31 research outputs found
An Algebraic Model For Quorum Systems
Quorum systems are a key mathematical abstraction in distributed
fault-tolerant computing for capturing trust assumptions. A quorum system is a
collection of subsets of all processes, called quorums, with the property that
each pair of quorums have a non-empty intersection. They can be found at the
core of many reliable distributed systems, such as cloud computing platforms,
distributed storage systems and blockchains. In this paper we give a new
interpretation of quorum systems, starting with classical majority-based quorum
systems and extending this to Byzantine quorum systems. We propose an algebraic
representation of the theory underlying quorum systems making use of
multivariate polynomial ideals, incorporating properties of these systems, and
studying their algebraic varieties. To achieve this goal we will exploit
properties of Boolean Groebner bases. The nice nature of Boolean Groebner bases
allows us to avoid part of the combinatorial computations required to check
consistency and availability of quorum systems. Our results provide a novel
approach to test quorum systems properties from both algebraic and algorithmic
perspectives.Comment: 15 pages, 3 algorithm
Brief Announcement: Revisiting Signature-Free Asynchronous Byzantine Consensus
Among asynchronous, randomized, and signature-free implementations of consensus, the protocols of Mostéfaoui et al. (PODC 2014 and JACM 2015) represent a landmark result, which has been extended later and taken up in practical systems. The protocols achieve optimal resilience and take, in expectation, only a constant expected number of rounds and have quadratic message complexity. Randomization is provided through a common-coin primitive. However, the first version of this simple and appealing protocol suffers from a little-known liveness issue due to asynchrony. The JACM 2015 version avoids the problem, but is considerably more complex. This work revisits the original protocol of PODC 2014 and points out in detail why it may not progress. A fix for the protocol is presented, which does not affect any of its properties, but lets it regain the original simplicity in asynchronous networks enhanced with a common-coin protocol
From Symmetric to Asymmetric Asynchronous Byzantine Consensus
Consensus is arguably one of the most important notions in distributed
computing. Among asynchronous, randomized, and signature-free implementations,
the protocols of Most\'efaoui et al. (PODC 2014 and JACM 2015) represent a
landmark result, which has been extended later and taken up in practical
systems. The protocols achieve optimal resilience and takes, in expectation,
only a constant expected number of rounds of quadratic message complexity.
Randomization is provided through a common-coin primitive. In traditional
consensus protocols, all involved processes adhere to a global, symmetric
failure model, typically only defined by bounds on the number of faulty
processes. Motivated by applications to blockchains, however, more flexible
trust assumptions have recently been considered. In particular, with asymmetric
trust, a process is free to choose which other processes it trusts and which
ones might collude against it. This paper revisits the optimal asynchronous
protocol of Most\'efaoui et al. and shows how to realize it with asymmetric
trust. The paper starts by pointing out in detail why some versions of this
protocol may violate liveness. Then it proposes a fix for the protocol that
does not affect its properties, but lets it regain the simplicity of its
original version (PODC 2014). At the same time, the paper shows how to realize
randomized signature-free asynchronous Byzantine consensus with asymmetric
quorums. This results in an optimal consensus protocol with subjective,
asymmetric trust and constant expected running time. It is suitable for
applications to blockchains, for instance
Quorum Systems in Permissionless Networks
Fail-prone systems, and their quorum systems, are useful tools for the design of distributed algorithms. However, fail-prone systems as studied so far require every process to know the full system membership in order to guarantee safety through globally intersecting quorums. Thus, they are of little help in an open, permissionless setting, where such knowledge may not be available. We propose to generalize the theory of fail-prone systems to make it applicable to permissionless systems. We do so by enabling processes not only to make assumptions about failures, but also to make assumptions about the assumptions of other processes. Thus, by transitivity, processes that do not even know of any common process may nevertheless have intersecting quorums and solve, for example, reliable broadcast. Our model generalizes existing models such as the classic fail-prone system model [Malkhi and Reiter, 1998] and the asymmetric fail-prone system model [Cachin and Tackmann, OPODIS 2019]. Moreover, it gives a characterization with standard formalism of the model used by the Stellar blockchain
Improving Asynchrony Resilience in Dynamically Available Total-Order Broadcast Protocols
Dynamically available total-order broadcast (TOB) protocols are essential in
permissionless systems in which participants may unpredictably go offline and
later come back online. Existing dynamically-available protocols are
synchronous protocols, and they lose their safety guarantees during periods of
asynchrony. This is a major issue in practice.
In this paper, we explore the challenge of tolerating bounded periods of
asynchrony in dynamically-available TOB protocols that ensure safety
deterministically. We propose to trade off assumptions limiting the
online/offline churn rate in exchange for tolerating bounded asynchronous
periods through the use of a configurable message-expiration period. We show
how to apply this idea to a state-of-the-art protocol to make it tolerate
bounded periods of asynchrony
A Simple Single Slot Finality Protocol For Ethereum
Currently, Gasper, the implemented consensus protocol of Ethereum, takes between 64 and 95 slots to finalize blocks. Because of that, a significant portion of the chain is susceptible to reorgs. The possibility to capture MEV (Maximum Extractable Value) through such reorgs can then disincentivize honestly following the protocol, breaking the desired correspondence of honest and rational behavior. Moreover, the relatively long time to finality forces users to choose between economic security and faster transaction confirmation. This motivates the study of the so-called single slot finality protocols: consensus protocols that finalize a block in each slot and, more importantly, that finalize the block proposed at a given slot within such slot.
In this work we propose a simple, non-blackbox protocol that combines a synchronous dynamically available protocol with a partially synchronous finality gadget, resulting in a consensus protocol that can finalize one block per slot, paving the way to single slot finality within Ethereum. Importantly, the protocol we present can finalize the block proposed in a slot, within such slot
Recent Latest Message Driven GHOST: Balancing Dynamic Availability With Asynchrony Resilience
Dynamic participation has recently become a crucial requirement for devising permissionless consensus protocols. This notion, originally formalized by Pass and Shi (ASIACRYPT 2017) through their sleepy model , captures the essence of a system\u27s ability to handle participants joining or leaving during a protocol execution. A dynamically available consensus protocol preserves safety and liveness while allowing dynamic participation. Blockchain protocols, such as Bitcoin\u27s consensus protocol, have implicitly adopted this concept.
In the context of Ethereum\u27s consensus protocol, Gasper, Neu, Tas, and Tse (S&P 2021) presented an attack against LMD-GHOST -- the component of Gasper designed to ensure dynamic availability. Consequently, LMD-GHOST results unable to fulfill its intended function of providing dynamic availability for the protocol. Despite attempts to mitigate this issue, the modified protocol still does not achieve dynamic availability, highlighting the need for more secure dynamically available protocols.
In this work, we present RLMD-GHOST, a synchronous consensus protocol that not only ensures dynamic availability but also maintains safety during bounded periods of asynchrony. This protocol is particularly appealing for practical systems where strict synchrony assumptions may not always hold, contrary to general assumptions in standard synchronous protocols.
Additionally, we present the generalized sleepy model , within which our results are proven. Building upon the original sleepy model proposed by Pass and Shi, our model extends it with more generalized and stronger constraints on the corruption and sleepiness power of the adversary. This approach allows us to explore a wide range of dynamic participation regimes, spanning from complete dynamic participation to no dynamic participation, i.e., with every participant online. Consequently, this model provides a foundation for analyzing dynamically available protocols
Modeling Resources in Permissionless Longest-chain Total-order Broadcast
Blockchain protocols implement total-order broadcast in a permissionless
setting, where processes can freely join and leave. In such a setting, to
safeguard against Sybil attacks, correct processes rely on cryptographic proofs
tied to a particular type of resource to make them eligible to order
transactions. For example, in the case of Proof-of-Work (PoW), this resource is
computation, and the proof is a solution to a computationally hard puzzle.
Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of
coins that every process in the system owns, and a secure lottery selects a
process for participation proportionally to its coin holdings.
Although many resource-based blockchain protocols are formally proven secure
in the literature, the existing security proofs fail to demonstrate why
particular types of resources cause the blockchain protocols to be vulnerable
to distinct classes of attacks. For instance, PoS systems are more vulnerable
to long-range attacks, where an adversary corrupts past processes to re-write
the history, than Proof-of-Work and Proof-of-Storage systems.
Proof-of-Storage-based and Proof-of-Stake-based protocols are both more
susceptible to private double-spending attacks than Proof-of-Work-based
protocols; in this case, an adversary mines its chain in secret without sharing
its blocks with the rest of the processes until the end of the attack.
In this paper, we formally characterize the properties of resources through
an abstraction called resource allocator and give a framework for understanding
longest-chain consensus protocols based on different underlying resources. In
addition, we use this resource allocator to demonstrate security trade-offs
between various resources focusing on well-known attacks (e.g., the long-range
attack and nothing-at-stake attacks)
Modeling Resources in Permissionless Longest-Chain Total-Order Broadcast
Blockchain protocols implement total-order broadcast in a permissionless setting, where processes can freely join and leave. In such a setting, to safeguard against Sybil attacks, correct processes rely on cryptographic proofs tied to a particular type of resource to make them eligible to order transactions. For example, in the case of Proof-of-Work (PoW), this resource is computation, and the proof is a solution to a computationally hard puzzle. Conversely, in Proof-of-Stake (PoS), the resource corresponds to the number of coins that every process in the system owns, and a secure lottery selects a process for participation proportionally to its coin holdings.
Although many resource-based blockchain protocols are formally proven secure in the literature, the existing security proofs fail to demonstrate why particular types of resources cause the blockchain protocols to be vulnerable to distinct classes of attacks. For instance, PoS systems are more vulnerable to long-range attacks, where an adversary corrupts past processes to re-write the history, than PoW and Proof-of-Storage systems. Proof-of-Storage-based and PoS-based protocols are both more susceptible to private double-spending attacks than PoW-based protocols; in this case, an adversary mines its chain in secret without sharing its blocks with the rest of the processes until the end of the attack.
In this paper, we formally characterize the properties of resources through an abstraction called resource allocator and give a framework for understanding longest-chain consensus protocols based on different underlying resources. In addition, we use this resource allocator to demonstrate security trade-offs between various resources focusing on well-known attacks (e.g., the long-range attack and nothing-at-stake attacks)
SARS-CoV-2 Translocate from Nasopharyngeal to Bronchoalveolar Site: A Case Presentation
The nasopharyngeal swab is commonly used for the diagnosis of SARS-CoV-2 infection. Since the swab is performed in this site, of course, it cannot detect the presence of the virus in other tissue districts such as the lung, brain, or bowel. In the present case report, the nasopharyngeal swab was negative twice. From this, the patient discontinued antiviral therapy. Nasopharyngeal swabs were maintained negative until five days later, when we recorded a severe impairment of the patient's clinical condition. At this time, the bronchoalveolar lavage was positive for SARS-CoV-2. The purpose of the case herein described is to suggest paying attention to the nasopharyngeal swab result. A negative detection in nasopharyngeal swab could not be indicative of COVID-19 recovery