Cryptocurrency and Blockchain Research
|
|
- Avice West
- 5 years ago
- Views:
Transcription
1 Cryptocurrency and Blockchain Research CHANATHIP NAMPREMPRE, PH.D. 1
2 Agenda Recall bitcoin consensus protocol Components of bitcoin consensus protocol Variations on the same theme Beware of snake oil Solution: secure protocol design and analysis Example from cryptography: modes of operation Conclusion 2
3 Recall bitcoin blockchain: adding a block The Times 03/Jan/2009 Chancellor on brink of second bailout for banks ph nonce H( ) tx1 tx2 txn(reward) ph nonce H( ) tx1 tx2 txn(reward) To add the next block, find nonce such that 00..0xxxxxx xxxx = H( nonce ph tx1 tx2 ) Genesis block 3
4 Recall bitcoin blockchain: forking The Times bailout for banks ph H( ) ph H( ) tx1 ph H( ) ph H( ) Genesis block ph H( ) tx1 4
5 Bitcoin consensus protocol: GOAL The Times 03/Jan/2009 Chancellor bailout for banks ph H( ) tx tx ph H( ) tx tx ph H( ) tx tx All honest participants agree on the order in which blocks are appended to the chain. 5
6 Bitcoin consensus protocol Transactions record money transfers. 1. New transactions are broadcast to all nodes. 2. Each node collects new transactions into blocks. Leader election 3. In each round, a winning node gets to add its block to the chain. 4. Other nodes accept the block only if all transactions in it are valid. 5. Nodes express their approval of the block by including its hash in the next block they create. Ledger is a blockchain. source: Bitcoin and Cryptocurrency Technology, Narayanan, et. al
7 Transaction Bitcoin Bitcoin: money transfer Transaction ID 68 in: H( ), index, signature, pk H( ), index, signature, pk H( ), index, signature, pk out: index, value, H(pk) index, value, H(pk) index, value, H(pk) referenced transaction scriptsig scriptpubsig Transaction ID 42 in: H( ), index, signature, pk H( ), index, signature, pk H( ), index, signature, pk out: index, value, H(pk) index, value, H(pk) Transaction ID 73 in: H( ), index, signature, pk H( ), index, signature, pk H( ), index, signature, pk out: index, value, H(pk) index, value, H(pk) index, value, H(pk) redeeming transaction Alternatives: smart contracts medical records college degrees referenced transaction 7 7
8 Ledger The Times 03/Jan/2009 Chancellor bailout for banks Bitcoin ph H( ) tx tx ph H( ) tx tx ph H( ) tx tx Bitcoin: chain of blocks ledger = blockchain Alternatives: individual transactions ledger = Directed Acyclic Graph (GHOST, SPECTRE, Meshcash, Hashgraph, etc.) batched transactions (IOTA) 8
9 Leader election Bitcoin To add a block to the chain, find nonce such that 00..0xxxxxx xxxx = H( nonce ph tx1 tx2 ) Bitcoin: proof-of-work Alternatives: proof-of-stake (Ouroboros, Algorand) proof-of-elapsed-time (Sawtooth Lake) proof-of-luck (Berkeley) 9
10 Leader election via Proof-of-Elasped- Time (PoET) Observation: Bitcoin proof-of-work, namely the nonce, is evidence that the winning node has taken about 10 minutes to find a nonce that works. Alternative: 00..0xxxxxx xxxx = H( nonce ph tx1 tx2 ) A node can just wait 10 minutes then can provide a proof that it has waited. 10
11 Intel SGX (Software Guard extensions) Attestation: Prove to a remote party what software was loaded on my machine Applications: Bank allows money transfer only if customer has patched his device. Gamers can join network only if their game client is unmodified. Source: Dan Boneh s course notes. 11
12 Replacing nonce with attestation Suppose P is the program wait 10 minutes P Intel SGX attestation ph attestation H( ) tx1 tx2 txn(reward) Attestation server 12
13 Participation in protocol Bitcoin Bitcoin: permissionless with dynamic join/leave Alternatives: permissioned with static membership permissioned with semi-static membership (no join/leave during each round, but ok between rounds ) 13
14 Participation in leader election protocol Bitcoin Bitcoin: all mining nodes Alternatives: a fixed subset (e.g., Honey Badger) a dynamic subset [e.g., endorsers (Ouroboros) committee members (Algorand) validators (Tendermint) trusted quorums (Stellar), ] 14
15 Participation in leader election protocol Bitcoin Bitcoin: all mining nodes Alternatives: a fixed subset (e.g., Honey Badger) a dynamic subset [e.g., endorsers (Ouroboros) committee members (Algorand) validators (Tendermint) trusted quorums (Stellar), ] 15
16 Failure modes Bitcoin Bitcoin: Byzantine Alternatives: fail-stop (crash only) honest-but-curious honest-but-lazy (in this model, Algorand can tolerate failure of majority of nodes!) 16
17 Clocks Bitcoin Bitcoin: loosely synchronized (NTP) Alternatives: strongly synchronized same speed (Algorand) 17
18 Message delivery model Bitcoin Bitcoin: unreliable Alternatives: reliable with known delay (msgs are delivered correctly and exactly once within a certain amount of time) reliable with unknown delay dropped/ modified/ injected 18
19 Timing model Bitcoin fast slow Bitcoin: asynchronous (msgs can take arbitrarily long to arrive, and processor speeds can be vastly different) (different from the A in AJAX) Alternatives: synchronous (msg delays are bounded, and differences in processor speeds are bounded) eventually synchronous weakly synchronous strongly synchronous 19
20 Timing model [Dwork and Lynch, 1988] In a synchronous system, there is a known fixed upper bound A on the time required for a message to be sent from one processor to another and a known fixed upper bound B on the relative speeds of different processors. In an asynchronous system, no fixed upper bounds A and B exist. In an eventually synchronous system, the system is synchronous most of the time but may experience periods of asynchrony. 20
21 Consensus protocol example: Algorand Transaction: any Ledger: blockchain Leader election: proof-of-stake Participation: permissionless Participation in leader election: committee Failure modes: byzantine Message delivery: Timing: Clock: reliable (gossip protocol) strong synchrony (liveness) weak synchrony (safety) same speed 21
22 Recall Bitcoin consensus protocol 1. New transactions are broadcast to all nodes. 2. Each node collects new transactions into blocks. 3. In each round, a winning node gets to add its block to the chain. 4. Other nodes accept the block only if all transactions in it are valid. 5. Nodes express their approval of the block by extending the chain from it. a. Select committee members based on stakes b. Committee members vote on winner based on stakes 22
23 Algorand sortition a. Select committee members based on stakes Cannot be done deterministically Cannot be done in multiple steps Must be done in secret committee members may be targeted! b. Committee members vote on winner based on stakes 23
24 Verifiable Random Function (VRF) VRF = (F, VF) such that, for any public-secret key pair (pk,sk), (h,p) = F(sk,x) On input x, the algorithm F returns a hash and a proof. The hash h is random to anyone who does not know sk. b = VF(pk,x,h,p) On input pk, x, h, and p, the algorithm VF returns a bit. The proof p lets anyone with pk verify that h corresponds to x. 24
25 Implementing VRF with digital signatures VRF = (F, VF) such that, for any public-secret key pair (pk,sk), (h,p) = F(sk,x) p Sign( sk, x ) ; h H( p ) On input x, the algorithm F returns a hash and a proof. The hash h is random to anyone who does not know sk. b = VF(pk,x,h,p) Vf( pk, x, p ) h == H( p ) On input pk, x, h, and p, the algorithm VF returns a bit. The proof p lets anyone with pk verify that h corresponds to x. 25
26 Algorand (much simplified) a. Select committee members based on stakes Cannot be done deterministically Cannot be done in multiple steps Must be done in secret (h,p) VRF(sk, seed role) seed 0 agreed through distributed random number generation seed r = h r b. Committee members vote on winner based on stakes 26
27 Algorand (much simplified) a. Select committee members based on stakes Cannot be done deterministically Cannot be done in multiple steps Must be done in secret (h,p,j) Sortition(sk, seed,role,w,w) b. Committee members vote on winner based on stakes 27
28 Algorand (much simplified) a. Select committee members based on stakes Cannot be done deterministically Cannot be done in multiple steps Must be done in secret b. Committee members vote on winner based on stakes Block with highest priority wins. For i in {1,,j}, (h,p,j) Sortition(sk, seed,role,w,w) block priority max(block priority, H(h i)) 28
29 Algorand claims 75-page paper with tons of proofs of safety liveness other properties under various timing models, message delivery models, etc. 29
30 others? 30
31 Being able to model the system helps! Summary of consensus resilience properties, some of which use statically configured nodes with a special role. Symbols and notes: means that the protocol is resilient against the fault and that it is not;. states that no such special node exists in the protocol;? denotes that the properties cannot be assessed due to lack of information; ( ) denotes the crash of other nodes, different from the special node; + MultiChain has non-final decisions; PoET assumes trusted hardware available from only one vendor; Ripple tolerates one of the five default Ripple-operated validators (special nodes) to be subverted. Source: Blockchain consensus protocols in the wild. Christian Cachin and Marko Vukolic. IBM Zurich
32 Results from distributed systems research FLP: In an asynchronous model with reliable links, no deterministic protocol can achieve consensus when at least one party can crash. [ asynchronous parties, reliable links, f 1 in fail-stop model ] PBFT: In an eventually synchronous model with reliable links, parties running PBFT protocol can reach consensus as long as no more than one third of all parties can be malicious. [ eventually synchronous parties, reliable links, f n/3 in byzantine model ] [FLP]: Impossibility of Distributed Consensus with One Faulty Process, Fischer, Lynch, and Paterson, [PBFT]: Practical Byzantine Fault Tolerance, Castro and Liskov,
33 Meanwhile We still see claims like this: Every transaction is replicated to every node. When a majority of nodes have replicated the transaction, the transaction is committed. Kadena based on ScaleableBFT Model: asynchronous with byzantine failures 33
34 Snake oil? Unsupported, hard to verify claims abound. This situation has happened before! Look at the history of modern cryptography. 34
35 Block ciphers and modes of operation FIPS-80: DES and modes of operation Various modes proposed: ECB, CBC, CTR, OFB, CFB Assuming that the underlying block cipher is perfect, are these modes any good? 35
36 ECB encryption mode: definition Source: Symmetric Cryptography Basics, Chanathip Namprempre,
37 ECB encryption mode: secure? Source: Wikipedia 37
38 ECB insecurity 38
39 Modeling primitives and defining security definitions Block cipher What is it: family of permutations What it means to be secure: PRP-CPA, PRP-CCA Symmetric encryption scheme What is it: three algorithms satisfying a correctness condition What it means to be secure: IND-CPA, IND-CCA 39
40 Results? ECB is not IND-CPA. CBC with counter IV is not IND-CPA. CBC with random IV is IND-CPA but not IND-CCA. CTR with random IV is IND-CPA but not IND-CCA. CTR with counter IV is IND-CPA but not IND-CCA. CTR with counter IV is more secure than CTR with random IV. etc. 40
41 Theory catching up with practice Modern cryptography Block ciphers were proposed and used. Then, models and proofs were developed. Cryptocurrencies and distributed systems Bitcoin is proposed and used. Then, models and proofs are being developed! 41
42 What makes a good consensus protocol? Efficient: throughput? latency? average case? worse case? Secure: DOS? targeted attack? Prevent/eliminate forks? Liveness? Safety? 42
43 Safety and Liveness Safety: Nothing bad happens. With overwhelming probability, all nodes agree on the same order of transactions. If one honest node accepts transaction A (i.e., it appears on the chain), then with overwhelming probability any future transactions accepted by other honest nodes will be on the chain that already contains A. Liveness: Something good eventually happens. With overwhelming probability, new transactions get added to the chain. During synchronous period, with overwhelming probability honest nodes eventually add a new transaction to the chain. 43
44 State of the art Security models and proofs for blockchain systems are emerging. But the models and security definitions are complicated and hard to work with. Plenty of room for improvement! We can start with devising simpler, cleaner models and definitions. 44
45 45
CONSENSUS PROTOCOLS & BLOCKCHAINS. Techruption Lecture March 16 th, 2017 Maarten Everts (TNO & University of Twente)
CONSENSUS PROTOCOLS & BLOCKCHAINS Techruption Lecture March 16 th, 2017 Maarten Everts (TNO & University of Twente) 2 Consensus protocols & blockchain 3 Consensus protocols & blockchain 4 Consensus protocols
More informationData Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)
Data Consistency and Blockchain Bei Chun Zhou (BlockChainZ) beichunz@cn.ibm.com 1 Data Consistency Point-in-time consistency Transaction consistency Application consistency 2 Strong Consistency ACID Atomicity.
More informationHyperledger Fabric v1:
Marko Vukolić, IBM Research - Zurich May 4, 2017 Hyperledger Fabric v1: Rethinking Permissioned Blockchains Blockchain: du Bitcoin au Smart Contract 4 Mai 2017 2017 IBM Corporation What is a Blockchain?
More informationHyperledger fabric: towards scalable blockchain for business
Marko Vukolić, IBM Research - Zurich Hyperledger fabric: towards scalable blockchain for business Trust in Digital Life The Hague, Netherlands, June 17 2016 Blockchain shared, replicated, ledger Consensus
More informationLecture 12. Algorand
Lecture 12 Algorand Proof-of-Stake Virtual Mining Proof of Stake Bitcoin uses proof of work to address sybil attacks and implement consensus Philosophy: Chance of winning in a block mining round proportional
More informationAlgorand: Scaling Byzantine Agreements for Cryptocurrencies
Algorand: Scaling Byzantine Agreements for Cryptocurrencies Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, Nickolai Zeldovich Presented by: Preet Patel and Umang Lathia Outline Overview of Distributed
More informationAlternative Consensus
1 Alternative Consensus DEEP DIVE Alexandra Tran, Dev Ojha, Jeremiah Andrews, Steven Elleman, Ashvin Nihalani 2 TODAY S AGENDA GETTING STARTED 1 INTRO TO CONSENSUS AND BFT 2 NAKAMOTO CONSENSUS 3 BFT ALGORITHMS
More informationBlockchains & Cryptocurrencies
1 Blockchains & Cryptocurrencies A Technical Introduction Lorenz Breidenbach ETH Zürich Cornell Tech The Initiative for CryptoCurrencies & Contracts (IC3) 2 Cryptocurrency Mania Market cap as of yesterday:
More informationBlockchain, cryptography, and consensus
ITU Workshop on Security Aspects of Blockchain (Geneva, Switzerland, 21 March 2017) Blockchain, cryptography, and consensus Dr. Christian Cachin IBM Research - Zurich www.zurich.ibm.com/~cca/ Geneva, Switzerland,
More informationCS 261 Notes: Algorand
CS 261 Notes: Algorand Scribe: Rachel Lawrence September 17, 2018 1 Introduction: Why Algorand? Algorand [6] is a cryptocurrency that works to reach consensus on transactions with a system based on Proof
More informationBlockFin A Fork-Tolerant, Leaderless Consensus Protocol April
BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April 2018 @storecoin What are the most desirable features in a blockchain? Scalability (throughput) and decentralization (censorship resistance),
More informationLecture 3. Introduction to Cryptocurrencies
Lecture 3 Introduction to Cryptocurrencies Public Keys as Identities public key := an identity if you see sig such that verify(pk, msg, sig)=true, think of it as: pk says, [msg] to speak for pk, you must
More informationENEE 457: E-Cash and Bitcoin
ENEE 457: E-Cash and Bitcoin Charalampos (Babis) Papamanthou cpap@umd.edu Money today Any problems? Cash is cumbersome and can be forged Credit card transactions require centralized online bank are not
More informationDfinity Consensus, Explored
Dfinity Consensus, Explored Ittai Abraham, Dahlia Malkhi, Kartik Nayak, and Ling Ren VMware Research {iabraham,dmalkhi,nkartik,lingren}@vmware.com Abstract. We explore a Byzantine Consensus protocol called
More informationPractical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov
Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov Outline 1. Introduction to Byzantine Fault Tolerance Problem 2. PBFT Algorithm a. Models and overview b. Three-phase protocol c. View-change
More informationTransactions Between Distributed Ledgers
Transactions Between Distributed Ledgers Ivan Klianev Transactum Pty Ltd High Performance Transaction Systems Asilomar, California, 8-11 October 2017 The Time for Distributed Transactions Has Come Thanks
More informationHelix: A Scalable and Fair Consensus Algorithm
Helix: A Scalable and Fair Consensus Algorithm Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari and David Yakira Orbs Research (orbs.com) V.1.2 Abstract We present
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 30 2017 Outline Digital currencies Advantages over paper cash
More informationBlockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric
Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric Elli Androulaki Staff member, IBM Research, Zurich Workshop on cryptocurrencies Athens, 06.03.2016 Blockchain systems
More informationParsimonious Asynchronous Byzantine-Fault-Tolerant Atomic Broadcast
Parsimonious Asynchronous Byzantine-Fault-Tolerant Atomic Broadcast HariGovind V. Ramasamy Christian Cachin August 19, 2005 Abstract Atomic broadcast is a communication primitive that allows a group of
More informationHarmony Open Consensus for 10B People
Harmony Open Consensus for 10B People @ 10M tx/sec, 100ms latency, 0.1% fee Let s build an open marketplace at Google-scale. To 1,000x the decentralized economy. By speed & incentives. 2 State of Research:
More informationBlockchain, cryptography, and consensus
Blockchain, cryptography, and consensus Christian Cachin (with Elli Androulaki, Angelo De Caro, Andreas Kind, Mike Osborne, Simon Schubert, Alessandro Sorniotti, Marko Vukolic and many more) IBM Research
More informationAlternative Consensus Algorithms. Murat Osmanoglu
Alternative Consensus Algorithms Murat Osmanoglu Bitcoin Block i-1 Block i Block i+1 Hash i-2 Nonce i-1 Hash i-1 Nonce i Hash i Nonce i+1 tx tx tx tx tx tx tx tx tx tx tx tx Do you really need a Blockchain?
More informationOUROBOROS PRAOS: AN ADAPTIVELY-SECURE, SEMI-SYNCHRONOUS
OUROBOROS PRAOS: AN ADAPTIVELY-SECURE, SEMI-SYNCHRONOUS PROOF-OF-STAKE BLOCKCHAIN Bernardo David Tokyo Tech & IOHK Peter Gaži IOHK Aggelos Kiayias U. Edinburgh & IOHK Eurocrypt 2018 Alexander Russell U.
More informationProblem: Equivocation!
Bitcoin: 10,000 foot view Bitcoin and the Blockchain New bitcoins are created every ~10 min, owned by miner (more on this later) Thereafter, just keep record of transfers e.g., Alice pays Bob 1 BTC COS
More informationCS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University
CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University April 9 2018 Schedule HW 4 Due on Thu 04/12 Programming project 3 Due
More informationConsensus, impossibility results and Paxos. Ken Birman
Consensus, impossibility results and Paxos Ken Birman Consensus a classic problem Consensus abstraction underlies many distributed systems and protocols N processes They start execution with inputs {0,1}
More informationIntroduction to Cryptoeconomics
Introduction to Cryptoeconomics What is cryptoeconomics? Cryptoeconomics is about... Building systems that have certain desired properties Use cryptography to prove properties about messages that happened
More informationarxiv: v2 [cs.dc] 12 Sep 2017
Efficient Synchronous Byzantine Consensus Ittai Abraham 1, Srinivas Devadas 2, Danny Dolev 3, Kartik Nayak 4, and Ling Ren 2 arxiv:1704.02397v2 [cs.dc] 12 Sep 2017 1 VMware Research iabraham@vmware.com
More informationHelix: A Scalable and Fair Consensus Algorithm
Helix: A Scalable and Fair Consensus Algorithm Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz Ori Rottenstreich, Ronen Tamari and David Yakira Orbs Research (orbs.com) V.1.1 Abstract We present
More informationFormally Specifying Blockchain Protocols
Formally Specifying Blockchain Protocols 1 IOHK company building blockchain applications research focused invested in functional programming built Cardano network, Ada cryptocurrency 2 Blockchain Protocols
More informationREM: Resource Efficient Mining for Blockchains
REM: Resource Efficient Mining for Blockchains Fan Zhang, Ittay Eyal, Robert Escriva, Ari Juels, Robbert van Renesse Vancouver, Canada 13 September 2017 USENIX Security 2017 1 The Cryptocurrency Vision
More informationFailures, Elections, and Raft
Failures, Elections, and Raft CS 8 XI Copyright 06 Thomas W. Doeppner, Rodrigo Fonseca. All rights reserved. Distributed Banking SFO add interest based on current balance PVD deposit $000 CS 8 XI Copyright
More informationConsensus Problem. Pradipta De
Consensus Problem Slides are based on the book chapter from Distributed Computing: Principles, Paradigms and Algorithms (Chapter 14) by Kshemkalyani and Singhal Pradipta De pradipta.de@sunykorea.ac.kr
More informationConsensus a classic problem. Consensus, impossibility results and Paxos. Distributed Consensus. Asynchronous networks.
Consensus, impossibility results and Paxos Ken Birman Consensus a classic problem Consensus abstraction underlies many distributed systems and protocols N processes They start execution with inputs {0,1}
More informationResource-Efficient Mining (REM) with Proofs of Useful Work (PoUW)
Resource-Efficient Mining (REM) with Proofs of Useful Work (PoUW) Ittay Eyal Technion, EE and IC3 with Fan Zhang, Robert Escriva. Ari Juels, and Robbert van Renesse Workshop on Blockchain Technology and
More informationISSUSE AND FEATURES TO CONSIDER WHEN SELECTING A BLOCKCHAIN SYSTEM. Find us at
ISSUSE AND FEATURES TO CONSIDER WHEN SELECTING A BLOCKCHAIN SYSTEM Find us at www.chainfrog.com Licenses Most blockchains are open-source (and you should not select a closed source one) If you are going
More informationProof of Stake Made Simple with Casper
Proof of Stake Made Simple with Casper Olivier Moindrot ICME, Stanford University olivierm@stanford.edu Charles Bournhonesque ICME, Stanford University cbournho@stanford.edu Abstract We study the recent
More informationDistributed Consensus Protocols and Algorithms
Chapter 1 Distributed Consensus Protocols and Algorithms Yang Xiao, Ning Zhang, Jin Li, Wenjing Lou, Y. Thomas Hou Edit: This manuscript was built with L A TEX documentclass[11pt]{book}. The titles marked
More informationCS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT
1 CS5412: CONSENSUS AND THE FLP IMPOSSIBILITY RESULT Lecture XII Ken Birman Generalizing Ron and Hermione s challenge 2 Recall from last time: Ron and Hermione had difficulty agreeing where to meet for
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationA Blockchain-based Mapping System
A Blockchain-based Mapping System IETF 98 Chicago March 2017 Jordi Paillissé, Albert Cabellos, Vina Ermagan, Fabio Maino jordip@ac.upc.edu http://openoverlayrouter.org 1 A short Blockchain tutorial 2 Blockchain
More informationBlockchain Beyond Bitcoin. Mark O Connell
Mark O Connell mark@mkoconnell.com SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may use this material
More informationSCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena National University of Singapore Bitcoin
More informationA Lightweight Blockchain Consensus Protocol
A Lightweight Blockchain Consensus Protocol Keir Finlow-Bates keir@chainfrog.com Abstract A lightweight yet deterministic and objective consensus protocol would allow blockchain systems to be maintained
More informationBlockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini
Blockchain CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. Bitcoin: 10,000 foot view New bitcoins
More informationPractical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li
Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li Abstract Along with cryptocurrencies become a great success known to the world, how to
More informationAn Introduction to Blockchain and Distributed Ledger Technology
An Introduction to Blockchain and Distributed Ledger Technology Ron van der Meyden UNSW School of Computer Science and Engineering The source of the buzz Bitcoin: A Peer-to-Peer Electronic Cash System,
More informationSolida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus
Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus Ittai Abraham 1, Dahlia Malkhi 2, Kartik Nayak 3, Ling Ren 4, and Alexander Spiegelman 5 1 VMware Research, Palo Alto, USA iabraham@vmware.com
More informationAssignment 12: Commit Protocols and Replication Solution
Data Modelling and Databases Exercise dates: May 24 / May 25, 2018 Ce Zhang, Gustavo Alonso Last update: June 04, 2018 Spring Semester 2018 Head TA: Ingo Müller Assignment 12: Commit Protocols and Replication
More informationHelix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation
Helix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari and David Yakira Orbs Research (orbs.com)
More informationA definition. Byzantine Generals Problem. Synchronous, Byzantine world
The Byzantine Generals Problem Leslie Lamport, Robert Shostak, and Marshall Pease ACM TOPLAS 1982 Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov OSDI 1999 A definition Byzantine (www.m-w.com):
More informationConsensus in Distributed Systems. Jeff Chase Duke University
Consensus in Distributed Systems Jeff Chase Duke University Consensus P 1 P 1 v 1 d 1 Unreliable multicast P 2 P 3 Consensus algorithm P 2 P 3 v 2 Step 1 Propose. v 3 d 2 Step 2 Decide. d 3 Generalizes
More informationSemi-Passive Replication in the Presence of Byzantine Faults
Semi-Passive Replication in the Presence of Byzantine Faults HariGovind V. Ramasamy Adnan Agbaria William H. Sanders University of Illinois at Urbana-Champaign 1308 W. Main Street, Urbana IL 61801, USA
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationHybrid Consensus. Tai-Ning Liao, Xian-Ming Pan, Zhao-Heng Chiu, Imu Lin 1/65
Hybrid Consensus Tai-Ning Liao, Xian-Ming Pan, Zhao-Heng Chiu, Imu Lin Hybrid Consensus: Efficient Consensus in the Permissionless Model, 2017, Rafael Pass and Elaine Shi CornellTech, Cornell, Initiative
More informationCryptography [Symmetric Encryption]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin,
More informationCryptographic Hash Functions
ECE458 Winter 2013 Cryptographic Hash Functions Dan Boneh (Mods by Vijay Ganesh) Previous Lectures: What we have covered so far in cryptography! One-time Pad! Definition of perfect security! Block and
More informationCryptography CS 555. Topic 11: Encryption Modes and CCA Security. CS555 Spring 2012/Topic 11 1
Cryptography CS 555 Topic 11: Encryption Modes and CCA Security CS555 Spring 2012/Topic 11 1 Outline and Readings Outline Encryption modes CCA security Readings: Katz and Lindell: 3.6.4, 3.7 CS555 Spring
More informationHelix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation
Helix: A Scalable and Fair Consensus Algorithm Resistant to Ordering Manipulation Avi Asayag, Gad Cohen, Ido Grayevsky, Maya Leshkowitz, Ori Rottenstreich, Ronen Tamari and David Yakira Orbs Research (orbs.com)
More informationBlock ciphers, stream ciphers
Block ciphers, stream ciphers (start on:) Asymmetric cryptography CS 161: Computer Security Prof. Raluca Ada Popa Jan 31, 2018 Announcements Project 1 is out, due Feb 14 midnight Recall: Block cipher A
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationSecurity (and finale) Dan Ports, CSEP 552
Security (and finale) Dan Ports, CSEP 552 Today Security: what if parts of your distributed system are malicious? BFT: state machine replication Bitcoin: peer-to-peer currency Course wrap-up Security Too
More informationFailure models. Byzantine Fault Tolerance. What can go wrong? Paxos is fail-stop tolerant. BFT model. BFT replication 5/25/18
Failure models Byzantine Fault Tolerance Fail-stop: nodes either execute the protocol correctly or just stop Byzantine failures: nodes can behave in any arbitrary way Send illegal messages, try to trick
More informationTo do. Consensus and related problems. q Failure. q Raft
Consensus and related problems To do q Failure q Consensus and related problems q Raft Consensus We have seen protocols tailored for individual types of consensus/agreements Which process can enter the
More informationBlock cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75
Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like
More informationSpecifying and Proving Broadcast Properties with TLA
Specifying and Proving Broadcast Properties with TLA William Hipschman Department of Computer Science The University of North Carolina at Chapel Hill Abstract Although group communication is vitally important
More informationAlternatives to Blockchains. Sarah Meiklejohn (University College London)
Alternatives to Blockchains Sarah Meiklejohn (University College London) fully decentralized cryptocurrencies 2 fully decentralized cryptocurrencies tx tx(addra addrb) 2 fully decentralized cryptocurrencies
More informationDistributed systems. Lecture 6: distributed transactions, elections, consensus and replication. Malte Schwarzkopf
Distributed systems Lecture 6: distributed transactions, elections, consensus and replication Malte Schwarzkopf Last time Saw how we can build ordered multicast Messages between processes in a group Need
More informationLecture 44 Blockchain Security I (Overview)
Blockchains Architecture, Design and Use Cases Prof. Sandip Chakraborty Prof. Praveen Jayachandran Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Lecture 44 Blockchain
More informationCandidates Day Modeling the Energy Consumption of. Ryan Cole Liang Cheng. CSE Department Lehigh University
Candidates Day 2016 Modeling the Energy Consumption of Blockchain Consensus Algorithms Daniel Lopresti, Interim Dean P.C. Rossin College of Engineering and Applied Science July 30, April 15,2018 2016 Ryan
More informationProof of Luck: an Efficient Blockchain Consensus Protocol
Proof of Luck: an Efficient Blockchain Consensus Protocol ABSTRACT Mitar Milutinovic mitar@cs.berkeley.edu Howard Wu howardwu@berkeley.edu In the paper, we present designs for multiple blockchain consensus
More informationTHE SWIRLDS HASHGRAPH CONSENSUS ALGORITHM: FAIR, FAST, BYZANTINE FAULT TOLERANCE
THE SWIRLDS HASHGRAPH CONSENSUS ALGORITHM: FAIR, FAST, BYZANTINE FAULT TOLERANCE LEEMON BAIRD BAIRD@SWIRLDS.COM MAY 31, 2016 SWIRLDS TECH REPORT SWIRLDS-TR-2016-01 Abstract. A new system, the Swirlds hashgraph
More informationRapidChain: Scaling Blockchain via Full Sharding
RapidChain: Scaling Blockchain via Full Sharding Mahdi Zamani Visa Research Join work with Mahnush Movahedi, Dfinity Mariana Raykova, Yale University Stanford Blockchain Seminar August 2018 Agenda! Part
More informationKey-value store with eventual consistency without trusting individual nodes
basementdb Key-value store with eventual consistency without trusting individual nodes https://github.com/spferical/basementdb 1. Abstract basementdb is an eventually-consistent key-value store, composed
More informationBlockchain Basics A. Introduction B. Key Properties
Amie Corso Department of Computer and Information Science University of Oregon December, 2018 Literature Review Blockchain Technology: Consensus and Performance I. Blockchain Basics A. Introduction In
More informationRobust BFT Protocols
Robust BFT Protocols Sonia Ben Mokhtar, LIRIS, CNRS, Lyon Joint work with Pierre Louis Aublin, Grenoble university Vivien Quéma, Grenoble INP 18/10/2013 Who am I? CNRS reseacher, LIRIS lab, DRIM research
More informationBitcoin and Blockchain
Bitcoin and Blockchain COS 418: Distributed Systems Lecture 18 Zhenyu Song [Credit: Selected content adapted from Michael Freedman. Slides refined by Chris Hodsdon and Theano Stavrinos] Why Bitcoin? All
More informationComputer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019
Computer Security 14. Blockchain & Bitcoin Paul Krzyzanowski Rutgers University Spring 2019 April 15, 2019 CS 419 2019 Paul Krzyzanowski 1 Bitcoin & Blockchain Bitcoin cryptocurrency system Introduced
More informationArvind Krishnamurthy Fall Collection of individual computing devices/processes that can communicate with each other
Distributed Systems Arvind Krishnamurthy Fall 2003 Concurrent Systems Collection of individual computing devices/processes that can communicate with each other General definition encompasses a wide range
More informationA Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform
A Byzantine Fault-Tolerant Ordering Service for the Hyperledger Fabric Blockchain Platform João Sousa, Alysson Bessani, Marko Vukolić* Faculdade de Ciências, Universidade de Lisboa *IBM Research Zurich
More informationDistributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible Possible Heidi Howard PhD Student @ University of Cambridge heidi.howard@cl.cam.ac.uk @heidiann360 hh360.user.srcf.net Sometimes inconsistency is not an option
More informationUntangling Blockchain: A Data Processing View of Blockchain Systems
Untangling Blockchain: A Data Processing View of Blockchain Systems Tien Tuan Anh Dinh, Rui Liu, Meihui Zhang, Member, IEEE, Gang Chen, Member, IEEE, Beng Chin Ooi, Fellow, IEEE, and Ji Wang 1 Abstract
More informationConsensus & Blockchain
Consensus & Blockchain S P Suresh Chennai Mathematical Institute Formal Methods Update Meeting IIT Mandi July 17, 2017 The Bitcoin revolution is upon us What is Bitcoin? Bitcoin: an exciting new currency
More informationByzantine fault tolerance. Jinyang Li With PBFT slides from Liskov
Byzantine fault tolerance Jinyang Li With PBFT slides from Liskov What we ve learnt so far: tolerate fail-stop failures Traditional RSM tolerates benign failures Node crashes Network partitions A RSM w/
More informationDistributed Ledger Technology & Fintech Applications. Hart Montgomery, NFIC 2017
Distributed Ledger Technology & Fintech Applications Hart Montgomery, NFIC 2017 Let s consider a common scenario: Banks want to trade some asset class Participants in the market want to be able to efficiently
More informationPractical Byzantine Fault
Practical Byzantine Fault Tolerance Practical Byzantine Fault Tolerance Castro and Liskov, OSDI 1999 Nathan Baker, presenting on 23 September 2005 What is a Byzantine fault? Rationale for Byzantine Fault
More informationPOLARIS ADAPTIVE STATE SHARDING TECHNOLOGY, A SECURE SHARDING PROTOCOL FOR BLOCKCHAINS.
POLARIS ADAPTIVE STATE SHARDING TECHNOLOGY, A SECURE SHARDING PROTOCOL FOR BLOCKCHAINS. TABLE OF CONTENTS Contents Abstract 1 Introduction 2 Problem and challenges 3 Polaris degign 4 Securtiy analysis
More informationSecure Multiparty Computation
CS573 Data Privacy and Security Secure Multiparty Computation Problem and security definitions Li Xiong Outline Cryptographic primitives Symmetric Encryption Public Key Encryption Secure Multiparty Computation
More informationSpaceMint Overcoming Bitcoin s waste of energy
Bitcoin Overcoming Bitcoin s waste of energy Georg Fuchsbauer joint work with S Park, A Kwon, K Pietrzak, J Alwen and P Gaži Digital currency Decentralized (no bank issuing coins) Pseudonymous Controled
More informationDistributed Consensus: Making Impossible Possible
Distributed Consensus: Making Impossible Possible QCon London Tuesday 29/3/2016 Heidi Howard PhD Student @ University of Cambridge heidi.howard@cl.cam.ac.uk @heidiann360 What is Consensus? The process
More informationBaFin-Tech 2018 BlockChain & Security (from #developerview)
BaFin-Tech 2018 BlockChain & Security (from #developerview) DLT Lab 10 th April 2018 sven.lehnert@main-incubator.com, @itnext_de Experiences from practice Agenda: Blockchain Security 1 Theory: Blockchain
More informationDistributed Systems. coordination Johan Montelius ID2201. Distributed Systems ID2201
Distributed Systems ID2201 coordination Johan Montelius 1 Coordination Coordinating several threads in one node is a problem, coordination in a network is of course worse: failure of nodes and networks
More informationHow Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization
Centralization vs. Decentralization Distributed Consensus Consensus without Identity, using a Block Chain Incentives and Proof of Work Putting it all together Centralization vs. Decentralization Distributed
More informationBlockchain (de)constructed
Blockchain (de)constructed Fritz Henglein Department of Computer Science, University of Copenhagen (DIKU) DIKU Business Club meeting on blockchain January 11th, 2016 Fritz Henglein Professor of programming
More informationDistributed Systems Consensus
Distributed Systems Consensus Amir H. Payberah amir@sics.se Amirkabir University of Technology (Tehran Polytechnic) Amir H. Payberah (Tehran Polytechnic) Consensus 1393/6/31 1 / 56 What is the Problem?
More informationRecall our 2PC commit problem. Recall our 2PC commit problem. Doing failover correctly isn t easy. Consensus I. FLP Impossibility, Paxos
Consensus I Recall our 2PC commit problem FLP Impossibility, Paxos Client C 1 C à TC: go! COS 418: Distributed Systems Lecture 7 Michael Freedman Bank A B 2 TC à A, B: prepare! 3 A, B à P: yes or no 4
More informationsymmetric cryptography s642 computer security adam everspaugh
symmetric cryptography s642 adam everspaugh ace@cs.wisc.edu computer security Announcement Midterm next week: Monday, March 7 (in-class) Midterm Review session Friday: March 4 (here, normal class time)
More informationChapter 13. Digital Cash. Information Security/System Security p. 570/626
Chapter 13 Digital Cash Information Security/System Security p. 570/626 Introduction While cash is used in illegal activities such as bribing money laundering tax evasion it also protects privacy: not
More informationIntrusion-Tolerant Group Management for Mobile Ad-Hoc Networks
Intrusion-Tolerant Group Management for Mobile Ad-Hoc Networks Jonathan Kirsch Department of Computer Science The Johns Hopkins University Baltimore, Maryland 21218 Email: jak@cs.jhu.edu Brian Coan Distributed
More information