2,145 research outputs found
Babel Storage: Uncoordinated Content Delivery from Multiple Coded Storage Systems
In future content-centric networks, content is identified independently of
its location. From an end-user's perspective, individual storage systems
dissolve into a seemingly omnipresent structureless `storage fog'. Content
should be delivered oblivious of the network topology, using multiple storage
systems simultaneously, and at minimal coordination overhead. Prior works have
addressed the advantages of error correction coding for distributed storage and
content delivery separately. This work takes a comprehensive approach to
highlighting the tradeoff between storage overhead and transmission overhead in
uncoordinated content delivery from multiple coded storage systems.
Our contribution is twofold. First, we characterize the tradeoff between
storage and transmission overhead when all participating storage systems employ
the same code. Second, we show that the resulting stark inefficiencies can be
avoided when storage systems use diverse codes. What is more, such code
diversity is not just technically desirable, but presumably will be the reality
in the increasingly heterogeneous networks of the future. To this end, we show
that a mix of Reed-Solomon, low-density parity-check and random linear network
codes achieves close-to-optimal performance at minimal coordination and
operational overhead
Accountable Safety Implies Finality
Motivated by proof-of-stake (PoS) blockchains such as Ethereum, two key
desiderata have recently been studied for Byzantine-fault tolerant (BFT)
state-machine replication (SMR) consensus protocols: Finality means that the
protocol retains consistency, as long as less than a certain fraction of
validators are malicious, even in partially-synchronous environments that allow
for temporary violations of assumed network delay bounds. Accountable safety
means that in any case of inconsistency, a certain fraction of validators can
be identified to have provably violated the protocol. Earlier works have
developed impossibility results and protocol constructions for these properties
separately. We show that accountable safety implies finality, thereby unifying
earlier results
Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma
The CAP theorem says that no blockchain can be live under dynamic
participation and safe under temporary network partitions. To resolve this
availability-finality dilemma, we formulate a new class of flexible consensus
protocols, ebb-and-flow protocols, which support a full dynamically available
ledger in conjunction with a finalized prefix ledger. The finalized ledger
falls behind the full ledger when the network partitions but catches up when
the network heals. Gasper, the current candidate protocol for Ethereum 2.0's
beacon chain, combines the finality gadget Casper FFG with the LMD GHOST fork
choice rule and aims to achieve this property. However, we discovered an attack
in the standard synchronous network model, highlighting a general difficulty
with existing finality-gadget-based designs. We present a construction of
provably secure ebb-and-flow protocols with optimal resilience. Nodes run an
off-the-shelf dynamically available protocol, take snapshots of the growing
available ledger, and input them into a separate off-the-shelf BFT protocol to
finalize a prefix. We explore connections with flexible BFT and improve upon
the state-of-the-art for that problem.Comment: Forthcoming in IEEE Symposium on Security and Privacy 202
Optimal Flexible Consensus and its Application to Ethereum
Classic BFT consensus protocols guarantee safety and liveness for all clients
if fewer than one-third of replicas are faulty. However, in applications such
as high-value payments, some clients may want to prioritize safety over
liveness. Flexible consensus allows each client to opt for a higher safety
resilience, albeit at the expense of reduced liveness resilience. We present
the first construction that allows optimal safety--liveness tradeoff for every
client simultaneously. This construction is modular and is realized as an
add-on applied on top of an existing consensus protocol. The add-on consists of
an additional round of voting and permanent locking done by the replicas, to
sidestep a sub-optimal quorum-intersection-based constraint present in previous
solutions. We adapt our construction to the existing Ethereum protocol to
derive optimal flexible confirmation rules that clients can adopt unilaterally
without requiring system-wide changes. This is possible because existing
Ethereum protocol features can double as the extra voting and locking. We
demonstrate an implementation using Ethereum's consensus API.Comment: To be published at the IEEE Symposium on Security & Privacy 202
Successive Cancellation Inactivation Decoding for Modified Reed-Muller and eBCH Codes
A successive cancellation (SC) decoder with inactivations is proposed as an
efficient implementation of SC list (SCL) decoding over the binary erasure
channel. The proposed decoder assigns a dummy variable to an information bit
whenever it is erased during SC decoding and continues with decoding.
Inactivated bits are resolved using information gathered from decoding frozen
bits. This decoder leverages the structure of the Hadamard matrix, but can be
applied to any linear code by representing it as a polar code with dynamic
frozen bits. SCL decoders are partially characterized using density evolution
to compute the average number of inactivations required to achieve the maximum
a-posteriori decoding performance. The proposed measure quantifies the
performance vs. complexity trade-off and provides new insight into dynamics of
the number of paths in SCL decoding. The technique is applied to analyze
Reed-Muller (RM) codes with dynamic frozen bits. It is shown that these
modified RM codes perform close to extended BCH codes.Comment: Accepted at the 2020 ISI
No More Attacks on Proof-of-Stake Ethereum?
The latest message driven (LMD) greedy heaviest observed sub-tree (GHOST)
consensus protocol is a critical component of future proof-of-stake (PoS)
Ethereum. In its current form, the protocol is brittle and intricate to reason
about, as evidenced by recent attacks, patching attempts, and G\"orli testnet
reorgs. We present Goldfish, which can be seen as a considerably simplified
variant of the current protocol, and prove that it is secure and reorg
resilient in synchronous networks with dynamic participation, assuming a
majority of the nodes (called validators) follows the protocol honestly.
Furthermore, we show that subsampling validators can improve the communication
efficiency of Goldfish, and that Goldfish is composable with finality gadgets
and accountability gadgets. The aforementioned properties make Goldfish a
credible candidate for a future protocol upgrade of PoS Ethereum, as well as a
versatile pedagogical example. Akin to traditional propose-and-vote-style
consensus protocols, Goldfish is organized into slots, at the beginning of
which a leader proposes a block containing new transactions, and subsequently
members of a committee take a vote towards block confirmation. But instead of
using quorums, Goldfish is powered by a new mechanism that carefully
synchronizes the inclusion and exclusion of votes in honest validators' views
Proofs of Proof-of-Stake with Sublinear Complexity
Popular Ethereum wallets (e.g., MetaMask) entrust centralized infrastructure
providers (e.g., Infura) to run the consensus client logic on their behalf. As
a result, these wallets are light-weight and high-performant, but come with
security risks. A malicious provider can completely mislead the wallet, e.g.,
fake payments and balances, or censor transactions. On the other hand, light
clients, which are not in popular use today, allow decentralization, but at
inefficient linear bootstrapping complexity. This poses a dilemma between
decentralization and performance. In this paper, we design, implement, and
evaluate a new proof-of-stake (PoS) superlight client with logarithmic
bootstrapping complexity. Our key insight is to leverage the standard
existential honesty assumption, i.e., that the verifier (client) is connected
to at least one honest prover (full node). The proofs of PoS take the form of a
Merkle tree of PoS epochs. The verifier enrolls the provers in a bisection
game, in which the honest prover is destined to win once an adversarial Merkle
tree is challenged at sufficient depth. We implement a complete client that is
compatible with mainnet PoS Ethereum to evaluate our construction: compared to
the current light client construction proposed for PoS Ethereum, our client
improves time-to-completion by 9x, communication by 180x, and energy usage by
30x. We prove our construction secure and show how to employ it for other
proof-of-stake systems such as Cardano, Algorand, and Snow White
Two Attacks On Proof-of-Stake GHOST/Ethereum
We present two attacks targeting the Proof-of-Stake (PoS) Ethereum consensus protocol. The first attack suggests a fundamental conceptual incompatibility between PoS and the Greedy Heaviest-Observed Sub-Tree (GHOST) fork choice paradigm employed by PoS Ethereum. In a nutshell, PoS allows an adversary with a vanishing amount of stake to produce an unlimited number of equivocating blocks. While most equivocating blocks will be orphaned, such orphaned `uncle blocks\u27 still influence fork choice under the GHOST paradigm, bestowing upon the adversary devastating control over the canonical chain. While the Latest Message Driven (LMD) aspect of current PoS Ethereum prevents a straightforward application of this attack, our second attack shows how LMD specifically can be exploited to obtain a new variant of the balancing attack that overcomes a recent protocol addition that was intended to mitigate balancing-type attacks. Thus, in its current form, PoS Ethereum without and with LMD is vulnerable to our first and second attack, respectively
- …