9 research outputs found
Carbon: An Asynchronous Voting-Based Payment System for a Client-Server Architecture
We present Carbon, an asynchronous payment system. To the best of our
knowledge, Carbon is the first asynchronous payment system designed
specifically for a client-server architecture. Namely, besides being able to
make payments, clients of Carbon are capable of changing the set of running
servers using a novel voting mechanism -- asynchronous, balance-based voting
All Byzantine Agreement Problems are Expensive
Byzantine agreement, arguably the most fundamental problem in distributed
computing, operates among n processes, out of which t < n can exhibit arbitrary
failures. The problem states that all correct (non-faulty) processes must
eventually decide (termination) the same value (agreement) from a set of
admissible values defined by the proposals of the processes (validity).
Depending on the exact version of the validity property, Byzantine agreement
comes in different forms, from Byzantine broadcast to strong and weak
consensus, to modern variants of the problem introduced in today's blockchain
systems. Regardless of the specific flavor of the agreement problem, its
communication cost is a fundamental metric whose improvement has been the focus
of decades of research. The Dolev-Reischuk bound, one of the most celebrated
results in distributed computing, proved 40 years ago that, at least for
Byzantine broadcast, no deterministic solution can do better than Omega(t^2)
exchanged messages in the worst case. Since then, it remained unknown whether
the quadratic lower bound extends to seemingly weaker variants of Byzantine
agreement. This paper answers the question in the affirmative, closing this
long-standing open problem. Namely, we prove that any non-trivial agreement
problem requires Omega(t^2) messages to be exchanged in the worst case. To
prove the general lower bound, we determine the weakest Byzantine agreement
problem and show, via a novel indistinguishability argument, that it incurs
Omega(t^2) exchanged messages
Every Bit Counts in Consensus
Consensus enables n processes to agree on a common valid L-bit value, despite
t < n/3 processes being faulty and acting arbitrarily. A long line of work has
been dedicated to improving the worst-case communication complexity of
consensus in partial synchrony. This has recently culminated in the worst-case
word complexity of O(n^2). However, the worst-case bit complexity of the best
solution is still O(n^2 L + n^2 kappa) (where kappa is the security parameter),
far from the \Omega(n L + n^2) lower bound. The gap is significant given the
practical use of consensus primitives, where values typically consist of
batches of large size (L > n).
This paper shows how to narrow the aforementioned gap while achieving optimal
linear latency. Namely, we present a new algorithm, DARE (Disperse, Agree,
REtrieve), that improves upon the O(n^2 L) term via a novel dispersal
primitive. DARE achieves O(n^{1.5} L + n^{2.5} kappa) bit complexity, an
effective sqrt{n}-factor improvement over the state-of-the-art (when L > n
kappa). Moreover, we show that employing heavier cryptographic primitives,
namely STARK proofs, allows us to devise DARE-Stark, a version of DARE which
achieves the near-optimal bit complexity of O(n L + n^2 poly(kappa)). Both DARE
and DARE-Stark achieve optimal O(n) latency
Crime and Punishment in Distributed Byzantine Decision Tasks (Extended Version)
A decision task is a distributed input-output problem in which each process starts with its input value and eventually produces its output value. Examples of such decision tasks are broad and range from consensus to reliable broadcast to lattice agreement. A distributed protocol solves a decision task if it enables processes to produce admissible output values despite arbitrary (Byzantine) failures. Unfortunately, it has been known for decades that many decision tasks cannot be solved if the system is overly corrupted, i.e., safety of distributed protocols solving such tasks can be violated in unlucky scenarios.
By contrast, only recently did the community discover that some of these distributed protocols can be made accountable by ensuring that correct processes irrevocably detect some faulty processes responsible for any safety violation. This realization is particularly surprising (and positive) given that accountability is a powerful tool to mitigate safety violations in distributed protocols. Indeed, exposing crimes and introducing punishments naturally incentivize exemplarity.
In this paper, we propose a generic transformation of any non-synchronous distributed protocol solving a decision task into its accountable version. Our transformation is built upon the well-studied simulation of crash failures on top of Byzantine failures and increases the communication complexity by a quadratic multiplicative factor in the worst case
As easy as ABC: Optimal (A)ccountable (B)yzantine (C)onsensus is easy!
It is known that the agreement property of the Byzantine consensus problem among processes can be violated in a non-synchronous system if the number of faulty processes exceeds .
In this paper, we investigate the accountable Byzantine consensus problem in non-synchronous systems: the problem of solving Byzantine consensus whenever possible (e.g., when the number of faulty processes does not exceed ) and allowing correct processes to obtain proof of culpability of (at least) faulty processes whenever correct processes disagree.
We present four complementary contributions:
1) We introduce : a simple yet efficient transformation of any Byzantine consensus protocol to an accountable one.
introduces an overhead of (1) only
two all-to-all communication rounds and additional bits in executions with up to faults (i.e., in the common case).
2) We define the accountability complexity, a complexity metric representing the number of accountability-specific messages that correct processes must send.
Furthermore, we prove a tight lower bound. In particular, we show that any accountable Byzantine consensus algorithm incurs cubic accountability complexity.
Moreover, we illustrate that the bound is tight by applying the transformation to any Byzantine consensus protocol.
3) We demonstrate that, when applied to an optimal Byzantine consensus protocol, constructs an accountable Byzantine consensus protocol that is (1) optimal in solving consensus whenever consensus is solvable with respect to the communication complexity, and (2) optimal in obtaining accountability whenever disagreement occurs with respect to the accountability complexity.
4) We generalize to other distributed computing problems besides the classic consensus problem. We characterize a class of agreement tasks, including reliable and consistent broadcast, that renders accountable
On the Validity of Consensus
The Byzantine consensus problem involves processes, out of which t < n
could be faulty and behave arbitrarily. Three properties characterize
consensus: (1) termination, requiring correct (non-faulty) processes to
eventually reach a decision, (2) agreement, preventing them from deciding
different values, and (3) validity, precluding ``unreasonable'' decisions. But,
what is a reasonable decision? Strong validity, a classical property,
stipulates that, if all correct processes propose the same value, only that
value can be decided. Weak validity, another established property, stipulates
that, if all processes are correct and they propose the same value, that value
must be decided. The space of possible validity properties is vast. However,
their impact on consensus remains unclear.
This paper addresses the question of which validity properties allow
Byzantine consensus to be solvable with partial synchrony, and at what cost.
First, we determine necessary and sufficient conditions for a validity property
to make the consensus problem solvable; we say that such validity properties
are solvable. Notably, we prove that, if n <= 3t, all solvable validity
properties are trivial (there exists an always-admissible decision).
Furthermore, we show that, with any non-trivial (and solvable) validity
property, consensus requires Omega(t^2) messages. This extends the seminal
Dolev-Reischuk bound, originally proven for strong validity, to all non-trivial
validity properties. Lastly, we give a general Byzantine consensus algorithm,
we call Universal, for any solvable (and non-trivial) validity property.
Importantly, Universal incurs O(n^2) message complexity. Thus, together with
our lower bound, Universal implies a fundamental result in partial synchrony:
with t \in Omega(n), the message complexity of all (non-trivial) consensus
variants is Theta(n^2).Comment: The extended version of the PODC 2023 pape
Online Payments by Merely Broadcasting Messages
We address the problem of online payments, where users can transfer funds among themselves. We introduce Astro, a system solving this problem efficiently in a decentralized, deterministic, and completely asynchronous manner. Astro builds on the insight that consensus is unnecessary to prevent double-spending. Instead of consensus, Astro relies on a weaker primitive - Byzantine reliable broadcast - enabling a simpler and more efficient implementation than consensus-based payment systems.In terms of efficiency, Astro executes a payment by merely broadcasting a message. The distinguishing feature of Astro is that it can maintain performance robustly, i.e., remain unaffected by a fraction of replicas being compromised or slowed down by an adversary. Our experiments on a public cloud network show that Astro can achieve near-linear scalability in a sharded setup, going from 10K payments/sec (2 shards) to 20K payments/sec (4 shards). In a nutshell, Astro can match VISA-level average payment throughput, and achieves a 5×improvement over a state-of-the-art consensus-based solution,while exhibiting sub-second 95th percentile latency