Decentralized ThoughtsDecentralized thoughts about decentralization
https://decentralizedthoughts.github.io
Private Set Intersection
Private Set Intersection (PSI) is a problem within the broader field of secure computation. The PSI problem There are two friends Alice and Bob such that Alice has a set of items $A=(a_1,\ldots,a_n)$ and Bob has the set $B=(b_1,\ldots,b_n)$. The goal is to design a protocol by which Alice and...
Sun, 29 Mar 2020 01:00:00 -0700
https://decentralizedthoughts.github.io/2020-03-29-private-set-intersection-a-soft-introduction/
https://decentralizedthoughts.github.io/2020-03-29-private-set-intersection-a-soft-introduction/Range Proofs from Polynomial Commitments, Re-explained
This is a re-exposition of a post here by Dan Boneh, Ben Fisch, Ariel Gabizon, and Zac Williamson, with a few more details on why the polynomial relations hold. They construct a simple zero knowledge range proof from a hiding polynomial commitment scheme (PCS), such as KZG1. $$ \def\Fp{\mathbb{F}_p} \def\FF{\Fp^{\scriptscriptstyle{(<n)}}[X]}...
Tue, 03 Mar 2020 00:00:00 -0800
https://decentralizedthoughts.github.io/2020-03-03-range-proofs-from-polynomial-commitments-reexplained/
https://decentralizedthoughts.github.io/2020-03-03-range-proofs-from-polynomial-commitments-reexplained/Blockchain Selfish Mining
Proof of Work (PoW) Blockchains implement a form of State Machine Replication (SMR). Unlike classical SMR protocols, they are open, i.e., anyone can join the system, and the system incentivizes participants, called miners, to follow the protocol. Therefore, unlike classical SMR protocols, reasoning about blockchain security relies not only on...
Wed, 26 Feb 2020 07:00:00 -0800
https://decentralizedthoughts.github.io/2020-02-26-selfish-mining/
https://decentralizedthoughts.github.io/2020-02-26-selfish-mining/Dolev-Strong Authenticated Broadcast
This post is about the classic result from 1983 on authenticated broadcast against a Byzantine adversary: Theorem (Dolev-Strong [1983]): there exists an authenticated protocol for solving broadcast, against any adversary controlling $t<n$ out of $n$ parties, in $t+1$ rounds, using $O(n^2t)$ words Recall Broadcast properties: (1) Termination - all honest...
Sun, 22 Dec 2019 09:05:00 -0800
https://decentralizedthoughts.github.io/2019-12-22-dolev-strong/
https://decentralizedthoughts.github.io/2019-12-22-dolev-strong/The FLP Impossibility, Asynchronous Consensus Lower Bound via Uncommitted Configurations
In this third post, we conclude with the celebrated Fischer, Lynch, and Paterson impossibility result from 1985. It is the fundamental lower bound for consensus in the asynchronous model. Theorem 1 (FLP85): Any protocol $\mathcal{P}$ solving consensus in the asynchronous model that is resilient to even just one crash failure...
Sun, 15 Dec 2019 09:15:00 -0800
https://decentralizedthoughts.github.io/2019-12-15-asynchrony-uncommitted-lower-bound/
https://decentralizedthoughts.github.io/2019-12-15-asynchrony-uncommitted-lower-bound/Synchronous Consensus Lower Bound via Uncommitted Configurations
In this second post, we show the fundamental lower bound on the number of rounds for consensus protocols in the synchronous model. Theorem 1: Any protocol solving consensus in the synchronous model that is resilient to $t$ crash failures must have an execution with at least $t+1$ rounds. Bad news:...
Sun, 15 Dec 2019 09:05:00 -0800
https://decentralizedthoughts.github.io/2019-12-15-synchrony-uncommitted-lower-bound/
https://decentralizedthoughts.github.io/2019-12-15-synchrony-uncommitted-lower-bound/Consensus Lower Bounds via Uncommitted Configurations
In this series of three posts, we discuss two of the most important consensus lower bounds: Lamport, Fischer [1982]: any protocol solving consensus in the synchronous model that is resilient to $t$ crash failures must have an execution with at least $t+1$ rounds. Fischer, Lynch, and Patterson [1983, 1985]: any...
Sun, 15 Dec 2019 09:03:00 -0800
https://decentralizedthoughts.github.io/2019-12-15-consensus-model-for-FLP/
https://decentralizedthoughts.github.io/2019-12-15-consensus-model-for-FLP/Data, Consensus, Execution: Three Scalability Bottlenecks for State Machine Replication
If anyone asks you: how can I scale my State Machine Replication (Blockchain) system? You should answer back with a question: what is your bottleneck? Is it Data, Consensus or Execution? Data: Shipping the commands to all the replicas. For example, if a block contains 1MB of commands, then you...
Fri, 06 Dec 2019 09:05:00 -0800
https://decentralizedthoughts.github.io/2019-12-06-dce-the-three-scalability-bottlenecks-of-state-machine-replication/
https://decentralizedthoughts.github.io/2019-12-06-dce-the-three-scalability-bottlenecks-of-state-machine-replication/Security proof for Nakamoto Consensus
Bitcoin’s underlying consensus protocol, now known as Nakamoto consensus, is an extremely simple and elegant solution to the Byzantine consensus problem. One may expect this simple protocol to come with a simple security proof. But that turns out not to be the case. The Bitcoin white paper did not provide...
Fri, 29 Nov 2019 13:05:00 -0800
https://decentralizedthoughts.github.io/2019-11-29-Analysis-Nakamoto/
https://decentralizedthoughts.github.io/2019-11-29-Analysis-Nakamoto/Sync HotStuff, A Simple and Practical State Machine Replication
In the previous post, we discussed progress in authenticated synchronous consensus protocols. In this post, we will discuss one of the recent protocols Sync HotStuff, which is a simple and practical Byzantine Fault Tolerant SMR protocol to tolerate $f < n/2$ faults. We first present one of the key ideas...
Tue, 12 Nov 2019 02:10:00 -0800
https://decentralizedthoughts.github.io/2019-11-12-Sync-HotStuff/
https://decentralizedthoughts.github.io/2019-11-12-Sync-HotStuff/Authenticated Synchronous BFT
Different modeling assumptions under which we construct BFT protocols often make it hard to compare two protocols and understand their relative contributions. In this post we discuss synchronous protocols in the authenticated model (assuming a PKI). A protocol runs in the synchronous model if it assumes a bounded message delay,...
Mon, 11 Nov 2019 00:01:00 -0800
https://decentralizedthoughts.github.io/2019-11-11-authenticated-synchronous-bft/
https://decentralizedthoughts.github.io/2019-11-11-authenticated-synchronous-bft/Primary-Backup for Two Servers and One Omission Failure is Impossible
In the previous post, we show that State Machine Replication for any f<n failures is possible in the synchronous model when the adversary can only cause parties to crash. In this post, we show that omission failures are more challenging. It requires f<n/2. Theorem: It is impossible to implement State...
Sat, 02 Nov 2019 11:12:00 -0700
https://decentralizedthoughts.github.io/2019-11-02-primary-backup-for-2-servers-and-omission-failures-is-impossible/
https://decentralizedthoughts.github.io/2019-11-02-primary-backup-for-2-servers-and-omission-failures-is-impossible/Primary-Backup State Machine Replication for Crash Failures
We continue our series of posts on State Machine Replication (SMR). In this post we discuss the most simple form of SMR: Primary-Backup for crash failures. We will assume synchronous communication. For simplicity, we will consider the case with two replicas, out of which one can crash. Recall that when...
Fri, 01 Nov 2019 03:10:00 -0700
https://decentralizedthoughts.github.io/2019-11-01-primary-backup/
https://decentralizedthoughts.github.io/2019-11-01-primary-backup/A Payment Channel is a two person BFS-SMR system
This posts views payment channels as essentially a two person BFS-SMR system along with a carefully implemented mechanism for safe termination (channel closing) under assumptions of synchrony. Suppose Alice wants to Pay Bob 10,000 times. The obvious solution is to do 10,000 transactions on a main State Machine Replication System....
Fri, 25 Oct 2019 14:22:00 -0700
https://decentralizedthoughts.github.io/2019-10-25-payment-channels-are-just-a-two-person-bfs-smr-systems/
https://decentralizedthoughts.github.io/2019-10-25-payment-channels-are-just-a-two-person-bfs-smr-systems/Flavours of State Machine Replication
State Machine Replication is a fundamental approach in distributed computing for building fault tolerant systems. This post is a followup to our basic post on Fault Tolerant State Machine Replication. After defining what a state machine is and the transition function apply we then defined a Fault Tolerant State Machine...
Fri, 25 Oct 2019 12:54:00 -0700
https://decentralizedthoughts.github.io/2019-10-25-flavours-of-state-machine-replication/
https://decentralizedthoughts.github.io/2019-10-25-flavours-of-state-machine-replication/Flavours of Broadcast
What is the difference between broadcast, crusader broadcast, gradecast, weak broadcast, detectable broadcast, and broadcast with abort? This post is a follow up to our basic post on: What is Broadcast? The focus of this post is on computationally unbounded adversaries in the synchronous model, but we begin with considering...
Tue, 22 Oct 2019 07:44:00 -0700
https://decentralizedthoughts.github.io/2019-10-22-flavours-of-broadcast/
https://decentralizedthoughts.github.io/2019-10-22-flavours-of-broadcast/Consensus for State Machine Replication
We introduced definitions for consensus, Byzantine Broadcast (BB) and Byzantine Agreement (BA), in an earlier post. In this post, we will discuss how consensus protocols are used in State Machine Replication (SMR). We will compare and contrast this setting to that of traditional BB and BA. State Machine Replication is...
Tue, 15 Oct 2019 19:58:00 -0700
https://decentralizedthoughts.github.io/2019-10-15-consensus-for-state-machine-replication/
https://decentralizedthoughts.github.io/2019-10-15-consensus-for-state-machine-replication/Flavours of Partial Synchrony
This is a follow up post to the post on Synchrony, Asynchrony and Partial synchrony. The partial synchrony model of DLS88 comes in two flavours: GST and Unknown Latency. In this post we discuss: why, in practice, the GST flavour seems to be a better model of the real world....
Fri, 13 Sep 2019 23:57:00 -0700
https://decentralizedthoughts.github.io/2019-09-13-flavours-of-partial-synchrony/
https://decentralizedthoughts.github.io/2019-09-13-flavours-of-partial-synchrony/Dont Trust. Verify. and Checkpoint?
Imagine that that Aliens land on earth with a new superfast SHA256 machine. Imagine this machine always gives them more than 51% of the current world Bitcoin hash power (but not enough hash power to completely break SHA256). Suppose they decide to build a chain from the Bitcoin Genesis block...
Fri, 13 Sep 2019 13:32:00 -0700
https://decentralizedthoughts.github.io/2019-09-13-dont-trust-checkpoint/
https://decentralizedthoughts.github.io/2019-09-13-dont-trust-checkpoint/Does Byzantine Agreement need Quadratic Messages?
The quest for building scalable Byzantine agreement has many challenges. In this post we highlight the 1982 Dolev and Reischuk lower bound. In this series of posts we are revisiting classic lower bounds from the 1980’s. Most of them focused on deterministic protocols and computationally unbounded adversaries. Part of our...
Fri, 16 Aug 2019 15:30:00 -0700
https://decentralizedthoughts.github.io/2019-08-16-byzantine-agreement-needs-quadratic-messages/
https://decentralizedthoughts.github.io/2019-08-16-byzantine-agreement-needs-quadratic-messages/