psi from paxos
play

PSI from PaXoS: Fast, Malicious Private Set Intersection - PowerPoint PPT Presentation

Aug 29, 2023 •14 likes •1.04k views

PSI from PaXoS: Fast, Malicious Private Set Intersection ia.cr/2020/193 Benny Pinkas Bar-Ilan University Mike Rosulek Oregon State University Ni Trieu UC Berkeley Avishay Yanai VMware Eurocrypt 2020, COVID-19 edition what is private set

  1. why isn’t it secure against malicious parties? Alice Bob F 1 (·) 1 F 2 (·) Bob should send two 2 c c , e F 3 (·) F -values per item , what if 3 F 4 (·) he sends only one? d 4 d F 5 (·) e 5 F 6 (·) 6 f e c , d F 7 (·) 7 F 8 (·) 8 f F 9 (·) 9 f F 10 (·) 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  2. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? 7 8 9 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  3. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F 3 ( c ) F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? 7 8 9 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  4. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F 3 ( c ) F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? 7 8 9 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  5. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? F 7 ( c ) 7 8 9 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  6. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? F 7 ( c ) 7 8 ?? Only if c placed in bin 3! 9 10 � � F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  7. why isn’t it secure against malicious parties? Alice Bob 1 Bob should send two 2 F -values per item , what if 3 he sends only one? 4 5 Alice has c ; does she 6 c include it in output? 7 8 Only if c placed in bin 3! 9 ◮ Depends on Alice’s 10 entire input ! � � ⇒ can’t simulate! F 3 ( c ) , F 3 ( e ) , F 4 ( d ) , . . . , F 7 ( c ) , . . .

  8. how do we overcome this problem?

  9. batch OPRF for malicious PSI Alice Bob F 1 ( x 1 ) F 1 (·) 1 F 2 ( x 2 ) F 2 (·) 2 F 3 ( x 3 ) F 3 (·) 3 F 4 ( x 4 ) F 4 (·) 4 F 5 ( x 5 ) F 5 (·) 5 F 6 ( x 6 ) F 6 (·) 6 F 7 ( x 7 ) F 7 (·) 7 F 8 ( x 8 ) F 8 (·) 8 F 9 ( x 9 ) F 9 (·) 9 . . .

  10. batch OPRF for malicious PSI Alice Bob State of the art malicious batch OPRF [OOS17] F 1 ( x 1 ) F 1 (·) 1 ◮ essentially same cost as semi-honest F 2 ( x 2 ) F 2 (·) 2 F 3 ( x 3 ) F 3 (·) 3 F 4 ( x 4 ) F 4 (·) 4 F 5 ( x 5 ) F 5 (·) 5 F 6 ( x 6 ) F 6 (·) 6 F 7 ( x 7 ) F 7 (·) 7 F 8 ( x 8 ) F 8 (·) 8 F 9 ( x 9 ) F 9 (·) 9 . . .

  11. batch OPRF for malicious PSI Alice Bob State of the art malicious batch OPRF [OOS17] F 1 ( x 1 ) F 1 (·) 1 ◮ essentially same cost as semi-honest F 2 ( x 2 ) F 2 (·) 2 F 3 ( x 3 ) F 3 (·) 3 ◮ consistency check relies on an additive homomorphism: F 4 ( x 4 ) F 4 (·) 4 F 5 ( x 5 ) F 5 (·) F i ( x ) ⊕ F j ( y ) = F ij ( x ⊕ y ) 5 F 6 ( x 6 ) F 6 (·) 6 F 7 ( x 7 ) F 7 (·) 7 F 8 ( x 8 ) F 8 (·) 8 F 9 ( x 9 ) F 9 (·) 9 ∗ : a gross oversimplification . . .

  12. our protocol main idea: Alice Bob 1 2 a c 3 4 b d 5 6 c e 7 8 d f 9 10

  13. our protocol main idea: Alice Bob 1 2 a c 3 4 b d 5 6 c e 7 8 d f 9 10

  14. our protocol main idea: Alice Bob 1 s 2 2 s 2 ⊕ s 7 = a c 3 4 b d Alice secret-shares x into 5 bins h 1 ( x ) and h 2 ( x ) 6 c e s 7 7 8 d f 9 10

  15. our protocol main idea: Alice Bob 1 s 2 2 s 2 ⊕ s 7 = a c 3 4 b d Alice secret-shares x into 5 bins h 1 ( x ) and h 2 ( x ) 6 c e s 7 7 8 d f 9 10

  16. our protocol main idea: Alice Bob 1 s 2 2 s 2 ⊕ s 7 = a c s 3 3 4 s 3 ⊕ s 9 = b d Alice secret-shares x into 5 bins h 1 ( x ) and h 2 ( x ) 6 c e s 7 7 8 d f s 9 9 10

  17. our protocol main idea: Alice Bob s 1 1 s 2 2 s 2 ⊕ s 7 = a c s 3 3 s 4 4 s 3 ⊕ s 9 = b d s 5 Alice secret-shares x into 5 s 6 bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e s 7 7 s 8 8 s 4 ⊕ s 7 = d f s 9 9 s 10 10

  18. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10

  19. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a )

  20. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b )

  21. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  22. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  23. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) � � F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 37 ( c ) , F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  24. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 F 10 ( s 10 ) F 10 (·) 10 F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) � � F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 37 ( c ) , F 47 ( d ) , F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  25. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 Bob sends only one F 10 ( s 10 ) F 10 (·) 10 F -value per item F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) � � F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 37 ( c ) , F 47 ( d ) , F 35 ( e ) , F 69 ( f ) F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  26. our protocol main idea: Alice Bob F 1 ( s 1 ) F 1 (·) 1 F 2 ( s 2 ) F 2 (·) 2 s 2 ⊕ s 7 = a c F 3 ( s 3 ) F 3 (·) 3 F 4 ( s 4 ) F 4 (·) 4 s 3 ⊕ s 9 = b d F 5 ( s 5 ) F 5 (·) Alice secret-shares x into 5 F 6 ( s 6 ) F 6 (·) bins h 1 ( x ) and h 2 ( x ) 6 s 3 ⊕ s 7 = c e F 7 ( s 7 ) F 7 (·) 7 F 8 ( s 8 ) F 8 (·) 8 s 4 ⊕ s 7 = d f F 9 ( s 9 ) F 9 (·) 9 Bob sends only one F 10 ( s 10 ) F 10 (·) 10 F -value per item F 2 ( s 2 ) ⊕ F 7 ( s 7 ) = F 27 ( a ) � � F 3 ( s 3 ) ⊕ F 9 ( s 9 ) = F 39 ( b ) F 37 ( c ) , F 47 ( d ) , F 35 ( e ) , F 69 ( f ) F 3 ( s 3 ) ⊕ F 7 ( s 7 ) = F 37 ( c ) F 4 ( s 4 ) ⊕ F 7 ( s 7 ) = F 47 ( d )

  27. [how] can Alice secret-share all items? s 1 s 2 s 2 ⊕ s 7 = a s 3 s 4 s 3 ⊕ s 9 = b s 5 s 6 s 3 ⊕ s 7 = c s 7 s 8 s 4 ⊕ s 7 = d s 9 s 10

  28. [how] can Alice secret-share all items? – – s 2 ⊕ s 7 = a – – s 3 ⊕ s 9 = b – – s 3 ⊕ s 7 = c – – s 4 ⊕ s 7 = d – –

  29. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a – – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – s 3 ⊕ s 7 = c – – s 4 ⊕ s 7 = d – –

  30. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a – – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – s 3 ⊕ s 7 = c – find item with one unset location – s 4 ⊕ s 7 = d – –

  31. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a – – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d – –

  32. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a – – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d – –

  33. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a s 3 – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d – –

  34. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a s 3 – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d – –

  35. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a s 3 – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d s 9 –

  36. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a s 3 – algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d s 9 –

  37. [how] can Alice secret-share all items? – s 2 s 2 ⊕ s 7 = a s 3 s 4 algorithm: s 3 ⊕ s 9 = b – set one location arbitrarily – repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location – s 4 ⊕ s 7 = d s 9 –

  38. [how] can Alice secret-share all items? s 1 s 2 s 2 ⊕ s 7 = a s 3 s 4 algorithm: s 3 ⊕ s 9 = b s 5 set one location arbitrarily s 6 repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location s 8 s 4 ⊕ s 7 = d s 9 s 10

  39. [how] can Alice secret-share all items? s 1 s 2 s 2 ⊕ s 7 = a s 3 s 4 algorithm: s 3 ⊕ s 9 = b s 5 set one location arbitrarily s 6 repeat: s 3 ⊕ s 7 = c s 7 find item with one unset location solve for that unset location s 8 s 4 ⊕ s 7 = d s 9 only works if cuckoo graph acyclic s 10 � ������ �� ������ � cuckoo graph

  40. s 1 s 2 s 2 ⊕ s 7 = a s 3 s 4 s 3 ⊕ s 9 = b s 5 s 6 s 3 ⊕ s 7 = c s 7 s 8 s 4 ⊕ s 7 = d s 9 s 10

  41. s 1 s 2 a s 3 s 4 encode so that for all x : b s 5 Encode s 6 s h 1 ( x ) ⊕ s h 2 ( x ) = x c s 7 s 8 d s 9 s 10

  42. probe-and-XOR-of-strings (PaXoS) s 1 s 2 a s 3 encode so that for all x : s 4 � b s 5 s i = x Encode s 6 c s 7 i ∈ P ( x ) s 8 d s 9 s 10

  43. probe-and-XOR-of-strings (PaXoS) s 1 s 2 a s 3 encode so that for all x : s 4 � b s 5 s i = x Encode s 6 c s 7 i ∈ P ( x ) s 8 d s 9 s 10 1. system of linear constraints must be satisfiable with overwhelming probability

  44. probe-and-XOR-of-strings (PaXoS) s 1 s 2 a s 3 encode so that for all x : s 4 � b s 5 s i = x Encode s 6 c s 7 i ∈ P ( x ) s 8 d s 9 s 10 1. system of linear constraints must be satisfiable with overwhelming probability 2. |� s | = number of OPRFs = communication cost of PSI, ideally O ( # items )

  45. probe-and-XOR-of-strings (PaXoS) s 1 s 2 a s 3 encode so that for all x : s 4 � b s 5 s i = x Encode s 6 c s 7 i ∈ P ( x ) s 8 d s 9 s 10 1. system of linear constraints must be satisfiable with overwhelming probability 2. |� s | = number of OPRFs = communication cost of PSI, ideally O ( # items ) 3. ideally linear-time encoding of items into � s .

  46. PaXoS constructions secret-shared cuckoo idea: ◮ requires acyclic cuckoo graph ◮ failure probability too high

  47. PaXoS constructions secret-shared cuckoo idea: ◮ requires acyclic cuckoo graph ◮ failure probability too high probe each position with probability 0.5: ◮ n items � vector of size n + λ ◮ expensive O ( n 3 ) encoding

  48. PaXoS constructions secret-shared cuckoo idea: garbled bloom filter [DCW13]: ◮ requires acyclic cuckoo graph ◮ n items � vector of size λ n ◮ failure probability too high probe each position with probability 0.5: ◮ n items � vector of size n + λ ◮ expensive O ( n 3 ) encoding

  49. PaXoS constructions secret-shared cuckoo idea: garbled bloom filter [DCW13]: ◮ requires acyclic cuckoo graph ◮ n items � vector of size λ n ◮ failure probability too high new garbled cuckoo PaXoS: probe each position with probability 0.5: ◮ n items � vector of size ∼ 2 . 4 n ◮ n items � vector of size n + λ ◮ fast encoding: O ( n λ ) ◮ expensive O ( n 3 ) encoding

  50. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 s 4 b s 5 s 6 c s 7 s 8 d s 9 s 10 e

  51. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 s 4 b s 5 s 6 c s 7 s 8 d s 9 s 10 e

  52. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 s 4 b s 5 s 6 c s 7 s 8 d s 9 s 10 e s 11    s 12   k aux positions .  .  .  s 10 + k 

  53. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 ◮ probe random subset of aux positions s 4 b s 5 s 6 c s 7 s 8 d s 9 s 10 e s 11    s 12   k aux positions .  .  .  s 10 + k 

  54. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 - ◮ probe random subset of aux positions s 4 - b s 5 - s 6 - c s 7 - s 8 - d s 9 - s 10 - e s 11 -    s 12 -   k .  .  .  s 10 + k - 

  55. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 - ◮ probe random subset of aux positions s 4 - b s 5 - 1. identify all items across all cycles s 6 - c s 7 - s 8 - d s 9 - s 10 - e s 11 -    s 12 -   k .  .  .  s 10 + k - 

  56. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 - ◮ probe random subset of aux positions s 4 - b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items c s 7 - s 8 - d s 9 - s 10 - e s 11 -    s 12 -   k .  .  .  s 10 + k - 

  57. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 - ◮ probe random subset of aux positions s 4 - b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items c s 7 - ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - d s 9 - s 10 - e s 11 -    s 12 -   k .  .  .  s 10 + k - 

  58. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 ◮ probe random subset of aux positions s 4 - � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time d s 9 s 10 - e � s 11    s 12   k .  .  .  s 10 + k 

  59. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 ◮ probe random subset of aux positions s 4 - � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time d s 9 s 10 - e � s 11 2. solve for remaining items iteratively (linear time)    s 12   k .  .  .  s 10 + k 

  60. new garbled cuckoo PaXoS s 1 - for each item x : s 2 - ◮ probe positions h 1 ( x ) and h 2 ( x ) a s 3 ◮ probe random subset of aux positions s 4 - � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time d s 9 s 10 - e � s 11 2. solve for remaining items iteratively (linear time)    s 12   k .  .  .  s 10 + k 

  61. new garbled cuckoo PaXoS s 1 - for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) � a s 3 ◮ probe random subset of aux positions s 4 - � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time d s 9 s 10 - e � s 11 2. solve for remaining items iteratively (linear time)    s 12 ◮ remaining cuckoo graph is acyclic   k .  .  .  s 10 + k 

  62. new garbled cuckoo PaXoS s 1 - for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) � a s 3 ◮ probe random subset of aux positions s 4 - � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time d s 9 s 10 - e � s 11 2. solve for remaining items iteratively (linear time)    s 12 ◮ remaining cuckoo graph is acyclic   k .  .  .  s 10 + k 

  63. new garbled cuckoo PaXoS s 1 - for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) � a s 3 ◮ probe random subset of aux positions s 4 � b s 5 - 1. identify all items across all cycles s 6 - ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 - ◮ can be found in [ # cycle items ] 3 time � d s 9 s 10 - e � s 11 2. solve for remaining items iteratively (linear time)    s 12 ◮ remaining cuckoo graph is acyclic   k .  .  .  s 10 + k 

  64. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) � a s 3 ◮ probe random subset of aux positions s 4 � b s 5 1. identify all items across all cycles s 6 ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 ◮ can be found in [ # cycle items ] 3 time � d s 9 s 10 e � s 11 2. solve for remaining items iteratively (linear time)    s 12 ◮ remaining cuckoo graph is acyclic   k .  .  .  s 10 + k 

  65. new garbled cuckoo PaXoS s 1 for each item x : s 2 ◮ probe positions h 1 ( x ) and h 2 ( x ) � a s 3 ◮ probe random subset of aux positions s 4 � b s 5 1. identify all items across all cycles s 6 ◮ solve linear system for the cycle items � c s 7 ◮ solution exists whp if k > [ # cycle items ] + λ s 8 ◮ can be found in [ # cycle items ] 3 time � d s 9 s 10 e � s 11 2. solve for remaining items iteratively (linear time)    s 12 ◮ remaining cuckoo graph is acyclic   k .  .  .  s 10 + k  whp: [# cycle items] is O ( log n )

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The ABCDs of Paxos Consensus: a set of processes decide on an input value Main application:

The ABCDs of Paxos Consensus: a set of processes decide on an input value Main application:

The ABCDs of Paxos Consensus: a set of processes decide on an input value Main application: Replicated state machines Paxos asynchronous consensus algorithm AP Abstract Paxos: generic, non-local version CP Classic Paxos: stopping failures,

402 views • 25 slides
Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday

Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday

Paxos Week: Return of the State Machine Doug Woos Logistics notes No in-class lecture Monday Problem Set 2 due tonight Lab 3 out Paxos Made Simple Discussion Paxos vs. Primary/Backup Paxos vs. 2PC What about reconfig? The story of Paxos

1.03k views • 79 slides
The ABCDs of Paxos Replicated state machines Consensus: a set of processes decide on an input

The ABCDs of Paxos Replicated state machines Consensus: a set of processes decide on an input

The ABCDs of Paxos Replicated state machines Consensus: a set of processes decide on an input value Paxos asynchronous consensus algorithm AP Abstract Paxos: generic, non-local version CP Classic Paxos: stopping failures, compare-and-swap

522 views • 25 slides
Flexible Paxos: Quorum Intersection Revisited Wen-Chien Wang Review Paxos Prepare Promise

Flexible Paxos: Quorum Intersection Revisited Wen-Chien Wang Review Paxos Prepare Promise

Flexible Paxos: Quorum Intersection Revisited Wen-Chien Wang Review Paxos Prepare Promise Phase 1 Phase 2 Propose Accept Reference: Manos Kapritsos, EECS 591 Distributed System, Lecture 10 Requirements in Paxos acceptors can tolerate

425 views • 18 slides
Paxos and Replication Dan Ports, CSEP 552 Today: achieving consensus with Paxos and how

Paxos and Replication Dan Ports, CSEP 552 Today: achieving consensus with Paxos and how

Paxos and Replication Dan Ports, CSEP 552 Today: achieving consensus with Paxos and how to use this to build a replicated system Last week Scaling a web service using front-end caching but what about the

776 views • 59 slides
Distributed Systems: Paxos Burcu Canakci & Matt Burke Outline 1. Consensus 2. The

Distributed Systems: Paxos Burcu Canakci & Matt Burke Outline 1. Consensus 2. The

Distributed Systems: Paxos Burcu Canakci & Matt Burke Outline 1. Consensus 2. The Part-Time Parliament 3. Single-Decree Paxos 4. Liveness 5. Multi-Decree Paxos 6. Paxos Variants 7. Conclusion Outline 1. Consensus 2. The

962 views • 82 slides
Sharding Scaling Paxos: Shards We can use Paxos to decide on the order of operations, e.g., to a

Sharding Scaling Paxos: Shards We can use Paxos to decide on the order of operations, e.g., to a

Sharding Scaling Paxos: Shards We can use Paxos to decide on the order of operations, e.g., to a key-value store - leader sends each op to all servers - practical limit on how ops/second What if we want to scale to more clients? Sharding

976 views • 76 slides
Fast Paxos Trevor Chan Outline Paxos Protocol 1. Fast Paxos Protocol 2. Consensus

Fast Paxos Trevor Chan Outline Paxos Protocol 1. Fast Paxos Protocol 2. Consensus

Fast Paxos Trevor Chan Outline Paxos Protocol 1. Fast Paxos Protocol 2. Consensus Correctness Criteria Safety If value is chosen, then value must be chosen by any other process that has chosen a value Value chosen must have been proposed

659 views • 32 slides
Paxos Made Moderately Complex Robert Van Renesse Cornell University Problems Addressed

Paxos Made Moderately Complex Robert Van Renesse Cornell University Problems Addressed

Paxos Made Moderately Complex Robert Van Renesse Cornell University Problems Addressed Implementation of Multi-Decree Paxos Not a simple protocol! Liveness How to make Paxos live without overly

698 views • 11 slides
Paxos wrapup Doug Woos Logistics notes Whence video lecture? Problem Set 3 out on Friday Paxos

Paxos wrapup Doug Woos Logistics notes Whence video lecture? Problem Set 3 out on Friday Paxos

Paxos wrapup Doug Woos Logistics notes Whence video lecture? Problem Set 3 out on Friday Paxos Made Moderately Complex Made Simple When to run for office When should a leader try to get elected? - At the beginning of time - When the current

538 views • 31 slides
Generalized Consensus and Paxos Lamport, Leslie 2005 Problem

Generalized Consensus and Paxos Lamport, Leslie 2005 Problem

Generalized Consensus and Paxos Lamport, Leslie 2005 Problem addressed Already developed Fast Paxos (unpublished) by himself. Only 2 message delay (opEmal)

490 views • 11 slides
DISTRIBUTED SYSTEMS: PAXOS Hakim Weatherspoon CS6410 Slides borrowed liberally from past

DISTRIBUTED SYSTEMS: PAXOS Hakim Weatherspoon CS6410 Slides borrowed liberally from past

1 DISTRIBUTED SYSTEMS: PAXOS Hakim Weatherspoon CS6410 Slides borrowed liberally from past presentations from Robert Surton, Cecchetti, Burcu Canakci and Matt Burke Timeline Time, Clocks and Ordering State Machine Replication Paxos Published

1.28k views • 54 slides
Total-Ordering vanilladb.org Why Paxos? Flooding consensus algorithm spends too much time

Total-Ordering vanilladb.org Why Paxos? Flooding consensus algorithm spends too much time

Total-Ordering vanilladb.org Why Paxos? Flooding consensus algorithm spends too much time waiting for the last message in every round On WAN, this largely increases the response time Paxos: why not skip the late messages and make

1.04k views • 34 slides
Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder:

Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder:

Paxos Made Moderately Complex Made Moderately Simple State machine replication Reminder: want to agree on order of ops Can think of operations as a log Op1 Op2 Op3 Op4 Op5 Op6 S1 S2 Paxos? S3 Put k1 v1 Put k2 v2 Op1 Op2 Op3

1.11k views • 69 slides
Consensus: Paxos Haobin Ni Oct 22, 2018 What is consensus? A group of people go to the same

Consensus: Paxos Haobin Ni Oct 22, 2018 What is consensus? A group of people go to the same

Consensus: Paxos Haobin Ni Oct 22, 2018 What is consensus? A group of people go to the same place for the same meal. A set of nodes have the same value for the same variable. X=7 X=7 X=7 Why is it important? In state machine replication

1.1k views • 46 slides
Consensus I FLP Impossibility, Paxos CS 240: Computing Systems and Concurrency Lecture 8 Marco

Consensus I FLP Impossibility, Paxos CS 240: Computing Systems and Concurrency Lecture 8 Marco

Consensus I FLP Impossibility, Paxos CS 240: Computing Systems and Concurrency Lecture 8 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Recall our 2PC commit problem Client C 1. C TC:

831 views • 46 slides
Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud

Deductive Program Verification with W HY 3 Andrei Paskevich LRI, Universit Paris-Sud Toccata, Inria Saclay JCP 2016 1. A short look back 2 / 100 Introduction Software is hard. D ONALD K NUTH ... 1996: Ariane 5 explosion an

1.13k views • 100 slides
Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.1 S TRING S ORTS strings in Java

Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.1 S TRING S ORTS strings in Java

Algorithms R OBERT S EDGEWICK | K EVIN W AYNE 5.1 S TRING S ORTS strings in Java key-indexed counting LSD radix sort Algorithms MSD radix sort F O U R T H E D I T I O N 3-way radix quicksort R OBERT S EDGEWICK | K EVIN W AYNE

998 views • 66 slides
2.83 / 2.813 Figure from Hendrickson, Lave and Matthews, 2006 T. Gutowski 1 Why is Mfg Energy

2.83 / 2.813 Figure from Hendrickson, Lave and Matthews, 2006 T. Gutowski 1 Why is Mfg Energy

Manufacturing 2.83 / 2.813 Figure from Hendrickson, Lave and Matthews, 2006 T. Gutowski 1 Why is Mfg Energy Important? 1/3 direct energy Much of the indirect - use phase is in the service of manufacturing Manufacturing

1.33k views • 98 slides
Auxiliaries and the -calculus Robert Levine Ohio State University levine.1@osu.edu Robert

Auxiliaries and the -calculus Robert Levine Ohio State University levine.1@osu.edu Robert

Auxiliaries and the -calculus Robert Levine Ohio State University levine.1@osu.edu Robert Levine 2019 5201 Auxiliaries and the -calculus 1 / 25 Where we left off. . . We can draw a couple of general conclusions at this point. The

791 views • 25 slides
Binary Factorization Models for Statistical Relational Learning Guillaume Bouchard Collaborators

Binary Factorization Models for Statistical Relational Learning Guillaume Bouchard Collaborators

Binary Factorization Models for Statistical Relational Learning Guillaume Bouchard Collaborators Machine Learning for Services Beyza Ermis Xerox Research Centre Europe Behrouz Behmardi Cedric Archambeau Dawei Yin Ehsan Abbasnejad Julien

988 views • 87 slides
ENERGY STAR Connected Thermostats Stakeholder Working Meeting April 26, 2019 1 Attendees

ENERGY STAR Connected Thermostats Stakeholder Working Meeting April 26, 2019 1 Attendees

ENERGY STAR Connected Thermostats Stakeholder Working Meeting April 26, 2019 1 Attendees Abigail Daken, EPA Charles Kim, SCE Dan Baldewicz, ICF for EPA Michael Fournier, Hydro Quebec Alan Meier, LBNL Ed Pike, Energy Solutions for CA IOUs

489 views • 29 slides
FOSDEM 2020 HashDNS and FQDNDHCP IPv6 DNS configuration made easy Renzo Davoli All what you

FOSDEM 2020 HashDNS and FQDNDHCP IPv6 DNS configuration made easy Renzo Davoli All what you

FOSDEM 2020 HashDNS and FQDNDHCP IPv6 DNS configuration made easy Renzo Davoli All what you need is: $ cat /etc/network/interfaces.d/eth0 iface tap0 inet6 manual fqdndhcp "this.is.my.name.org" This configures: IPv6 address

317 views • 16 slides
Dependency parses for NLU Christopher Potts CS 244U: Natural language understanding April 21 1

Dependency parses for NLU Christopher Potts CS 244U: Natural language understanding April 21 1

Introduction Overview Argument structure advmod Classifiers Negation Refs. Dependency parses for NLU Christopher Potts CS 244U: Natural language understanding April 21 1 / 42 Introduction Overview Argument structure advmod

756 views • 75 slides

More recommend