Algorand: Scaling Byzantine Agreements for Cryptocurrencies

Similar documents
Lecture 12. Algorand

CS 261 Notes: Algorand

Cryptocurrency and Blockchain Research

Blockchains & Cryptocurrencies

SpaceMint Overcoming Bitcoin s waste of energy

ENEE 457: E-Cash and Bitcoin

Proof of Stake Made Simple with Casper

On the impact of propogation delay on mining rewards in Bitcoin. Xuan Wen 1. Abstract

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

How Bitcoin achieves Decentralization. How Bitcoin achieves Decentralization

OUROBOROS PRAOS: AN ADAPTIVELY-SECURE, SEMI-SYNCHRONOUS

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Scaling Nakamoto Consensus to Thousands of Transactions per Second

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains

CONSENSUS PROTOCOLS & BLOCKCHAINS. Techruption Lecture March 16 th, 2017 Maarten Everts (TNO & University of Twente)

Computer Security. 14. Blockchain & Bitcoin. Paul Krzyzanowski. Rutgers University. Spring 2019

Introduction to Cryptocurrency Ecosystem. By Raj Thimmiah

EECS 498 Introduction to Distributed Systems

Hawk: The Blockchain Model of Cryptography and Privacy-Preserving Smart Contracts. Yashar Dehkan Asl

Formally Specifying Blockchain Protocols

A Lightweight Blockchain Consensus Protocol

Problem: Equivocation!

Blockchain. CS 240: Computing Systems and Concurrency Lecture 20. Marco Canini

Bitcoin, Security for Cloud & Big Data

Bitcoin. CS6450: Distributed Systems Lecture 20 Ryan Stutsman

Security (and finale) Dan Ports, CSEP 552

Lecture 3. Introduction to Cryptocurrencies

Darkcoin: Peer to Peer Crypto Currency with Anonymous Blockchain Transactions and an Improved Proof of Work System

Hijacking Bitcoin: Routing Attacks on Cryptocurrencies

Introduction to Bitcoin I

BITCOIN PROTOCOL & CONSENSUS: A HIGH LEVEL OVERVIEW

Hyperledger Fabric v1:

Data Consistency and Blockchain. Bei Chun Zhou (BlockChainZ)

Analyzing Bitcoin Security. Philippe Camacho

Sleep/Wake Aware Local Monitoring (SLAM)

Technical White Paper of. MOAC Mother of All Chains. June 8 th, 2017

Karaoke. Distributed Private Messaging Immune to Passive Traffic Analysis. David Lazar, Yossi Gilad, Nickolai Zeldovich

Alternative Consensus Algorithms. Murat Osmanoglu

The power of Blockchain: Smart Contracts. Foteini Baldimtsi

Blockchain Beyond Bitcoin. Mark O Connell

CCP: Conflicts Check Protocol for Bitcoin Block Security 1

Proof-of-Stake Protocol v3.0

Secure Algorithms and Data Structures for Massive Networks

Practical Byzantine Fault Tolerance Consensus and A Simple Distributed Ledger Application Hao Xu Muyun Chen Xin Li

University of Duisburg-Essen Bismarckstr Duisburg Germany HOW BITCOIN WORKS. Matthäus Wander. June 29, 2011

Chapter 13. Digital Cash. Information Security/System Security p. 570/626

Candidates Day Modeling the Energy Consumption of. Ryan Cole Liang Cheng. CSE Department Lehigh University

DEV. Deviant Coin, Innovative Anonymity. A PoS/Masternode cr yptocurrency developed with POS proof of stake.

As a 3rd generation currency, not only are transactions secured, private and fast, you actually get paid for holding DigitalPrice coins.

I. Introduction. II. Security, Coinage and Attacks

Introduction to Cryptoeconomics

Hybrid Consensus. Tai-Ning Liao, Xian-Ming Pan, Zhao-Heng Chiu, Imu Lin 1/65

RapidChain: Scaling Blockchain via Full Sharding

What is Proof of Work?

Reliability, distributed consensus and blockchain COSC412

Secure Multiparty Computation: Introduction. Ran Cohen (Tel Aviv University)

Hyperledger fabric: towards scalable blockchain for business

SOME OF THE PROBLEMS IN BLOCKCHAIN TODAY

EVALUATION OF PROOF OF WORK (POW) BLOCKCHAINS SECURITY NETWORK ON SELFISH MINING

OpenbankIT: a banking platform for e- money management based on blockchain technology

Stadium. A Distributed Metadata-private Messaging System. Matei Zaharia Nickolai Zeldovich SOSP 2017

Security Analysis of Bitcoin. Dibyojyoti Mukherjee Jaswant Katragadda Yashwant Gazula

Biomedical and Healthcare Applications for Blockchain. Tiffany J. Callahan Computational Bioscience Program Hunter/Kahn Labs

CISC859: Topics in Advanced Networks & Distributed Computing: Network & Distributed System Security. A Brief Overview of Security & Privacy Issues

A Scalable Proof-of-Stake Blockchain in the Open Setting

Scalable Bias-Resistant Distributed Randomness

BYZANTINE CONSENSUS THROUGH BITCOIN S PROOF- OF-WORK

Brown University. Yana Hrytsenko. Final Project: Blockchain for PKI: Using Blockchain data structure for Public Key. Infrastructure.

Enhanced Immutability of Permissioned Blockchain Networks by Tethering Provenance with a Public Blockchain Network

ICS 421 & ICS 690. Bitcoin & Blockchain. Assoc. Prof. Lipyeow Lim Information & Computer Sciences Department University of Hawai`i at Mānoa

BBc-1 : Beyond Blockchain One - An Architecture for Promise-Fixation Device in the Air -

Alternatives to Blockchains. Sarah Meiklejohn (University College London)

White Paper Version /03/01 The next generation high-efficiency, secure, developer friendly Cyber-Smart OS

Who wants to be a millionaire? A class in creating your own cryptocurrency

Ergo platform: from prototypes to a survivable cryptocurrency

Practical Byzantine Fault Tolerance. Miguel Castro and Barbara Liskov

Probabilistic Termination and Composability of Cryptographic Protocols [Crypto 16]

Exceptional Access Protocols. Alex Tong

Bitcoin and Blockchain

Blockchain! What consultants should know about it. Daniel

Security Analysis of Monero s Peer-to-Peer System

Sharding. Making blockchains scalable, decentralized and secure.

Bitcoin, a decentralized and trustless protocol

Proof-of-Work & Bitcoin

International Journal of Computer Engineering and Applications, Volume XIII, Issue II, Feb. 19, ISSN

BlockFin A Fork-Tolerant, Leaderless Consensus Protocol April

Key concepts of blockchain

Dfinity Consensus, Explored

THE SWIRLDS HASHGRAPH CONSENSUS ALGORITHM: FAIR, FAST, BYZANTINE FAULT TOLERANCE

Let's build a blockchain!

Zero-Knowledge proof of knowledge transfer. Perm summer school on blockchain 2018

POLARIS ADAPTIVE STATE SHARDING TECHNOLOGY, A SECURE SHARDING PROTOCOL FOR BLOCKCHAINS.

Sybil defenses via social networks

Asynchronous Proactive Cryptosystems without Agreement

SilentWhispers: Enforcing Security and Privacy in Decentralized Credit Networks

Consensus & Blockchain

The ZILLIQA Technical Whitepaper

Alternative Consensus

The Technology behind Smart Contracts

Transcription:

Algorand: Scaling Byzantine Agreements for Cryptocurrencies Yossi Gilad, Rotem Hemo, Silvio Micali, Georgios Vlachos, Nickolai Zeldovich Presented by: Preet Patel and Umang Lathia

Outline Overview of Distributed Ledgers Algorand - Introduction and Motivation Cryptographic Sortition BA* - Byzantine Agreement Implementation details Evaluation Current status and open questions

Distributed Ledger A Distributed Ledger is simply a sequence of data organized in blocks Blockchains are a form of distributed ledgers Block 45 Prev: Block 44 Block 46 Prev: Block 45 Readable/Writable by all Tamperproof Block 47 Prev: Block 46

Distributed Ledger - Bitcoin The blockchain has seen spectacular success in Bitcoin Main Idea: Consensus via Proof-of-Work High level idea: Transactions are signed and gossiped across the network Miners collect transactions and solve a cryptographic riddle to successfully propagate their block This proof of work is implemented such that there is one block generated every ~10 minutes. NEW BLOCK!

Distributed Ledger - Bitcoin Assumption: Honest majority of computing power Weaknesses of Bitcoin: Long latency for confirmation and block creation (~10 minutes) Waste of computational resources Forks!

ALGORAND

Why Computational Complexity Weighted by money vs. number of users Cryptographic Sortition (avoids Sybil attacks) New Byzantine Agreement (BA*)?

Algorand Assumptions Network Adversary Fraction of Honest Money (⅔) Synchronized Global Clock (eg. NTP)

Cryptographic Sortition Goal: Select a subset of users Idea: Get the users to interact and talk amongst themselves to elect a committee. Simple!

Cryptographic Sortition Goal: Select a subset of users Idea: Get the users to interact and talk amongst themselves to elect a committee. Simple! However, the adversary could be listening to the election process! Choosing the users in an interactive way can lead to them being attacked by the adversary before they can participate in the protocol

Cryptographic Sortition Goal: Local and non-interactive way to select subset of users Implemented using Verifiable Random Functions (VRF): Proof Secret Key VRF Seed Hash Hash is pseudo-random and is distributed uniformly between [0, 2hashlen-1]

Cryptographic Sortition Since each user is weighted by their money, we can let one unit of currency be one sub-user. A user with x units of currency has x sub-users. The probability of any unit of currency being chosen is p = τ/w τ - Expected number of users that we want to be chosen W - Total amount of currency units For a user with x units of currency, we divide the interval [0,1) into x+1 sub-intervals: Calculate c = hash/2hashlen and choose the number of sub-users based on which sub-interval c falls in.

Cryptographic Sortition - Key ideas Properties: Chooses a random subset of users by their weight Implemented using Verifiable Random Function, including proof of selection Each user knows whether they have been selected or not for that round Security: The chosen user needs to communicate only once, and then they are irrelevant Adversary cannot know how many times (or if) a user is chosen Splitting currency across users does not increase chance of being selected! Sortition will be used at each step of the Algorand Byzantine Agreement protocol

Gossip Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA

Gossip Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA BA*

Gossip Gossip sortition Select a small random pool of peers weighted by money to send messages to Signed by private key Check for forgery Avoid forwarding loops Each peer forwards messages that it hears to its random pool

Block Proposal Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA

Block Proposal sortition Block Proposal Select committee Send blocks, priority, proof to ALL users Select second committee Send highest priority block, proof to ALL users many

Reduction Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA BA*

Reduction Select committee Receive highest priority block, proof CountVotes() Reduction More than threshold, ensures that no two distinct values can be returned Reduce to one block to consider Send block, proof to ALL users 2 steps two many

Binary BA Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA BA*

Binary BA two one Binary BA

Binary BA two one Binary BA

Binary BA Select committee Receive block, proof Goal: choose block or empty block two one Binary BA

Binary BA Select committee Receive block, proof Goal: choose block or empty block Rounds of voting Adversary could push threshold for some users, but not others Timeout sets the next step vote to that which could have been returned two Min: 2 steps Max: 11 steps (to prevent incorrectness) Common Coin (getting unstuck, lowest hash) Recovery Protocol one Binary BA

CountVotes Gossip sortition Block Proposal many Reduction two Final or Tentative threshold CountVotes one Binary BA

CountVotes Select committee CountVotes() - Final Number of Users who decided in the first round threshold CountVotes one

Final or Tentative Select committee CountVotes() - Final Number of Users who decided in the first round If proposer was honest, this will happen If greater than a threshold, it is final Otherwise tentative Fixed during recovery process or final block after No more consensus can be achieved if there is a fork Final or Tentative threshold CountVotes

How To Make This Feasible?

Evaluation Prototype deployed on EC2 using 1000 VMs, each with 8 cores Latency:

Evaluation Throughput: ~125x Bitcoin s throughput (750 MB/hour vs. 6 MB/hour)

Evaluation Malicious users:

Discussion Questions Recently raised $4 million in seed funding How should incentives be handled? How is currency generated (bootstrapping)? Your weight (money) is public

Backup Slides Seed for sortition - comes from the previous round - proposed while proposing blocks BA* steps are NOT synchronized across users - wait for some time to receive a block, else use empty block

Backup Slides Visual: https://homepage.divms.uiowa.edu/~mbognar/applets/bin.html

Backup Slides

Backup Slides

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback