Serializability and Heterogeneous Trust from Two Phase Commit to Blockchains
Total Page:16
File Type:pdf, Size:1020Kb
SERIALIZABILITY AND HETEROGENEOUS TRUST FROM TWO PHASE COMMIT TO BLOCKCHAINS A Dissertation Presented to the Faculty of the Graduate School of Cornell University in Partial Fulfillment of the Requirements for the Degree of Doctor of Philosophy by Isaac Cameron Sheff August 2019 © 2019 Isaac Cameron Sheff ALL RIGHTS RESERVED SERIALIZABILITY AND HETEROGENEOUS TRUST FROM TWO PHASE COMMIT TO BLOCKCHAINS Isaac Cameron Sheff, Ph.D. Cornell University 2019 As distributed systems become more federated and cross-domain, we are forced to rethink some of our core abstractions. We need heterogeneous systems with rig- orous consistency and self-authentication guarantees, despite a complex landscape of security and failure tolerance assumptions. I have designed, built, and evalu- ated heterogeneous distributed algorithms with broad applications from medical privacy to blockchains. This dissertation examines three novel building blocks for this vision. First, I show that serializable transactions cannot always be securely scheduled when data has different levels of confidentiality. I have identified a useful subset of transactions that can always be securely scheduled, and built a system to check and execute them. Second, I present Charlotte, a heterogeneous system that supports compos- able Authenticated Distributed Data Structures (like Git, PKIs, or Bitcoin). I show that Charlotte produces significant performance improvements compared to a single, universally trusted blockchain. Finally, I develop a rigorous generalization of the consensus problem, and present the first distributed consensus which tolerates heterogeneous failures, het- erogeneous participants, and heterogeneous observers. With this consensus, cross- domain systems can maintain ADDSs, or schedule transactions, without the ex- pensive overhead that comes from tolerating the sum of everyone's fears. BIOGRAPHICAL SKETCH Isaac Sheff was born on Christmas Eve 1989 to Kimberly and David Sheff, in Mercy Hospital of Iowa City. In 1993, his family moved to Hamden, Connecti- cut, where his younger siblings Benjamin and Olivia were born. Isaac attended kindergarten through second grade at Bear Path Elementary. Redistricting moved him to Alice Peck Elementary before third grade, and he switched to Hamden Hall Country Day School in fourth grade. In 2003, Isaac and his family left their friends in Connecticut behind, and returned to Iowa City. Isaac attended eighth grade at Northwest Junior High, and graduated in 2008 from West High School. In 2007, Isaac attended Cy-Tag, a three week intensive at Iowa State University, where he first learned to program. At West High, Isaac discovered a passion for engineering and mathematics, joining FIRST robotics team 167, and math-themed clubs including Fun For Friday (F 3), and the µαθ and American Regions Math League teams. In 2008, Isaac moved to Pasadena, California, and enrolled in the California Institute of Technology, earning a Bachelor of Science (majoring in Computer Science) in 2012. Isaac arrived in California intending to build the next generation of spacecraft, but quickly became sidetracked by the plethora of sciences available. By junior year, it had become apparent that Isaac's programming skills and passion for engineering and mathematical problem solving served him well in Computer Science. Isaac spent the summer of 2012 as a Software Engineering Intern at Google Los Angeles. While the challenges presented each day at Google were interesting, Isaac feared he would soon grow bored without the opportunity to work on new, unsolved problems. In the fall of 2012, Isaac enrolled in Cornell's Doctor of Philosophy program in Computer Science to do just that. iii For my parents For my partner iv ACKNOWLEDGMENTS Some of my loneliest days have been as a Ph.D. student, but science is not a solitary activity. It is only with the collaboration and assistance of others that I have found any success. First, I must thank my advisor, Andrew Myers, for his continuous support and collaboration, his supply of ideas and context, and his guidance through this pro- cess. Andrew has taught me so much about how to research, from formulating ideas all the way through to communicating results through papers and presen- tations. In his research group, Applied Programming Languages, I have found collaborations without whom I could not have completed this work. Next, I must thank my \other advisor" of sorts. Robbert van Renesse has been indispensable for his insight and understanding in Distributed Systems, both the subject matter and the community, as well as his professional advice. He was the first person with the good sense to drag me to meet people at a conference, and the first person to explain consensus to me in a way I understood. I could never have finished this without him. Cornell's out-of-field minor requirement is unusual, and when I set out to try something truly different, Oren Falk had the grace, patience, and good humor to take me up on it. My out-of-field minor is in Medieval Studies, not because it's related to this dissertation, but because I personally find it enriching. It may also have improved my reading speed and comprehension, and general writing skills. Despite my lack of qualification for graduate-level historical studies, Oren guided me through some fascinating courses in Medieval Violence and Anglo-Saxon England, and encouraged me to explore Cornell's other offerings in the subject. I am truly grateful for what has been an exciting journey, and a welcome complement to my research. Thank you, Oren. v I want to thank Mark Moir and Maurice Herlihy. At Oracle, Mark, Maurice, and I stumbled into the bizarre world of blockchains together, and it was in our discussions that the first conceptions of Charlotte came to be. Without them, this dissertation would be almost, if not entirely, different. I especially want to thank my co-authors, including Andrew Myers and Robbert van Renesse, but also Tom Magrino, Xinwen Wang, Jed Liu, Haobin Ni, and Zhenjia Xu. None of these projects could have been completed without them, and not only because most of the implementation work on Secure Scheduling, Heterogeneous Consensus, and Charlotte Nakamoto is theirs. I want to thank the colleagues with whom I've taught courses, including Fred Schneider, Deniz Altinbuken, Lucja Kot, David Gries, and Ken Birman. Teaching is an integral part of a Ph.D., and I've learned it entirely through experience by your side. Research is a collaborative effort, and not only with co-authors. Thank you to everyone who has helped me with research ideas, editing, practice talks, and late- night deadlines, including but not limited to: Josh Acay, Soumya Basu, Ken Bir- man, Ethan Cecchetti, Natacha Crooks, Andrew Hirsch, Matthew Milano, Laure Thompson, Fabian Muehlboeck, Rolph Recto, and Drew Zagieboylo. I could never have completed a Ph.D. without help not only professionally, but personally. I'd like to thank my friends throughout this chapter of my life, including but not limited to: Gabriel Bender, Eleanor Birrell, Marin Cherry, Tawny Cuyk- endall, Alex Fix, Elisavet Kozyri, Stavros Nikolaou, Brittany Nkounkou, Karthik Raman, Xanda Schofield, Daniel Schroeder, Eston Schweickart, Karn Seth, Ruben Sipos, Adith Swaminathan, Sidharth Telang, and Scott Wehrwein. vi Finally, I'd like to thank Becky Stewart, Jessica Beeve, Tammy Gardner, Lacy Lucas, Corey Torres, and the rest of the Cornell CS staff, without whom my Ph.D. experience would have been literally impossible. I have received funding through generous gifts from from Oracle and Ripple, as well as grants from the NSF. vii TABLE OF CONTENTS Biographical Sketch.............................. iii Dedication................................... iv Acknowledgments...............................v Table of Contents............................... viii List of Tables................................. xiii List of Figures................................. xiv 1 Introduction1 1.1 Ideal Distributed Systems.......................1 1.1.1 Least Ordering.........................2 1.1.2 Fault Tolerance.........................3 1.1.3 Heterogeneity..........................4 1.1.4 Building With These Ideals..................7 1.2 Security.................................7 1.2.1 Information Flow Control (IFC)................7 1.2.2 Failure Tolerance........................7 1.3 Transactions...............................8 1.4 Consensus................................9 1.5 Blockchains............................... 10 1.5.1 Least Ordering......................... 11 1.5.2 Heterogeneity.......................... 12 1.6 Roadmap................................ 13 1.6.1 Safe Serializable Secure Scheduling.............. 13 1.6.2 Authenticated Distributed Data Structures.......... 14 1.6.3 Heterogeneous Consensus................... 14 2 Safe Serializable Secure Scheduling 15 2.1 Introduction............................... 16 2.2 Abort Channels............................. 18 2.2.1 Rainforest Example....................... 19 2.2.2 Hospital Example........................ 21 2.2.3 Attack Demonstration..................... 22 2.3 System Model.............................. 25 2.3.1 State and Events........................ 25 2.3.2 Information Flow Lattice.................... 26 2.3.3 Conflicts............................. 27 2.3.4 Serializability and Secure Information Flow.......... 29 2.3.5 Network and Timing...................... 31 2.3.6 Executions, Protocols, and Inputs............... 32 2.3.7 Semantic Security Properties.................. 35 2.4 Impossibility..............................