SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

Similar documents
Problem: Equivocation!

RapidChain: Scaling Blockchain via Full Sharding

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

The ZILLIQA Technical Whitepaper

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

POLARIS ADAPTIVE STATE SHARDING TECHNOLOGY, A SECURE SHARDING PROTOCOL FOR BLOCKCHAINS.

Introduction to Bitcoin I

CONSENSUS PROTOCOLS & BLOCKCHAINS. Techruption Lecture March 16 th, 2017 Maarten Everts (TNO & University of Twente)

BitBill: Scalable, Robust, Verifiable Peer-to-Peer Billing for Cloud Computing

ZILLIQA / ZILIKƏ/ NEXT GEN HIGH-THROUGHPUT BLOCKCHAIN PLATFORM DONG XINSHU, CEO JIA YAOQI, BLOCKCHAIN ZILLIQA.

Introduction to Cryptoeconomics

Hyperledger fabric: towards scalable blockchain for business

BLOCKREDUCE: SCALING BLOCKCHAIN TO HUMAN COMMERCE

Consensus & Blockchain

What is Proof of Work?

Hyperledger Fabric v1:

SOME OF THE PROBLEMS IN BLOCKCHAIN TODAY

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

Bitcoin and Blockchain

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

The Not-So-Short ZILLIQA Technical FAQ

ENEE 457: E-Cash and Bitcoin

Data Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)

SpaceMint Overcoming Bitcoin s waste of energy

SmartPool: practical decentralized pool mining. Loi Luu, Yaron Velner, Jason Teutsch, and Prateek Saxena August 18, 2017

EECS 498 Introduction to Distributed Systems

RepuCoin: Your Reputation is Your Power

Hybrid Consensus. Tai-Ning Liao, Xian-Ming Pan, Zhao-Heng Chiu, Imu Lin 1/65

Ergo platform. Dmitry Meshkov

Sharding. Making blockchains scalable, decentralized and secure.

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

Blockchains & Cryptocurrencies

OUROBOROS PRAOS: AN ADAPTIVELY-SECURE, SEMI-SYNCHRONOUS

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

REM: Resource Efficient Mining for Blockchains

Transactions Between Distributed Ledgers

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus

Scaling Nakamoto Consensus to Thousands of Transactions per Second

Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Proof of Stake Made Simple with Casper

Technical White Paper of. MOAC Mother of All Chains. June 8 th, 2017

Alternative Consensus Algorithms. Murat Osmanoglu

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

Software Security. Final Exam Preparation. Be aware, there is no guarantee for the correctness of the answers!

Analyzing Bitcoin Security. Philippe Camacho

Formally Specifying Blockchain Protocols

BITCOIN MECHANICS AND OPTIMIZATIONS. Max Fang Philip Hayes

An analysis of the applicability of blockchain to secure IP addresses allocation, delegation and bindings draft-paillisse-sidrops-blockchain-01

A Lightweight Blockchain Consensus Protocol

Adapting Blockchain Technology for Scientific Computing. Wei Li

hard to perform, easy to verify

Security (and finale) Dan Ports, CSEP 552

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

CS 261 Notes: Algorand

Fruitchains: A Fair Blockchain?

Proof-of-Stake Protocol v3.0

Adapting Blockchain Technology for Scientific Computing. Wei Li

Peer-to-peer Sender Authentication for . Vivek Pathak and Liviu Iftode Rutgers University

Cryptocurrency and Blockchain Research

Let's build a blockchain!

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Candidates Day Modeling the Energy Consumption of. Ryan Cole Liang Cheng. CSE Department Lehigh University

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING

Ergo platform overview

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Catena: Preventing Lies with

GRADUBIQUE: AN ACADEMIC TRANSCRIPT DATABASE USING BLOCKCHAIN ARCHITECTURE

Ergo platform: from prototypes to a survivable cryptocurrency

Harmony Open Consensus for 10B People

arxiv: v2 [cs.cr] 14 Nov 2018

A Blockchain-based Mapping System

Practical Byzantine Fault Tolerance. Castro and Liskov SOSP 99

Blockchain, Cryptocurrency, Smart Contracts and Initial Coin Offerings: A Technical Perspective

Scalable Bias-Resistant Distributed Randomness

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Privacy Enhancing Technologies CSE 701 Fall 2017

Blockchain Beyond Bitcoin. Mark O Connell

Enhanced Immutability of Permissioned Blockchain Networks by Tethering Provenance with a Public Blockchain Network

Introducing. Bitcoin. A dilettante s guide to Bitcoin scalability. BIP-9000 (self-assigned) Quote It s kind of fun to do the impossible.

CRUDE COINS.

Decentralized prediction game platform, powered by public

A Scalable Proof-of-Stake Blockchain in the Open Setting

Whitepaper Rcoin Global

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Security Analysis of Monero s Peer-to-Peer System

Biomedical Security. Some Security News 10/5/2018. Erwin M. Bakker

Catena: Efficient Non-equivocation via Bitcoin

Bitcoin, a decentralized and trustless protocol

Bitcoin: A Peer-to-Peer Electronic Cash System

From One to Many: Synced Hash-Based Signatures

Lecture 3. Introduction to Cryptocurrencies

Distributed Algorithms Bitcoin

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

I. Introduction. II. Security, Coinage and Attacks

Bitcoin (Part I) Ken Calvert Keeping Current Seminar 22 January Keeping Current 1

Proof-of-Work & Bitcoin

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

Transcription:

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena National University of Singapore

Bitcoin doesn t scale Hard coded parameters 1 block per 10 minutes 1 MB block size 7 TXs per second Today 1 2 TXs per second VISA: 10, 000 TXs per second

Our solution: SCP Scale up throughput several orders of magnitude Without degrading any security guarantee Several blocks in each epoch No. of blocks network computation capacity Require minimum amount of network bandwidth Broadcast only one block header

Byzantine consensus problem Problem N nodes, f are malicious Propose and agree on one value Byzantine consensus for blockchains Set of valid TXs per epoch Block i 2 Block i 1 0/1 Block i

Classical byzantine consensus protocol Intensive research Can tolerate f < n/2 x Assumption of known identity set x Bandwidth limited O(n 2 ) messages (e.g. PBFT) Work for a small network (e.g n < 1000)

Nakamoto consensus protocol Work for network of any size Select leader by proof of work Linear message complexity x Does not scale well in practice x One block per epoch x Bandwidth = O(block size) x Reparameterization is not a long term solution

Reparameterization: reducing epoch time Setup Using Amazon EC2 Run over 5 regions Results TX rate increases until some threshold Drops at 12 second epoch time

Problem Secure & scalable consensus protocol Compete with VISA?

SCP overview Adjust throughput based on network mining power Split the network into several committees Committees propose blocks in parallel No. of committees F(network mining capacity) Data needed for reaching consensus is minimal Consensus data!= transactional data Verify block without block data Selectively download block data

SCP protocol 1 2 Consensus Blk Data Blk 3 Blk Header 101010101101 5 Data Blk 4

Solve PoW Step 1: Identity establishment SHA2(EpochRandomness IP pubkey nonce) < D ID PoW IP Pubkey 1 00001 a.b.c.d ABC 2 00001 a.b.c.e DEF...

Step 2: Assigning committees Randomly & uniformly distribute identities to committees Based on the last k bits of PoW ID PoW 1 00001 00 2 00000 01 3 00000 10 4 00001 11.. 00001 00 00000 10 00000 11 00001 01

Size of a committee C Decide the probability of majority honest P(error) reduces exponentially with C f = N/3, C = 400, p(error) 10 12 f = N/3, C = 100, p(error) 0.0004 Why majority honest within a committee? Run practical authenticated BFT Allow others to verify committee s block without block s data At least 1 member is honest in any (C/2 + 1) members

Step 3: Propose a block within a committee Run a classical Byzantine consensus protocol Members agree & sign on one valid data block No. of messages O(C 2 ) TX sets included in data blocks are disjoint Include TXs with a specific prefix Block TX s IDS Data Block 1 00 Data Block 2 01 Data Block 3 10 Data Block 4 11

Step 4: Final committee unions all results 00001 00 00000 00 Propose a consensus block Header of Data Block 1 Header of Data Block 2 Header of Data Block 3 00001 001 00000 101 00000 10 00001 10 00000 11 00001 11

SCP blockchain Consensus block i 1 Consensus block i Consensus block i+1 Data block 1 Data block 2 Data block 3

Step 5: Generate an epoch randomness Goal Generate a fresh randomness Adversary cannot control or predict Common approach: Use consensus block hash Problem: adversary can predict the consensus block early Our approach: Users can have different randomness Commit R i in SHA2(R i ) when join the committee Agree on the consensus block Broadcast the block header and R i Use any c/2 R i as the epoch randomness

Implement a SCP based cryptocurrency Challenges How to form committees efficiently Too many new identities in each epoch Epoch time may be long to prevent conflict Double spending transactions Without previous block data? Input 0x123.. Input 0x123

Forming committees efficiently Approach: Reuse identities from previous epoch Elect one new member and remove the oldest one Number of new identities number of committees 1 st Epoch 2 nd Epoch 3 rd Epoch 0 1 2 C 2 C 1 C C+1

Avoid double spending Approach: Split double spending check into both miners and users (recipients) Checked by committee members Double spending Checked by recipients* Within a block Across blocks *: Proof of publication

Checking double spending across blocks Merkle tree of TX inputs An input is spent in a block Proof of size log(n) An input is not spent in a block Proof of size 2*log(N) Prove that Prove that 5 is not included? All leaves are sorted

Checking double spending across blocks (2) Sender proves that the TX s input is not spent elsewhere The proof of size L*log(N) Can be optimized Recipient checks by using only consensus block headers Actively support SPV clients without a trusted third party Support 1 confirmation TXs

Conclusion SCP scales almost linearly with network mining capacity More mining power, higher transaction rate Reduced network bandwidth Secure Applicable to several applications Cryptocurrency, decentralized database, etc

Q&A Loi Luu loiluu@comp.nus.edu.sg www.comp.nus.edu.sg/~loiluu

Future work Incentive structure Incentivize committee members and other parties Prevent DoS attack by sending invalid TXs Users can send arbitrary TXs to the blockchain now Rollback solution P(error)!= 0

Related work Bitcoin NG & Ghost Allow more blocks x Does not separate consensus plane and data plane Lighting network Allows more micro transactions x Does not solve scalability problem Sidechains Good for experimenting new blockchains x Does not make Bitcoin scalable

Adjusts number of committees frequently Similar to how Bitcoin adjusts the block difficulty T: the expected epoch time T : the averaged epoch time of the most 1000 recent blocks S: Current number of committees S : adjusted number of committees S'log(S') S log(s) T T '

Consensus Block Previous Block Hash Timestamp Committee signatures Global Merkle Root Data block commitments No. Data Block s hash Merkle root of TXs 1 0x123abc 2 0x123456 Previous Consensus Blk Block hash Committee signatures Included TXs Previous Consensus Blk Block hash Committee signatures Included TXs Data Block 1 Merkle root commitment of TXs No. of TXs Timestamp Data Block 2 Merkle root commitment of TXs No. of TXs Timestamp

SCP properties Number of data blocks network mining power Frequent adjustment of no. of blocks Data broadcast to the network is minimal Broadcast data is independent of block size Secure against adaptive adversary w.h.p. Can reparameterize c to secure against stronger adversary

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback