Scalable Byzantine Reliable Broadcast

Byzantine reliable broadcast is a powerful primitive that allows a set of processes to agree on a message from a designated sender, even if some processes (including the sender) are Byzantine. Existing broadcast protocols for this setting scale poorly, as they typically build on quorum systems with strong intersection guarantees, which results in linear per-process communication and computation complexity. We generalize the Byzantine reliable broadcast abstraction to the probabilistic setting, allowing each of its properties to be violated with a fixed, arbitrarily small probability. We leverage these relaxed guarantees in a protocol where we replace quorums with stochastic samples. Compared to quorums, samples are significantly smaller in size, leading to a more scalable design. We obtain the first Byzantine reliable broadcast protocol with logarithmic per-process communication and computation complexity. We conduct a complete and thorough analysis of our protocol, deriving bounds on the probability of each of its properties being compromised. During our analysis, we introduce a novel general technique that we call adversary decorators. Adversary decorators allow us to make claims about the optimal strategy of the Byzantine adversary without imposing any additional assumptions. We also introduce Threshold Contagion, a model of message propagation through a system with Byzantine processes. To the best of our knowledge, this is the first formal analysis of a probabilistic broadcast protocol in the Byzantine fault model. We show numerically that practically negligible failure probabilities can be achieved with realistic security parameters

Practical Byzantine Reliable Broadcast on Partially Connected Networks

In this paper, we consider the Byzantine reliable broadcast problem on authenticated and partially connected networks. The state-of-the-art method to solve this problem consists in combining two algorithms from the literature. Handling asynchrony and faulty senders is typically done thanks to Gabriel Bracha’s authenticated double-echo broadcast protocol, which assumes an asynchronous fully connected network. Danny Dolev’s algorithm can then be used to provide reliable communications between processes in the global fault model, where up to f processes among N can be faulty in a communication network that is at least 2f+1-connected. Following recent works that showed how Dolev’s protocol can be made more practical thanks to several optimizations, we show that the state-of-the-art methods to solve our problem can be optimized thanks to layer-specific and cross-layer optimizations. Our simulations with the Omnet ++ network simulator show that these optimizations can be efficiently combined to decrease the total amount of information transmitted or the protocol’s latency (e.g., respectively, -25% and -50% with a 16B payload, N=31 and f=4) compared to the state-of-the-art combination of Bracha’s and Dolev’s protocols

Foiling Sybils with HAPS in Permissionless Systems: An Address-based Peer Sampling Service

International audienceBlockchains and distributed ledgers have brought renewed interest in Byzantine fault-tolerant protocols and decentralized systems, two domains studied for several decades. Recent promising works have in particular proposed to use epidemic protocols to overcome the limitations of popular Blockchain mechanisms , such as proof-of-stake or proof-of-work. These works unfortunately assume a perfect peer-sampling service, immune to malicious attacks, a property that is difficult and costly to achieve. We revisit this fundamental problem in this paper, and propose a novel Byzantine-tolerant peer-sampling service that is resilient to Sybil attacks in open systems by exploiting the underlying structure of wide-area networks

Security Analysis of Filecoin's Expected Consensus in the Byzantine vs Honest Model

Filecoin is the largest storage-based open-source blockchain, both by storage capacity (>11EiB) and market capitalization. This paper provides the first formal security analysis of Filecoin's consensus (ordering) protocol, Expected Consensus (EC). Specifically, we show that EC is secure against an arbitrary adversary that controls a fraction $\beta$ of the total storage for $\beta m< 1- e^{-(1-\beta)m}$, where $m$ is a parameter that corresponds to the expected number of blocks per round, currently $m=5$ in Filecoin. We then present an attack, the $n$-split attack, where an adversary splits the honest miners between multiple chains, and show that it is successful for $\beta m \ge 1- e^{-(1-\beta)m}$, thus proving that $\beta m= 1- e^{-(1-\beta)m}$ is the tight security threshold of EC. This corresponds roughly to an adversary with $20\%$ of the total storage pledged to the chain. Finally, we propose two improvements to EC security that would increase this threshold. One of these two fixes is being implemented as a Filecoin Improvement Proposal (FIP).Comment: AFT 202

Communication-Efficient BFT Using Small Trusted Hardware to Tolerate Minority Corruption

Agreement protocols for partially synchronous networks tolerate fewer than one-third Byzantine faults. If parties are equipped with trusted hardware that prevents equivocation, then fault tolerance can be improved to fewer than one-half Byzantine faults, but typically at the cost of increased communication complexity. In this work, we present results that use small trusted hardware without worsening communication complexity assuming the adversary controls a fraction of the network that is less than one-half. In particular, we show a version of HotStuff that retains linear communication complexity in each view, leveraging trusted hardware to tolerate a minority of corruptions. Our result uses expander graph techniques to achieve efficient communication in a manner that may be of independent interest

Context Adaptive Cooperation

Reliable broadcast and consensus are the two pillars that support a lot of non-trivial fault-tolerant distributed middleware and fault-tolerant distributed systems. While they have close definitions, they strongly differ in the underlying assumptions needed to implement each of them. Reliable broadcast can be implemented in asynchronous systems in the presence of crash or Byzantine failures while Consensus cannot. This key difference stems from the fact that consensus involves synchronization between multiple processes that concurrently propose values, while reliable broadcast simply involves delivering a message from a predefined sender. This paper strikes a balance between these two agreement abstractions in the presence of Byzantine failures. It proposes CAC, a novel agreement abstraction that enables multiple processes to broadcast messages simultaneously, while guaranteeing that (despite potential conflicts, asynchrony, and Byzantine behaviors) the non-faulty processes will agree on messages deliveries. We show that this novel abstraction can enable more efficient algorithms for a variety of applications (such as money transfer where several people can share a same account). This is obtained by focusing the need for synchronization only on the processes that actually need to synchronize

Reliable Broadcast despite Mobile Byzantine Faults

We investigate the solvability of the Byzantine Reliable Broadcast and Byzantine Broadcast Channel problems in distributed systems affected by Mobile Byzantine Faults. We show that both problems are not solvable even in one of the most constrained system models for mobile Byzantine faults defined so far. By endowing processes with an additional local failure oracle, we provide a solution to the Byzantine Broadcast Channel problem

Balanced byzantine reliable broadcast with near-optimal communication and improved computation

CNS-1718135 - National Science Foundation; CNS-1801564 - National Science Foundation; CNS-1931714 - National Science Foundation; CNS-1915763 - National Science Foundation; HR00112020021 - Department of Defense/DARPA; 000000000000000000000000000000000000000000000000000000037211 - SRI Internationalhttps://eprint.iacr.org/2022/776.pdfFirst author draf