1,919 research outputs found
Scalable Bias-Resistant Distributed Randomness
Bias-resistant public randomness is a critical component in many (distributed) protocols. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We propose two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. RandHound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeonhole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon. RandHerd is structurally similar to a BFT protocol, but uses RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. For example, when sharding 512 nodes into groups of 32, our experiments show that RandHound can produce fresh random output after 240 seconds. RandHerd, after a setup phase of 260 seconds, is able to generate fresh random output in intervals of approximately 6 seconds. For this configuration, both protocols operate at a failure probability of at most 0.08% against a Byzantine adversary
QuickSync: A Quickly Synchronizing PoS-Based Blockchain Protocol
To implement a blockchain, we need a blockchain protocol for all the nodes to
follow. To design a blockchain protocol, we need a block publisher selection
mechanism and a chain selection rule. In Proof-of-Stake (PoS) based blockchain
protocols, block publisher selection mechanism selects the node to publish the
next block based on the relative stake held by the node. However, PoS
protocols, such as Ouroboros v1, may face vulnerability to fully adaptive
corruptions.
In this paper, we propose a novel PoS-based blockchain protocol, QuickSync,
to achieve security against fully adaptive corruptions while improving on
performance. We propose a metric called block power, a value defined for each
block, derived from the output of the verifiable random function based on the
digital signature of the block publisher. With this metric, we compute chain
power, the sum of block powers of all the blocks comprising the chain, for all
the valid chains. These metrics are a function of the block publisher's stake
to enable the PoS aspect of the protocol. The chain selection rule selects the
chain with the highest chain power as the one to extend. This chain selection
rule hence determines the selected block publisher of the previous block. When
we use metrics to define the chain selection rule, it may lead to
vulnerabilities against Sybil attacks. QuickSync uses a Sybil attack resistant
function implemented using histogram matching. We prove that QuickSync
satisfies common prefix, chain growth, and chain quality properties and hence
it is secure. We also show that it is resilient to different types of
adversarial attack strategies. Our analysis demonstrates that QuickSync
performs better than Bitcoin by an order of magnitude on both transactions per
second and time to finality, and better than Ouroboros v1 by a factor of three
on time to finality
Breeding unicorns:Developing trustworthy and scalable randomness beacons
Randomness beacons are services that periodically emit a random number, allowing users to base decisions on the same random value without trusting anyone: ideally, the randomness beacon does not only produce unpredictable values, but is also of low computational complexity for the users, bias-resistant and publicly verifiable. Such randomness beacons can serve as an important primitive for smart contracts in a variety of contexts. This paper first presents a structured security analysis, based on which we then design, implement, and evaluate a trustworthy and efficient randomness beacon. Our approach does not require users to register or run any computationally intensive operations. We then compare different implementation and deployment options on distributed ledgers, and report on an Ethereum smart contract-based lottery using our beacon
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Scalable Byzantine Reliable Broadcast
Byzantine reliable broadcast is a powerful primitive that allows a set of processes to agree on a message from a designated sender, even if some processes (including the sender) are Byzantine. Existing broadcast protocols for this setting scale poorly, as they typically build on quorum systems with strong intersection guarantees, which results in linear per-process communication and computation complexity.
We generalize the Byzantine reliable broadcast abstraction to the probabilistic setting, allowing each of its properties to be violated with a fixed, arbitrarily small probability. We leverage these relaxed guarantees in a protocol where we replace quorums with stochastic samples. Compared to quorums, samples are significantly smaller in size, leading to a more scalable design. We obtain the first Byzantine reliable broadcast protocol with logarithmic per-process communication and computation complexity.
We conduct a complete and thorough analysis of our protocol, deriving bounds on the probability of each of its properties being compromised. During our analysis, we introduce a novel general technique that we call adversary decorators. Adversary decorators allow us to make claims about the optimal strategy of the Byzantine adversary without imposing any additional assumptions. We also introduce Threshold Contagion, a model of message propagation through a system with Byzantine processes. To the best of our knowledge, this is the first formal analysis of a probabilistic broadcast protocol in the Byzantine fault model. We show numerically that practically negligible failure probabilities can be achieved with realistic security parameters
A Game-theoretic Approach for Provably-Uniform Random Number Generation in Decentralized Networks
Many protocols in distributed computing rely on a source of randomness,
usually called a random beacon, both for their applicability and security. This
is especially true for proof-of-stake blockchain protocols in which the next
miner or set of miners have to be chosen randomly and each party's likelihood
to be selected is in proportion to their stake in the cryptocurrency.
Current random beacons used in proof-of-stake protocols, such as Ouroboros
and Algorand, have two fundamental limitations: Either (i)~they rely on
pseudorandomness, e.g.~assuming that the output of a hash function is uniform,
which is a widely-used but unproven assumption, or (ii)~they generate their
randomness using a distributed protocol in which several participants are
required to submit random numbers which are then used in the generation of a
final random result. However, in this case, there is no guarantee that the
numbers provided by the parties are uniformly random and there is no incentive
for the parties to honestly generate uniform randomness. Most random beacons
have both limitations.
In this thesis, we provide a protocol for distributed generation of
randomness. Our protocol does not rely on pseudorandomness at all. Similar to
some of the previous approaches, it uses random inputs by different
participants to generate a final random result. However, the crucial difference
is that we provide a game-theoretic guarantee showing that it is in everyone's
best interest to submit uniform random numbers. Hence, our approach is the
first to incentivize honest behavior instead of just assuming it. Moreover, the
approach is trustless and generates unbiased random numbers. It is also
tamper-proof and no party can change the output or affect its distribution.
Finally, it is designed with modularity in mind and can be easily plugged into
existing distributed protocols such as proof-of-stake blockchains.Comment: 36 pages excluding reference. Game-theoretic Randomness for
Proof-of-Stake in MARBLE (2023
- …