Hybrid Consensus: Efficient Consensus in the Permissionless Model - - PowerPoint PPT Presentation

▶

Jul 20, 2023 131 likes •299 views

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi IC3 1 Blockchains Satoshi Nakamoto, 2009 Public database Shared & maintained between network participants Blockchain agreement protocol

SLIDE 1

Hybrid Consensus: Efficient Consensus in the Permissionless Model

Rafael Pass and Elaine Shi

IC3

SLIDE 2

Blockchains Satoshi Nakamoto, 2009

Public database Shared & maintained between network participants

Blockchain agreement protocol

Periodically agree on a new block of data

Bloc k 3 Bloc k 2 Bloc k 1 Bloc k 4

SLIDE 3

The Blockchain Agreement Problem

Set of N computational nodes

No inherent identity No PKI

Agree on a block

Includes a set of new transactions (or data)

Two properties

Agreement Validity: all transactions satisfy some validity conditions

Blo ck 3 Blo ck 2 Blo ck 1

SLIDE 4

Scalability Issue

1 MB block per 10 mins 3-7 TXs per second

Support limited computations Several DoS attacks recently

Demand from Practice: 1,200 - 50,000 TXs/s

SLIDE 5

Byzantine Agreement

1 p

2 p

3 p

4 p

5 p

Complete graph
permissioned

SLIDE 6

Agreement:

Every correct node chooses the same value If all the correct nodes have the same input, that input must be the value chosen

SLIDE 7

Existing protocols are not scalable

Number of nodes Transaction rate

Low High Small Large

xKnown static identity set xO(n2) messages x Constant TX rate x Re-parameterization is not a long term solution BFT Protocols Nakamoto Consensus

?

SLIDE 8

Hybrid Consensus Idea

Use PoW chain to elect a static committee
honest nodes run the blockchain for csize + λ

blocks where csize = Θ(λ) denotes the targeted committee size.

honest nodes would remove the trailing,

unstablized λ blocks from its local chain, and call the miners of the first csize blocks the BFT committee.

Run BFT to agree on a new block

SLIDE 9

Blocks

PoW block BFT block Σ: a set of signatures | Σ | ≥ csize/3 R-th committee

h,nonce,TXs h’,Σ,TXs

SLIDE 10

Step 1: Identity establishment Solve PoW

ID = H ( h, Nonce, txs) < D

The last csize confirmed blocks define members in a committee

Random seed for the PoW Difficulty

SLIDE 11

Step 2: Propose BFT blocks

Run a classical Byzantine agreement protocol

Members agree & sign on one valid BFT block
Each committee serves for a period of time to

generate csize PoW blocks, e.g. 1 day.

Broadcast the block to the network

SLIDE 12

When each committee has at least C members? Each committee has O(λ)

O(λ 2) messages =>scalable

SLIDE 13

Security guarantees

Due to the consistency property of PoW chain, all honest nodes agree on the same BFT committee. Due to the chain quality property of PoW chain, with appropriate overall parameters, we can ensure that more than 2/3 of the committee members are honest which is sufficient to ensure the security of the permissioned BFT protocol.

SLIDE 14

Security guarantees

Due to the chain growth property of the pow chain, it will not take too long for the BFT committee to form

SLIDE 15

Hybrid Consensus: Efficient Consensus in the Permissionless Model

Rafael Pass and Elaine Shi

IC3

Blockchains Satoshi Nakamoto, 2009

Public database Shared & maintained between network participants

Blockchain agreement protocol

Periodically agree on a new block of data

Bloc k 3 Bloc k 2 Bloc k 1 Bloc k 4

The Blockchain Agreement Problem

Set of N computational nodes

No inherent identity No PKI

Agree on a block

Includes a set of new transactions (or data)

Two properties

Agreement Validity: all transactions satisfy some validity conditions

Blo ck 3 Blo ck 2 Blo ck 1

Scalability Issue

1 MB block per 10 mins 3-7 TXs per second

Support limited computations Several DoS attacks recently

Demand from Practice: 1,200 - 50,000 TXs/s

Byzantine Agreement

1

p

2

p

3

p

4

p

5

p

Agreement:

Every correct node chooses the same value If all the correct nodes have the same input, that input must be the value chosen

Existing protocols are not scalable

Number of nodes Transaction rate

Low High Small Large

xKnown static identity set xO(n2) messages x Constant TX rate x Re-parameterization is not a long term solution BFT Protocols Nakamoto Consensus

?

Hybrid Consensus Idea

blocks where csize = Θ(λ) denotes the targeted committee size.

unstablized λ blocks from its local chain, and call the miners of the first csize blocks the BFT committee.

Blocks

PoW block BFT block Σ: a set of signatures | Σ | ≥ csize/3 R-th committee

h,nonce,TXs h’,Σ,TXs

Step 1: Identity establishment Solve PoW

ID = H ( h, Nonce, txs) < D

The last csize confirmed blocks define members in a committee

Random seed for the PoW Difficulty

Step 2: Propose BFT blocks

Run a classical Byzantine agreement protocol

generate csize PoW blocks, e.g. 1 day.

When each committee has at least C members? Each committee has O(λ)

O(λ 2) messages =>scalable

Security guarantees

Security guarantees

Due to the chain growth property of the pow chain, it will not take too long for the BFT committee to form

T HANK YOU