The First Blockchain or How to Time-Stamp a Digital Document
This post is about the work of Stuart Haber and W. Scott Stornetta from 1991 on How to Time-Stamp a Digital Document and their followup paper Improving the Efficiency and Reliability of Digital Time-Stamping. In many ways, this work introduced the idea of a chain of hashes to create a total order of commitments to a dynamically growing set of documents. It’s no wonder these two papers are cited by...
[Read More]
On the Optimality of Optimistic Responsiveness
Synchronous consensus protocols tolerating Byzantine failures depend on the maximum network delay $\Delta$ for their safety and progress. The delay, $\Delta$ is usually much larger than actual network delay $\delta$ since $\Delta$ is a pessimistic value. While synchronous protocols tolerating more than one-third will have executions with at least a $\Delta$ latency, recent synchronous protocols such as Sync HotStuff have been trying to reduce the reliance on $\Delta$ as much...
[Read More]
Streamlet: A Simple Textbook Blockchain Protocol
Guest post by Benjamin Chan and Elaine Shi
[Read More]
Bilinear Accumulators for Cryptocurrency Enthusiasts
Accumulator schemes are an alternative to Merkle Hash Trees (MHTs) for committing to sets of elements.
Their main advantages are:
[Read More]
Private Set Intersection
Private Set Intersection (PSI) is a problem within the broader field of secure computation.
[Read More]
Range Proofs from Polynomial Commitments, Re-explained
This is a re-exposition of a post here by Dan Boneh, Ben Fisch, Ariel Gabizon, and Zac Williamson, with a few more details on why the polynomial relations hold.
[Read More]
Blockchain Selfish Mining
Proof of Work (PoW) Blockchains implement a form of State Machine Replication (SMR). Unlike classical SMR protocols, they are open, i.e., anyone can join the system, and the system incentivizes participants, called miners, to follow the protocol. Therefore, unlike classical SMR protocols, reasoning about blockchain security relies not only on bounding the number of malicious participants. One should crucially ask whether miners are indeed incentivized to follow the prescribed protocol....
[Read More]
Dolev-Strong Authenticated Broadcast
This post is about the classic result from 1983 on authenticated broadcast against a Byzantine adversary:
[Read More]
The FLP Impossibility, Asynchronous Consensus Lower Bound via Uncommitted Configurations
In this third post, we conclude with the celebrated Fischer, Lynch, and Paterson impossibility result from 1985. It is the fundamental lower bound for consensus in the asynchronous model.
[Read More]
Synchronous Consensus Lower Bound via Uncommitted Configurations
In this second post, we show the fundamental lower bound on the number of rounds for consensus protocols in the synchronous model.
[Read More]
Consensus Lower Bounds via Uncommitted Configurations
In this series of three posts, we discuss two of the most important consensus lower bounds: Lamport, Fischer [1982]: any protocol solving consensus in the synchronous model that is resilient to $t$ crash failures must have an execution with at least $t+1$ rounds. Fischer, Lynch, and Patterson [1983, 1985]: any protocol solving consensus in the asynchronous model that is resilient to even one crash failure must have an infinite execution....
[Read More]
Data, Consensus, Execution: Three Scalability Bottlenecks for State Machine Replication
If anyone asks you: how can I scale my State Machine Replication (Blockchain) system?
[Read More]
Security proof for Nakamoto Consensus
Bitcoin’s underlying consensus protocol, now known as Nakamoto consensus, is an extremely simple and elegant solution to the Byzantine consensus problem. One may expect this simple protocol to come with a simple security proof. But that turns out not to be the case. The Bitcoin white paper did not provide a proof. Several academic papers (e.g. Garay, Kiayias, Leonardos, and Pass, Seeman, shelat and Kiffer, Rajaraman, shelat) later presented rigorous...
[Read More]
Sync HotStuff, A Simple and Practical State Machine Replication
In the previous post, we discussed progress in authenticated synchronous consensus protocols. In this post, we will discuss one of the recent protocols Sync HotStuff, which is a simple and practical Byzantine Fault Tolerant SMR protocol to tolerate $f < n/2$ faults.
[Read More]
Authenticated Synchronous BFT
Post updated in March 2021
[Read More]
State Machine Replication for Two Servers and One Omission Failure is Impossible even in a lock-step model
In a previous post, we show that State Machine Replication for any $f<n$ failures is possible in the synchronous model when the adversary can only cause parties to crash. In this post, we show that omission failures are more challenging. Implementing SMR requires at most $f<n/2$ omission failures.
[Read More]
Primary-Backup State Machine Replication for Crash Failures
We continue our series of posts on State Machine Replication (SMR). In this post we discuss the most simple form of SMR: Primary-Backup for crash failures. We will assume synchronous communication. For simplicity, we will consider the case with two replicas, out of which one can crash. Recall that when a party crashes, it irrevocably terminates.
[Read More]
A Payment Channel is a two person BFS-SMR system
This posts views payment channels as essentially a two person BFS-SMR system along with a carefully implemented mechanism for safe termination (channel closing) under assumptions of synchrony.
[Read More]
Flavours of State Machine Replication
State Machine Replication is a fundamental approach in distributed computing for building fault tolerant systems. This post is a followup to our basic post on Fault Tolerant State Machine Replication.
[Read More]