Tortoise and Hares Consensus: The Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies

Iddo Bentov, Pavel Hubáček, Tal Moran, Asaf Nadler

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Scopus citations


We propose Meshcash, a protocol for implementing a permissionless ledger (blockchain) via proofs of work, suitable for use as the underlying consensus mechanism of a cryptocurrency. Unlike most existing proof-of-work based consensus protocols, Meshcash does not rely on leader-election (e.g., the single miner who managed to extend the longest chain). Rather, we use ideas from traditional (permissioned) Byzantine agreement protocols in a novel way to guarantee convergence to a consensus from any starting state. Our construction combines a local “hare” protocol that guarantees fast consensus on recent blocks (but doesn’t, by itself, imply irreversibility) with a global “tortoise” protocol that guarantees irreversibility. Our global protocol also allows the ledger to “self-heal” from arbitrary violations of the security assumptions, reconverging to consensus after the assumptions hold again. Meshcash is designed to be race-free: there is no “race” to generate the next block and honestly-generated blocks are always rewarded. This property, which we define formally as a game-theoretic notion, turns out to be useful in analyzing rational miners’ behavior: we prove (using a generalization of the blockchain mining games of Kiayias et al.) that race-free blockchain protocols are incentive-compatible and satisfy linearity of rewards (i.e., a party receives rewards proportional to its computational power). Because Meshcash can tolerate a high block rate regardless of network propagation delays (which will only affect latency), it allows us to lower both the variance and the expected time between blocks for honest miners; together with linearity of rewards, this makes pooled mining far less attractive. Moreover, race-free protocols scale more easily (in terms of transaction rate). This is because the race-free property implies that the network propagation delays are not a factor in terms of rewards, which removes the main impediment to accommodating a larger volume of transactions. We formally prove that all of our guarantees hold in the bounded-delay communication model of Pass, Seeman and shelat, and against a constant fraction of Byzantine (malicious) miners; not just rational ones.

Original languageEnglish
Title of host publicationCyber Security Cryptography and Machine Learning - 5th International Symposium, CSCML 2021, Proceedings
EditorsShlomi Dolev, Oded Margalit, Benny Pinkas, Alexander Schwarzmann
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages14
ISBN (Print)9783030780852
StatePublished - 1 Jan 2021
Event5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021 - Be'er Sheva, Israel
Duration: 8 Jul 20219 Jul 2021

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume12716 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference5th International Symposium on Cyber Security Cryptography and Machine Learning, CSCML 2021
CityBe'er Sheva


  • Blockchain
  • Byzantine agreement
  • Consensus
  • Scalablility

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science (all)


Dive into the research topics of 'Tortoise and Hares Consensus: The Meshcash Framework for Incentive-Compatible, Scalable Cryptocurrencies'. Together they form a unique fingerprint.

Cite this