Stateful Multi-Client Verifiable Computation

This paper develops a cryptographic protocol for outsourcing arbitrary stateful computation among multiple clients to an untrusted server, while guaranteeing integrity of the data. The clients communicate only with the server and store only a short authenticator to ensure that the server does not cheat. Our contribution is two-fold. First, we extend the recent hash&prove scheme of Fiore et al. (CCS 2016) to stateful computations that support arbitrary updates by the untrusted server, in a way that can be verified by the clients. We use this scheme to generically instantiate authenticated data types. Second, we describe a protocol for multi-client verifiable computation based on an authenticated data type, and prove that it achieves a computational version of fork linearizability. This is the strongest guarantee that can be achieved in the setting where clients do not communicate directly; it ensures correctness and consistency of outputs seen by the clients individually

HP:Hybrid paxos for WANs

Implementing a fault-tolerant state machine boils down to reaching consensus on a sequence of commands. In wide area networks (WANs), where network delays are typically large and unpredictable, choosing the best consensus protocol is difficult. During normal operation, Classic Paxos (CP) requires three message delays, whereas Fast Paxos (FP) requires only two. However, when collisions occur, due to interfering commands issued concurrently, FP requires four extra message delays. In addition, FP uses larger quorums than CP. Therefore, CP can outperform FP in many situations. We present Hybrid Paxos (HP), a consensus protocol that combines the features of FP and CP. HP implements generalized consensus, where collisions are caused only by interfering commands. In the absence of collisions HP requires two message delays, and only one extra message delay otherwise. Our evaluation shows that when collisions are rare, the latency of HP reaches the theoretical minimum. When collisions are frequent, HP behaves like CP. © 2010 IEEE

Efficient robust storage using secret tokens

We present algorithms that reduce the time complexity and improve the scalability of robust storage for unauthenticated data. Robust storage ensures progress under every condition (wait-freedom) and never returns an outdated value (regularity) nor a forged value (Byzantine fault tolerance). The algorithms use secret tokens, which are values randomly selected by the clients and attached to the data written into the storage. Tokens are secret because they cannot be predicted by the attacker before they are used, and thus revealed, by the clients. Our algorithms do not rely on unproven cryptographic assumptions as algorithms based on self-verifying data. They are optimally-resilient, and ensure that reads complete in two communication rounds if readers do not write into the storage, or in one communication round otherwise. © 2009 Springer-Verlag Berlin Heidelberg

Scrooge:Reducing the costs of fast Byzantine replication in presence of unresponsive replicas

Byzantine-Fault-Tolerant (BFT) state machine replication is an appealing technique to tolerate arbitrary failures. However, Byzantine agreement incurs a fundamental trade-off between being fast (i.e. optimal latency) and achieving optimal resilience (i.e. 2f + b+ 1 replicas, where f is the bound on failures and b the bound on Byzantine failures [9]). Achieving fast Byzantine replication despite f failures requires at least f + b - 2 additional replicas [10, 6, 8]. In this paper we show, perhaps surprisingly, that fast Byzantine agreement despite f failures is practically attainable using only b - 1 additional replicas, which is independent of the number of crashes tolerated. This makes our approach particularly appealing for systems that must tolerate many crashes (large f) and few Byzantine faults (small b). The core principle of our approach is to have replicas agree on a quorum of responsive replicas before agreeing on requests. This is key to circumventing the resilience lower bound of fast Byzantine agreement [6]. © 2010 IEEE

The complexity of robust atomic storage

We study the time-complexity of robust atomic read/write storage from fault-prone storage components in asynchronous message-passing systems. Robustness here means wait-free tolerating the largest possible number t of Byzantine storage component failures (optimal resilience) without relying on data authentication. We show that no single-writer multiple-reader (SWMR) robust atomic storage implementation exists if (a) read operations complete in less than four communication round-trips (rounds), and (b) the time complexity of write operations is constant. More precisely, we present two lower bounds. The first is a read lower bound stating that three rounds of communication are necessary to read from a SWMR robust atomic storage. The second is a write lower bound, showing that Ω(log(t)) write rounds are necessary to read in three rounds from such a storage. Applied to known results, our lower bounds close a fundamental gap: we show that time-optimal robust atomic storage can be obtained using well-known transformations from regular to atomic storage and existing time-optimal regular storage implementations. © 2011 ACM

PoWerStore:Proofs of writing for efficient and robust storage

Existing Byzantine fault tolerant (BFT) storage solutions that achieve strong consistency and high availability, are costly compared to solutions that tolerate simple crashes. This cost is one of the main obstacles in deploying BFT storage in practice. In this paper, we present PoWerStore, a robust and efficient data storage protocol. PoWerStore's robustness comprises tolerating network outages, maximum number of Byzantine storage servers, any number of Byzantine readers and crash-faulty writers, and guaranteeing high availability (wait-freedom) and strong consistency (linearizability) of read/write operations. PoWerStore's efficiency stems from combining lightweight cryptography, erasure coding and metadata write-backs, where readers write-back only metadata to achieve strong consistency. Central to PoWerStore is the concept of "Proofs of Writing" (PoW), a novel data storage technique inspired by commitment schemes. PoW rely on a 2-round write procedure, in which the first round writes the actual data and the second round only serves to "prove" the occurrence of the first round. PoW enable efficient implementations of strongly consistent BFT storage through metadata write-backs and low latency reads. We implemented PoWerStore and show its improved performance when compared to existing robust storage protocols, including protocols that tolerate only crash faults. © 2013 ACM

Trading transport timeliness and reliability for efficiency in wireless sensor networks

A key task in wireless sensor networks is to deliver information from sensor nodes to the sink. Many applications require the delivery to be reliable and timely. However, increasing reliability/timeliness comes at the cost of higher energy consumption as in both cases additional messages have to be sent: Retransmissions to increase reliability and information delivery via a second, faster path to ensure timeliness. Existing transport protocols either over- or under-provide reliability and/or timeliness and lack optimized efficiency. This work aims in tuning reliability and timeliness in composition for a maximized efficiency. Our approach's takes the reliability/timeliness requirements as input and features a message efficiency that optimally meets user requirements. Information transport proceeds in two steps in a fully distributed way: (i) Finding the optimal number of retransmissions on a per hop basis with delay compensation, and (ii) path split and/or replication if reliability or timeliness requirements are violated. We validate the approach viability through extensive simulations for a wide range of requirements and network conditions. © 2013 IEEE