57 research outputs found
LIPIcs, Volume 251, ITCS 2023, Complete Volume
LIPIcs, Volume 251, ITCS 2023, Complete Volum
BigDipper: A hyperscale BFT system with short term censorship resistance
Byzantine-fault-tolerant (BFT) protocols underlie a variety of decentralized
applications including payments, auctions, data feed oracles, and decentralized
social networks. In most leader-based BFT protocols, an important property that
has been missing is the censorship resistance of transaction in the short term.
The protocol should provide inclusion guarantees in the next block height even
if the current and future leaders have the intent of censoring. In this paper,
we present a BFT system, BigDipper, that achieves censorship resistance while
providing fast confirmation for clients and hyperscale throughput. The core
idea is to decentralize inclusion of transactions by allowing every BFT replica
to create their own mini-block, and then enforcing the leader on their
inclusions. To achieve this, BigDipper creates a modular system made of three
components. First, we provide a transaction broadcast protocol used by clients
as an interface to achieve a spectrum of probabilistic inclusion guarantees.
Afterwards, a distribution of BFT replicas will receive the client's
transactions and prepare mini-blocks to send to the data availability (DA)
component. The DA component characterizes the censorship resistant properties
of the whole system. We design three censorship resistant DA (DA-CR) protocols
with distinct properties captured by three parameters and demonstrate their
trade-offs. The third component interleaves the DA-CR protocols into the
consensus path of leader based BFT protocols, it enforces the leader to include
all the data from the DA-CR into the BFT block. We demonstrate an integration
with a two-phase Hotstuff-2 BFT protocol with minimal changes. BigDipper is a
modular system that can switch the consensus to other leader based BFT protocol
including Tendermint
The Blockchain Of Oz : Specifying Blockchain Failures for Scalable Protocols Offering Unprecedented Safety and Decentralization
Blockchains have starred an outstanding increase in interest from both business and research since Nakamoto’s 2008 Bitcoin. Unfortunately, many questions in terms of results that establish upper-bounds, and of proposals that approach these bounds. Furthermore, the sudden hype surrounding the blockchain world has led to several proposals that are either only partially public, informal, or not proven correct.
The main contribution of this dissertation is to build upon works that steer clear of blockchain puffery, following research methodology. The works of this dissertation converge towards a blockchain that for the first time formally proves and empirically shows deterministic guarantees in the presence of classical Byzantine adversaries, while at the same time pragmatically resolves unlucky cases in which the adversary corrupts an unprecedented percentage of the system. This blockchain is decentralized and scalable, and needs no strong assumptions like synchrony.
For this purpose, we build upon previous work and propose a novel attack of synchronous offchain protocols. We then introduce Platypus, an offchain protocol without synchrony. Secondly, we present Trap, a Byzantine fault-tolerant consensus protocol for blockchains that also tolerates up to less than half of the processes deviating. Thirdly, we present Basilic, a class of protocols that solves consensus both against a resilient-optimal Byzantine adversary and against an adversary controlling up to less than 2/3 of combined liveness and safety faults. Then, we use Basilic to present Zero-loss Blockchain (ZLB), a blockchain that tolerates less than 2/3 of safety faults of which less than 1/3 can be Byzantine. Finally, we present two random beacon protocols for committee sortition: Kleroterion and Kleroterion+ , that improve previous works in terms of communication complexity and in the number of faults tolerated, respectively
Recommended from our members
Examining university student satisfaction and barriers to taking online remote exams
Recent years have seen a surge in the popularity of online exams at universities, due to the greater convenience and flexibility they offer both students and institutions. Driven by the dearth of empirical data on distance learning students' satisfaction levels and the difficulties they face when taking online exams, a survey with 562 students at The Open University (UK) was conducted to gain insights into their experiences with this type of exam. Satisfaction was reported with the environment and exams, while work commitments and technical difficulties presented the greatest barriers. Gender, race and disability were also associated with different levels of satisfaction and barriers. This study adds to the increasing number of studies into online exams, demonstrating how this type of exam can still have a substantial effect on students experienced in online learning systems and
technologies
Securing the Next Generation Web
With the ever-increasing digitalization of society, the need for secure systems is growing. While some security features, like HTTPS, are popular, securing web applications, and the clients we use to interact with them remains difficult.To secure web applications we focus on both the client-side and server-side. For the client-side, mainly web browsers, we analyze how new security features might solve a problem but introduce new ones. We show this by performing a systematic analysis of the new Content Security Policy (CSP)\ua0 directive navigate-to. In our research, we find that it does introduce new vulnerabilities, to which we recommend countermeasures. We also create AutoNav, a tool capable of automatically suggesting navigation policies for this directive. Finding server-side vulnerabilities in a black-box setting where\ua0 there is no access to the source code is challenging. To improve this, we develop novel black-box methods for automatically finding vulnerabilities. We\ua0 accomplish this by identifying key challenges in web scanning and combining the best of previous methods. Additionally, we leverage SMT solvers to\ua0 further improve the coverage and vulnerability detection rate of scanners.In addition to browsers, browser extensions also play an important role in the web ecosystem. These small programs, e.g. AdBlockers and password\ua0 managers, have powerful APIs and access to sensitive user data like browsing history. By systematically analyzing the extension ecosystem we find new\ua0 static and dynamic methods for detecting both malicious and vulnerable extensions. In addition, we develop a method for detecting malicious extensions\ua0 solely based on the meta-data of downloads over time. We analyze new attack vectors introduced by Google’s new vehicle OS, Android Automotive. This\ua0 is based on Android with the addition of vehicle APIs. Our analysis results in new attacks pertaining to safety, privacy, and availability. Furthermore, we\ua0 create AutoTame, which is designed to analyze third-party apps for vehicles for the vulnerabilities we found
- …