31 research outputs found
How to securely replicate services (preliminary version)
A method is presented for constructing replicated services that retain their availability and integrity despite several servers and clients being corrupted by an intruder, in addition to others failing benignly. More precisely, a service is replicated by 'n' servers in such a way that a correct client will accept a correct server's response if, for some prespecified parameter, k, at least k servers are correct and fewer than k servers are correct. The issue of maintaining causality among client requests is also addressed. A security breach resulting from an intruder's ability to effect a violation of causality in the sequence of requests processed by the service is illustrated. An approach to counter this problem is proposed that requires that fewer than k servers are corrupt and, to ensure liveness, that k is less than or = n - 2t, where t is the assumed maximum total number of both corruptions and benign failures suffered by servers in any system run. An important and novel feature of these schemes is that the client need not be able to identify or authenticate even a single server. Instead, the client is required only to possess at most two public keys for the service
Scalable Byzantine Reliable Broadcast
Byzantine reliable broadcast is a powerful primitive that allows a set of processes to agree on a message from a designated sender, even if some processes (including the sender) are Byzantine. Existing broadcast protocols for this setting scale poorly, as they typically build on quorum systems with strong intersection guarantees, which results in linear per-process communication and computation complexity.
We generalize the Byzantine reliable broadcast abstraction to the probabilistic setting, allowing each of its properties to be violated with a fixed, arbitrarily small probability. We leverage these relaxed guarantees in a protocol where we replace quorums with stochastic samples. Compared to quorums, samples are significantly smaller in size, leading to a more scalable design. We obtain the first Byzantine reliable broadcast protocol with logarithmic per-process communication and computation complexity.
We conduct a complete and thorough analysis of our protocol, deriving bounds on the probability of each of its properties being compromised. During our analysis, we introduce a novel general technique that we call adversary decorators. Adversary decorators allow us to make claims about the optimal strategy of the Byzantine adversary without imposing any additional assumptions. We also introduce Threshold Contagion, a model of message propagation through a system with Byzantine processes. To the best of our knowledge, this is the first formal analysis of a probabilistic broadcast protocol in the Byzantine fault model. We show numerically that practically negligible failure probabilities can be achieved with realistic security parameters
The Isis project: Fault-tolerance in large distributed systems
This final status report covers activities of the Isis project during the first half of 1992. During the report period, the Isis effort has achieved a major milestone in its effort to redesign and reimplement the Isis system using Mach and Chorus as target operating system environments. In addition, we completed a number of publications that address issues raised in our prior work; some of these have recently appeared in print, while others are now being considered for publication in a variety of journals and conferences
Maximal Extractable Value (MEV) Protection on a DAG
Many cryptocurrency platforms are vulnerable to Maximal Extractable Value (MEV) attacks [Daian et al., 2020], where a malicious consensus leader can inject transactions or change the order of user transactions to maximize its profit.
A promising line of research in MEV mitigation is to enhance the Byzantine fault tolerance (BFT) consensus core of blockchains by new functionalities, like hiding transaction contents, such that malicious parties cannot analyze and exploit them until they are ordered. An orthogonal line of research demonstrates excellent performance for BFT protocols designed around Directed Acyclic Graphs (DAG). They provide high throughput by keeping high network utilization, decoupling transactions\u27 dissemination from their metadata ordering, and encoding consensus logic efficiently over a DAG representing a causal ordering of disseminated messages.
This paper explains how to combine these two advances. It introduces a DAG-based protocol called Fino, that integrates MEV-resistance features into DAG-based BFT without delaying the steady spreading of transactions by the DAG transport and with zero message overhead. The scheme operates without complex secret share verifiability or recoverability, and avoids costly threshold encryption
Condorcet Attack Against Fair Transaction Ordering
We introduce the Condorcet attack, a new threat to fair transaction ordering.
Specifically, the attack undermines batch-order-fairness, the strongest notion
of transaction fair ordering proposed to date. The batch-order-fairness
guarantees that a transaction tx is ordered before tx' if a majority of nodes
in the system receive tx before tx'; the only exception (due to an
impossibility result) is when tx and tx' fall into a so-called "Condorcet
cycle". When this happens, tx and tx' along with other transactions within the
cycle are placed in a batch, and any unfairness inside a batch is ignored. In
the Condorcet attack, an adversary attempts to undermine the system's fairness
by imposing Condorcet cycles to the system. In this work, we show that the
adversary can indeed impose a Condorcet cycle by submitting as few as two
otherwise legitimate transactions to the system. Remarkably, the adversary
(e.g., a malicious client) can achieve this even when all the nodes in the
system behave honestly. A notable feature of the attack is that it is capable
of "trapping" transactions that do not naturally fall inside a cycle, i.e.
those that are transmitted at significantly different times (with respect to
the network latency). To mitigate the attack, we propose three methods based on
three different complementary approaches. We show the effectiveness of the
proposed mitigation methods through simulations, and explain their limitations
BBCA-CHAIN: One-Message, Low Latency BFT Consensus on a DAG
This paper presents a partially synchronous BFT consensus protocol powered by
BBCA, a lightly modified Byzantine Consistent Broadcast (CBC) primitive. BBCA
provides a Complete-Adopt semantic through an added probing interface to allow
either aborting the broadcast by correct nodes or exclusively, adopting the
message consistently in case of a potential delivery. It does not introduce any
extra type of messages or communication cost to CBC.
BBCA is harnessed into BBCA-CHAIN to make direct commits on a chained
backbone of a causally ordered graph of blocks, without any additional voting
blocks or artificial layering. With the help of Complete-Adopt, the additional
knowledge gained from the underlying CBC completely removes the voting latency
in popular DAG-based protocols. At the same time, causal ordering allows nodes
to propose blocks in parallel and achieve high throughput.
BBCA-CHAIN thus closes up the gap between protocols built by consistent
broadcasts (e.g., Bullshark) to those without such an abstraction (e.g.,
PBFT/HotStuff), emphasizing their shared fundamental principles. Using a
Bracha-style CBC as an example, we fully specify BBCA-CHAIN with simplicity,
serving as a solid basis for high-performance replication systems (and
blockchains)
Wendy, the Good Little Fairness Widget
The advent of decentralized trading markets introduces a number of new
challenges for consensus protocols. In addition to the `usual' attacks -- a
subset of the validators trying to prevent disagreement -- there is now the
possibility of financial fraud, which can abuse properties not normally
considered critical in consensus protocols. We investigate the issues of
attackers manipulating or exploiting the order in which transactions are
scheduled in the blockchain. More concretely, we look into relative order
fairness, i.e., ways we can assure that the relative order of transactions is
fair. We show that one of the more intuitive definitions of fairness is
impossible to achieve. We then present Wendy, a group of low overhead protocols
that can implement different concepts of fairness. Wendy acts as an additional
widget for an existing blockchain, and is largely agnostic to the underlying
blockchain and its security assumptions. Furthermore, it is possible to apply a
the protocol only for a subset of the transactions, and thus run several
independent fair markets on the same chain