Data Currency in Replicated DHTs

International audienceDistributed Hash Tables (DHTs) provide a scalable solution for data sharing in P2P systems. To ensure high data availability, DHTs typically rely on data replication, yet without data currency guarantees. Supporting data currency in replicated DHTs is difficult as it requires the ability to return a current replica despite peers leaving the network or concurrent updates. In this paper, we give a complete solution to this problem. We propose an Update Management Service (UMS) to deal with data availability and efficient retrieval of current replicas based on timestamping. For generating timestamps, we propose a Key-based Timestamping Service (KTS) which performs distributed timestamp generation using local counters. Through probabilistic analysis, we compute the expected number of replicas which UMS must retrieve for finding a current replica. Except for the cases where the availability of current replicas is very low, the expected number of retrieved replicas is typically small, e.g. if at least 35% of available replicas are current then the expected number of retrieved replicas is less than 3. We validated our solution through implementation and experimentation over a 64-node cluster and evaluated its scalability through simulation up to 10,000 peers using SimJava. The results show the effectiveness of our solution. They also show that our algorithm used in UMS achieves major performance gains, in terms of response time and communication cost, compared with a baseline algorithm

Currency management system: a distributed banking service for the grid

Market based resource allocation mechanisms require mechanisms to regulate and manage the usage of traded resources. One mechanism to control this is the definition of some kind of currency. Within this context, we have implemented a first prototype of our Currency Management System, which stands for a decentralized and scalable banking service for the Grid. Basically, our system stores user accounts within a DHT and its basic operation is the transferFunds which, as its name suggests, transfers virtual currency from an account to one another

P2P Logging and Timestamping for Reconciliation

ISBN : 978-1-60558-306-8/08/08Dans VLDB 2008International audienceIn this paper, we address data reconciliation in peer-to-peer (P2P) collaborative applications. We propose P2P-LTR (Logging and Timestamping for Reconciliation) which provides P2P logging and timestamping services for P2P reconciliation over a distributed hash table (DHT). While updating at collaborating peers, updates are timestamped and stored in a highly available P2P log. During reconciliation, these updates are retrieved in total order to enforce eventual consistency. In this paper, we first give an overview of P2P-LTR with its model and its main procedures. We then present our prototype used to validate P2P-LTR. To demonstrate P2P-LTR, we propose several scenarios that test our solutions and measure performance. In particular, we demonstrate how P2P-LTR handles the dynamic behavior of peers with respect to the DHT

P2P Logging and Timestamping for Reconciliation

In this report, we address data reconciliation in peer-to-peer (P2P) collaborative applications. We propose P2P-LTR (Logging and Timestamping for Reconciliation) which provides P2P logging and timestamping services for P2P reconciliation over a distributed hash table (DHT). While updating at collaborating peers, updates are timestamped and stored in a highly available P2P log. During reconciliation, these updates are retrieved in total order to enforce eventual consistency. In this report, we first give an overview of P2P-LTR with its model and its main procedures. We then present our prototype used to validate P2P-LTR. To demonstrate P2P-LTR, we propose several scenarios that test our solutions and measure performance. In particular, we demonstrate how P2P-LTR handles the dynamic behavior of peers with respect to the DHT

Empirical and Analytical Perspectives on the Robustness of Blockchain-related Peer-to-Peer Networks

Die Erfindung von Bitcoin hat ein großes Interesse an dezentralen Systemen geweckt. Eine häufige Zuschreibung an dezentrale Systeme ist dabei, dass eine Dezentralisierung automatisch zu einer höheren Sicherheit und Widerstandsfähigkeit gegenüber Angriffen führt. Diese Dissertation widmet sich dieser Zuschreibung, indem untersucht wird, ob dezentralisierte Anwendungen tatsächlich so robust sind. Dafür werden exemplarisch drei Systeme untersucht, die häufig als Komponenten in komplexen Blockchain-Anwendungen benutzt werden: Ethereum als Infrastruktur, IPFS zur verteilten Datenspeicherung und schließlich "Stablecoins" als Tokens mit Wertstabilität. Die Sicherheit und Robustheit dieser einzelnen Komponenten bestimmt maßgeblich die Sicherheit des Gesamtsystems in dem sie verwendet werden; darüber hinaus erlaubt der Fokus auf Komponenten Schlussfolgerungen über individuelle Anwendungen hinaus. Für die entsprechende Analyse bedient sich diese Arbeit einer empirisch motivierten, meist Netzwerklayer-basierten Perspektive -- angereichert mit einer ökonomischen im Kontext von Wertstabilen Tokens. Dieses empirische Verständnis ermöglicht es Aussagen über die inhärenten Eigenschaften der studierten Systeme zu treffen. Ein zentrales Ergebnis dieser Arbeit ist die Entdeckung und Demonstration einer "Eclipse-Attack" auf das Ethereum Overlay. Mittels eines solchen Angriffs kann ein Angreifer die Verbreitung von Transaktionen und Blöcken behindern und Netzwerkteilnehmer aus dem Overlay ausschließen. Des weiteren wird das IPFS-Netzwerk umfassend analysiert und kartografiert mithilfe (1) systematischer Crawls der DHT sowie (2) des Mitschneidens von Anfragenachrichten für Daten. Erkenntlich wird hierbei, dass die hybride Overlay-Struktur von IPFS Segen und Fluch zugleich ist, da das Gesamtsystem zwar robust gegen Angriffe ist, gleichzeitig aber eine umfassende Überwachung der Netzwerkteilnehmer ermöglicht wird. Im Rahmen der wertstabilen Kryptowährungen wird ein Klassifikations-Framework vorgestellt und auf aktuelle Entwicklungen im Gebiet der "Stablecoins" angewandt. Mit diesem Framework wird somit (1) der aktuelle Zustand der Stablecoin-Landschaft sortiert und (2) ein Mittel zur Verfügung gestellt, um auch zukünftige Designs einzuordnen und zu verstehen.The inception of Bitcoin has sparked a large interest in decentralized systems. In particular, popular narratives imply that decentralization automatically leads to a high security and resilience against attacks, even against powerful adversaries. In this thesis, we investigate whether these ascriptions are appropriate and if decentralized applications are as robust as they are made out to be. To this end, we exemplarily analyze three widely-used systems that function as building blocks for blockchain applications: Ethereum as basic infrastructure, IPFS for distributed storage and lastly "stablecoins" as tokens with a stable value. As reoccurring building blocks for decentralized applications these examples significantly determine the security and resilience of the overall application. Furthermore, focusing on these building blocks allows us to look past individual applications and focus on inherent systemic properties. The analysis is driven by a strong empirical, mostly network-layer based perspective; enriched with an economic point of view in the context of monetary stabilization. The resulting practical understanding allows us to delve into the systems' inherent properties. The fundamental results of this thesis include the demonstration of a network-layer Eclipse attack on the Ethereum overlay which can be leveraged to impede the delivery of transaction and blocks with dire consequences for applications built on top of Ethereum. Furthermore, we extensively map the IPFS network through (1) systematic crawling of its DHT, as well as (2) monitoring content requests. We show that while IPFS' hybrid overlay structure renders it quite robust against attacks, this virtue of the overlay is simultaneously a curse, as it allows for extensive monitoring of participating peers and the data they request. Lastly, we exchange the network-layer perspective for a mostly economic one in the context of monetary stabilization. We present a classification framework to (1) map out the stablecoin landscape and (2) provide means to pigeon-hole future system designs. With our work we not only scrutinize ascriptions attributed to decentral technologies; we also reached out to IPFS and Ethereum developers to discuss results and remedy potential attack vectors

Secure Information Sharing with Distributed Ledgers

In 2009, blockchain technology was first introduced as the supporting database technology for digital currencies. Since then, more advanced derivations of the technology have been developed under the broader term Distributed Ledgers, with improved scalability and support for general-purpose application logic. As a distributed database, they are able to support interorganizational information sharing while assuring desirable information security attributes like non-repudiation, auditability and transparency. Based on these characteristics, researchers and practitioners alike have begun to identify a plethora of disruptive use cases for Distributed Ledgers in existing application domains. While these use cases are promising significant efficiency improvements and cost reductions, practical adoption has been slow in the past years. This dissertation focuses on improving three aspects contributing to slow adoption. First, it attempts to identify application areas and substantiated use cases where Distributed Ledgers can considerably advance the security of information sharing. Second, it considers the security aspects of the technology itself, identifying threats to practical applications and detection approaches for these threats. And third, it investigates success factors for successful interorganizational collaborations using Distributed Ledgers

Privacy-preserving Cooperative Services for Smart Traffic

Communication technology and the increasing intelligence of things enable new qualities of cooperation. However, it is often unclear how complex functionality can be realized in a reliable and abuse-resistant manner without harming users\u27 privacy in the face of strong adversaries. This thesis focuses on three functional building blocks that are especially challenging in this respect: cooperative planning, geographic addressing and the decentralized provision of pseudonymous identifiers

A Survey on Consensus Mechanisms and Mining Strategy Management in Blockchain Networks

© 2013 IEEE. The past decade has witnessed the rapid evolution in blockchain technologies, which has attracted tremendous interests from both the research communities and industries. The blockchain network was originated from the Internet financial sector as a decentralized, immutable ledger system for transactional data ordering. Nowadays, it is envisioned as a powerful backbone/framework for decentralized data processing and data-driven self-organization in flat, open-access networks. In particular, the plausible characteristics of decentralization, immutability, and self-organization are primarily owing to the unique decentralized consensus mechanisms introduced by blockchain networks. This survey is motivated by the lack of a comprehensive literature review on the development of decentralized consensus mechanisms in blockchain networks. In this paper, we provide a systematic vision of the organization of blockchain networks. By emphasizing the unique characteristics of decentralized consensus in blockchain networks, our in-depth review of the state-of-the-art consensus protocols is focused on both the perspective of distributed consensus system design and the perspective of incentive mechanism design. From a game-theoretic point of view, we also provide a thorough review of the strategy adopted for self-organization by the individual nodes in the blockchain backbone networks. Consequently, we provide a comprehensive survey of the emerging applications of blockchain networks in a broad area of telecommunication. We highlight our special interest in how the consensus mechanisms impact these applications. Finally, we discuss several open issues in the protocol design for blockchain consensus and the related potential research directions

Digital Transformation and Public Services

Through a series of studies, the overarching aim of this book is to investigate if and how the digitalization/digital transformation process affects various welfare services provided by the public sector, and the ensuing implications thereof. Ultimately, this book seeks to understand if it is conceivable for digital advancement to result in the creation of private/non-governmental alternatives to welfare services, possibly in a manner that transcends national boundaries. This study also investigates the possible ramifications of technological development for the public sector and the Western welfare society at large. This book takes its point of departure from the 2016 Organization for Economic Co-operation and Development (OECD) report that targets specific public service areas in which government needs to adopt new strategies not to fall behind. Specifically, this report emphasizes the focus on digitalization of health care/social care, education, and protection services, including the use of assistive technologies referred to as "digital welfare." Hence, this book explores the factors potentially leading to whether state actors could be overrun by other non-governmental actors, disrupting the current status quo of welfare services. The book seeks to provide an innovative, enriching, and controversial take on society at large and how various aspects of the public sector can be, and are, affected by the ongoing digitalization process in a way that is not covered by extant literature on the market. This book takes its point of departure in Sweden given the fact that Sweden is one of the most digitalized countries in Europe, according to the Digital Economy and Society Index (DESI), making it a pertinent research case. However, as digitalization transcends national borders, large parts of the subject matter take on an international angle. This includes cases from several other countries around Europe as well as the United States

Provably Secure, Smart Contract-based Naming Services: Design, Implementation and Evaluation

Οι υπηρεσίες ονοματοδοσίας παρέχουν τα απαραίτητα θεμέλια για την ανάπτυξη ποικίλων και σημαντικών εφαρμογών, όπως το ηλεκτρονικό εμπόριο και η ηλεκτρονική τραπεζική. Επί του παρόντος, αυτές οι υπηρεσίες ονοματοδοσίας βρίσκονται υπό τον έλεγχο κεντρικοποιημένων οντοτήτων, τις οποίες πρέπει να εμπιστευόμαστε ότι λειτουργούν σωστά. Δυστυχώς, η κεντρικοποίηση (εμπιστοσύνης) επιφέρει πολλά μειονεκτήματα όσον αφορά την ασφάλεια, τη διαθεσιμότητα και την ανοχή σφαλμάτων, όπως φαίνεται από μία πληθώρα περιστατικών ασφάλειας κατά τη διάρκεια των ετών όπου τέτοιες οντότητες έχουν παραβιαστεί. Η αποκέντρωση έχει προταθεί ως εναλλακτική λύση για την αντιμετώπιση αυτών των ζητημάτων. Παρ 'όλα αυτά, η αποκέντρωση εγείρει άλλα προβλήματα όπως, π.χ., η αντιμετώπιση της μη ανταποδοτικότητας και οι Σιβυλλικές επιθέσεις. Σε αυτή τη διατριβή, αξιοποιούμε την επεκτασιμότητα, την ασφάλεια, καθώς και τον ενσωματωμένο μηχανισμό παροχής κινήτρων των συστημάτων blockchain και προτείνουμε τον σχεδιασμό μιας αποκεντρωμένης υπηρεσίας ονοματοδοσίας βασισμένη σε έξυπνα συμβόλαια. Πιο συγκεκριμένα, είμαστε οι πρώτοι που παρουσιάζουμε τον πλήρη φορμαλισμό του προβλήματος σχεδιασμού υπηρεσιών ονοματοδοσίας στο πλαίσιο τoυ μοντέλου Γενικής Σύνθεσης και αποδεικνύουμε την ασφάλεια της κατασκευής μας υπό την ισχυρή υπόθεση RSA στο μοντέλο του Τυχαίου Μαντείου και την ύπαρξη μιας ιδεατής λειτουργικότητας έξυπνου συμβολαίου. Το κύριο εμπόδιο στην πραγματοποίηση μιας υπηρεσίας ονοματοδοσίας βασισμένη σε έξυπνα συμβόλαια είναι το μέγεθος της αποθηκευμένης πληροφορίας σε αυτά η οποία, όντας η πιο δαπανηρή πηγή πρόσβασης και τροποποίησης, θα πρέπει να ελαχιστοποιηθεί για να θεωρηθεί μια κατασκευή βιώσιμη. Επιλύουμε αυτό το ζήτημα ορίζοντας και χρησιμοποιώντας στην υπηρεσία ονοματοδοσίας μας έναν προσθετικό, παγκόσμιο κρυπτογραφικό συσσωρευτή δημόσιας κατάστασης σταθερού μεγέθους, ένα κρυπτογραφικό εργαλείο το οποίο μπορεί να είναι ανεξάρτητου ενδιαφέροντος στο πλαίσιο των πρωτοκόλλων blockchain. Αυτός ο συσσωρευτής προκαλεί αποθήκευση σταθερού μεγέθους πληροφορίας εις βάρος υπολογιστικής πολυπλοκότητας. Για να διερευνήσουμε το αντίκτυπο ανάμεσα σε αυτά τα δύο, προτείνουμε και υλοποιούμε μια δεύτερη κατασκευή, η οποία διατηρεί τις ιδιότητες ασφαλείας της πρώτης και, όπως απεικονίζεται μέσα από την αξιολόγησή μας, είναι η μόνη έκδοση με σταθερού μεγέθους αποθηκευμένη πληροφορία που μπορεί να αναπτυχθεί στη βασική αλυσίδα του Ethereum, της πιο αξιοσημείωτης δημόσιας πλατφόρμας έξυπνων συμβολαίων κατα τη στιγμή αυτής της γραφής. Συγκρίνουμε αυτές τις δύο κατασκευές με την απλή προσέγγιση των περισσότερων προηγούμενων υλοποιήσεων, π.χ., του Ethereum Name Service, όπου όλα τα αρχεία ταυτότητας αποθηκεύονται πάνω στο έξυπνο συμβόλαιο, για να καταδείξουμε αρκετές ελλείψεις του Ethereum και του μοντέλου κοστολόγησής του. Για την αντιμετώπιση αυτών των ζητημάτων, καθώς και άλλων, εισαγάγουμε ένα εναλλακτικό παράδειγμα για την ανάπτυξη εφαρμογών βασισμένες σε έξυπνα συμβόλαια στις οποίες το μέθεγος της αποθηκευμένης πληροφορίας σε αυτά είναι σταθερή και διευκολύνει την επαλήθευση των δεδομένων των εφαρμογών, τα οποία αποθηκεύονται σε και αναζητούνται από ένα εξωτερικό, δυνητικά αναξιόπιστο, δίκτυο αποθήκευσης. Αυτή η προσέγγιση είναι σχετική για ένα ευρύ φάσμα εφαρμογών, όπως κάθε σύστημα αποθήκευσης κλειδιών και τιμών. Δείχνουμε την αποτελεσματικότητα της προσέγγιση μας με την παρουσίαση μιας μελέτης όπου προσαρμόζουμε το πιο ευρέως αναπτυγμένο πρότυπο για ανταλλάξιμα νομίσματα, δηλ., το πρότυπο νομισμάτων ERC20. Αντιμετωπίζουμε τη μονοτονικά αυξανόμενη αποθηκευμένη πληροφορία του Ethereum η οποία, αν δεν ελεγχθεί, θα έχει άμεσο αντίκτυπο στην ασφάλεια του Ethereum και, τελικά, στη μακροζωία του. Εισαγάγουμε επαναλαμβανόμενα τέλη που είναι ανάλογα με την αποθηκευμένη πληροφορία στα έξυπνα συμβόλαια και ρυθμιζόμενα από τους κόμβους που διατηρούν το δίκτυο. Προτείνουμε ένα μοντέλο όπου το κόστος των λειτουργιών αποθήκευσης αντικατοπτρίζει την προσπάθεια που πρέπει να καταβάλουν οι κόμβοι για να τις εκτελέσουν. Δείχνουμε ότι κάτω από ένα τέτοιο σύστημα τιμολόγησης που ενθαρρύνει οικονομία στην αποθηκευμένη πληροφορία στα έξυπνα συμβόλαια, οι κατασκευές που παρουσιάζονται σε αυτή τη διατριβή μειώνουν τα τέλη συναλλαγών κατά μία τάξη μεγέθους. Υποστηρίζουμε ότι αυτές οι βελτιώσεις είναι λογικές για κάθε πλατφόρμα έξυπνων συμβολαίων που επιθυμεί να υποστηρίζει την ανάπτυξη αυθαίρετων κατανεμημένων εφαρμογών από τους χρήστες της.Naming services provide the necessary foundations of developing diverse and important applications, such as e-commerce and e-banking. Currently, these naming services are operated by centralized authorities, which have to be trusted for their correct operation. Unfortunately, centralization (of trust) incurs several downsides in terms of security, availability and fault tolerance, as illustrated by numerous security incidents throughout the years where such authorities have been compromised. Decentralization has been proposed as an alternative to deal with these issues. Nevertheless, decentralization raises other concerns, such as dealing with free-riding and Sybil attacks. In this thesis, we leverage the scalability, security, as well as, the built-in incentive mechanism of blockchain systems and propose the design of a decentralized, smart contract-based naming service. More specifically, we are the first to fully formalize the naming service design problem in the Universal Composability (UC) framework and formally prove the security of our construction under the strong RSA assumption in the Random Oracle model and the existence of an ideal smart contract functionality. The main barrier in realizing a smart contract-based naming service is the size of the contract’s state which, being its most expensive resource to access and modify, should be minimized for a construction to be viable. We resolve this issue by defining and using in our naming service a public-state cryptographic accumulator with constant size, a cryptographic tool which may be of independent interest in the context of blockchain protocols. This accumulator incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction, which preserves the security properties of the first and, as illustrated through our evaluation, is the only version with constant-sized state that can be deployed on the live chain of Ethereum, the most notable public smart contract platform at the time of this writing. We compare these two constructions with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract’s state, to illustrate several shortcomings of Ethereum and its cost model. To address these issues, and others, we introduce an alternative paradigm for developing smart contract-based applications in which their state is of constant size and facilitates the verification of application data that are stored to and queried from an external, potentially unreliable, storage network. This approach is relevant for a wide range of applications, such as any key-value store. We illustrate the efficacy of our approach by presenting a case study where we adapt the most widely deployed standard for fungible tokens, i.e., the ERC20 token standard, to our paradigm. We address Ethereum’s monotonically increasing state which, if left unchecked, will have a direct impact on Ethereum's security and, ultimately, its longevity. We introduce recurring fees that are proportional to the state of smart contracts and adjustable by the nodes (miners) that maintain the network. We propose a scheme where the cost of storage-related operations reflects the effort that miners have to expend to execute them. We show that under such a pricing scheme that encourages economy in the state consumed by smart contracts, the constructions presented in this work reduce the incurred transaction fees by up to an order of magnitude. We argue that these improvements are sensible for any smart contract platform that wishes to support user developed distributed applications