfish mining, and invalid block insertion. The properties and attacks are defined below.

D. Threat Model

To introduce an effective attack against the STBC consensus protocol, an attacker needs to compromise more than 1/3 of network nodes. A malicious leader and a validator can pose several threats which can affect the working of the consensus process. If there are multiple nodes mining at the same time then blockchain can fork, therefore, in the proposed consensus protocol, a unique leader is selected in every round to propose a block to prevent blockchain fork. Malicious nodes may try to mine blocks secretly and broadcast to the network nodes. To avoid this situation, it is ensured that only the trusted leader can execute the block propose and broadcast process and all the nodes add the block of a trusted leader in their ledger in each round. A malicious leader may try to add an invalid block in the blockchain, but the consensus protocol prevents its addition by adding no block. The deposit of a leader is stored in the blockchain to avoid malicious behavior. If a leader remains honest then the escrowed deposit is returned, otherwise, the deposit is slashed away. Moreover, it also loses its trust and it becomes very difficult for the malicious leader to become the leader again. This incentivises the leader to behave honestly.

Malicious validators may refuse to vote for transactions or blocks to prevent the addition of the correct blocks. This situation can occur only if more than 1/3 of the validators are malicious. To avoid this situation, the selected validators must also submit a deposit to the blockchain. If the correct block cannot be added to blockchain due to malicious validators then the validators not only lose the trust but also the escrowed deposit which incentivises validators to behave honestly. Further, it becomes difficult for these nodes to become trusted validators again. Further, if the consensus process is localized among some fixed nodes then it can lead to centralization. Therefore, the trust model for the selection of a leader and validators is designed in such a way that it prevents centralization. For the selection of a trusted leader and validators, activity rate is utilized in addition to deposit ratio to restrict rich nodes from dominating the network. Missed rate is also introduced in the selection of a leader so that the nodes waiting to become leaders also get a chance. This ensures fairness and decentralization in the protocol.

A. Consensus Protocol

The consensus protocol is defined as a process (line 3) which involves four nodes represented as $PNodes$ (line 1) where node $i \in PNodes$ . The number of transactions to be included in a block is defined as $T$ (line 2). All the steps of the consensus protocol are described in detail. In a distributed environment, all the nodes execute a sequence of processes of consensus protocol in parallel.

1. $\#define\,\,PNodes\,\,4$ ;

2. $\#define\,\,T\,\,2;$

3. $\begin{aligned} Consensus\_{}\,\,Protocol()=\\ \hspace {-1.5em}\qquad \quad (\parallel \,\,i:\{0..PNodes-1\}\text{@}\\ \hspace {-1.5em}\qquad \quad (NodeInitialization();\,\,PerformTransactions();\\ \hspace {-1.5em}\qquad \quad \,\,Selection();\,\,VoteForTransactions(T,\,\,i);\\ \hspace {-1.5em}\qquad \quad \,\,ProposeAndBroadcast(i);\,\,VoteToBlock(i);\\ \hspace {-1.5em}\qquad \quad \,\,isValidBlockchain();\,\,AddBlock(i);\\ \hspace {-1.5em}\qquad \quad \,\,UpdateTrustAndDeposit()));\\ \hspace {-1.5em}\qquad \quad NextRound(); \end{aligned}$

B. Nodes Initialization

Firstly, the nodes are initialized having unique identifiers, with sufficient deposit, number of activities, and number of misses (line 4). There are three types of nodes, i.e., management nodes, provider nodes, and consumer nodes. All these nodes can serve as validator nodes.

4. $\begin{aligned} NodeInitialization()=(MngNode1(0,\,\,20,\,\,0,\,\,0);\\ \quad \,\,\,\,MngNode2(1,\,\,30,\,\,0,\,\,0);\,\,ProvNode1(2,\,\,15,\,\,0);\\ \quad \,\,\,\,ProvNode2(3,\,\,20,\,\,0);\,\,ConsNode1(4,\,\,10,\,\,0);\\ \quad \,\,\,\,ConsNode2(5,\,\,30,\,\,0);\,\,ConsNode3(6,\,\,20,\,\,0)); \end{aligned}$

$MngNode1$ is defined as a management node (line 5). The first parameter represents the identifier of the node. The deposit, number of activities, and number of misses are described in the second, third, and fourth parameters respectively. Firstly, a guard statement is specified in which it is checked that the node has a positive identifier, has sufficient deposit, and that the number of activities and misses lies between the minimum and maximum range (line 5.1). If the guard evaluates to true then the new management node is added (line 5.2). As a management node can serve as a validator, therefore, it is also included in the validator nodes. The behavior of $MngNode2$ is similar to $MngNode1$ , therefore it is marked as “$\ldots $ ” for simplicity (line 6).

5. $MngNode1(id,\,\,deposit,\,\,numActivities,\,\,numMisses)=$

1. $\begin{aligned} [id\,\,>=\,\,0\,\,\&\&\,\,deposit\,\,>=\,\,minDeposit\,\,\&\&\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,deposit\,\, < =\,\,maxDeposit\,\,\&\&\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,numActivities\,\,>=\,\,minNumActivities\,\,\,\,\&\&\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,numActivities\,\, < =\,\,maxNumActivities\,\,\&\&\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,numMisses\,\,>=\,\,minNumMisses\,\,\&\&\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,numMisses\,\, < =\,\,maxNumMisses] \end{aligned}$

2. $\begin{aligned} add1\,\,\{var\,\,m1=new\,\,ManagementNode(id,\,\,deposit,\,\,\\ \hspace {-1.5em}\qquad \qquad \quad \,\,\,\,numActivities,\,\,numMisses);\\ \hspace {-1.5em}\qquad \qquad \quad \,\,\,\,managementNodes.Add(m1);\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,validatorNodes.AddNode(new\,\,ValidatorNode(id,\,\,\\ \hspace {-1.5em}\qquad \qquad \,\,\,\,deposit,\,\,numActivities,\,\,numMisses,\,\,m1)); \}\,\, \rightarrow \,\,Skip; \end{aligned}$

6. $MngNode2(id,\,\,deposit,\,\,numActivities,\,\,numMisses)\,\,\!=\! \ldots $

$ProvNode1$ is described as a provider node (line 7). It is defined by an identifier, deposit, and number of activities. Provider nodes can also participate in validation. $ProvNode2$ (line 8) is similar to $ProvNode1$ .

7. $ProvNode1(id,\,\,deposit,\,\,numActivities)=$

1. $\begin{aligned} [id\,\,>=\,\,0\,\,\&\&\,\,deposit\,\,>=\,\,minDeposit\,\,\&\&\,\,\\ \,\,deposit\,\, < =\,\,maxDeposit\,\,\&\&\,\,\\ \,\,numActivities\,\,>=\,\,minNumActivities\,\,\\ \,\,\&\&\,\,numActivities\,\, < =\,\,maxNumActivities] \end{aligned}$

2. $\begin{aligned} add3\,\,\{\,\,var\,\,v1=new\,\,ProviderNode(id,\,\,deposit,\,\,\\ \,\,numActivities);\,\,providerNodes.Add(v1);\\ \,\,validatorNodes.AddNode(new\,\,ValidatorNode(id, \\ \,\,deposit,\,\,numActivities,\,\,v1));\,\,\}\,\,\rightarrow \,\,Skip; \end{aligned}$

8. $ProvNode2(id,\,\,deposit,\,\,numActivities)\,\,= \ldots $

$ConsNode1$ , $ConsNode2$ and $ConsNode3$ are defined as consumer nodes similar to provider nodes (lines 9-11).

9. $ConsNode1(id,\,\,deposit,\,\,numActivities)\,\,= \ldots $

10. $ConsNode2(id,\,\,deposit,\,\,numActivities)\,\,= \ldots $

11. $ConsNode3(id,\,\,deposit,\,\,numActivities)\,\,= \ldots $

C. Perform Transactions

When the nodes become part of the system they perform transactions for the execution of tasks (line 12). The transactions of a post, receive, perform, evaluate, accept, reject, and finish a task are described.

12. $\begin{aligned} PerformTransactions()=\\ \hspace {-1.0em}\qquad PostTask(consumerNode,\,\,30);\,\,ReceiveTask(\\ \hspace {-0.85em}\qquad providerNode);\,\,PerformTask(\,\,providerNode);\\ \hspace {-1.0em}\qquad EvaluateTask(consumerNode);\,\,(AcceptTask(\\ \hspace {-0.85em}\qquad consumerNode)\,\,\square \,\,RejectTask(\,\,consumerNode));\\ \hspace {-1.0em}\qquad FinishTask(providerNode); \end{aligned}$

The post task transaction is specified as a process that takes a node $vl$ and $deposit$ as input (line 15). The input node should be a consumer node and initially, its state should be $not\_{}post$ . The deposit should exist between the minimum and maximum range (line 15.1). If the guard condition is satisfied then the state of the task changes to $post$ . The consumer escrows the deposit in the blockchain. The number of consumer activities is updated (lines 15.2).

13. $\begin{aligned} var\,\,state\!=\![not\_{}\,\,post,\,\,post,\,\,receive,\,\,perform,\,\,evaluate,\\ \hspace {-1.5em}\,\,taccept,\,\,treject,\,\,finish]; \end{aligned}$

14. $var\,\,task\_{}\,\,state=state[{0}];\,\,\,\,$

15. $PostTask(vl,\,\,deposit)=$

1. $\begin{aligned} [vl==consumerNode\,\,\&\&\,\,task\_{}\,\,state==state[{0}]\,\,\\ \qquad \&\&\,\,deposit\,\,>=\,\,minDeposit\,\,\&\&\\ \qquad deposit\,\, < =\,\,maxDeposit] \end{aligned}$

2. $\begin{aligned} post\_{}\,\,task\,\,\{task\_{}\,\,state=state[{1}];\,\,\,\,\\ \qquad escrowC=consumerNode.SubmitDeposit(deposit);\\ \qquad blockchain.SetEscrowAmount(escrowC);\\ \qquad consumerNode.UpdateNumActivities(1);\}\,\, \rightarrow \,\,Skip; \end{aligned}$

When the task is posted it is received by the provider and the state changes from $post$ to $receive$ . This is described by the process $ReceiveTask$ (line 16).

16. $\begin{aligned} ReceiveTask(vl)=[vl==providerNode\,\,\&\& \\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{1}]] \end{aligned}$

1. $receive\_{}\,\,task\,\,\{task\_{}\,\,state=state[{2}];\}\,\, \rightarrow \,\,Skip;$

When the provider receives the task then he performs the task and the state of the task changes to $perform$ (line 17).

17. $\begin{aligned} PerformTask(vl)=[vl==providerNode\,\,\&\& \\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{2}]] \end{aligned}$

1. $perform\_{}\,\,task\,\,\{task\_{}\,\,state=state[{3}];\}\,\, \rightarrow \,\,Skip;$

After the task is performed by the provider, then the consumer evaluates it (line 18).

18. $\begin{aligned} EvaluateTask(vl)=[vl==consumerNode\,\,\&\& \\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{3}]] \end{aligned}$

1. $evaluate\_{}\,\,task\,\,\{task\_{}\,\,state=state[{4}];\,\,\}\,\, \rightarrow \,\,Skip;$

The consumer can accept or reject the task (lines 19-20). If it is accepted then its state changes to $accept$ (line 19.1).

19. $\begin{aligned} AcceptTask(vl)=[vl==consumerNode\,\,\&\&\\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{4}]] \end{aligned}$

1. $accept\_{}\,\,task\,\,\{task\_{}\,\,state=state[{5}];\,\,\}\,\, \rightarrow \,\,Skip;$

If the task is rejected then its state changes to $reject$ and the consumer gets a proportion of the escrow amount (line 20).

20. $\begin{aligned} RejectTask(vl)=[vl==consumerNode\,\,\&\& \\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{4}]] \end{aligned}$

1. $\begin{aligned} reject\_{}\,\,task\,\,\{task\_{}\,\,state=state[{6}];\\ \hspace {-1.0em}\qquad blockchain.RemoveEscrowAmount(escrowC/\\ \hspace {-1.0em}\qquad numShares);\,\,consumerNode.AddDeposit(escrowC/\\ \hspace {-1.0em}\qquad numShares);\,\,\} \rightarrow \,\,Skip; \end{aligned}$

When the task is accepted by the provider then its state is changed to $finished$ (line 21.1). The provider gets the task payment and the number of activities are updated.

21. $\begin{aligned} FinishTask(vl)=[vl==providerNode\,\,\&\& \\ \hspace {-1.0em}\qquad task\_{}\,\,state==state[{5}]]\,\, \end{aligned}$

1. $\begin{aligned} task\_{}\,\,finish\,\,\{task\_{}\,\,state=state[{7}];\\ \hspace {-1.7em}\qquad blockchain.RemoveEscrowAmount(escrowC/numShares);\\ \hspace {-1.7em}\qquad providerNode.AddDeposit(escrowC/numShares);\\ \hspace {-1.7em}\qquad providerNode.UpdateNumActivities(1)\,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

D. Selection

The consensus protocol starts with the selection of leader and validators (line 22). There should exist some management and validator nodes in the network to execute the selection, and their selection executes in parallel to save time.

22. $\begin{aligned} Selection()=\,\,[managementNodes.GetLength()\,\,>\,\,0\,\,\\ \hspace {-1.0em}\qquad \&\&\,\,validatorNodes.GetLength()\,\,>\,\,0]\,\,\,\,\\ \qquad (LeaderSelection()\,\,\parallel \,\,SelectValidator(K)); \end{aligned}$

E. Vote and Broadcast Transactions

After the process of selection, the leader has to prepare the block and for this purpose, the transactions that receive maximum votes from validators are required. The procedure Vote ForTransactions is specified at line 25. This process takes a number of transactions, and a validator as input. The number of transactions to vote for should be greater than zero and less than or equal to the maximum number of transactions (line 25.1). Otherwise, no transaction is available to vote for (line 25.2). Before the voting process, a leader and validators must be selected, otherwise, no transaction can be selected for the voting process (line 25.1).

25. $VoteForTransactions(t,\,\,vl)=$

1. $\begin{aligned} [t\,\,>\,\,0\,\,\&\&\,\,t\,\, < =\,\,maxTransactions]\,\,\\ \qquad \quad ([leaderSelected == 1\,\,\&\&\,\,valSelected == 1]\\ \qquad \quad selection\_{}\,\,end\,\, \rightarrow \,\,voteTrans(t,\,\,vl)\,\, \square \\ \qquad \quad [leaderSelected == 0\,\,\parallel \,\,valSelected == 0]\\ \qquad \quad \,\,\,\,no\_{}\,\,transaction\_{}\,\,selected\,\, \rightarrow \,\,Skip)\,\, \square \end{aligned}$

2. $[t\,\, < \,\,0]\,\,no\_{}\,\,transaction\_{}\,\,to\_{}\,\,vote\,\, \rightarrow \,\,Skip;$

The voting process is described in procedure $voteTrans$ (line 26). It is a sequence of three processes. In the first process, every trusted validator selects $t$ transactions from pending transactions to vote for and the transactions proposal of every trusted validator is prepared (lines 26.2-26.3). In the second process, $VoteToTransaction\_{}a$ , the transactions proposals are validated and each trusted validator vote for it (lines 27-30). The third process describes the broadcasting and receiving of votes among validator nodes for transaction proposals (lines 26.4-26.7). A node will not broadcast or accept a block if the vote flag is zero. In this process, different communications channels are used, hence, the definition differs slightly for every node but the logical behavior remains the same.

26. $voteTrans(t,\,\,vl)=vote.t\,\,\{\,\,$

1. $var\,\,index1=0;$

2. $\begin{aligned} while(index1\,\, < \,\,trustedValidatorNodes.\\ \qquad GetLength()-1)\,\,\{\,\,\\ \qquad \quad tvn=trustedValidatorNodes.GetNode(index1);\\ \qquad \quad index1++;\,\,var\,\,index2=0; \end{aligned}$

3. $\begin{aligned} while(index2\,\, < \,\,pendingTransactions.GetLength()\\ \qquad \quad -1\,\,\&\&\,\,index2\,\, < \,\,t\,\,\&\&\,\,vl==tvn.GetVId())\,\,\{\,\,\\ \qquad \quad tran1=pendingTransactions.Get(index2);\\ \qquad \quad tTransactions.Set(index2,\,\,tran1);\,\,index2++;\}\,\,\\ \qquad \,\,\,\,transactionsProposals.Set(index1,\\ \qquad \quad new\,\,TransactionProposal(tTransactions,\\ \qquad \quad new\,\,TransactionSignature(index2)));\,\,\,\,\}\,\,\}\,\, \rightarrow \end{aligned}$

4. $\begin{aligned} ([vl==0]\,\,VoteToTransaction\_{}\,\,0();\,\,(\,\,\\ \qquad \quad ([voteflag0==1]\,\,(ch01!tempTVote0\,\, \rightarrow \,\,Skip\,\,\parallel \\ \qquad \qquad ch02!tempTVote0 \rightarrow \,\,Skip\parallel \,\,ch03!tempTVote0 \rightarrow \\ \qquad \qquad \,\,Skip)\,\, \square \,\,[voteflag0==0]\,\,Skip)\,\,\parallel \,\,\,\,\\ \qquad \quad ([voteflag1==1]\,\,ch10?y\,\,\{\,\,tvotes0.Add(y)\,\,\}\,\, \rightarrow \,\,\\ \qquad \quad \,\,\,\,Skip\,\, \square [voteflag1==0]\,\,Skip)\,\,\parallel \,\,\,\,\\ \qquad \quad ([voteflag2==1]\,\,ch20?y\,\,\{\,\,tvotes0.Add(y)\,\,\}\,\, \rightarrow \,\,\\ \qquad \quad \,\,\,\,Skip\,\, \square \,\,[voteflag2==0]\,\,Skip)\,\,\parallel \,\,\,\,\\ \qquad \quad ([voteflag3==1]\,\,ch30?y\,\,\{\,\,tvotes0.Add(y)\,\,\}\,\, \rightarrow \,\,\\ \qquad \quad \,\,\,\,Skip\,\, \square [voteflag3==0]\,\,Skip))\,\, \square \,\, \end{aligned}$

5. $[vl==1]\,\,VoteToTransaction\_{}\,\,1(); \ldots $

6. $[vl==2]\,\,VoteToTransaction\_{}\,\,2(); \ldots $

7. $[vl==3]\,\,VoteToTransaction\_{}\,\,3(); \ldots $

27. $\begin{aligned} VoteToTransaction\_{}\,\,0()=\,\,\\ \hspace {-0.5em}\qquad \,\,validateTProposal.0\,\,\{\,\,\\ \hspace {-0.5em}\qquad \,\,tempTProposal0=transactionsProposals.Get(0);\,\,\,\,\\ \hspace {-0.5em}\qquad \,\,tempProposedTransaction0\,\,=\,\,tempTProposal0.\\ \qquad GetTransactions();\\ \hspace {-0.5em}\qquad \,\,if(voteBehaviour[{0}]==Honest\_{}\,\,Vote)\,\,\{\\ \qquad \,\,\,\,tempTVote0=new\,\,TransactionVote(\\ \qquad \quad \,\,tempProposedTransaction0,\,\,tsignature0);\quad \,\,\,\,\\ \qquad \,\,\,\,tempTVote0.updateVotes(1);\} \\ \hspace {-0.5em}\qquad \,\,else\,\,if(voteBehaviour[{0}]==No\_{}\,\,Vote)\,\,\{\\ voteflag 0=0\} \,\,tvotes0.Add(tempTVote0);\} \rightarrow \,\,Skip; \end{aligned}$

28. $VoteToTransaction\_{}\,\,1()\,\,= \ldots $

29. $VoteToTransaction\_{}\,\,2()\,\,= \ldots $

30. $VoteToTransaction\_{}\,\,3()\,\,= \ldots $

31. $TransWithMaxVotes(t)=trans\,\,\{\quad \,\,\,\,$

1. $\begin{aligned} while(index1\,\, < \,\,votedTransactions.GetLength()-1\,\,\\ \qquad \&\&\,\,index1\,\, < \,\,t)\,\,\{\,\, \end{aligned}$

2. $\begin{aligned} while(index2\,\, < \,\,votedTransactions.GetLength())\,\,\{\,\,\\ \qquad \qquad \,\,\,\,tran1=votedTransactions.Get(index1);\\ \qquad \qquad \,\,\,\,tran2=votedTransactions.Get(index2); \end{aligned}$

3. $\begin{aligned} \qquad \,\,\,\,if\,\,(tran1.getVotes()\,\,>=\,\,tran2.getVotes())\{\,\,\\ \qquad \qquad \qquad \quad \,\,votedTransactions.Set(index1,\,\,tran1);\\ \qquad \qquad \qquad \quad \,\,votedTransactions.Set(index2,\,\,tran2);\\ \qquad \qquad \qquad \quad \,\,index2++;\}\,\, \end{aligned}$

4. $\begin{aligned} \qquad \,\,\,\,else\,\,\{\,\,votedTransactions.Set(index1,\,\,tran2);\\ \qquad \qquad \qquad \quad \,\,votedTransactions.Set(index2,\,\,tran1);\\ \qquad \qquad \qquad \quad \,\,index2++;\,\,\}\,\, \end{aligned}$

5. $ \qquad \,\,\,\,maxVotedTransactions.Set(index1,\,\,tran1);$

6. $ \qquad \,\,\,\,index1++; \quad \} \,\,\,\,\} \,\,\}\,\, \rightarrow \,\,Skip;$

F. Propose and Broadcast Block

After getting transactions that gain maximum votes, the block can be proposed. The block propose and broadcast procedure is described in line 32. If the leader is selected for the round, the block $b$ can be proposed (line 32.1). Firstly, an empty block is acquired from the locked blocks as the proposed block. The peek block of the blockchain is made the previous block of the current block to be proposed. The block is then proposed having information about the block index, leader of the block, previous block hash, and maximum voted transactions and is added in blocks proposals. If a node is the leader of the current round then it broadcasts the block to validators, otherwise, it receives the proposed block (lines 32.2-32.6). The same procedure is repeated for other blocks.

32. $ProposeAndBroadcast(b)=\,\,$

1. $\begin{aligned} [selectedLeader.GetRound()==b]\,\,proposeBlock.b\,\,\\ \quad \,\,\,\,\{\,\,proposedBlock=lockedBlocks.Get(b);\\ \qquad if\,\,(proposedBlock.GetBlockHash()==initialHash)\\ \qquad \quad \,\,\,\,\{\,\,prevBlock=blockchain.GetPeekBlock();\\ \qquad \qquad \,\,\,\,proposedBlock=new\,\,Block(b,\,\,selectedLeader,\\ \qquad \qquad \,\,\,\,prevBlock.GetBlockHash(),\\ \qquad \qquad \,\,\,\,maxVotedTransactions); \,\,\}\,\,\\ \qquad blocksProposals.SetProposal(b,\,\,new\,\,BlockProposal\\ \qquad \quad (proposedBlock,\,\,new\,\,BlockSignature(b)))\,\,\}\,\, \rightarrow \,\,\,\, \end{aligned}$

2. $\begin{aligned} ((\,\,[b==0]\,\,(ch01!blocksProposals.GetProposal(b)\,\,\\ \qquad \,\, \rightarrow Skip\,\,\parallel \,\,ch02!blocksProposals.GetProposal(b)\,\,\\ \qquad \,\, \rightarrow \,\,Skip\,\,\parallel \,\,ch03!blocksProposals.GetProposal(b)\,\,\\ \quad \,\, \rightarrow \,\,Skip)\,\, \square [b==1] \ldots [b==2] \ldots [b==3] \ldots \end{aligned}$

6. $\begin{aligned} [b==0]\,\,(ch10?y\,\, \rightarrow \,\,\{blocksProposals.\\ \qquad \quad SetProposal(b,\,\,y)\}\,\, \rightarrow \,\,Skip\,\, \square \,\,ch20?y\,\, \rightarrow \\ \qquad \quad \,\,\{blocksProposals.SetProposal(b,\,\,y)\}\,\, \rightarrow \,\,Skip\,\, \square \\ \qquad \quad \,\,ch30?y\,\, \rightarrow \,\,\{blocksProposals.SetProposal(b,\,\,y)\}\,\,\\ \quad \rightarrow \,\,Skip\,\,) \square [b==1] \ldots [b==2] \ldots [b==3] \ldots \end{aligned}$

33. $VoteToBlock(b)=\,\,$

1. $\begin{aligned} [b==0]\,\,propose\_{}\,\,end\,\, \rightarrow \,\,VoteToBlock\_{}\,\,0();\,\,(\,\,\\ \qquad \quad ([voteflag0==1]\,\,(ch01!tempBVote0\,\, \rightarrow \,\,Skip\,\,\parallel \\ \qquad \quad ch02!tempBVote0 \rightarrow \,\,Skip\,\,\parallel \,\,ch03!tempBVote0\,\,\\ \qquad \quad \rightarrow \,\,Skip)\,\, \square \,\,[voteflag0==0]\,\,Skip)\,\,\parallel \,\,\,\,\\ \qquad \quad ([voteflag1==1]\,\,ch10?y\,\,\{\,\,bvotes0.Add(y)\,\,\}\,\, \rightarrow \\ \qquad \quad Skip\,\, \square \,\,[voteflag1==0]\,\,Skip)\parallel \,\,\,\,\\ \qquad \quad ([voteflag2==1]\,\,ch20?y\,\,\{\,\,bvotes0.Add(y)\,\,\}\,\, \rightarrow \,\,\\ \qquad \quad Skip\,\, \square \,\,[voteflag2==0]\,\,Skip)\parallel \,\,\,\,\\ \qquad \quad ([voteflag3==1]\,\,ch30?y\,\,\{\,\,bvotes0.Add(y)\,\,\}\,\, \rightarrow \,\,\\ \qquad \quad Skip\,\, \square \,\,[voteflag3==0]\,\,Skip))\,\, \square \,\, \end{aligned}$

2. $[b==1]\,\,propose\_{}\,\,end\,\, \rightarrow \,\,VoteToBlock\_{}\,\,1();\ldots $

3. $[b==2]\,\,propose\_{}\,\,end\,\, \rightarrow \,\,VoteToBlock\_{}\,\,2();\ldots $

4. $[b==3]\,\,propose\_{}\,\,end\,\, \rightarrow \,\,VoteToBlock\_{}\,\,3();\ldots $

In every process of $VoteToBlock\_{}a$ (lines 34-37), the malicious behavior is introduced. Firstly, the block proposal is validated and then voted on accordingly. If a node is honest then it votes for the block honestly, otherwise, does not vote.

34. $VoteToBlock\_{}\,\,0()=\,\,$

1. $\begin{aligned} validateProposal.0\,\,\{\,\,\\ \qquad tempProposal0=blocksProposals.GetProposal(0);\,\,\,\,\\ \qquad tempProposedBlock0=tempProposal0.GetBlock();\quad \,\,\,\,\\ \qquad var\,\,invalidBlock=blockchain0.\,\,\\ \qquad \quad ContainsBlock(tempProposedBlock0); \end{aligned}$

2. $if(invalidBlock)\,\,\{tempProposedBlock0=new\,\,Block();\}\,\,$

3. $\begin{aligned} if(voteBehaviour[{0}]==Honest\_{}\,\,Vote)\,\,\{\\ \qquad \quad \,\,tempBVote0=new\,\,BlockVote(tempProposedBlock0.\\ \qquad \quad \,\,GetBlockHash(), bsignature0); \\ \qquad \quad \,\,tempBVote0.updateVotes(1);\,\,\}\quad \,\,\,\, \end{aligned}$

4. $\begin{aligned} else\,\,if(voteBehaviour[{0}]==No\_{}\,\,Vote)\,\,\\ \qquad \quad \,\,\{voteflag0=0\}\,\,bvotes0.Add(tempBVote0);\}\,\,\\ \qquad \quad \,\, \rightarrow \,\,Skip; \end{aligned}$

35. $VoteToBlock\_{}\,\,1()\,\,= \ldots \,\,$

36. $VoteToBlock\_{}\,\,2()=\ldots $

37. $VoteToBlock\_{}\,\,3()=\ldots $

G. Blockchain Validity

After receiving enough votes, the block can be added to the blockchain. Before adding the block, the validity of the blockchain is checked, specified as $isValidBlockchain$ (line 38). The validity of the blockchain is checked by comparing the recorded and computed hash for every current and previous block (lines 38.1-38.5).

38. $isValidBlockchain()=validBlockchain\{\,\,$

1. $var\,\,index=blockchain.GetHeight();$

2. $\begin{aligned} while\,\,(index\,\, < =\,\,blockchain.GetHeight()\,\,\&\&\\ \qquad index\,\,>=\,\,2)\{\,\,\\ \qquad \,\,\,\,curBlock=blockchain.GetBlock(index);\\ \qquad \,\,\,\,prevBlock=blockchain.GetBlock(index-1); \end{aligned}$

3. $\begin{aligned} if\,\,(curBlock.GetBlockHash()\,\,!=\,\,\\ \qquad \qquad \,\,curBlock.computeHash())\{\,\,v=\,\,Not\_{}\,\,Valid;\}\,\, \end{aligned}$

4. $\begin{aligned} if\,\,(curBlock.GetPrevHash()\,\,!=\\ \qquad \qquad \,\,prevBlock.GetBlockHash())\{\,\,v=\,\,Not\_{}\,\,Valid;\}\,\, \end{aligned}$

5. $\begin{aligned} else\,\,if\,\,(curBlock.GetBlockHash()\,\,==\\ \qquad \qquad curBlock.computeHash()\,\,\&\&\\ \qquad \quad \,\,\,\,curBlock.GetPrevHash()\,\,==\\ \qquad \quad \,\,\,\,prevBlock.GetBlockHash())\{\quad \\ \qquad \quad \,\,\,\,v=valid;\,\,index--;\,\,\} \,\,\} \,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

H. Adding Block in Blockchain

The process of block addition is specified as $AddBlock$ (line 39). For every block, firstly it is ensured that the blockchain is valid (line 39.1). If the block receives votes from a majority of the validators then it is added to the blockchain. Same process is repeated for every block (lines 39.2-39.4).

39. $AddBlock(b)=\,\,$

1. $\begin{aligned} [b==0\,\,\&\&\,\,v==valid]\,\,addtoBChain.b\,\,\{\,\,\\ \qquad \,\,\,\,tempProposedBlock0=bvotes0.\\ \qquad \quad \,\,GetBlockWithMajorityVotes(MajorityValidators);\\ \qquad \,\,\,\,if(tempProposedBlock0.GetBlockHash()\,\,!=\\ \qquad \qquad \,\,\,\,initialHash\,\,\&\&\,\,untrustedLeader==false)\,\,\{\,\,\\ \qquad \qquad \,\,\,\,blockchain0.AddBlock(tempProposedBlock0)\,\,\}\,\,\\ \qquad \,\,\,\,\}\,\, \rightarrow \,\,Skip\,\, \square \,\, \end{aligned}$

2. $[b==1\,\,\&\&\,\,v==valid] \ldots $

3. $[b==2\,\,\&\&\,\,v==valid]\,\,\ldots $

4. $[b==3\,\,\&\&\,\,v==valid]\,\,\ldots $

I. Update Trust Values and Deposit

At the end of the consensus protocol, trust values are updated (line 40). If the block is successfully added to blockchain then the leader’s number of activities is incremented, the leader gets the block generation reward and the escrow amount is returned (lines 40.1-40.2, 41-43). Similarly, the number of misses of participating management nodes are updated, the validators number of activities are incremented, they receive the block validation reward and their escrow deposit is returned (lines 40.2, 44-47). If the proposed block is not successfully added to the blockchain then the leader and validators lose trust (lines 40.3, 48-49). The leader deposit, the number of activities, and misses are set to zero. Similarly, the validators’ deposit and number of activities are set to zero.

40. $UpdateTrust()=$

1. $\begin{aligned} [blockchain0.ContainsBlock(tempProposedBlock0)\,\,\parallel \\ \qquad \quad blockchain1.ContainsBlock(tempProposedBlock1)\,\,\\ \quad \,\,\quad \parallel blockchain2.ContainsBlock(tempProposedBlock2)\,\,\\ \quad \,\,\quad \parallel blockchain3.ContainsBlock(tempProposedBlock3)]\,\, \end{aligned}$

2. $\begin{aligned} (UpdateLNumActivities(1);\\ \quad \,\,\quad GetBlockGReward(escrowC/numShares);\\ \quad \,\,\quad LDepositReturned(escrowL);\\ \quad \,\,\quad UpdatePMNumMisses(1);UpdateVNumActivities(1);\\ \quad \,\,\quad GetBlockVReward();TVDepositReturned();\,\,Skip) \square \,\, \end{aligned}$

3. $\begin{aligned} [!(blockchain0.ContainsBlock(tempProposedBlock0))\\ \hspace {-0.2em}\quad \,\,\quad \parallel !(blockchain1.ContainsBlock(tempProposedBlock1))\\ \hspace {-0.2em}\quad \,\,\quad \parallel !(blockchain2.ContainsBlock(tempProposedBlock2))\\ \hspace {-0.2em}\quad \,\,\quad \parallel !(blockchain3.ContainsBlock(tempProposedBlock3))\\ \quad \,\,\quad]\,\,maliciousLeader\,\, \rightarrow \,\,LLoseTrustAndDeposit()\,\, \square \\ \qquad \quad maliciousValidators\,\, \rightarrow \,\,VLoseTrustAndDeposit(); \end{aligned}$

41. $\begin{aligned} UpdateLNumActivities(l)=update\,\,\{selectedLeader.\\ \,\,\,\,\quad UpdateNumActivities(l)\}\,\, \rightarrow \,\,Skip; \end{aligned}$

42. $\begin{aligned} GetBlockGReward(deposit)=getdep\,\,\{blockchain.\\ \qquad RemoveEscrowAmount(deposit);\\ \qquad selectedLeader.AddDeposit(deposit)\}\,\, \rightarrow \,\,Skip; \end{aligned}$

43. $\begin{aligned} LDepositReturned(deposit)=getdep\,\,\{blockchain.\\ \qquad RemoveEscrowAmount(deposit);\\ \,\,\qquad selectedLeader.AddDeposit(deposit)\}\,\, \rightarrow \,\,Skip; \end{aligned}$

44. $\begin{aligned} UpdatePMNumMisses(m)=update\,\,\{\,\,\\ \,\,\,\,while(index\,\, < \,\,managementNodes.GetLength()-1)\{\,\,\\ \quad \,\,\quad mn1=managementNodes.GetNode(index);\\ \quad \,\,\quad if\,\,(mn1\,\,!=\,\,selectedLeader\,\,\&\&\,\,\\ \qquad \quad \,\,\quad mn1.GetNumMisses()\,\, < \,\,maxNumMisses)\{\,\,\\ \qquad \quad \,\,\quad mn1.UpdateNumMisses(m);\}\,\,\\ \qquad \quad \,\,\quad index++;\,\,\}\,\,\,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

45. $\begin{aligned} UpdateVNumActivities(a)=update\,\,\{\,\,\\ \hspace {-0.7em}\,\,\,\,while(index < trustedValidatorNodes.GetLength()-1)\,\,\\ \qquad \{\,\,tvn=trustedValidatorNodes.GetNode(index);\\ \qquad tvn.UpdateNumActivities(a);\\ \qquad index++;\,\,\}\,\,\,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

46. $\begin{aligned} GetBlockVReward()=vreward\,\,\{\,\,\\ \hspace {-0.7em} \,\,\,\,while(index < trustedValidatorNodes.GetLength()-1)\,\,\\ \qquad \quad \{\,\,tvn=trustedValidatorNodes.GetNode(index);\\ \qquad \quad blockchain.RemoveEscrowAmount((escrowC/\\ \qquad \quad numShares)/trustedValidatorNodes.GetLength());\,\,\,\,\\ \qquad \quad tvn.AddDeposit((escrowC/numShares)/\\ \qquad \quad trustedValidatorNodes.GetLength());\\ \qquad \quad index++;\,\,\} \,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

47. $\begin{aligned} TVDepositReturned()=tvdep\,\,\{\,\,\\ \quad \,\,while(index\,\, < \,\,trustedValidatorNodes.\\ \qquad \quad GetLength()-1)\,\,\{\,\,\\ \qquad \quad tvn=trustedValidatorNodes.GetNode(index);\\ \qquad \quad escrowV=tvn.GetEscrow();\\ \qquad \quad blockchain.RemoveEscrowAmount(escrowV);\,\,\,\,\\ \qquad \quad tvn.AddDeposit(escrowV);\,\,index++;\} \} \rightarrow Skip; \end{aligned}$

48. $\begin{aligned} LLoseTrustAndDeposit()=ltrust\,\,\{\,\,\\ \,\,\,\,\quad selectedLeader.SetNumActivities(0);\\ \,\,\,\,\quad selectedLeader.SetNumMisses(0);\\ \,\,\,\,\quad selectedLeader.SetDeposit(0); \,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

49. $\begin{aligned} VLoseTrustAndDeposit()=vltrust\,\,\{\,\,\\ \,\,\,\,\quad while(index\,\, < \,\,trustedValidatorNodes.\\ \qquad \quad GetLength()-1)\,\,\{\\ \qquad \quad tvn=trustedValidatorNodes.GetNode(index);\\ \qquad \quad tvn.SetNumActivities(0);\\ \qquad \quad tvn.SetDeposit(0);\,\,index++;\}\,\,\,\,\}\,\, \rightarrow \,\,Skip; \end{aligned}$

J. Next Round

In order to move the consensus protocol to the next round, the $nextRound$ process is specified (line 50). If the current round is less than the maximum number of rounds then the current round is incremented. All the necessary variables are cleared and the consensus protocol starts again.

50. $\begin{aligned} NextRound()=\,\,\\ \,\,\,\,\quad [rd\,\, < \,\,maxRounds]\,\,nextround\,\,\{\,\,rd++;\\ \,\,\,\,\quad lockedBlocks.Clear();\\ \,\,\,\,\quad bvotes0.Clear();\,\,bvotes1.Clear();\,\,bvotes2.Clear();\\ \quad \,\,\quad bvotes3.Clear();\,\,\,\,\\ \,\,\,\,\quad tvotes0.Clear();\,\,tvotes1.Clear();\,\,tvotes2.Clear();\\ \quad \,\,\quad tvotes3.Clear();\\ \,\,\,\,\quad managementNodes.Nullify(selectedLeader);\\ \,\,\,\,\quad validatorNodes.Nullify(trustedValidatorNodes);\\ \,\,\,\,\quad blockchain.Nullify(proposedBlock);\\ \,\,\quad \}\,\, \rightarrow \,\,Consensus\_{}\,\,Protocol()\,\, \square \,\,\\ \,\,\,\,\quad [rd\,\,>=\,\,maxRounds]\,\,Skip; \end{aligned}$

A. Deadlock-Free

A deadlock-free formal model is described as there does not occur a situation where a node has to wait for another node for an activity. The PAT model checker is used to query deadlock in the formal model. We have specified assertions and verified that the consensus protocol is deadlock-free in both normal and byzantine environments as shown in Table 3. The assertion $A1$ for the normal environment is specified below and for the byzantine environment, the assertions $A2$ -$A6$ are presented in Table 3.

1. $\#assert Consensus\_{} Protocol() deadlockfree;$

B. Consensus

Consensus is defined using $\#define$ as every node of the network must agree on the same block and add that block to its copy of the blockchain. It is specified as the peek block of each node’s chain should be the same.

• $\begin{aligned} \#define\,\,Consensus\,\,(!blockchain0.IsEmpty()\,\,\&\&\\ \hspace {-1.4em}\,\,blockchain0.GetPeekBlock()\,\,==\\ \hspace {-0.3em} \,\,\quad blockchain1.GetPeekBlock()\,\,\&\&\\ \hspace {-1.4em}\,\,blockchain1.GetPeekBlock()\,\,==\\ \hspace {-0.3em} \,\,\quad blockchain2.GetPeekBlock()\,\,\&\&\\ \hspace {-1.4em}\,\,blockchain2.GetPeekBlock()\,\,==\\ \hspace {-0.3em}\,\,\quad blockchain3.GetPeekBlock()); \end{aligned}$

LTL formulas are specified as assertions to verify that the formal model eventually reaches consensus or not in normal and byzantine environments. The assertion $A7$ for reaching consensus in the normal environment is specified below and for the byzantine environment, $A8$ -$A12$ are represented in Table 3. The symbol $\models $ is read as satisfies. It can be noted in Table 3 that the model does not reach consensus when the majority of nodes are malicious and they do not vote ($A9$ in Table 3). It is also observed that when an untrusted leader is added in the network then consensus cannot be reached ($A12$ in Table 3). This does not show that the consensus protocol is vulnerable but it is preferred that network nodes add no block in their ledger rather than adding a malicious block.

1. $\#assert Consensus\_{} Protocol() \models \lozenge Consensus;$

C. No Blockchain Fork

No blockchain fork can be assured when all nodes record the same proposed block in their blockchain. All nodes have a same view about the blockchain state.

• $\begin{aligned} \#define\,\,No\_{}\,\,Blockchain\_{}\,\,Fork\,\,(!blockchain0.IsEmpty()\,\,\&\&\\ \hspace {-1.4em}\,\,proposedBlock==blockchain0.GetPeekBlock()\,\,\&\&\\ \hspace {-1.4em}\,\,proposedBlock==blockchain1.GetPeekBlock()\,\,\&\&\\ \hspace {-1.4em}\,\,proposedBlock==blockchain2.GetPeekBlock()\,\,\&\&\\ \hspace {-1.4em}\,\,proposedBlock==blockchain3.GetPeekBlock()); \end{aligned}$

LTL formulas are specified below to verify that eventually no blockchain fork is ensured. Table 3 shows that the model ensures that a blockchain fork cannot occur in the normal environment as specified by an LTL formula $A13$ below and when the minority of nodes are malicious or byzantine nodes vote honestly as defined in Table 3 by LTL formulas $A14$ and $A16$ -$A17$ . The model does not satisfy this property when the majority of nodes are malicious and they do not vote ($A15$ in Table 3), and also when an untrusted leader is introduced into the network ($A18$ in Table 3). When the property is violated, then the proposed block cannot be added to the ledger of nodes but a fork does not occur.

1. $\begin{aligned} \#assert Consensus\_{} Protocol() \models \\ \qquad \lozenge No\_{} Blockchain\_{} Fork; \end{aligned}$

D. No Selfish Mining

No selfish mining is ensured when a leader of a peek block of every copy of the blockchain is the same. It shows that only the block of a single leader is added to the blockchain.

• $\begin{aligned} \#define\,\,No\_{}\,\,Selfish\_{}\,\,Mining\,\,(!blockchain0.IsEmpty()\,\,\&\&\\ \hspace {-1.8em}\,\,blockchain0.GetBlockLeader(blockchain0.GetPeekBlock())\\ \hspace {-1.8em}==blockchain1.GetBlockLeader(blockchain1.\\ \hspace {-1.8em}GetPeekBlock())\,\,\&\&\,\,blockchain1.GetBlockLeader(\\ \hspace {-1.8em}blockchain1.GetPeekBlock())==blockchain2.\\ \hspace {-1.8em}GetBlockLeader(blockchain2.GetPeekBlock())\,\,\&\&\,\,\,\,\\ \hspace {-1.8em}\,\,blockchain2.GetBlockLeader(blockchain2.GetPeekBlock())\\ \hspace {-1.8em}==blockchain3.GetBlockLeader(blockchain3.\\ \hspace {-1.8em}GetPeekBlock())); \end{aligned}$

LTL formulas are described to verify that there is no selfish mining in the protocol. The LTL formula $A19$ specified below is verified in the normal environment. In the byzantine environment, when the minority of nodes are malicious or byzantine nodes vote honestly, then the LTL formulas $A20$ , $A22$ -$A23$ shown in Table 3 are verified. However, when the majority of nodes become malicious and they do not vote for the block or an untrusted leader is added in the network then $A21$ and $A24$ exhibited in Table 3 are violated.

1. $\begin{aligned} \#assert Consensus\_{} Protocol() \models \\ \qquad \lozenge No\_{} Selfish\_{} Mining; \end{aligned}$

E. No Invalid Block Insertion

It is defined as in each round of consensus protocol there should not be any invalid (duplicate) block submitted by malicious leaders in the copy of blockchain of a node.

• $\begin{aligned} \#define\,\,No\_{}\,\,Invalid\_{}\,\,Block\_{}\,\,Insertion\,\,(rd>0\,\,\&\&\\ \hspace {-1.4em}\,\,!blockchain0.ContainsDuplicateBlocks()\,\,\&\&\\ \hspace {-1.4em}\,\,!blockchain1.ContainsDuplicateBlocks()\,\,\&\&\\ \hspace {-1.4em}\,\,!blockchain2.ContainsDuplicateBlocks()\,\,\&\& \\ \hspace {-1.4em}\,\,!blockchain3.ContainsDuplicateBlocks()); \end{aligned}$

1. $\begin{aligned} \#assert\,\,Consensus\_{}\,\,Protocol()\,\,\models \\ \hspace {-0.3em}\,\,\qquad \lozenge \,\,No\_{}\,\,Invalid\_{}\,\,Block\_{}\,\,Insertion; \end{aligned}$

F. Safety

The safety property is defined as all the nodes reach the same decision. It means that all the nodes must agree on adding the same block. It can be ensured when there are no blockchain fork and no selfish mining attacks.

• $\begin{aligned} \#define\,\,Safety\,\,No\_{}\,\,Blockchain\_{}\,\,Fork\,\,\&\&\\ \hspace {-1.4em}\,\,No\_{}\,\,Selfish\_{}\,\,Mining; \end{aligned}$

1. $\#assert Consensus\_{} Protocol() \models \lozenge Safety;$

G. Fault Tolerance

In each round, a common block will be accepted by all honest nodes even in the existence of some malicious nodes. This property is specified as reaching consensus. It is described below by an LTL formula $A37$ for normal conditions and LTL formulas $A38$ -$A42$ are defined in Table 3 for byzantine environment. Its behavior is similar to the consensus property as shown in Table 3.

• $\begin{aligned} \#define\,\,Fault\_{}\,\,Tolerance\,\,Consensus;\\ \hspace {-2.1em}\,\,A37.\,\,\#assert\,\,Consensus\_{}\,\,Protocol()\,\,\models \,\,\lozenge \,\,Fault\_{}\,\,Tolerance; \end{aligned}$

H. Trusted Leader

In every round of consensus, a trusted leader is selected. The LTL formulas are specified to verify that eventually a trusted leader is selected. $A43$ is described below for the normal environment and $A44$ -$A47$ for the byzantine environment are shown in Table 3. Table 3 represents that all the formulas are satisfied.

• $\begin{aligned} \#define\,\,trustedLeader\,\,(rd>=0\,\,\&\&\,\,leaderSelected==1);\\ \hspace {-2.1em}\,\,A43.\,\,\#assert\,\,Consensus\_{}\,\,Protocol()\,\,\models \,\,\lozenge \,\,trustedLeader; \end{aligned}$

I. Trusted Validators

The trusted validators are selected in every round of consensus protocol. LTL formulas are used to specify that eventually trusted validators are selected. $A48$ is defined below for the normal environment and $A49$ -$A52$ are described for the byzantine environment in Table 3. This property is verified for all the variations of consensus protocol as presented in Table 3.

• $\begin{aligned} \#define\,\,trustedValidators(rd>=0\,\,\&\&\,\,valSelected==1);\\ \hspace {-2.1em}\,\,A48.\,\,\#assert\,\,Consensus\_{}\,\,Protocol()\,\,\models \,\,\lozenge \,\,trustedValidators; \end{aligned}$

J. Analysis of the Protocol

We have performed the formal verification of the desired properties against the STBC protocol on an Intel i5-7200U 2.5 GHz CPU with 8 GB of memory, running Windows 10 and PAT version 3.5.1. The results of verification time (in seconds) of safety, fault tolerance, trusted leader, and trusted validators are presented in Figures 5, 6, 7, and 8 respectively. The number of nodes is represented on the horizontal axis and the verification time in seconds is shown on the vertical axis. The nodes involved are service consumers, service providers, blockchain management nodes, and validator nodes. When the properties are satisfied, it is analyzed that the verification time increases continuously with the increased count of nodes. In case of violation of a property, the verification time remains close to zero. For example, for the safety property, Figure 5 shows the assertions $A31$ , $A32$ , $A34$ , and $A35$ are satisfied, therefore, the verification time increases continuously with the increased count of nodes. However, the assertions $A33$ and $A36$ are not satisfied, therefore, the verification time remains close to zero. Similarly, the verification time of fault tolerance, trusted leader, and trusted validators properties increases with the increased count of nodes. Similar behavior is observed for the verification time of deadlock, consensus, no blockchain fork, no selfish mining, and no invalid block insertion properties.

FIGURE 5.

Verification time for safety.

Show All

FIGURE 6.

Verification time for fault tolerance.

Show All

FIGURE 7.

Verification time for trusted leader.

Show All

FIGURE 8.

Verification time for trusted validators.

Show All

We have performed formal verification for a limited number of nodes in the network. However, the proposed protocol itself is generic, and it can work for an arbitrary number of nodes. The noticeable point is that the verification time increases continuously with the increased count of nodes. With many nodes, an issue of state explosion may occur, which is one of the limitations of the model checking approach [33]. These limitations are outside the scope of this work. In the future, we plan to improve the efficiency of our model using different techniques, such as symbolic model checking with binary decision diagrams, partial order reduction, counterexample-guided abstraction refinement, and bounded model checking.