41 research outputs found
Robust and Scalable Consensus for Sharded Distributed Ledgers
ByzCoin, a promising alternative of Bitcoin, is a scalable consensus protocol used as a building block of many research and enterprise-level decentralized systems. In this paper, we show that ByzCoin is unsuitable for deployment in an anopen, adversarial network and instead introduceMOTOR. MOTORis designed as a secure, robust, and scalable consensus suitable for permissionless sharded blockchains. MOTORachieves these properties by making four key design choices: (a) it prioritizes robustness in adversarial environments while maintaining adequate scalability, (b) it employees provably correct cryptography that resists DoS attacks from individual nodes, (c) it deploys unpredictable rotating leaders to defend against mildly-adaptive adversaries and prevents censorship, and (d) it creates an incentive compatible reward mechanism. These choices are materialized as (a) a “rotating subleader” communication pattern that balances the scalability needs with the robustness requirements under failures, (b) deployment of provable secure BLS multi-signatures, (c) use of deterministic thresh-old signatures as a source of randomness and (d) careful design of the reward allocation mechanism. We have implemented MOTORand compare it withByzCoin. We show that MOTORcan scale similar to ByzCoin with an at most2xoverhead whereas it maintains good performance even under high-percentage of faults, unlike ByzCoin
Divide and Scale: Formalization of Distributed Ledger Sharding Protocols
Sharding distributed ledgers is the most promising on-chain solution for
scaling blockchain technology. In this work, we define and analyze the
properties a sharded distributed ledger should fulfill. More specifically, we
show that a sharded blockchain cannot be scalable under a fully adaptive
adversary, but it can scale up to under an epoch-adaptive
adversary. This is possible only if the distributed ledger creates succinct
proofs of the valid state updates at the end of each epoch. Our model builds
upon and extends the Bitcoin backbone protocol by defining consistency and
scalability. Consistency encompasses the need for atomic execution of
cross-shard transactions to preserve safety, whereas scalability encapsulates
the speedup a sharded system can gain in comparison to a non-sharded system. We
introduce a protocol abstraction and highlight the sufficient components for
secure and efficient sharding in our model. In order to show the power of our
framework, we analyze the most prominent shared blockchains (Elastico,
Monoxide, OmniLedger, RapidChain) and pinpoint where they fail to meet the
desired properties
Mandator and Sporades: Robust Wide-Area Consensus with Efficient Request Dissemination
Consensus algorithms are deployed in the wide area to achieve high
availability for geographically replicated applications. Wide-area consensus is
challenging due to two main reasons: (1) low throughput due to the high latency
overhead of client request dissemination and (2) network asynchrony that causes
consensus protocols to lose liveness. In this paper, we propose Mandator and
Sporades, a modular state machine replication algorithm that enables high
performance and resiliency in the wide-area setting.
To address the high client request dissemination overhead challenge, we
propose Mandator, a novel consensus-agnostic asynchronous dissemination layer.
Mandator separates client request dissemination from the critical path of
consensus to obtain high performance. Composing Mandator with Multi-Paxos
(Mandator-Paxos) delivers significantly high throughput under synchronous
networks. However, under asynchronous network conditions, Mandator-Paxos loses
liveness which results in high latency. To achieve low latency and robustness
under asynchrony, we propose Sporades, a novel omission fault-tolerant
consensus algorithm. Sporades consists of two modes of operations --
synchronous and asynchronous -- that always ensure liveness. The combination of
Mandator and Sporades (Mandator-Sporades) provides a robust and high-performing
state machine replication system.
We implement and evaluate Mandator-Sporades in a wide-area deployment running
on Amazon EC2. Our evaluation shows that in the synchronous execution,
Mandator-Sporades achieves 300k tx/sec throughput in less than 900ms latency,
outperforming Multi-Paxos, EPaxos and Rabia by 650\% in throughput, at a modest
expense of latency. Furthermore, we show that Mandator-Sporades outperforms
Mandator-Paxos, Multi-Paxos, and EPaxos in the face of targeted distributed
denial-of-service attacks
Narwhal and Tusk: A DAG-based Mempool and Efficient BFT Consensus
We propose separating the task of reliable transaction dissemination from
transaction ordering, to enable high-performance Byzantine fault-tolerant
quorum-based consensus. We design and evaluate a mempool protocol, Narwhal,
specializing in high-throughput reliable dissemination and storage of causal
histories of transactions. Narwhal tolerates an asynchronous network and
maintains high performance despite failures. Narwhal is designed to easily
scale-out using multiple workers at each validator, and we demonstrate that
there is no foreseeable limit to the throughput we can achieve. Composing
Narwhal with a partially synchronous consensus protocol (Narwhal-HotStuff)
yields significantly better throughput even in the presence of faults or
intermittent loss of liveness due to asynchrony. However, loss of liveness can
result in higher latency. To achieve overall good performance when faults occur
we design Tusk, a zero-message overhead asynchronous consensus protocol, to
work with Narwhal. We demonstrate its high performance under a variety of
configurations and faults. As a summary of results, on a WAN, Narwhal-Hotstuff
achieves over 130,000 tx/sec at less than 2-sec latency compared with 1,800
tx/sec at 1-sec latency for Hotstuff. Additional workers increase throughput
linearly to 600,000 tx/sec without any latency increase. Tusk achieves 160,000
tx/sec with about 3 seconds latency. Under faults, both protocols maintain high
throughput, but Narwhal-HotStuff suffers from increased latency
Channels: Horizontal Scaling and Confidentiality on Permissioned Blockchains with Application on Hyperledger Fabric
Sharding, or partitioning the system’s state so that different subsets of participants handle it, is a proven approach to building distributed systems whose total capacity scales horizontally with the number of participants. Many distributed ledgers have adopted this approach to increase their performance, however, they focus on the permissionless setting that assumes the existence of a strong adversary. In this paper, we deploy channels for permissioned blockchains. Our first contribution is to adapt sharding on asset-management applications for the permissioned setting, while preserving liveness and safety even on transactions spanning across-channels. Our second contribution is to leverage channels as a confidentiality boundary, enabling different organizations and consortia to preserve their privacy within their channels and still be part of a bigger collaborative ecosystem. To make our system concrete we map it on top of Hyperledger Fabric
OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding
Designing a secure permissionless distributed ledger (blockchain) that performs on par with centralized payment processors, such as Visa, is a challenging task. Most existing distributed ledgers are unable to scale-out, i.e., to grow their total processing capacity with the number of validators; and those that do, compromise security or decentralization. We present OmniLedger, a novel scale-out distributed ledger that preserves longterm security under permissionless operation. It ensures security and correctness by using a bias-resistant public-randomness protocol for choosing large, statistically representative shards that process transactions, and by introducing an efficient crossshard commit protocol that atomically handles transactions affecting multiple shards. OmniLedger also optimizes performance via parallel intra-shard transaction processing, ledger pruning via collectively-signed state blocks, and low-latency “trust-butverify” validation for low-value transactions. An evaluation of our experimental prototype shows that OmniLedger’s throughput scales linearly in the number of active validators, supporting Visa-level workloads and beyond, while confirming typical transactions in under two seconds
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds
Software-update mechanisms are critical to the security of modern systems,
but their typically centralized design presents
a lucrative and frequently attacked target. In this work, we propose
CHAINIAC, a decentralized software-update framework that eliminates single points of failure, enforces transparency, and provides
efficient verifiability of integrity and authenticity for software-release processes.
Independent collectively verify
conformance of software updates to release policies,
validate the source-to-binary correspondence, and a
tamper-proof release log
stores collectively signed updates, thus ensuring
that no release is accepted by clients
before being widely disclosed and validated.
The release log embodies a , a novel data structure,
enabling arbitrarily out-of-date clients to efficiently validate updates and signing keys.
Evaluation of our CHAINIAC prototype on reproducible Debian packages
shows that the automated update process takes the average of 5 minutes
per release for individual packages, and only 20 seconds for the aggregate timeline.
We further evaluate the framework using real-world
data from the PyPI package repository and show that it
offers clients security comparable to verifying every single update themselves
while consuming only one-fifth of the bandwidth and having a minimal
computational overhead
SoK: Communication Across Distributed Ledgers
Since the inception of Bitcoin, a plethora of distributed ledgers differing in design and purpose has been created. While by design, blockchains provide no means to securely communicate with external systems, numerous attempts towards trustless cross-chain communication have been proposed over the years. Today, cross-chain communication (CCC) plays a fundamental role in cryptocurrency exchanges, scalability efforts via sharding, extension of existing systems through sidechains, and bootstrapping of new blockchains. Unfortunately, existing proposals are designed ad-hoc for specific use-cases, making it hard to gain confidence in their correctness and composability.
We provide the first systematic exposition of cross-chain communication protocols. We formalize the underlying research problem and show that CCC is impossible without a trusted third party, contrary to common beliefs in the blockchain community. With this result in mind, we develop a framework to design new and evaluate existing CCC protocols, focusing on the inherent trust assumptions thereof, and derive a classification covering the field of cross-chain communication to date. We conclude by discussing open challenges for CCC research and the implications of interoperability on the security and privacy of blockchains