Recap: Rotterdam Meetup (18.07.2018) Part 1


The inaugural Cardano meetup in the Netherlands was held last week in Rotterdam. From the beautiful event space, the amazing speaker line up and the overwhelming attendance from the Dutch community, it’s an understatement to say this meetup was a success. Special thanks to Blocklab for providing the venue and to our community members @ilhan, @bullish and @Andy_Hendrikx for organizing the meetup!

(Note that this recap is 1 of 2 parts. This summary will include Bernardo David’s talk, and Part 2 will follow with Edsko de Vries’ presentation.)

Tom and Jon from Cardano Foundation kicked off the meetup with a quick introduction of the project, the Foundation’s role and the Cardano community.


Bernardo David took to the podium next. He is a research fellow at IOHK and assistant professor at Tokyo Institute of Technology. His presentation was on Ouroboros, the main consensus protocol used in Cardano and how it differs from Bitcoin and other blockchains.


Introduction & Background

Bernardo started by laying out the current issues observed with Proof-of-Work (PoW) systems:

  • in a PoW based system, the people who are generating blocks are not necessary the same people who have invested their money
  • meaning there is a distinction between coin holders (those who have invested in the system by buying tokens) and professional miners (those who run mining farms to generate new blocks and obtain profits from this)
  • the people who control how the system works are the miners
  • and those in control can destroy the blockchain, make policy changes, make it grow, allow hard forks to happen, and so on
  • there are also diminishing rewards for mining
  • in Bitcoin, block mining rewards halves every 210,000 blocks
  • this means the incentive to invest in mining is also decreasing, which is problematic when the system relies on mining to work
  • and what happens to those systems when the rewards equal zero?
  • and thirdly, the control of the network in a PoW system is very centralized
  • it is known that the whole Bitcoin network is handled by a handful of Chinese mining farms
  • this can be the downfall to Bitcoin if there are regulatory changes in China and in general, is not good for the system to be controlled by a few large parties
  • additionally, if one were to have energy to mine more than 50% of the users, then they can take it over in theory
  • PoW systems are also very energy intensive and generates a huge energy waste
  • a whole Bitcoin mining pool spends more than the country of the Netherlands per day
  • to create a sustainable system, we don’t want to spend natural resources nor do we want to create more pollution

So what can be done to solve these issues?

  • an option is to shift to other mechanisms away from PoW
  • such as: Proof-of-Stake and Proof-of-Space
  • Proof-of-Space is very similar to proofs of work, except that instead of computation, storage is used
  • for Cardano, the researchers and IOHK wanted to move to a model without energy waste and employ those chosen resources to do something useful for the system and the community
  • Proof-of-Stake is based on the concept that more investment in the system means more control
  • and you as a user, can be sure that you can steer the way the project is going (with your voting power)
  • PoS is also energy efficient
  • all you need to generate a block is a signature and a few cryptographic operations that spend no energy or data
  • there is no waste of resources and users are in control of the system to make sure the blockchain grows

Basic Structure: How does PoS work?

To explain how PoS works, Bernardo uses a slide with Ghibli characters: Totoro, Porco Rosso and Chihiro (from left to right in the image)

  • as you can see from the slide, Totoro has 9 coins, Porco Rosso has 6 and Chihiro has 15 coins
  • whoever has more coins in the system (and therefore has invested more) should be able to generate more blocks in a PoS-based system
  • to figure out who can create the next block, a lottery is run
  • people who have more coins will have a higher probability of winning this lottery and in this example, that would be Chihiro
  • this lottery is run every time you want the blockchain to grow and a block needs to be generated, compared to the Bitcoin network where a PoW puzzle must be solved
  • the first assumption and basic mechanism of PoS is that Chihiro will win the lottery more often because of her higher investment
  • for Cardano, the person who generates the block is called the slot leader
  • for every block, there is a time slot. During that time, someone can generate a block
  • a block is 20 seconds long and there is a lottery that corresponds to each 20-second block
  • this lottery in the protocol used in Cardano is called the slot leader selection process

What has their research contributed in this field

  • before the papers produced by IOHK research, no one had a proof that this system was mathematically secure
  • it is a very complicated proof to write and over the course of 3 years, the researchers came up with a system that claimed to be secure and that could be proven mathematically and verified by others in the space
  • first came the formal model for PoS based consensus protocols
  • then came Ouroboros, the first provably secure PoS-based blockchain protocol
  • the term Ouroboros comes Greek mythology of the serpent eating its own tail and used in this context basically because it entails that the blockchain creates randomness from its own state
  • but this protocol had a few caveats, and these were solved this year with Ouroboros Praos which improved the security and efficiency of the previous proposal
  • the term Praos in ancient Greek means relax
  • the original protocol must assume that users are online at all times and posting their messages all the time and must act fast, while the new proposal with Praos allows users to be in a more real-world setting and can go online and offline and hence, can be more relaxed
  • Praos was an achievement as it found a way to keep security while achieving real-world scenario


  • this first proposal made assumptions on synchronicity, meaning everybody (no matter where in the world they are) have a synchronized clock to each other and this is necessary to know when to send messages (such as making the lottery and generating blocks)
  • given this assumption, they prove that as long as an adversary does not control more than 50% of stake in the system, it will be as secure as Bitcoin
  • another assumption was that an adversary cannot automatically control people, meaning if an adversary hacks or impersonates you, they will be requires to wait some time before hacking into the next computation or a corruption delay
  • they knew these assumptions were not likely but needed it to make a simple system first

Before diving into how Praos solved these assumptions, Bernardo described how the lottery works and the general mechanisms of the protocol.

How is the lottery done?

  • it uses the ‘Follow the Satoshi protocol’
  • this procedure allows us to select a user among all users with a probability that is proportional to the number of coins that user has

  • you basically start with a cryptographic hash function (H) that takes in a random value (otherwise known as a seed)
  • and you get an output of a number ‘i’
  • this i is between 0 and the total number of satoshi’s in the blockchain
  • a satoshi is the smallest monetary unit in the cryptocurrency (like cents)
  • in the case of Cardano, the output of the hash function will be between 1 and total number of Ada coins in the blockchain
  • H(seed) gives you an output of Ada coin number i
  • there will be a transaction on the blockchain that shows this ‘user’ owns coin i
  • the number selected is random and therefore, each coin has equal probability
  • but if you have more coins, you will be selected more often
  • and how do we generate this random seed?
  • and how can we do this in a decentralized way?

The Protocol: one epoch

  • each epoch has a number of slots and at each slot, a block is produced
  • start from genesis block B0 (which is the blog that is there before the beginning of time)
  • here you will see a description of users and the number of coins they own s, and randomness
  • from the image, you can see that in the first slot, no one was online and therefore no block was generated
  • in the next 2 slots, blocks were generated and the blockchain progresses
  • one problem here is that we are using this list of people who own coins and a fixed randomness to select people who generate blocks
  • but in reality, people will be transacting and changing coins, and the list will therefore become out of date
  • so for example, after block 1, user 1 might have sold his coins and doesn’t own any stake
  • but at the end of an epoch, he can still be selected as if he still owns these coins
  • it should be noted, that we need to do this to achieve security
  • but we don’t want an out-of-date list to persist throughout whole protocol
  • so that’s why its divided into epoch
  • by the end of the epoch, a new random value is generated and the list is updated (this is easy as all the transactions are tracked in each block)
  • in the first proposal of Ouroboros, there was a restriction that all messages are delivered by end of slot, but in Praos, they resolve this
  • there are also no restrictions on how many blocks can be empty
  • the main restriction is that honest people must be online (in this first version of Ouroboros)

The Protocol: multiple epochs

  • the full protocol then of course includes multiple epochs
  • by using a tool called Guaranteed Output Delivery (G.O.D.) Coin Tossing, you get a randomness source
  • this tool that operates as a black box runs in parallel with the blockchain protocol to give a value that is guaranteed to be random (as long as 50% of the users are honest)
  • this block box uses an interactive protocol that requires users to talk to each other through the blockchain and has been proven through research to provide perfect randomness
  • this is repeated for each epoch
  • it is necessary to create new randomness because if the same randomness is used, a bad user can predict which coins will be selected and will buy those specific coins

Ouroboros Praos

  • after the first proposal came Ouroboros Praos
  • it no longer needed the synchronicity assumption
  • and it also improved the security of Ouroboros despite fully adaptive corruptions, such as bad players who won’t “wait” between adverse activity
  • this was achieved via oblivious leader selection, forward secure signatures, local randomness generation

Ouroboros Genesis

  • this protocol improved upon Praos to achieve universal composability via their sophisticated chain selection rule
  • in Praos, you had to assume that users that join the system that had not been running the blockchain before, would need someone that they trust to give them intermediates states of the systems (blocks of the system) to check that the chains they are receiving is correct
  • this is not ideal and you would instead want to be able to bootstrap the whole blockchain from the genesis block
  • usually you would use the ‘longest chain rule’ which is to pick the longest chain of blocks) but this does not give you the best guarantees
  • with their sophisticated rule, it allowed you to bootstrap directly from the genesis block without a trusted intermediary checkpoint
  • Genesis then achieved security without checkpoints
  • and they have also been working on performance
  • their latest benchmarks were run a few years ago on a non-optimized version of Ouroboros and they were getting to 100 transactions per second

As a conclusion, Bernardo notes that the research and Ouroboros protocol they have created can achieve the same security of Bitcoin, while expending less energy and providing better performance. All which was created by using well-understood cryptographic techniques that have been mathematically proven to be correct.

If you are interested in learning more and reading the papers on Ouroboros, you can find them here:
Ouroboros Praos
Ouroboros Genesis

To read Part 2 of the Rotterdam meetup with Edsko de Vries’ talk on the Cardano wallet, click here!

Watch Bernardo’s presentation here:


Great read. Thank you for making the effort.

1 Like

Ouroboros Genesis rocks, but it’s making my stratum-2 clock system very jealous.

It appears that the audience is drinking beer, note to self, plan future meetings in the Netherlands.

1 Like

@Jotunn there was beer :wink:

1 Like