2 to other accounts. A set of validators with at least /3 of total voting power is also 2 1 called a /3 majority of validators. Similarly, a set of validators with at least /3 of 1 total voting power is called a /3 majority of validators. 2 Ablock is considered committed when a /3 majority of validators sign com- mit votes for that block. A fork occurs when two blocks at the same height are 2 each signed by a /3 majority of validators. By simple arithmetic, a fork can only 1 happen when at least a /3 majority of validators signs duplicitously. When a validator signs duplicitously, a short evidence transaction can be generated by anyone with the two conflicting commit-vote signatures. This ev- idence is committed into the blockchain which destroys the bonded coins of the guilty validator(s). As long as the evidence is committed before the guilty valida- tor’s coins are spent (that is, before the unbonding period is over), the validator 2 can be duly punished. Note that this does not preclude a /3 majority of validators from publishing a blockchain fork after they had unbonded and sold their coins to an unsuspecting party. This is called a long-range double-spend attack. A user can avoid long-range attacks by syncing their blockchain periodically within the bounds of the unbonding period. A double-spend attack implies a fork in the blockchain. A short-range double-spend attack occurs when a fork happens at a recent height: recent enough that the guilty validators still have their coins locked in bond. Since a fork re- 1 quires at least a /3 majority of validators to have signed duplicitously, the penalty 1 for a short-range double-spend attack is a significant proportion ( /3) of the total amount of bonded coins. Thus we can adjust the minimum cost of launching a double-spend attack by tuning the incentive to become a validator. For example, the cryptocurrency can be inflationary by way of block rewards divided amongst the validators in proportion to their voting power. The inflation rate need not be fixed, but can depend on the past average weighted transaction volume of the network as measured by coin-days-destroyed [8]. If the marginal cost of securing a validator node is negligible, the reward scheme need not be inflationary; the transaction fees paid by users may be sufficient. 6. Consensus 6.1 On Byzantine Consensus Fischer et al have shown in a seminal paper [9] that in an asynchronous system (where no assumptions are made about time) of deterministic processes, no protocol can guarantee consensus even with one faulty process. This is called the FLP impossibility result. Much research has gone into understanding ways to circumvent the FLP impossibility result by slightly modifying the problem do- 4