RapidChain: Scaling Blockchain via Full Sharding Mahdi Zamani Visa - - PowerPoint PPT Presentation

rapidchain scaling blockchain via full sharding
SMART_READER_LITE
LIVE PREVIEW

RapidChain: Scaling Blockchain via Full Sharding Mahdi Zamani Visa - - PowerPoint PPT Presentation

Feb 11, 2024 345 likes •752 views

RapidChain: Scaling Blockchain via Full Sharding Mahdi Zamani Visa Research Join work with Mahnush Movahedi , Dfinity Mariana Raykova , Yale University Stanford Blockchain Seminar Modified by Xinyuan Sun (sxysun@ucdavis.edu) August 2018

slide-1
SLIDE 1

RapidChain: Scaling Blockchain via Full Sharding

Mahdi Zamani Visa Research

Join work with Mahnush Movahedi, Dfinity Mariana Raykova, Yale University Stanford Blockchain Seminar August 2018

Modified by Xinyuan Sun (sxysun@ucdavis.edu)

slide-2
SLIDE 2

Agenda

Part I: Consensus Protocols

Traditional mechanisms Blockchain consensus

Part II: RapidChain[CCS 2018]

Sharding-based consensus Protocol overview Results

slide-3
SLIDE 3

Part I: Consensus Protocols

slide-4
SLIDE 4

Blockchain Consensus (since 2008)

Atomic broadcast [HT93]

Total Order

An honest node receives before iff sender sends before

Open membership

Transaction 1 Transaction 2

slide-5
SLIDE 5

Open Membership Setting

Sparsely-connected network (e.g., peer-to-peer) New nodes can join/leave (churn) Sybil rate limited via PoW

slide-6
SLIDE 6

Bitcoin: Too Much of a Good Thing

Sacrifices scalability for decentralization Permissioned blockchain?

A closed group of servers run the consensus protocol Membership isn’t the bottleneck

Full replication scales out in a cluster but not between datacenters/Internet nodes

High round-trip time (~200ms vs <1ms)

slide-7
SLIDE 7

Full Replication Doesn’t Scale

Inherently inefficient and unscalable

communication and computation needed More nodes, higher message latency Gossiping a 2 MB message to 90% of 4,000 nodes takes ~50 sec

# participants () # bits exchanged

slide-8
SLIDE 8

How much redundancy is really needed?

To tolerate faults and attacks?

Bitcoin and Ethereum create 4,000+ replicas

slide-9
SLIDE 9

Part II: RapidChain

slide-10
SLIDE 10

Sharding-Based Consensus

Elect a set of random committee of nodes Each committee runs consensus on behalf of all And, maintains a disjoint ledger Throughput increases linearly with # nodes

slide-11
SLIDE 11

Full Sharding

Computation Communication Storage

slide-12
SLIDE 12

Sharding Challenges Electing small committees via probabilistic sampling process Reconfiguration to avoid Sybil attack Cross-shard transactions

Verify transactions located in other committees

Decentralized bootstrapping*

Establish PKI without initial randomness, CRS, etc.

slide-13
SLIDE 13

Our Goals/Achievements

Higher throughput (7300 tx/sec)

Sublinear communication per tx 6-10x faster fast committee consensus

Higher resiliency

RapidChain : , previous work [LNZ+16, KJG+18]:

Provable reconfiguration

Based on Cuckoo rule [AS06]

Decentralized bootstrapping

RapidChain: , previous work:

slide-14
SLIDE 14

Network Model

nodes each with a key pair committees (a.k.a., shards) P2P network with gossiping Bounded message delay

Known fixed delay, Similar to Bitcoin

slide-15
SLIDE 15

Threat Model

Byzantine nodes at any moment Slowly-adaptive adversary [PS16, KJG+18]

5% churn rate

slide-16
SLIDE 16

Epochs and Iterations

Bootstrap Consensus

Epoch

Reconfiguration Consensus Reconfiguration

Iteration

slide-17
SLIDE 17

RapidChain Overview

Proceed in epochs First epoch: Bootstrap a reference committee

Creates epoch randomness Creates a reconfiguration block in every epoch

Epoch randomness

Samples sharding committees New nodes join the system Re-organize existing committees

slide-18
SLIDE 18

RapidChain Overview (cont’d)

Each users sends its tx to some arbitrary node tx is routed to the output committee, Members of create a block Cross-shard verification

Verify input transactions of tx Batch requests based on input committees Forward them via an inter-committee routing protocol

slide-19
SLIDE 19

Sharded Consensus

Bootstrap Consensus

Iteration Epoch

Reconfiguration Consensus Reconfiguration … … …

\

slide-20
SLIDE 20

Sharded Consensus

Bootstrap Consensus

Iteration Epoch

Reconfiguration Consensus Reconfiguration … … …

slide-21
SLIDE 21

Committee Size

How large should the committees be? Depends on the intra-committee consensus protocol Higher committee resiliency Smaller committee 4,000 nodes

16 committees of size 250 100 committees of size 40

slide-22
SLIDE 22

Sampling Error

1E-08 1E-07 1E-06 1E-05 1E-04 1E-03 1E-02 1E-01 1E+00 20 40 60 80 100 120 140 160 180 200 220 240 Failure Probability Committee Size 1/3 to 1/2 (RapidChain) 1/4 to 1/3 (Previous work) 1/5 to 1/3

Using hypergeometric distribution

slide-23
SLIDE 23

Consensus in Committees

Gossiping a 2-MB block in a 250-node committee takes sec Idea: Gossip the block, then agree on the hash of the block

slide-24
SLIDE 24

Gossiping Large Blocks

Information dispersal algorithm (IDA) [R89]

Encode into chunks using an erasure coding mechanism Give each neighbor chunks ( is the node degree) can be reconstructed from any set of chunks

ECC blowup 2.7x New gossip time: 2.6 sec Gossip latency reduction 5.3x

slide-25
SLIDE 25

Gossiping Merkle Hash

Compute a Merkle tree over chunks Send chunks along with Merkle proofs

slide-26
SLIDE 26

Gossiping Merkle Hash

Compute a Merkle tree over chunks Send chunks along with Merkle proofs

slide-27
SLIDE 27

Consensus in Committees

Gossiping a 2-MB block in a 250-node committee takes sec Idea: Gossip the block, then agree on the hash of the block

Cross Shard Transactions

  • UTXO and transaction splitting

y

'

enter

ishard , ↳ shards) ( shardat shard,

in a

tix ,

TXz

t

a

e tx

tr

tix 3

Ctx )

slide-28
SLIDE 28

Consensus in Committees

Gossiping a 2-MB block in a 250-node committee takes sec Idea: Gossip the block, then agree on the hash of the block

Gossiping Merkle Hash

Inter-committee Routing

Log n committee Log log n nodes

slide-29
SLIDE 29

Handling Join-Leave Attacks

Cuckoo rule [AS06]

Assign the new node to a random shard Evict nodes from the shard

Bounded Cuckoo rule

slide-30
SLIDE 30

Handling Join-Leave Attacks

Cuckoo rule [AS06]

Assign the new node to a random shard Evict nodes from the shard

Bounded Cuckoo rule

slide-31
SLIDE 31

Handling Join-Leave Attacks

Cuckoo rule [AS06]

Assign the new node to a random shard Evict nodes from the shard

Bounded Cuckoo rule

slide-32
SLIDE 32

Handling Join-Leave Attacks

Cuckoo rule [AS06]

Assign the new node to a random shard Evict nodes from the shard

Bounded Cuckoo rule

slide-33
SLIDE 33

Experimental Setup

Prototype implemented in Go Link latency of 100 ms Node bandwidth of 20 Mbps 2 MB blocks (4096 tx/block, 512 B/tx) Corruption model

49% of leaders equivocate in the same iteration 49% of nodes do not participate in gossips (i.e., remain silent)

slide-34
SLIDE 34

Synchronous Round Time-Out

275 325 375 425 475 525 100 125 150 175 200 225 250 Latency (ms) Committee Size

Maximum Average Median

ms

Latency of gossiping an 80-byte message in a committee of size 250

slide-35
SLIDE 35

Throughput vs n

1750 2744 3726 4676 5177 6180 7031 7384 1000 2000 3000 4000 5000 6000 7000 8000 500 [145] 1000 [175] 1500 [190] 2000 [200] 2500 [225] 3000 [225] 3500 [230] 4000 [250] Transactions per Second Number of Nodes [Committee Size]

slide-36
SLIDE 36

Latency vs n

32.2 67.9 69.1 69.8 70.0 70.4 70.6 70.7 8.04 8.49 8.64 8.72 8.75 8.80 8.83 8.84

7.8 8.1 8.4 8.7 9.0 9.3 9.6 9.9 10 20 30 40 50 60 70 80 500 1000 1500 2000 2500 3000 3500 4000 Confirmation Latency (sec) User-Perceived Latency (sec) Number of Nodes

User-Perceived Latency Confirmation Latency

slide-37
SLIDE 37

Impact of Block Size

7384 8.84

0.00 5.00 10.00 15.00 20.00 25.00 30.00 35.00 1000 2000 3000 4000 5000 6000 7000 8000 9000 128 256 512 1024 2048 4096 8192 Latency (sec) Transactions per Second Block Size (KB) Throughput Latency

slide-38
SLIDE 38

Where do we stand?

Protocol #Nodes Resiliency TPS Latency Storage Shard Size Time to Failure Elastico 1,600

  • 40

800 sec 1x 100 1 hour OmniLedger 1,800

  • 500

14 sec 1/3x 600 230 years OmniLedger 1,800

  • 3,500

63 sec 1/3x 600 230 years RapidChain 1,800

  • 4,220

8.5 sec 1/9x 200 1,950 years RapidChain 4,000

  • 7,380

8.7 sec 1/16x 250 4,580 years

slide-39
SLIDE 39

References

  • [PSL80] Marshall Pease, Robert Shostak, and Leslie Lamport. Reaching agreement in the presence of faults. In JACM, 1980.
  • [BT83] Gabriel Bracha and Sam Toueg. Resilient consensus protocols. In PODC, 1983.
  • [HT93] Vassos Hadzilacos and Sam Toueg. Distributed systems. Chapter on Fault-tolerant Broadcasts and Related Problems,

ACM Press, 1993.

  • [PSS17] Rafael Pass, Lior Seeman, and Abhi Shelat. Analysis of the blockchain protocol in asynchronous networks. In

Advances in Cryptology – EUROCRYPT 2017, pages 643–673. Springer International Publishing, 2017.

  • [R86] Michael O. Rabin. Efficient dispersal of information for security, load balancing, and fault tolerance. In JACM, 1989.
  • [KJG+18] Eleftherios Kokoris-Kogias, Philipp Jovanovic, Linus Gasser, Nicolas Gailly, Ewa Syta, and Bryan Ford.

OmniLedger: A secure, scale-out, decentralized ledger via sharding. In S&P, 2018.

  • [LNZ+16] Loi Luu, Viswesh Narayanan, Chaodong Zheng, Kunal Baweja, Seth Gilbert, and Prateek Saxena. A secure

sharding protocol for open blockchains. In CCS, 2016.

  • [PS16] Rafael Pass and Elaine Shi. Hybrid consensus: Efficient consensus in the permissionless model. Cryptology ePrint

Archive, Report 2016/917, 2016.

  • [RNA+17] Ling Ren, Kartik Nayak, Ittai Abraham, and Srinivas Devadas. Practical synchronous byzantine consensus. CoRR ,

abs/1704.02397, 2017.

  • [AS06] Baruch Awerbuch and Christian Scheideler. Towards a scalable and robust DHT. In SPAA, 2006.