byzantine agreement in the clear
play

Byzantine agreement in the Clear Valerie King University of - PowerPoint PPT Presentation

Jun 15, 2023 •121 likes •746 views

Byzantine agreement in the Clear Valerie King University of Victoria Victoria, Canada Byzantine Agreement 0 1 0 1 Start with initial bits; exchanges messages, then output same bit. If all start with the same bit, must output that bit

  1. Byzantine agreement in the Clear Valerie King University of Victoria Victoria, Canada

  2. Byzantine Agreement 0 1 0 1 Start with initial bits; exchanges messages, then output same bit. If all start with the same bit, must output that bit

  3. Byzantine Agreement To model worst case faults in processors which communicate via point-to-point links and worst case delays in message delivery

  4. Today: Need for decentralized agreement over the internet with untrusted players Distributed ledger: • Digital currency • Smart contracts

  5. Goal of this talk agreement tools Decentralized ledger

  6. Byzantine adversary n nodes t <n/3 bad behave arbitrarily Worst case input

  7. Asynchronous Communication Adversary schedules message delivery, no global clock, no known delay bounds à Can’t wait to hear from >n-t before taking next action

  8. Asynchronous Communication Adversary schedules message delivery, no global clock à Can’t wait to hear from >n-t before taking next action Do we care about this? If we assume this, can’t use computation power to bound adversary’s ability to solve puzzles

  9. Asynchronous Communication Adversary schedules message delivery, no global clock à Can’t wait to hear from >n-t before taking next action Do we care about this? If we assume this, can’t use computation power to bound adversary’s ability to solve puzzles How about assuming bound on Energy (Independent of time)?

  10. Impossibility result One worst case crash fault makes (deterministic) agreement impossible with asynchrony. ( 1982: Fischer, Lynch and Patterson)

  11. There are fast solutions in some cases Reliable broadcast: If a player broadcasts the same transaction To all players, then all decide in 3 steps Else possibly no decision With randomness If there’s a global coin. • If there’s secret communication between • good nodes, e.g. with crypto If t is O( ! ) •

  12. What kind of randomness? • Global coin doesn’t exist • Global random oracle: truly random hash function known to every node, returns a consistent answer.

  13. What kind of randomness? • Global coin doesn’t exist • Global random oracle: truly random hash function known to every node, returns a consistent answer. doesn’t exist either

  14. What kind of randomness? • Global coin doesn’t exist • Global random oracle: truly random hash function known to every node, returns a consistent answer. doesn’t exist either Usual assumption for setting puzzles, creating a common coin,

  15. What kind of randomness? • Global coin doesn’t exist • Global random oracle: truly random hash function known to every node, returns a consistent answer. doesn’t exist either usual assumption for setting puzzles, creating a common coin • Here , weaker assumption: private coins

  16. Rest of talk: In the Clear • Adversary can view state of players. • Randomness: private random bits only • No cryptographic assumptions, no random oracle, no public key system, “plain model” But what if we can’t pass messages directly?

  17. Rest of talk: 2 different ideas 1 The value of a short common string from a bit- fixing source 2 Solving Byzantine agreement in a fully asynchronous environment Robust to “adaptive adversary”.

  18. Using a O(log n) bit common string To create a set of n small committees, one for each node, ALL of which are representative, w.h.p. Used for • load balancing • a communication network or distributed hash table with reliable supernodes and • maintain these over changes to the network by repeatedly choosing strings

  19. To go from Common String to many, a committee for each node Create Deterministic Sampler

  20. To go from Common String to many, a committee for each node Create Deterministic Sampler Is this constructive? Can each node determine its neighbors quickly?

  21. To go from short Common String to a committee for each node: Create Deterministic Committee is indexed by Sampler (Common String, node ID) IDs

  22. To go from short Common String to a committee for each node: Committee is indexed by Create Deterministic (Common String, node ID) Sampler Since almost all committees are IDs good, it suffices if a small constant fraction of bits in Common string are random

  23. To go from Common String to a committee for each node: Committee is indexed by Create Deterministic (Common String, node ID) Sampler It works even if: • adversary sets its bits after IDs seeing good bits, • adversary controls more than half the bits, • there are bits hidden by delays from asynchrony

  24. To go from Common String to a committee for each node: Committee is indexed by Create Deterministic (Common String, node ID) Sampler It works even if: • adversary sets its bits after IDs seeing good bits, • adversary controls more than half the bits, • there are bits hidden by delays from asynchrony • Even if the ID space is unknown and poly(n)

  25. To go from Common String to a committee for each node: Committee is indexed by Create Deterministic (Common String, node ID) Sampler It works even if: Is this function • adversary sets its bits after polytime seeing good bits, constructable? • adversary controls more than half the bits, • there are bits hidden by delays from asynchrony • Even if the ID space is unknown and poly(n)(?)

  26. One small representative committee can: • Run BA in less time and communication and then tell other nodes the result. • Produce a O(log n) bit common string of fair coins interspersed with ~t/n fraction of adversary set bits “Bit fixing random source”

  27. A set of mostly representative committees can be . built deterministically and efficiently 1-1/log n fraction of committees have close to representative membership, for ANY subset of BAD nodes But requires an agreed upon mapping of nodes to the graph nodes !!

  28. To elect a single small committee, adapt Feige � s O(log*n) (broadcast) method for leader election Each candidate randomly picks a bin; remaining candidates =lightest bin � s contents … 5 1 3 4 n/log n 2

  29. To elect a single small committee, adapt Feige � s O(log*n) (broadcast) method for leader election Each candidate randomly picks a bin; remaining candidates =lightest bin � s contents … 5 1 3 4 n/log n 2 Even if bad ones see the choices first, lightest bin will be representative In one round: #candidates à O(log n) whp

  30. To elect a single small committee, adapt Feige � s O(log*n) (broadcast) method for leader election Each candidate randomly picks a bin; remaining candidates =lightest bin � s contents … 5 1 3 4 n/log n 2 Even if bad ones see the choices first, lightest bin will be representative In one round: #candidates à O(log n) whp Can be made to work even with asynchrony with polylog • messages in O(log c n) time

  31. Use sampler to map winners to new committees Winners pick random bits ! which are used to index sampler to pick a more representative set of winners

  32. Static vs Adaptive adversary • Note: A technique which elects a small committee is subject to the adaptive adversary which takes over the committee before it acts. Do we care about this??

  33. Byzantine agreement with an adaptive adversary and asynchrony

  34. BA with asynchrony and adaptive adversary • Ben-Or, t<n/5 1983 expected exponential time • Bracha t<n/3 1984 expected exponential time • K, Saia t <cn 2013-6, expected O(n 2.5 ),O(n 3 ) time, c very small constant

  35. BA with asynchrony and adaptive adversary • Ben-Or, t<n/5 1983 expected exponential time • Bracha t<n/3 1984 expected exponential time • K, Saia t <cn 2013-6, expected O(n 2.5 ),O(n 3 ) time, c very small constant Not practical!

  36. BA with asynchrony and adaptive adversary • Ben-Or, t<n/5 1983 expected exponential time • Bracha t<n/3 1984 expected exponential time • K, Saia t <cn 2013-6, expected O(n 2.5 ),O(n 3 ) time, c very small constant Not practical! Not yet

  37. Review: Ben-Or’s BA Alg 1983 , t<n/5 While not decided each p repeats: do Broadcast of vote b p v ß majority value tally ß size of majority CASE: tally A) > (n+t)/2 then Decides on v B) > t then b p ß v C) else b p ß personal coinflip

  38. We modify Ben-Or While not decided each p repeats: do Broadcast of vote b p v ß majority value tally ß size of majority CASE: tally A) > (n+t)/2 then Decides on v B) > t then b p ß v C) else b p ß personal coinflip compute a Decision results if agrees with v (“ good direction ”)

  39. Recall: Ben-Or’s iterations can be repeated while is not agreed on or not fair. Ends when 4n/5 good processors hold the same value

  40. • Idea: nodes communicate their coinflips and take a vote Must be robust to up to t (good) coins missing in any step. à

  41. m-sync: adaption of multicast P1 P2 P3 P4 … Pn Each node “posts” messages to a column from top to bottom All but t columns are full and agreed upon by all good nodes For up to t columns, the adversary may stop the node early and the last value written may be ambiguous .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tutorial : Byzantine agreement Valerie King University of Victoria Victoria, Canada 25

Tutorial : Byzantine agreement Valerie King University of Victoria Victoria, Canada 25

Tutorial : Byzantine agreement Valerie King University of Victoria Victoria, Canada 25 Byzantine Agreement Byzantine Generals Problem in the full information model We imagine that several divisions of the Byzantine army are camped outside

1.08k views • 53 slides
Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus and Resilient Blockchains Signe Rsch, Ines Messadi, Rdiger Kapitza, 2018-06-25 ruesch@ibr.cs.tu-bs.de Technische Universitt Braunschweig,

781 views • 47 slides
A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu

A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu

Introduction Byzantine agreement P modules Faster Byzantine solution Conclusions A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu Nicolescu Department of Computer Science, University of

1.07k views • 69 slides
Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico , Joint

Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico , Joint

Introduction Almost Everywhere Byzantine Agreement via Universe Reduction From Almost Everywhere to everywhere(AE2E) Experimental Results Future work Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico ,

604 views • 34 slides
Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at

Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at

Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at The University of Texas at Austin IPDPS 2011 Introduction Byzantine Agreement Introduced by Lamport, Shostak and Pease 1980 Model: n

504 views • 47 slides
Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert Jaworski Byzantine system Copies of critical components Concurent replicas Response agreement Omission failure proof Robustness

660 views • 20 slides
The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of

The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of

StopFail EIGStop ByzAuth The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of Auckland 12 August 2018 1 / 14 StopFail EIGStop ByzAuth 1 Stopping failures 2 EIGStop 3 Byzantine agreement with

461 views • 30 slides
Fast Byzantine Agreement Nicolas BS Rachid

Fast Byzantine Agreement Nicolas BS Rachid

Fast Byzantine Agreement Nicolas BS Rachid G Florian H MMTDC'13, Bremen . Rushing adversary . No cryptographic hypotheses . Non-adaptive adversary Introduction . . . .

906 views • 53 slides
Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine failures are real

477 views • 30 slides
CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C.

CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C.

CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C. Arpaci- Dusseau, Eleanor Birrell, Zhiyuan Teo, and Indranil Gupta So Far Weve Talked About State machine replication Paxos So Far Weve

843 views • 49 slides
Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H.

Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H.

Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H. Hubert Chan (HKU) &amp; Rafael Pass (Cornell) PKC2021 Virtual or Physical? Chair makes a suggestion Virtual Everyone discusses

482 views • 36 slides
Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley

Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley

Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley Research Center AIAA SciTech 2017, 7-14 January 2017 Grapevine, Texas Communication And Synchronization Distributed systems are integral part

318 views • 14 slides
The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science

The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science

Byz Problem Informal EIG Example Attributes Quiz TMR The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science University of Auckland 25 July 2018 1 / 29 Byz Problem Informal EIG Example Attributes

1.04k views • 80 slides
Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with PBFT (Traditional BFT protocols) Similarities: Build practical Byzantine fault tolerance systems Protocol: Clients Primary Replicas

493 views • 18 slides
Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a

Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a

Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a fast, secure conversation How can they agree on a shared symmetric key without it being transmitted in the clear? How can they be sure who

767 views • 27 slides
Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Overview The Byzantine Generals Problem Practical Byzantine Fault Tolerance Conclusion Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques Overview The Byzantine Generals Problem Practical

940 views • 64 slides
Vision 2020 Potential Economic Impact of IoT in 2025 $3.9 11.1 Trillion value of IoT SOURCE:

Vision 2020 Potential Economic Impact of IoT in 2025 $3.9 11.1 Trillion value of IoT SOURCE:

Vision 2020 Potential Economic Impact of IoT in 2025 $3.9 11.1 Trillion value of IoT SOURCE: Expert interviews; McKinsey Global Institute analysis SOURCE: McKinsey Global Institute analysis Vision 2020 IPv4/NAT IPv6 NCP 2 32 10 38 10 4 10

573 views • 19 slides
Counting by Coin Tossings Philippe Flajolet, INRIA, France http://algo.inria.fr/flajolet 1 From

Counting by Coin Tossings Philippe Flajolet, INRIA, France http://algo.inria.fr/flajolet 1 From

ASIAN04, Chiang Mai 2004 Counting by Coin Tossings Philippe Flajolet, INRIA, France http://algo.inria.fr/flajolet 1 From Estan-Varghese-Fisk: traces of attacks Need number of active connections in time slices. Incoming/Outgoing flows at

689 views • 43 slides
Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of

Elliptic Curve Cryptography in Bitcoin Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay August 8, 2019 1 / 31 Group Theory Recap Groups Definition A set G with a binary

447 views • 31 slides
Lesson 1 I can estimate, compare and calculate different measures, including money in pounds and

Lesson 1 I can estimate, compare and calculate different measures, including money in pounds and

Lesson 1 I can estimate, compare and calculate different measures, including money in pounds and pence Tell a friend or partner, what each coin is worth. What is each amount of money worth? . In 2 there is 200 pence. In 1 there is 100

1.7k views • 102 slides
Using Chains for what Theyre Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling

Using Chains for what Theyre Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling

Using Chains for what Theyre Good For Andrew Poelstra usingchainsfor@wpsoftware.net Scaling Bitcoin, November 5, 2017 1 / 14 On-Chain Smart Contracting Bitcoin (and Ethereum, etc.) uses a scripting language to describe smart contracts and

364 views • 14 slides
Design of Secure TRNGs for Cryptography Past, Present, and Future Viktor F ISCHER Univ Lyon,

Design of Secure TRNGs for Cryptography Past, Present, and Future Viktor F ISCHER Univ Lyon,

Sources Characterization Dedicated tests Conclusions Design of Secure TRNGs for Cryptography Past, Present, and Future Viktor F ISCHER Univ Lyon, UJM-Saint-Etienne, CNRS Laboratoire Hubert Curien UMR 5516 F-42023, SAINT-ETIENNE, France

739 views • 34 slides
Digital Goods E-commerce and the Internet E-Commerce Today E-commerce: use of the Internet

Digital Goods E-commerce and the Internet E-Commerce Today E-commerce: use of the Internet

10/12/2012 E-Commerce: Digital Markets, Digital Goods E-commerce and the Internet E-Commerce Today E-commerce: use of the Internet and Web to transact business; digitally enabled transactions. Began in 1995 and grew exponentially;

715 views • 18 slides
Electronic Arts Inc. Q3 FY 2020 Results January 30, 2020 Safe Harbor Statement Please review

Electronic Arts Inc. Q3 FY 2020 Results January 30, 2020 Safe Harbor Statement Please review

Electronic Arts Inc. Q3 FY 2020 Results January 30, 2020 Safe Harbor Statement Please review our risk factors on Form 10-Q filed with the SEC. Some statements set forth in this document, including the information relating to EAs fiscal

464 views • 12 slides

More recommend