6 research outputs found
Keeping Authorities "Honest or Bust" with Decentralized Witness Cosigning
The secret keys of critical network authorities - such as time, name,
certificate, and software update services - represent high-value targets for
hackers, criminals, and spy agencies wishing to use these keys secretly to
compromise other hosts. To protect authorities and their clients proactively
from undetected exploits and misuse, we introduce CoSi, a scalable witness
cosigning protocol ensuring that every authoritative statement is validated and
publicly logged by a diverse group of witnesses before any client will accept
it. A statement S collectively signed by W witnesses assures clients that S has
been seen, and not immediately found erroneous, by those W observers. Even if S
is compromised in a fashion not readily detectable by the witnesses, CoSi still
guarantees S's exposure to public scrutiny, forcing secrecy-minded attackers to
risk that the compromise will soon be detected by one of the W witnesses.
Because clients can verify collective signatures efficiently without
communication, CoSi protects clients' privacy, and offers the first
transparency mechanism effective against persistent man-in-the-middle attackers
who control a victim's Internet access, the authority's secret key, and several
witnesses' secret keys. CoSi builds on existing cryptographic multisignature
methods, scaling them to support thousands of witnesses via signature
aggregation over efficient communication trees. A working prototype
demonstrates CoSi in the context of timestamping and logging authorities,
enabling groups of over 8,000 distributed witnesses to cosign authoritative
statements in under two seconds.Comment: 20 pages, 7 figure
Accountable Safety for Rollups
Accountability, the ability to provably identify protocol violators, gained
prominence as the main economic argument for the security of proof-of-stake
(PoS) protocols. Rollups, the most popular scaling solution for blockchains,
typically use PoS protocols as their parent chain. We define accountability for
rollups, and present an attack that shows the absence of accountability on
existing designs. We provide an accountable rollup design and prove its
security, both for the traditional `enshrined' rollups and for sovereign
rollups, an emergent alternative built on lazy blockchains, tasked only with
ordering and availability of the rollup data.Comment: 28 pages, 4 figure
Managing Identities Using Blockchains and CoSi
We combine collective signing and blockchains to create a secure and easy-to-use, decentralized SSH-key management system
CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds
Software-update mechanisms are critical to the security of modern systems,
but their typically centralized design presents
a lucrative and frequently attacked target. In this work, we propose
CHAINIAC, a decentralized software-update framework that eliminates single points of failure, enforces transparency, and provides
efficient verifiability of integrity and authenticity for software-release processes.
Independent collectively verify
conformance of software updates to release policies,
validate the source-to-binary correspondence, and a
tamper-proof release log
stores collectively signed updates, thus ensuring
that no release is accepted by clients
before being widely disclosed and validated.
The release log embodies a , a novel data structure,
enabling arbitrarily out-of-date clients to efficiently validate updates and signing keys.
Evaluation of our CHAINIAC prototype on reproducible Debian packages
shows that the automated update process takes the average of 5 minutes
per release for individual packages, and only 20 seconds for the aggregate timeline.
We further evaluate the framework using real-world
data from the PyPI package repository and show that it
offers clients security comparable to verifying every single update themselves
while consuming only one-fifth of the bandwidth and having a minimal
computational overhead
Scalable Bias-Resistant Distributed Randomness
Bias-resistant public randomness is a critical component in many (distributed) protocols. Existing solutions do not scale to hundreds or thousands of participants, as is needed in many decentralized systems. We propose two large-scale distributed protocols, RandHound and RandHerd, which provide publicly-verifiable, unpredictable, and unbiasable randomness against Byzantine adversaries. RandHound relies on an untrusted client to divide a set of randomness servers into groups for scalability, and it depends on the pigeonhole principle to ensure output integrity, even for non-random, adversarial group choices. RandHerd implements an efficient, decentralized randomness beacon. RandHerd is structurally similar to a BFT protocol, but uses RandHound in a one-time setup to arrange participants into verifiably unbiased random secret-sharing groups, which then repeatedly produce random output at predefined intervals. Our prototype demonstrates that RandHound and RandHerd achieve good performance across hundreds of participants while retaining a low failure probability by properly selecting protocol parameters, such as a group size and secret-sharing threshold. For example, when sharding 512 nodes into groups of 32, our experiments show that RandHound can produce fresh random output after 240 seconds. RandHerd, after a setup phase of 260 seconds, is able to generate fresh random output in intervals of approximately 6 seconds. For this configuration, both protocols operate at a failure probability of at most 0.08% against a Byzantine adversary
Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing
While showing great promise, Bitcoin requires users to wait tens of minutes for transactions to commit, and even then, offering only probabilistic guarantees. This paper introduces ByzCoin, a novel Byzantine consensus protocol that leverages scalable collective signing to commit Bitcoin transactions irreversibly within seconds. ByzCoin achieves Byzantine consensus while preserving Bitcoin's open membership by dynamically forming hash power-proportionate consensus groups that represent recently-successful block miners. ByzCoin employs communication trees to optimize transaction commitment and verification under normal operation while guaranteeing safety and liveness under Byzantine faults, up to a near-optimal tolerance of f faulty group members among 3f + 2 total. ByzCoin mitigates double spending and selfish mining attacks by producing collectively signed transaction blocks within one minute of transaction submission. Tree-structured communication further reduces this latency to less than 30 seconds. Due to these optimizations, ByzCoin achieves a throughput higher than PayPal currently handles, with a confirmation latency of 15-20 seconds