Security is an absolute necessity for a public blockchain in which all participants can safely transact, hold high-value assets, and build trusted enterprise applications. Algorand maintains security against attacks at both the consensus protocol level and the network level—all while protecting the safety of individual users accounts.
A user’s account must be online to participate in the consensus protocol. However, to reduce exposure, online users do not use their spending keys (i.e., the keys they use to sign transactions and spend their stake) to participate in consensus. Instead, a user must generate and register a secret participation key before going online. With this key, an online account can participate in proposing and confirming blocks. A participation key expires after a certain number of rounds, after which it is removed and a new participation key must be generated to continue participating. Furthermore, a user’s spending key and participation keys are separated, and the secret key can be stored offline in cold storage. As a result, a user’s stake remains safe even if their participation keys are corrupted.
Algorand’s consensus protocol is designed to prevent powerful adversaries from corrupting enough users so as to control block generation. Unlike other protocols, neither a few delegated users nor a fixed committee is responsible for propagating blocks. Instead, the selection of users to participate in the certification of blocks is done randomly and secretly, without any communication among the users. An adversary does not know who will generate the next block (and thus should be targeted) until after a selected user participates in the consensus protocol. And by the time an adversary realizes that a user is selected, it is too late for them to benefit from an attack; the user has already sent their message and fulfilled their responsibility in the consensus protocol.
Furthermore, in the next step and round of the protocol, another set of participants will again be privately and individually chosen. Participants change every step and round of block selection in order to protect the network against attackers.
Any decentralized system is susceptible to a network attack in which an adversary targets the communication links between users, making it difficult or impossible for users to interact. An adversary could partition the network into isolated pieces, so that members of one piece can only communicate with each other but not with members of other pieces. During a network partition, the network is completely asynchronous and the adversary has total control over who receives which messages and when. If the partition lasts long enough and the underlying blockchain didn't take this into consideration in its design, then the adversary may be able to convince different groups of users to accept different blocks at the same height in the blockchain. As a result, contradicting transactions will be accepted by different users, allowing the adversary to double-spend their money.
By contrast, during a network partition in Algorand, the adversary is never able to convince two honest users to accept two different blocks for the same round. This is true even when the partition may last for an indefinite amount of time and nobody knows when it will be resolved. Algorand’s chain never forks and users’ balances remain secure. At most, one block can be certified and written to the chain in a given round. Accordingly, all transactions are final in Algorand. Once a block appears, users can rely on the transactions it contains immediately and they can be confident that the block will forever be part of the chain, which means the assets they receive are safe.
In addition, although no blockchain can guarantee that blocks are written to the chain during a partition, Algorand is able to recover shortly after the partition is resolved and guarantees that new blocks will be generated at the same speed as before the partition. After a set of Algorand nodes sees no progress for a while (roughly a little more time than it takes to agree on one block), the nodes enter partition recovery mode. In this state, besides continuing the consensus protocol, the nodes are periodically sending out recovery messages. During a partition, these messages are not propagated properly. However, these messages are quickly propagated once the partition has healed, and when a required threshold of messages is accumulated, the states of the nodes are realigned and the blockchain continues to move forward. This allows Algorand to recover almost instantly from partitions.