DOCSLIB.ORG

Efficient and Egalitarian Consensus Ling

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Efficient and Egalitarian Consensus Ling Efficient and Egalitarian Consensus by Ling Ren B.Eng., Tsinghua University (2012) S.M., Massachusetts Institute of Technology (2014) Submitted to the Department of Electrical Engineering and Computer Science in partial fulfillment of the requirements for the degree of Doctor of Philosophy at the MASSACHUSETTS INSTITUTE OF TECHNOLOGY September 2018 ○c Massachusetts Institute of Technology 2018. All rights reserved. Author................................................................................... Department of Electrical Engineering and Computer Science August 10, 2018 Certified by. Srinivas Devadas Professor of Electrical Engineering and Computer Science Thesis Supervisor Accepted by.............................................................................. Leslie A. Kolodziejski Professor of Electrical Engineering and Computer Science Chair, Committee on Graduate Students 2 Efficient and Egalitarian Consensus by Ling Ren Submitted to the Department of Electrical Engineering and Computer Science on August 10, 2018, in partial fulfillment of the requirements for the degree of Doctor of Philosophy Abstract Consensus is a classic problem in distributed computing. Research on consensus has traditionally focused on the permissioned setting where participants are fixed and know each other beforehand. Recently, the digital currency Bitcoin has popularized a new line of research on consensus in a permissionless environment, where participants may join or leave at any time and need not know how many other participants exist or who they are. Bitcoin’s solution, now known as the Nakamoto consensus, is to build a proof-of-work chain and treat the longest proof-of-work chain as consensus decisions. However, this elegant solution does have limitations. First, it has long latency: under current parameters, it can take hours for a Bitcoin transaction to go through. Second, its use of hash-based proof-of-work has raised concerns about fairness and energy consumption. This thesis presents distributed algorithms and cryptographic primitives to address these limitations. I will first describe Solida, a permissionless consensus protocol with low latency. It hasbeen observed that traditional Byzantine consensus protocols have much lower latency than Nakamoto consensus. Following this observation, Solida adapts traditional Byzantine consensus protocols from the permissioned setting to the permissionless setting by combining them with proof-of-work. I also design improved protocols for permissioned synchronous Byzantine consensus. I then turn to potential replacements for hash-based proof-of-work. I construct a proof-of-space protocol with tight security bounds as an energy-efficient alternative. Finally, I revisit the concept of memory-hard functions, the standard approach to improve fairness in proof-of-work. I argue that the memory-hardness approach overlooks energy efficiency fairness and suggest bandwidth-hard functions as egalitarian alternatives. 3 Thesis Supervisor: Srinivas Devadas Title: Professor of Electrical Engineering and Computer Science 4 Acknowledgments I am grateful to many people who have helped me during my PhD. First and foremost, I would like to thank my advisor Srini Devadas. I have enjoyed unlimited academic freedom at MIT thanks to Srini. I remember distinctively a meeting with him before my PhD. In that meeting, he said “work on something that interests you here; if you don’t, I will force you to.” His passion and approach to research and have had a great impact on me. I also very much appreciate his guidance during my academic job search and his advice on many other aspects of life. Next, I would like to thank Marten van Dijk, Elaine Shi, Dahlia Malkhi and Ittai Abraham. It was Ittai and Dahlia who led me into consensus research. A lot of work in this thesis started while I was an intern at VMware Research under their mentorship. Marten and Elaine have effectively served as my unofficial advisors and have been sources of inspiration on many research projects. This thesis is based on joint works with Ittai Abraham, Srinivas Devadas, Dahlia Malkhi, Kartik Nayak and Alexander Spiegelman. This thesis would not have been possible without their contributions. Many others have provided valuable insights and discussions. Vinod Vaikuntanathan, Bryan Ford, and Eleftherios Kokoris-Kogias helped clarify comparisons with their works and shared other inspiring ideas. Alin Tomescu pointed me to efficient libraries for pairing-based cryptography. Joël Alwen, Jeremiah Blocki, Henry Corrigan-Gibbs, Ilia Lebedev, Quanquan Liu, Krzysztof Pietrzak, Daniel Sanchez, Daniel Wichs, and Samson Zhou provided helpful feedback and discussions on various aspects of proof-of-space, bandwidth-hard functions, and graph pebbling. I also had the pleasure to work with many wonderful collaborators on topics outside this thesis: Christopher Fletcher, Xiangyao Yu, Albert Kwon, Emil Stefanov, Charles Herder, Meng-Day Yu, Daniel Wichs, Hubert Chan, Omer Khan, Benny Pinkas, and Hanshen Xiao. Especially to Chris, my closest collaborator, you wrote in your thesis acknowledgment that we would collaborate again in the future and now we are to become colleagues. It is great pleasure to work with David Wentzlaff’s group on a chip tape-out. Special thanks to Mike McKeown, who has spent a considerable amount of time helping us test the chip. I have been fortunate to teach 6.046 Design and Analysis of Algorithms with Erik Demaine, Srini Devadas, Nancy Lynch, Debayan Gutpa, Virginia Williams and other amazing staff members. I learned a lot from them missed those fun staff meetings. Thanks to Nancy Lynch for her trust. I am deeply grateful to my family and friends. The friends I met at MIT have brought so much fun and laughter to the PhD journey. Finally, as always, I am thankful to my parents for their continuous support. 5 6 Contents 1 Introduction 9 1.1 Overview of Contributions . 10 2 Background 13 2.1 Byzantine Broadcast and Byzantine Agreement . 13 2.2 Byzantine Fault Tolerant State Machine Replication . 15 2.3 Nakamoto Consensus . 17 2.4 Cryptographic Primitives . 19 2.4.1 Aggregate Signature . 19 2.4.2 Verifiable Random Function . 20 3 Solida: Permissionless Consensus from Reconfigurable Byzantine Consensus 21 3.1 Introduction . 21 3.1.1 Overview of the Protocol . 23 3.2 Model . 25 3.3 The Solida Protocol . 27 3.3.1 Structure of Views and Leaders . 28 3.3.2 Steady State . 29 3.3.3 View Change . 30 3.3.4 Reconfiguration . 32 3.3.5 Improvement with Aggregate Signatures . 33 3.3.6 Puzzles and Defense against Selfish Mining . 34 3.4 Proof of Safety and Liveness . 34 3.5 Implementation and Evaluation . 38 3.6 Related Work . 41 4 Efficient Synchronous Byzantine Consensus 43 4.1 Introduction . 43 4.2 A Synchronous Byzantine Synod Protocol . 45 4.2.1 Model and Overview . 45 4.2.2 Detailed Protocol . 46 4.2.3 Safety and Liveness . 50 4.3 Byzantine Broadcast and Agreement . 53 4.4 Byzantine Fault Tolerant State Machine Replication . 56 4.4.1 Warm-up: A Basic Protocol . 56 7 4.4.2 Towards Stable Leaders . 58 4.4.3 Common Case . 59 4.4.4 View Change . 61 4.4.5 Safety and Liveness . 63 4.4.6 Message Complexity . 64 4.4.7 Comparison with Prior Work . 65 5 Proof-of-Space from Stacked Expanders 67 5.1 Introduction . 67 5.2 Preliminaries . 69 5.2.1 Proof-of-Space . 69 5.2.2 Graph Labeling and Pebbling . 70 5.2.3 Bipartite and Stacked Expanders . 71 5.3 Pebble Games on Stacked Expanders . 73 5.3.1 Localization of Expanders . 74 5.4 Proof-of-Space from Stacked Expanders . 77 6 Bandwidth-Hard Functions 81 6.1 Introduction . 81 6.2 Bandwidth-Hard Functions: Definition and Limit . 84 6.2.1 Model . 84 6.2.2 Definition: Energy Fairness . 85 6.2.3 Red-Blue Pebble Games . 86 6.2.4 Limit of Energy Fairness . 87 6.3 Bandwidth-Hardness of Candidate Constructions . 89 6.3.1 Scrypt . 90 6.3.2 Bit-Reversal Graphs . 91 6.3.3 Stacked Expanders . 93 6.3.4 Stacked Butterfly Graphs Are Not Bandwidth-Hard . 95 6.3.5 Summary . 96 6.4 Related Work . 97 7 Conclusion 99 8 Chapter 1 Introduction Consensus is a classic problem in distributed computing. Informally, the problem is to ensure that a set of parties agree on a common value despite some parties being faulty. The consensus problem has been studied under various combinations of models and assumptions on communication channels, timings, faults, etc.. This thesis considers consensus in the presence of Byzantine faults [126, 100], meaning that faulty parties may deviate from the protocol arbitrarily in an adversarial and coordinated manner. Studies on Byzantine consensus in academia have traditionally focused on the permissioned setting where participants are fixed and know each other a priori. Recently, the digital currency Bitcoin [114] explored and popularized a new setting of consensus. Bitcoin is a payment system that does not rely on a single authority (like a central bank) but instead runs on a decentralized peer-to-peer network. While consensus has no obvious connection to a centrally controlled fiat currency, it is at the heart of a decentralized digital currency. A key insight of Bitcoin is that, if all non-faulty parties in a peer-to-peer network reach consensus on every transaction (hence on every account’s balance), then we have obtained a payment system or a currency. Bitcoin achieves consensus in a permissionless setting. Participants may join or leave the Bitcoin protocol at will and need not know how many other participants exist or who they are. There is supposed to be no identity verification or barrier to entry. Because there is no identity verification, permissionless consensus faces a threat called the Sybil attack [58]: the attacker can easily create a large number of pseudonymous identities to participate in the protocol. Conventional permissioned consensus protocols usually rely on some form of majority 9 voting, so they will fall victim to the Sybil attack.
Load more

Recommended publications
  • Examining the Lightning Network on a Protocol Level
    Examining the Lightning network on a protocol level Rene Pickhardt (Data Science Consultant) https://www.rene-pickhardt.de & https://twitter.com/renepickhardt München 19.7.2018 I've been told I should start any talk with something everybody in the audience should know A standard Bitcoin Transaction has 6 data fields ( The following is a brief summary of https://en.bitcoin.it/wiki/Transaction#Input ) ● Version number (4 Bytes) ● In-Counter (1-9 Bytes) ● List of inputs (depending on the Value of <In-Counter>) ● Out-Counter (1-9 Bytes) ● List of Outputs (depending on the Value of <Out-Counter>) ● Lock_time (4 Bytes) ( Bitcoin Transaction with 3 inputs and 2 outputs Data consists mainly of executable scripts! A chain of Bitcoin Transactions with 3 UTXO ● Outputs are references by the inputs ● The Script in the output defines how the transaction can be spent ● Owning Bitcoins means being able to spend the output of an unspent transaction ○ Provide an input script ○ Concatenate it with with some outputscript of an unspent transaction ○ The combined Script needs to evaluate to True Spending a Pay-to-PubkeyHash (standard TX) ● ScriptPubKey (aka the Output Script) ○ OP_DUP OP_HASH160 <pubKeyHash> OP_EQUALVERIFY OP_CHECKSIG ● ScriptSig: (aka the Input Script) ○ <sig> <pubKey> ● Explainations ○ OP_CODES are the instructions of the script language within Bitcoin ○ <data> is depicted like html tags with lesser than and greater than signs ○ The complete script is concatenated as Input || Output and then being executed on a Stack machine <sig> <pubKey>
    [Show full text]
  • Chapter 1 from Byzantine Consensus to Blockchain Consensus
    Chapter 1 From Byzantine Consensus to Blockchain Consensus CONTENTS 1.1 Introduction ....................................................... 3 1.2 Byzantine Consensus .............................................. 6 1.2.1 On System Models ........................................ 6 1.2.2 Byzantine Consensus Definitions .......................... 7 1.2.3 FLP Impossibility ......................................... 9 1.2.4 Byzantine Consensus Patterns ............................. 12 1.2.5 Hybrid Models to Reduce Processes ....................... 13 1.2.6 Randomization ............................................ 15 1.3 Blockchains with Nakamoto Consensus ............................. 19 1.3.1 Bitcoin’s Blockchain and Consensus ....................... 19 1.3.2 Blockchain Applications ................................... 24 1.3.3 Nakamoto Consensus Variants ............................. 27 1.4 Blockchains with Byzantine Consensus ............................. 30 1.4.1 Permissioned Blockchains with Byzantine Consensus ....... 30 1.4.2 Permissionless Blockchains with Hybrid Consensus ........ 32 1.5 Conclusion ........................................................ 34 3 4 ⌅ Saunders Template 1.1 Introduction Blockchain is an exciting new technology that is making headlines worldwide. The reasons behind the success of a technology are often unclear, but in the case of block- chain it is safe to say that an important factor is that is has two killer apps, not a single one. The first killer app are cryptocurrencies, as the original blockchain is the core of Bitcoin [128], the first cryptocurrency and the one that is fostering the adoption of cryptocurrencies. The second killer app are smart contracts, first introduced in the Ethereum system [40], with their promise of computerizing legal contracts and of supporting a countless number of applications [161, 153, 90]. Moreover, the sky seems to be the limit for the applications people are imagining for blockchain. A blockchain is essentially a secure, unmodifiable, append-only, log of transac- tions.
    [Show full text]
  • Deviant Decentralized Exchange
    DDEEVVXX Deviant Decentralized Exchange A hybrid exchange leveraging Smartcoins on the Bitshares (BTS) blockchain. CONTENTS 03 What is the current landscape for trading crypto assets? 05 Centralized Exchanges 08 Decentralized Exchanges 11 Hybrid Exchanges 13 DEVX Platform 14 Platform Overview 16 DEVX Smart Coin 17 DEVX off-chain engine - The DEVX Transient Protocol (DEVTP) 19 Trading Process 25 What is the status of development / roadmap for these innovations? 26 DEVX Team 03 Crypto assets are here to stay. According to Apple co-founder Steve Wozniak, Bitcoin and WHAT IS THE blockchain will be the next major IT revolution, and will achieve full CURRENT potential in a decade. According to LANDSCAPE FOR Paypal co-founder Peter Thiel, Bitcoin is the next Digital Gold. TRADING CRYPTO Since Bitcoin’s release in 2009, 1,622 altcoin variants have been issued. ASSETS? 2018 has already broken all records with 345 Initial Coin Offerings, and over US$ 7.7 billion of capital raised. DEVX the next revolution 04 Growth in the number of crypto assets has also driven an increase in crypto asset trading, in order to satisfy the requirements of the increasingly numerous universe of holders, investors, arbitrageurs, market makers, speculators and hedgers. There are presently more than 500 crypto asset exchanges to bring together buyers and sellers, where crypto assets are traded for either different digital currencies, or for other assets such as conventional fiat money. These exchanges operate mostly outside Western countries, and range from fully-online platforms to bricks-and-mortar businesses. Currently, almost two thirds of all daily global crypto asset trading volume results from activity on just ten of these exchanges.
    [Show full text]
  • Blocksci: Design and Applications of a Blockchain Analysis Platform
    BlockSci: Design and applications of a blockchain analysis platform Harry Kalodner Steven Goldfeder Alishah Chator [email protected] [email protected] [email protected] Princeton University Princeton University Johns Hopkins University Malte Möser Arvind Narayanan [email protected] [email protected] Princeton University Princeton University ABSTRACT to partition eectively. In fact, we conjecture that the use of a tra- Analysis of blockchain data is useful for both scientic research ditional, distributed transactional database for blockchain analysis and commercial applications. We present BlockSci, an open-source has innite COST [5], in the sense that no level of parallelism can software platform for blockchain analysis. BlockSci is versatile in outperform an optimized single-threaded implementation. its support for dierent blockchains and analysis tasks. It incorpo- BlockSci comes with batteries included. First, it is not limited rates an in-memory, analytical (rather than transactional) database, to Bitcoin: a parsing step converts a variety of blockchains into making it several hundred times faster than existing tools. We a common, compact format. Currently supported blockchains in- describe BlockSci’s design and present four analyses that illustrate clude Bitcoin, Litecoin, Namecoin, and Zcash (Section 2.1). Smart its capabilities. contract platforms such as Ethereum are outside our scope. Second, This is a working paper that accompanies the rst public release BlockSci includes a library of useful analytic and visualization tools, of BlockSci, available at github.com/citp/BlockSci. We seek input such as identifying special transactions (e.g., CoinJoin) and linking from the community to further develop the software and explore addresses to each other based on well-known heuristics (Section other potential applications.
    [Show full text]
  • Accounting for and Auditing of Digital Assets Digital Assets Working Group
    Practice aid Accounting for and auditing of digital assets Digital Assets Working Group Accounting Subgroup Matthew Schell, Chair Kevin Jackson Mark Murray Crowe LLP PwC RSM US LLP Michael Bingham Jin Koo Amy Park US Government Accountability BDO USA LLP Deloitte & Touche LLP Office Corey McLaughlin Beth Paul Brian Fields Cohen & Company PwC KPMG LLP Lan Ming Aleks Zabreyko Rahul Gupta Ernst & Young LLP Connor Group Grant Thornton LLP Christopher Moore Crowe LLP Auditing Subgroup Amy Steele, Chair Angie Hipsher-Williams Shelby Murphy Deloitte & Touche LLP Crowe LLP Deloitte & Touche LLP Michael Bingham Michael Kornstein Christian Randall US Government Accountability Office Ernst & Young LLP Cohen & Company Jay Brodish Sara Krople Jay Schulman PwC Crowe LLP RSM US LLP Damon Busse Bryan Martin Robert Sledge Baker Tilly Virchow Krause, LLP BDO USA LLP KPMG LLP Mary Grace Davenport Dylan McDermott Jagruti Solanki PwC Coinbase Aprio Jeremy Goss Grant Thornton LLP AICPA Senior Committees Financial Reporting Executive Committee Angela Newell, Chair Mark Crowley Jeff Sisk Kelly Ardrey Jr. Sean Lager Dusty Stallings Michelle Avery Mark Northan Lynne Triplett Lee Campbell Bill Schneider Mike Winterscheidt Cathy Clarke Rachel Simons Aleks Zabreyko Assurance Services Executive Committee Jim Burton, Chair Mary Grace Davenport Brad Muniz Christine Anderson Chris Halterman Dyan Rohol Daniel Balla Elaine Howle Kimberly Ellison-Taylor Jennifer Burns Bryan Martin Miklos Vasarhelyi Auditing Standards Board Tracy Harding, Chair AICPA staff Diana Krupica,
    [Show full text]
  • The Lightning Network - Deconstructed and Evaluated
    The Lightning Network - Deconstructed and Evaluated Anti-Money Laundering (AML) and Anti-Terrorist Financing (ATF) professionals, especially those working in the blockchain and cryptocurrency environment, may have heard of the second layer evolution of Bitcoin's blockchain - the Lightning Network, (LN). This exciting new and rapidly deploying technology offers innovative solutions to solve issues around the speed of transaction times using bitcoin currently, but expandable to other tokens. Potentially however, this technology raises regulatory concerns as it arguably makes, (based on current technical limitations), bitcoin transactions truly anonymous and untraceable, as opposed to its current status, where every single bitcoin can be traced all the way back to its coinbase transaction1 on the public blockchain. This article will break down the Lightning Network - analyzing how it works and how it compares to Bitcoin’s current system, the need for the technology, its money laundering (ML) and terrorist financing (TF) risks, and some thoughts on potential regulatory applications. Refresher on Blockchain Before diving into the Lightning Network, a brief refresher on how the blockchain works - specifically the Bitcoin blockchain (referred to as just “Bitcoin” with a capital “B” herein) - is required. For readers with no knowledge or those wishing to learn more about Bitcoin, Mastering Bitcoin by Andreas Antonopoulos2 is a must read, and for those wishing to make their knowledge official, the Cryptocurrency Certification Consortium, (C4) offers the Certified Bitcoin Professional (CBP) designation.3 Put simply, the blockchain is a growing list of records that can be visualized as a series of blocks linked by chains. Each block contains specific information - in Bitcoin’s case, a list of transactions and their data, which includes the time, date, amount, and the counterparties4 of each transaction.
    [Show full text]
  • A Survey of Distributed Consensus Protocols for Blockchain Networks
    1 A Survey of Distributed Consensus Protocols for Blockchain Networks Yang Xiao∗, Ning Zhang†, Wenjing Lou∗, Y. Thomas Hou∗ ∗Virginia Polytechnic Institute and State University, VA, USA †Washington University in St. Louis, MO, USA Abstract—Since the inception of Bitcoin, cryptocurrencies participants. On the other hand, blockchain is also known for and the underlying blockchain technology have attracted an providing trustworthy immutable record keeping service. The increasing interest from both academia and industry. Among block data structure adopted in a blockchain embeds the hash various core components, consensus protocol is the defining technology behind the security and performance of blockchain. of the previous block in the next block generated. The use of From incremental modifications of Nakamoto consensus protocol hash chain ensures that data written on the blockchain can not to innovative alternative consensus mechanisms, many consensus be modified. In addition, a public blockchain system supports protocols have been proposed to improve the performance of third-party auditing and some blockchain systems support a the blockchain network itself or to accommodate other specific high level of anonymity, that is, a user can transact online application needs. In this survey, we present a comprehensive review and anal- using a pseudonym without revealing his/her true identity. ysis on the state-of-the-art blockchain consensus protocols. To The security properties promised by blockchain is unprece- facilitate the discussion of our analysis, we first introduce the dented and truly inspiring. Pioneering blockchain systems such key definitions and relevant results in the classic theory of fault as Bitcoin have greatly impacted the digital payment world.
    [Show full text]
  • Asphalion: Trustworthy Shielding Against Byzantine Faults
    Asphalion: Trustworthy Shielding Against Byzantine Faults IVANA VUKOTIC, SnT, University of Luxembourg VINCENT RAHLI, University of Birmingham PAULO ESTEVES-VERÍSSIMO, SnT, University of Luxembourg Byzantine fault-tolerant state-machine replication (BFT-SMR) is a technique for hardening systems to tolerate arbitrary faults. Although robust, BFT-SMR protocols are very costly in terms of the number of required replicas (3f + 1 to tolerate f faults) and of exchanged messages. However, with “hybrid” architectures, where “normal” components trust some “special” components to provide properties in a trustworthy manner, the cost of using BFT can be dramatically reduced. Unfortunately, even though such hybridization techniques decrease the message/time/space complexity of BFT protocols, they also increase their structural complexity. Therefore, we introduce Asphalion, the first theorem prover-based framework for verifying implementations of hybrid systems and protocols. It relies on three novel languages: (1) HyLoE: a Hybrid Logic of Events to reason about hybrid fault models; (2) MoC: a Monadic Component language to implement systems as collections of interacting hybrid components; and (3) LoCK: a sound Logic Of events-based Calculus of Knowledge to reason about both homogeneous and hybrid systems at a high-level of abstraction (thereby allowing reusing proofs, and capturing the high-level logic of distributed systems). In addition, Asphalion supports compositional reasoning, e.g., through mechanisms to lift properties about trusted-trustworthy components, to the level of the distributed systems they are integrated in. As a case study, we have verified crucial safety properties (e.g., agreement) of several implementations of hybrid protocols. CCS Concepts: • Theory of computation → Logic and verification.
    [Show full text]
  • A MILP Model for a Byzantine Fault Tolerant Blockchain Consensus
    future internet Article A MILP Model for a Byzantine Fault Tolerant Blockchain Consensus Vitor Nazário Coelho 1,* , Rodolfo Pereira Araújo 2, Haroldo Gambini Santos 3, Wang Yong Qiang 4 and Igor Machado Coelho 5,* 1 OptBlocks, Avenida Jo ao Pinheiro, 274 Sala 201-Lourdes, Belo Horizonte-MG 30130-186, Brazil 2 Graduate Program in Computational Sciences (PPG-CComp), Universidade do Estado do Rio de Janeiro, Rua S ao Francisco Xavier, 524-Maracan a, Rio de Janeiro-RJ 20550-013, Brazil; [email protected] 3 Department of Computer Science, Universidade Federal de Ouro Preto, Campus Morro do Cruzeiro, Ouro Preto-MG 35400-000, Brazil; [email protected] 4 Research & Development Department, Neo Global Development, 80, Zhengxue Rd, Shanghai 200082, China; [email protected] 5 Institute of Computing, Universidade Federal Fluminense, Av. Gal. Milton Tavares de Souza, São Domingos, Niterói-RJ 24210-310, Brazil * Correspondence: [email protected] (V.N.C.); [email protected] (I.M.C.) Received: 30 September 2020; Accepted: 26 October 2020; Published: 29 October 2020 Abstract: Mixed-integer mathematical programming has been widely used to model and solve challenging optimization problems. One interesting feature of this technique is the ability to prove the optimality of the achieved solution, for many practical scenarios where a linear programming model can be devised. This paper explores its use to model very strong Byzantine adversaries, in the context of distributed consensus systems. In particular, we apply the proposed technique to find challenging adversarial conditions on a state-of-the-art blockchain consensus: the Neo dBFT. Neo Blockchain has been using the dBFT algorithm since its foundation, but, due to the complexity of the algorithm, it is challenging to devise definitive algebraic proofs that guarantee safety/liveness of the system (and adjust for every change proposed by the community).
    [Show full text]
  • Ring Confidential Transactions
    ISSN 2379-5980 (online) DOI 10.5195/LEDGER.2016.34 RESEARCH ARTICLE Ring Confidential Transactions Shen Noether,∗ Adam Mackenzie, the Monero Research Lab† Abstract. This article introduces a method of hiding transaction amounts in the strongly decentralized anonymous cryptocurrency Monero. Similar to Bitcoin, Monero is a cryptocur- rency which is distributed through a proof-of-work “mining” process having no central party or trusted setup. The original Monero protocol was based on CryptoNote, which uses ring signatures and one-time keys to hide the destination and origin of transactions. Recently the technique of using a commitment scheme to hide the amount of a transaction has been dis- cussed and implemented by Bitcoin Core developer Gregory Maxwell. In this article, a new type of ring signature, A Multilayered Linkable Spontaneous Anonymous Group signature is described which allows one to include a Pedersen Commitment in a ring signature. This construction results in a digital currency with hidden amounts, origins and destinations of transactions with reasonable efficiency and verifiable, trustless coin generation. The author would like to note that early drafts of this were publicized in the Monero Community and on the #bitcoin-wizards IRC channel. Blockchain hashed drafts are available showing that this work was started in Summer 2015, and completed in early October 2015.17 An eprint is also available at http://eprint.iacr.org/2015/1098. 1. Introduction Recall that in Bitcoin each transaction is signed by the owner of the coins being sent and these signatures verify that the owner is allowed to send the coins. This is entirely analogous to the signing of a check from your bank.
    [Show full text]
  • Sok: a Consensus Taxonomy in the Blockchain Era*
    SoK: A Consensus Taxonomy in the Blockchain Era* Juan A. Garay Aggelos Kiayias† Texas A&M University University of Edinburgh & IOHK [email protected] [email protected] Sunday 8th December, 2019 Abstract Consensus is arguably one of the most fundamental problems in distributed computing, playing also an important role in the area of cryptographic protocols as the enabler of a secure broadcast functionality. While the problem has a long and rich history and has been analyzed from many dif- ferent perspectives, recently, with the advent of blockchain protocols like Bitcoin, it has experienced renewed interest from a much wider community of researchers and has seen its application expand to various novel settings. One of the main issues in consensus research is the many different variants of the problem that exist as well as the various ways the problem behaves when different setup, computational assump- tions and network models are considered. In this work we perform a systematization of knowledge in the landscape of consensus research in the Byzantine failure model starting with the original formu- lation in the early 1980s up to the present blockchain-based new class of consensus protocols. Our work is a roadmap for studying the consensus problem under its many guises, classifying the way it operates in the various settings and highlighting the exciting new applications that have emerged in the blockchain era. 1 Introduction The consensus problem—reaching agreement distributedly in the presence of faults—has been exten- sively studied in the literature starting with the seminal work of Shostak, Pease and Lamport [PSL80, LSP82].
    [Show full text]
  • Blockchain Terminology: a GLOSSARY for BEGINNERS
    Blockchain Terminology: A GLOSSARY FOR BEGINNERS Learn the basic terminology for blockchain technology from CompTIA. We have the entire list of terms beginners need to know. 51% Attack Blockchain (Public a.k.a. Permissionless) When more than 50% of the miners in a blockchain launch an A blockchain that resides on a network of computers around the attack on the rest of the nodes/users to attempt to steal assets world that is accessible to everyone. or double spend. Byzantine Fault Tolerance (BFT) Address A property of a distributed, decentralized system to resist complete Much like a URL, a blockchain address is the location to or from failure even when some of the nodes fail or act maliciously. which transactions occur on the blockchain. Centralized Alt-coin A system or process for which there is a singular (i.e., central) Any coin or token other than Bitcoin. source of authority, control and/or truth. Attestation Ledger Chain of Custody A register or account book created for the purpose of providing The entire chain of documentation of ownership of a product support/evidence of individual transactions. Normally, an during its lifecycle from raw materials to the final end user. attestation ledger is used to verify that a transaction has been carried out, or to verify the authenticity of products or Chaincode transactions. Another name for a smart contract. Bitcoin Consensus Mechanism - Proof of Authority (PoA) The first and most popular cryptocurrency based on DLT PoA is an alternative form to the PoS algorithm. Instead of staking technology developed from a whitepaper written by Satoshi cryptocurrency (wealth), in PoA you stake your identity.
    [Show full text]