397 research outputs found
Brief announcement: asynchronous verifiable information dispersal with near-optimal communication
CNS-1718135 - National Science Foundation; CNS-1801564 - National Science Foundation; CNS-1931714 - National Science Foundation; CNS-1915763 - National Science Foundation; HR00112020021 - Department of Defense/DARPA; 000000000000000000000000000000000000000000000000000000037211 - SRI Internationalhttps://eprint.iacr.org/2022/775.pdfFirst author draf
Asynchronous Verifiable Information Dispersal with Near-Optimal Communication
We present a near-optimal asynchronous verifiable information dispersal (AVID) protocol. The total dispersal cost of our AVID protocol is , and the retrieval cost per client is . Unlike prior works, our AVID protocol only assumes the existence of collision-resistant hash functions. Also, in our AVID protocol, the dispersing client incurs a communication cost of in comparison to of prior best. Moreover, each node in our AVID protocol incurs a storage cost of bits, in comparison to bits of prior best. Finally, we present lower bound results on communication cost and show that our AVID protocol has near-optimal communication costs -- only a factor of gap from the lower bounds
Near-optimal Balanced Reliable Broadcast and Asynchronous Verifiable Information Dispersal
In this paper, we present near-optimal asynchronous Byzantine reliable broadcast (RBC) protocols with balanced costs and an improved asynchronous verifiable information dispersal (AVID) protocol. Assuming the existence of collision-resistant hash functions, our RBC protocol broadcasts a message among nodes with total communication cost and per-node communication cost . In contrast, the state-of-the-art reliable broadcast protocol either has per-node cost , or has imbalanced costs where the broadcaster incurs while other nodes incur a communication cost of . We also present an error-free RBC protocol that makes no computational assumption and has total communication cost and per-node communication cost . In contrast, the state-of-the-art error-free RBC protocol has total cost of , and the broadcaster has imbalanced cost of .
We then use our new balanced RBC and additional techniques to design an asynchronous verifiable information dispersal (AVID) protocol with total dispersal cost , retrieval cost , and no trusted setup. In our AVID protocol, the client incurs a communication cost of in comparison to of prior best. Moreover, each node in our AVID protocol incurs a storage cost of bits, in comparison to bits of prior best. Finally, we present lower bound results on communication cost
and show that our balanced RBC and AVID protocols have near-optimal communication costs -- only an factor of or gap from the lower bounds
Every Bit Counts in Consensus
Consensus enables n processes to agree on a common valid L-bit value, despite
t < n/3 processes being faulty and acting arbitrarily. A long line of work has
been dedicated to improving the worst-case communication complexity of
consensus in partial synchrony. This has recently culminated in the worst-case
word complexity of O(n^2). However, the worst-case bit complexity of the best
solution is still O(n^2 L + n^2 kappa) (where kappa is the security parameter),
far from the \Omega(n L + n^2) lower bound. The gap is significant given the
practical use of consensus primitives, where values typically consist of
batches of large size (L > n).
This paper shows how to narrow the aforementioned gap while achieving optimal
linear latency. Namely, we present a new algorithm, DARE (Disperse, Agree,
REtrieve), that improves upon the O(n^2 L) term via a novel dispersal
primitive. DARE achieves O(n^{1.5} L + n^{2.5} kappa) bit complexity, an
effective sqrt{n}-factor improvement over the state-of-the-art (when L > n
kappa). Moreover, we show that employing heavier cryptographic primitives,
namely STARK proofs, allows us to devise DARE-Stark, a version of DARE which
achieves the near-optimal bit complexity of O(n L + n^2 poly(kappa)). Both DARE
and DARE-Stark achieve optimal O(n) latency
Maximal Extractable Value (MEV) Protection on a DAG
Many cryptocurrency platforms are vulnerable to Maximal Extractable Value (MEV) attacks [Daian et al., 2020], where a malicious consensus leader can inject transactions or change the order of user transactions to maximize its profit.
A promising line of research in MEV mitigation is to enhance the Byzantine fault tolerance (BFT) consensus core of blockchains by new functionalities, like hiding transaction contents, such that malicious parties cannot analyze and exploit them until they are ordered. An orthogonal line of research demonstrates excellent performance for BFT protocols designed around Directed Acyclic Graphs (DAG). They provide high throughput by keeping high network utilization, decoupling transactions\u27 dissemination from their metadata ordering, and encoding consensus logic efficiently over a DAG representing a causal ordering of disseminated messages.
This paper explains how to combine these two advances. It introduces a DAG-based protocol called Fino, that integrates MEV-resistance features into DAG-based BFT without delaying the steady spreading of transactions by the DAG transport and with zero message overhead. The scheme operates without complex secret share verifiability or recoverability, and avoids costly threshold encryption
Brief Announcement: Auditable Register Emulations
We initiate the study of auditable storage emulations, which provide the capability for an auditor to report the previously executed reads in a register. We define the notion of auditable register and its properties, and establish tight bounds and impossibility results for auditable storage emulations in the presence of faulty base storage objects. Our formulation considers registers that securely store data using information dispersal (each base object stores only a block of the written value) and supporting fast reads (that complete in one communication round-trip). In such a scenario, given a maximum number f of faulty storage objects and a minimum number ? of data blocks required to recover a stored value, we prove that (R1) auditability is impossible if ? ? 2f; (R2) implementing a weak form of auditability requires ? ? 3f+1; and (R3) a stronger form of auditability is impossible. We also show that (R4) signing read requests generically overcomes the lower bound of weak auditability, while (R5 and R6) totally ordering operations or using non-fast reads enables strong auditability. These results establish that practical storage emulations need f to 2f additional objects compared to their original lower bounds to support auditability
Swiper and Dora: efficient solutions to weighted distributed problems
The majority of fault-tolerant distributed algorithms are designed assuming a
nominal corruption model, in which at most a fraction of parties can be
corrupted by the adversary. However, due to the infamous Sybil attack, nominal
models are not sufficient to express the trust assumptions in open (i.e.,
permissionless) settings. Instead, permissionless systems typically operate in
a weighted model, where each participant is associated with a weight and the
adversary can corrupt a set of parties holding at most a fraction of
total weight.
In this paper, we suggest a simple way to transform a large class of
protocols designed for the nominal model into the weighted model. To this end,
we formalize and solve three novel optimization problems, which we collectively
call the weight reduction problems, that allow us to map large real weights
into small integer weights while preserving the properties necessary for the
correctness of the protocols. In all cases, we manage to keep the sum of the
integer weights to be at most linear in the number of parties, resulting in
extremely efficient protocols for the weighted model. Moreover, we demonstrate
that, on weight distributions that emerge in practice, the sum of the integer
weights tends to be far from the theoretical worst-case and, often even smaller
than the number of participants.
While, for some protocols, our transformation requires an arbitrarily small
reduction in resilience (i.e., ), surprisingly, for many
important problems we manage to obtain weighted solutions with the same
resilience () as nominal ones. Notable examples include asynchronous
consensus, verifiable secret sharing, erasure-coded distributed storage and
broadcast protocols
BigDipper: A hyperscale BFT system with short term censorship resistance
Byzantine-fault-tolerant (BFT) protocols underlie a variety of decentralized
applications including payments, auctions, data feed oracles, and decentralized
social networks. In most leader-based BFT protocols, an important property that
has been missing is the censorship resistance of transaction in the short term.
The protocol should provide inclusion guarantees in the next block height even
if the current and future leaders have the intent of censoring. In this paper,
we present a BFT system, BigDipper, that achieves censorship resistance while
providing fast confirmation for clients and hyperscale throughput. The core
idea is to decentralize inclusion of transactions by allowing every BFT replica
to create their own mini-block, and then enforcing the leader on their
inclusions. To achieve this, BigDipper creates a modular system made of three
components. First, we provide a transaction broadcast protocol used by clients
as an interface to achieve a spectrum of probabilistic inclusion guarantees.
Afterwards, a distribution of BFT replicas will receive the client's
transactions and prepare mini-blocks to send to the data availability (DA)
component. The DA component characterizes the censorship resistant properties
of the whole system. We design three censorship resistant DA (DA-CR) protocols
with distinct properties captured by three parameters and demonstrate their
trade-offs. The third component interleaves the DA-CR protocols into the
consensus path of leader based BFT protocols, it enforces the leader to include
all the data from the DA-CR into the BFT block. We demonstrate an integration
with a two-phase Hotstuff-2 BFT protocol with minimal changes. BigDipper is a
modular system that can switch the consensus to other leader based BFT protocol
including Tendermint
- …