7 research outputs found
The Contest Between Simplicity and Efficiency in Asynchronous Byzantine Agreement
In the wake of the decisive impossibility result of Fischer, Lynch, and
Paterson for deterministic consensus protocols in the aynchronous model with
just one failure, Ben-Or and Bracha demonstrated that the problem could be
solved with randomness, even for Byzantine failures. Both protocols are natural
and intuitive to verify, and Bracha's achieves optimal resilience. However, the
expected running time of these protocols is exponential in general. Recently,
Kapron, Kempe, King, Saia, and Sanwalani presented the first efficient
Byzantine agreement algorithm in the asynchronous, full information model,
running in polylogarithmic time. Their algorithm is Monte Carlo and drastically
departs from the simple structure of Ben-Or and Bracha's Las Vegas algorithms.
In this paper, we begin an investigation of the question: to what extent is
this departure necessary? Might there be a much simpler and intuitive Las Vegas
protocol that runs in expected polynomial time? We will show that the
exponential running time of Ben-Or and Bracha's algorithms is no mere accident
of their specific details, but rather an unavoidable consequence of their
general symmetry and round structure. We define a natural class of "fully
symmetric round protocols" for solving Byzantine agreement in an asynchronous
setting and show that any such protocol can be forced to run in expected
exponential time by an adversary in the full information model. We assume the
adversary controls Byzantine processors for , where is an
arbitrary positive constant . We view our result as a step toward
identifying the level of complexity required for a polynomial-time algorithm in
this setting, and also as a guide in the search for new efficient algorithms.Comment: 21 page
A Fair and Resilient Decentralized Clock Network for Transaction Ordering
Traditional blockchain design gives miners or validators full control over
transaction ordering, i.e., they can freely choose which transactions to
include or exclude, as well as in which order. While not an issue initially,
the emergence of decentralized finance has introduced new transaction order
dependencies allowing parties in control of the ordering to make a profit by
front-running others' transactions. In this work, we present the Decentralized
Clock Network, a new approach for achieving fair transaction ordering. Users
submit their transactions to the network's clocks, which run an agreement
protocol that provides each transaction with a timestamp of receipt which is
then used to define the transactions' order. By separating agreement from
ordering, our protocol is efficient and has a simpler design compared to other
available solutions. Moreover, our protocol brings to the blockchain world the
paradigm of asynchronous fallback, where the algorithm operates with stronger
fairness guarantees during periods of synchronous use, switching to an
asynchronous mode only during times of increased network delay.Comment: In Proceedings of 27th International Conference on Principles of
Distributed Systems (OPODIS
Signature-Free Asynchronous Binary Byzantine Consensus with tn/3, O(nÂČ) Messages, and O(1) Expected Time
International audienceThis paper is on broadcast and agreement in asynchronous message-passing systems made up of n processes, and where up to t processes may have a Byzantine Behavior. Its first contribution is a powerful , yet simple, all-to-all broadcast communication abstraction suited to binary values. This abstraction, which copes with up to t < n/3 Byzantine processes, allows each process to broadcast a binary value, and obtain a set of values such that (1) no value broadcast only by Byzantine processes can belong to the set of a correct process, and (2) if the set obtained by a correct process contains a single value v, then the set obtained by any correct process contains v. The second contribution of the paper is a new round-based asynchronous consensus algorithm that copes with up to t < n/3 Byzantine processes. This algorithm is based on the previous binary broadcast abstraction and a weak common coin. In addition of being signature-free and optimal with respect to the value of t, this consensus algorithm has several noteworthy properties: the expected number of rounds to decide is constant; each round is composed of a constant number of communication steps and involves O(nÂČ) messages; each message is composed of a round number plus a constant number of bits. Moreover , the algorithm tolerates message reordering by the adversary (i.e., the Byzantine processes)
The Bitcoin Backbone Protocol: Analysis and Applications
Bitcoin is the first and most popular decentralized cryptocurrency to date. In this work, we extract and analyze the core of the Bitcoin protocol, which we term the Bitcoin backbone, and prove two of its fundamental properties which we call common prefix and chain quality in the static setting where the number of players remains fixed. Our proofs hinge on appropriate and novel assumptions on the hashing power of the adversary relative to network synchronicity; we show our results to be tight under high synchronization.
Next, we propose and analyze applications that can be built on top of the backbone protocol, specifically focusing on Byzantine agreement (BA) and on the notion of a public transaction ledger. Regarding BA, we observe that Nakamoto\u27s suggestion falls short of solving it, and present a simple alternative which works assuming that the adversary\u27s hashing power is bounded by 1/3. The public transaction ledger captures the essence of Bitcoin\u27s operation as a cryptocurrency, in the sense that it guarantees the liveness and persistence of committed transactions. Based on this notion we describe and analyze the Bitcoin system as well as a more elaborate BA protocol, proving them secure assuming high network synchronicity and that the adversary\u27s hashing power is strictly less than 1/2, while the adversarial bound needed for security decreases as the network desynchronizes.
Finally, we show that our analysis of the Bitcoin backbone protocol for synchronous networks extends with relative ease to the recently considered partially synchronous model, where there is an upper bound in the delay of messages that is unknown to the honest parties