Decentralized Thoughts is a group blog on decentralization, by decentralized thinkers, for decentralized thoughts, of decentralized matters. Decentralized Thoughts is a group blog on decentralization, by decentralized thinkers, for decentralized thoughts, of decentralized matters.

Colordag: From always-almost to almost-always 50% selfish mining resilience

Posted on March 7, 2022, by Ittay Eyal, Ittai Abraham

The Selfish mining attack against blockchain protocols was discovered and formalized in 2013 by Eyal and Sirer (also see our blog post). The Bitcoin community has mentioned similar types of attacks in 2010. This attack remains a vulnerability of all operational blockchains we are aware of. For Bitcoin’s blockchain algorithm (under reasonable network assumptions), a coalition controlling over 1/4 of the mining power can improve its revenue using this attack.... [Read More]
Tags: blockchain game_theory

Blockchain Resource Pools and a CAP-esque Impossibility Result

Posted on March 3, 2022, by Andrew Lewis-Pye, Tim Roughgarden

The consensus layers of different blockchain protocols can look very different from one another. For example, to achieve sybil-resistance, some protocols use proof-of-work (selecting each block producer randomly, with probability proportional to its computational power), while some use proof-of-stake (with probabilities proportional to the amount of locked-up stake). To achieve consensus, some blockchain protocols use a longest-chain rule to resolve forks in-protocol, while others use BFT-style consensus to (with high... [Read More]
Tags: research lowerbound blockchain

Good-case Latency of Rotating Leader Synchronous BFT

Posted on December 7, 2021, by Nibesh Shrestha, Ittai Abraha, Kartik Nayak

Synchronous consensus protocols can tolerate $f < n/2$ Byzantine failures but for $n/3 <f <n/2$ must depend on the maximum network delay $\Delta$ for their safety and progress. So these protocols must set $\Delta$ to be much larger than the actual network delay $\delta \ll \Delta$. The good news is in the multi-shot (blockchain) scenarios, modern synchronous protocols such as Sync HotStuff can essentially pipeline the $\Delta$-dependent delay: [Read More]
Tags: synchronous protocols research

Consensus cheat sheet

Posted on October 29, 2021, by Ittai Abraham

  Crash Omission Byzantine Synchrony $f<n$ is possible $f+1$ round executions must exist $f \geq n/2$ is impossible $f<n/2$ possible with PKI / possible with PoW FLM: $f \geq n/3$ impossible without PKI/PoW Partial Synchrony CAP: $f\geq n/2$ is impossible Paxos: $f<n/2$ is possible $f<n/3$ is possible DLS: $f \geq n/3$ is impossible Asynchrony FLP: non-terminating executions must exist $f<n/2$ possible in $O(1)$ expected rounds $f<n/3$ possible in $O(1)$ expected... [Read More]
Tags: dist101

Nakamoto's Longest-Chain Wins Protocol

Posted on October 15, 2021, by Kartik Nayak

In this post, we will cover Nakamoto’s Consensus protocol presented in the Bitcoin whitepaper. There are a lot of posts and videos that explain this seminal and simple protocol. Our goal in this post will be to intuitively piece out the need for different aspects of the protocol, such as proof-of-work and how network synchrony plays a role in the protocol. [Read More]
Tags: blockchain101

Crusader Agreement with $\leq 1/3$ Error is Impossible for $n\leq 3f$ if the Adversary can Simulate

Posted on October 4, 2021, by Ittai Abraham and Kartik Nayak

The classic FLM lower bound says that in Synchrony, Byzantine Agreement is impossible when $n \leq 3f$. We discussed this important bound in a previous post. In this post we strengthen the FLM lower bound in two important ways: Maybe randomization allows circumventing the FLM lower bound? No! Even allowing $\leq 1/3$ error, this bound still holds (based on unpublished work of Yao and Karlin, see the work of Graham... [Read More]
Tags: lowerbound dist101

Distributed consensus made simple (for real this time!)

Posted on September 30, 2021, by Chris Jensen, Heidi Howard

Multi-Paxos is the de facto solution for deciding a log of commands to execute on a replicated state machine, yet it’s famously difficult to understand, motivating the switch to ‘simpler’ consensus protocols such as Raft. The conventional wisdom is that the best way to use Paxos (aka Synod, or single-shot Paxos), to decide a log of commands is to run many instances of it, where the $i^{th}$ instance decides the... [Read More]
Tags: dist101 paxos

The round complexity of Reliable Broadcast

Posted on September 29, 2021, by Ittai Abraham, Zhuolun Xiang, Ling Ren

Reliable Broadcast is an important building block of many Asynchronous protocols. There is a broadcaster that has some input value, $v$, and a non-faulty party that terminates needs to output a value. Reliable Broadcast is defined via two properties: [Read More]
Tags: dist101 research lowerbound

Optimal Communication Complexity of Authenticated Byzantine Agreement

Posted on September 20, 2021, by Atsuki Momose, Ling Ren

Communication complexity of Byzantine Agreement (BA) has been studied for decades. Dolev and Reischuk showed that quadratic communication is necessary for BA with perfect security, i.e., without error. Berman, Garay, and Perry showed that this lower bound is tight for the unauthenticated setting (without signatures) with $f < n/3$. However, for $f \ge n/3$, the best solution so far is still the Dolev-Strong protocol with cubic communication, so a linear... [Read More]
Tags: research synchronous protocols

Information Theoretic HotStuff (IT-HS): Part One

Posted on September 20, 2021, by Gilad Stern, Ittai Abraham

This post is the first of two on Information Theoretic HotStuff (IT-HS). Information Theoretic HotStuff is a Byzantine Consensus protocol in the partially synchronous model. It replaces all of HotStuff’s cryptographic signatures with simple information theoretic message passing techniques over authenticated channels. Information theoretic protocols are often easy to reason about, form a great introduction for learning the basics of consensus, have less of an attack surface, and highlight useful... [Read More]
Tags: dist101

The Private Set Intersection (PSI) Protocol of the Apple CSAM Detection System

Posted on August 29, 2021, by Benny Pinkas

In this post, we will discuss the cryptographic construction used in Apple’s new system for detecting CSAM - Child Sexual Abuse Material. This cryptographic construction implements a new variant of PSI - Private Set Intersection. While a lot of attention has been paid to the broad implications of this system, the technical details of the PSI construction have not been highlighted, even though Apple published a detailed technical description of... [Read More]
Tags: private-set-intersection

Simplifying Raft with Chaining

Posted on July 17, 2021, by Heidi Howard, Natacha Crooks, Ittai Abraham

Raft is a consensus algorithm for deciding a sequence of commands to execute on a replicated state machine. Raft is famed for its understandability (relative to other consensus algorithms such as Paxos) yet some aspects of the protocol still require careful treatment. For instance, determining when it is safe for a leader to commit commands from previous leaders or when it is safe for servers to delete or overwrite commands... [Read More]

Neither Non-equivocation nor Transferability alone is enough for tolerating minority corruptions in asynchrony

Posted on June 14, 2021, by Sravya Yandamuri, Naama Ben David

In this post, we explore a theorem of Clement, Junqueira, Kate, and Rodrigues from PODC 2012 regarding the limits of non-equivocation. Informally, this theorem says that neither Non-equivocation nor Transferability alone is enough for tolerating minority corruptions in asynchrony. [Read More]
Tags: dist101 non-equivocation lowerbound

Benign Hotstuff

Posted on April 2, 2021, by Ittai Abraham, Heidi Howard, and Kartik Nayak

In this post we describe a variant of Paxos (or Raft or Lock-Commit) that is inspired by looking through the lens of HotStuff and Blockchain protocols. The most noticeable difference is that while Paxos and Raft aim to maintain a stable Primary/Leader (and change views infrequently), in Benign Hotstuff (as in HotStuff), the Primary is rotated every round! A more subtle difference is that in Paxos and Raft each block... [Read More]
Tags: dist101 blockchain101

Living with Asynchrony: the Gather protocol

Posted on March 26, 2021, by Gilad Stern and Ittai Abraham

A very useful tool in Asynchronus distributed computing is Reliable Broadcast, or simply called Broadcast. It allows a leader to send a message, knowing that all parties will eventually receive the same message, even if a malicious adversary control $f$ parties and $f<n/3$. Broadcast is deterministic and takes just a constant number of rounds. [Read More]
Tags: dist101 asynchrony

Good-case Latency of Byzantine Broadcast: the Synchronous Case

Posted on March 9, 2021, by Zhuolun Xiang

In our first post, we presented a summary of our good-case latency results for Byzantine broadcast (BB) and state machine replication (SMR), where the good case measures the latency to commit given that the broadcaster or leader is honest. In our second post, we discussed our results for partial synchrony, and described a new BFT SMR protocol named (5f-1)-SMR that can commit a decision within $2$ rounds in the good... [Read More]
Tags: lowerbound synchronous protocols