10 research outputs found
Stellar Consensus by Instantiation
Stellar introduced a new type of quorum system called a Federated Byzantine Agreement System. A major difference between this novel type of quorum system and a threshold quorum system is that each participant has its own, personal notion of a quorum. Thus, unlike in a traditional BFT system, designed for a uniform notion of quorum, even in a time of synchrony one well-behaved participant may observe a quorum of well-behaved participants, while others may not.
To tackle this new problem in a more general setting, we abstract the Stellar Network as an instance of what we call Personal Byzantine Quorum Systems. Using this notion, we streamline the theory behind the Stellar Network, removing the clutter of unnecessary details, and refute the conjecture that Stellar\u27s notion of intact set is optimally fault-tolerant. Most importantly, we develop a new consensus algorithm for the new setting
Asymmetric Distributed Trust
Quorum systems are a key abstraction in distributed fault-tolerant computing for capturing trust assumptions. They can be found at the core of many algorithms for implementing reliable broadcasts, shared memory, consensus and other problems. This paper introduces asymmetric Byzantine quorum systems that model subjective trust. Every process is free to choose which combinations of other processes it trusts and which ones it considers faulty. Asymmetric quorum systems strictly generalize standard Byzantine quorum systems, which have only one global trust assumption for all processes. This work also presents protocols that implement abstractions of shared memory and broadcast primitives with processes prone to Byzantine faults and asymmetric trust. The model and protocols pave the way for realizing more elaborate algorithms with asymmetric trust
Heterogeneous Paxos
In distributed systems, a group of learners achieve consensus when, by observing the output of some acceptors, they all arrive at the same value. Consensus is crucial for ordering transactions in failure-tolerant systems. Traditional consensus algorithms are homogeneous in three ways:
- all learners are treated equally,
- all acceptors are treated equally, and
- all failures are treated equally. These assumptions, however, are unsuitable for cross-domain applications, including blockchains, where not all acceptors are equally trustworthy, and not all learners have the same assumptions and priorities. We present the first consensus algorithm to be heterogeneous in all three respects. Learners set their own mixed failure tolerances over differently trusted sets of acceptors. We express these assumptions in a novel Learner Graph, and demonstrate sufficient conditions for consensus.
We present Heterogeneous Paxos, an extension of Byzantine Paxos. Heterogeneous Paxos achieves consensus for any viable Learner Graph in best-case three message sends, which is optimal. We present a proof-of-concept implementation and demonstrate how tailoring for heterogeneous scenarios can save resources and reduce latency
On the Minimal Knowledge Required for Solving Stellar Consensus
Byzantine Consensus is fundamental for building consistent and fault-tolerant
distributed systems. In traditional quorum-based consensus protocols, quorums
are defined using globally known assumptions shared among all participants.
Motivated by decentralized applications on open networks, the Stellar
blockchain relaxes these global assumptions by allowing each participant to
define its quorums using local information. A similar model called Consensus
with Unknown Participants (CUP) studies the minimal knowledge required to solve
consensus in ad-hoc networks where each participant knows only a subset of
other participants of the system. We prove that Stellar cannot solve consensus
using the initial knowledge provided to participants in the CUP model, even
though CUP can. We propose an oracle called sink detector that augments this
knowledge, enabling Stellar participants to solve consensus.Comment: Preprint of a paper to appear at the 43rd IEEE International
Conference on Distributed Computing Systems (ICDCS 2023
From Symmetric to Asymmetric Asynchronous Byzantine Consensus
Consensus is arguably one of the most important notions in distributed
computing. Among asynchronous, randomized, and signature-free implementations,
the protocols of Most\'efaoui et al. (PODC 2014 and JACM 2015) represent a
landmark result, which has been extended later and taken up in practical
systems. The protocols achieve optimal resilience and takes, in expectation,
only a constant expected number of rounds of quadratic message complexity.
Randomization is provided through a common-coin primitive. In traditional
consensus protocols, all involved processes adhere to a global, symmetric
failure model, typically only defined by bounds on the number of faulty
processes. Motivated by applications to blockchains, however, more flexible
trust assumptions have recently been considered. In particular, with asymmetric
trust, a process is free to choose which other processes it trusts and which
ones might collude against it. This paper revisits the optimal asynchronous
protocol of Most\'efaoui et al. and shows how to realize it with asymmetric
trust. The paper starts by pointing out in detail why some versions of this
protocol may violate liveness. Then it proposes a fix for the protocol that
does not affect its properties, but lets it regain the simplicity of its
original version (PODC 2014). At the same time, the paper shows how to realize
randomized signature-free asynchronous Byzantine consensus with asymmetric
quorums. This results in an optimal consensus protocol with subjective,
asymmetric trust and constant expected running time. It is suitable for
applications to blockchains, for instance
Quorum Systems in Permissionless Networks
Fail-prone systems, and their quorum systems, are useful tools for the design of distributed algorithms. However, fail-prone systems as studied so far require every process to know the full system membership in order to guarantee safety through globally intersecting quorums. Thus, they are of little help in an open, permissionless setting, where such knowledge may not be available. We propose to generalize the theory of fail-prone systems to make it applicable to permissionless systems. We do so by enabling processes not only to make assumptions about failures, but also to make assumptions about the assumptions of other processes. Thus, by transitivity, processes that do not even know of any common process may nevertheless have intersecting quorums and solve, for example, reliable broadcast. Our model generalizes existing models such as the classic fail-prone system model [Malkhi and Reiter, 1998] and the asymmetric fail-prone system model [Cachin and Tackmann, OPODIS 2019]. Moreover, it gives a characterization with standard formalism of the model used by the Stellar blockchain
Open Heterogeneous Quorum Systems
In contrast to proof-of-work replication, Byzantine replicated systems
maintain consistency with higher throughput, modest energy consumption, and
deterministic liveness guarantees. If complemented with open membership and
heterogeneous trust, they have the potential to serve as a global financial
infrastructure. This paper presents a general model of heterogeneous quorum
systems, where each participant can declare its own quorums, and captures the
consistency, availability, and inclusion properties of these systems. In order
to support open membership, it then presents reconfiguration protocols for
heterogeneous quorum systems: joining and leaving of a process, and adding and
removing of a quorum. It presents trade-offs for the properties that
reconfigurations can preserve, and accordingly, presents reconfiguration
protocols and proves their correctness. It further presents a graph
characterization of heterogeneous quorum systems, and its application for
reconfiguration optimization
Semitopology: a new topological model of heterogeneous consensus
A distributed system is permissionless when participants can join and leave
the network without permission from a central authority. Many modern
distributed systems are naturally permissionless, in the sense that a central
permissioning authority would defeat their design purpose: this includes
blockchains, filesharing protocols, some voting systems, and more. By their
permissionless nature, such systems are heterogeneous: participants may only
have a partial view of the system, and they may also have different goals and
beliefs. Thus, the traditional notion of consensus -- i.e. system-wide
agreement -- may not be adequate, and we may need to generalise it.
This is a challenge: how should we understand what heterogeneous consensus
is; what mathematical framework might this require; and how can we use this to
build understanding and mathematical models of robust, effective, and secure
permissionless systems in practice?
We analyse heterogeneous consensus using semitopology as a framework. This is
like topology, but without the restriction that intersections of opens be open.
Semitopologies have a rich theory which is related to topology, but with its
own distinct character and mathematics. We introduce novel well-behavedness
conditions, including an anti-Hausdorff property and a new notion of `topen
set', and we show how these structures relate to consensus. We give a
restriction of semitopologies to witness semitopologies, which are an
algorithmically tractable subclass corresponding to Horn clause theories,
having particularly good mathematical properties. We introduce and study
several other basic notions that are specific and novel to semitopologies, and
study how known quantities in topology, such as dense subsets and closures,
display interesting and useful new behaviour in this new semitopological
context