24 research outputs found
Expected Linear Round Synchronization: The Missing Link for Linear Byzantine SMR
State Machine Replication (SMR) solutions often divide time into rounds, with
a designated leader driving decisions in each round. Progress is guaranteed
once all correct processes synchronize to the same round, and the leader of
that round is correct. Recently suggested Byzantine SMR solutions such as
HotStuff, Tendermint, and LibraBFT achieve progress with a linear message
complexity and a constant time complexity once such round synchronization
occurs. But round synchronization itself incurs an additional cost. By Dolev
and Reischuk's lower bound, any deterministic solution must have
communication complexity. Yet the question of randomized round synchronization
with an expected linear message complexity remained open.
We present an algorithm that, for the first time, achieves round
synchronization with expected linear message complexity and expected constant
latency. Existing protocols can use our round synchronization algorithm to
solve Byzantine SMR with the same asymptotic performance
A Simple Reduction from State Machine Replication to Binary Agreement in Partially Synchronous or Asynchronous Networks
The recent advent of blockchains has spurred a huge interest in the research and development of numerous cryptocurrencies as well as understanding the fundamental concepts that underly this technology. At the heart of this design is the classic state machine replication protocol in which a group of n machines (out of which f are Byzantine) want to agree on an ever-growing log of transactions. In this paper, we present a simple black box reduction from state machine replication (SMR) to the classical binary agreement (BA) protocol on top of a fully decentralized network. We consider both synchronous and partially synchronous/asynchronous settings for our reduction. We also present an algorithm for a reduction from BA to SMR, thus establishing an equivalence between the two. In each of these settings, we analyze our algorithms with respect to the required security properties. Although there is prior work that establishes these reductions, our solutions are simpler (at the cost of efficiency) and useful from a pedagogical point of view
Oracular Byzantine Reliable Broadcast
Byzantine Reliable Broadcast (BRB) is a fundamental distributed computing primitive, with applications ranging from notifications to asynchronous payment systems. Motivated by practical consideration, we study Client-Server Byzantine Reliable Broadcast (CSB), a multi-shot variant of BRB whose interface is split between broadcasting clients and delivering servers. We present Draft, an optimally resilient implementation of CSB. Like most implementations of BRB, Draft guarantees both liveness and safety in an asynchronous environment. Under good conditions, however, Draft achieves unparalleled efficiency. In a moment of synchrony, free from Byzantine misbehaviour, and at the limit of infinitely many broadcasting clients, a Draft server delivers a b-bits payload at an asymptotic amortized cost of 0 signature verifications, and (log?(c) + b) bits exchanged, where c is the number of clients in the system. This is the information-theoretical minimum number of bits required to convey the payload (b bits, assuming it is compressed), along with an identifier for its sender (log?(c) bits, necessary to enumerate any set of c elements, and optimal if broadcasting frequencies are uniform or unknown). These two achievements have profound practical implications. Real-world BRB implementations are often bottlenecked either by expensive signature verifications, or by communication overhead. For Draft, instead, the network is the limit: a server can deliver payloads as quickly as it would receive them from an infallible oracle
Pravuil: Global Consensus for a United World
Pravuil is a robust, secure, and scalable consensus protocol for a permissionless blockchain suitable for deployment in an adversarial environment such as the Internet. Pravuil circumvents previous shortcomings of other blockchains:
- Bitcoin’s limited adoption problem: as transaction demand grows, payment confirmation times grow much lower than other PoW blockchains
- higher transaction security at a lower cost
- more decentralisation than other permissionless blockchains
- impossibility of full decentralisation and the blockchain scalability trilemma: decentralisation, scalability, and security can be achieved simultaneously
- Sybil-resistance for free implementing the social optimum
- Pravuil goes beyond the economic limits of Bitcoin or other PoW/PoS blockchains, leading to a more valuable and stable crypto-currenc
Context Adaptive Cooperation
Reliable broadcast and consensus are the two pillars that support a lot of
non-trivial fault-tolerant distributed middleware and fault-tolerant
distributed systems. While they have close definitions, they strongly differ in
the underlying assumptions needed to implement each of them. Reliable broadcast
can be implemented in asynchronous systems in the presence of crash or
Byzantine failures while Consensus cannot. This key difference stems from the
fact that consensus involves synchronization between multiple processes that
concurrently propose values, while reliable broadcast simply involves
delivering a message from a predefined sender. This paper strikes a balance
between these two agreement abstractions in the presence of Byzantine failures.
It proposes CAC, a novel agreement abstraction that enables multiple processes
to broadcast messages simultaneously, while guaranteeing that (despite
potential conflicts, asynchrony, and Byzantine behaviors) the non-faulty
processes will agree on messages deliveries. We show that this novel
abstraction can enable more efficient algorithms for a variety of applications
(such as money transfer where several people can share a same account). This is
obtained by focusing the need for synchronization only on the processes that
actually need to synchronize
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Spin One’s Wheels? Byzantine Fault Tolerance with a Spinning Primary
Reviewed by Hans ReiserMost Byzantine fault-tolerant state machine replication (BFT) algorithms have a primary replica that is in charge of ordering the clients requests. Recently it was shown
that this dependence allows a faulty primary to degrade the performance of the system to a small fraction of what the environment allows. In this paper we present Spinning, a novel BFT algorithm that mitigates such performance attacks by changing the primary after every batch of pending requests
is accepted for execution. This novel mode of operation deals with those attacks at a much lower cost than previous solutions,
maintaining a throughput equal or better to the algorithm that is usually considered to be the baseline in the area, Castro and
Liskov’s PBFT