Ling Ren Joint work with Ittai Abraham, Dahlia Malkhi,

Slides:



Advertisements
Similar presentations
Secure Multiparty Computations on Bitcoin
Advertisements

1 Indranil Gupta (Indy) Lecture 8 Paxos February 12, 2015 CS 525 Advanced Distributed Systems Spring 2015 All Slides © IG 1.
Consensus Algorithms Willem Visser RW334. Why do we need consensus? Distributed Databases – Need to know others committed/aborted a transaction to avoid.
CS 425 / ECE 428 Distributed Systems Fall 2014 Indranil Gupta (Indy) Lecture 19: Paxos All slides © IG.
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
How Bitcoin Achieves Decentralization
Bitcoin Bitcoin is a cryptocurrency. The platform that hosts Bitcoin is a p2p system. Bitcoin can be abstracted as a digital file that records the account.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
CSE 4095 Lecture 22 – BlockChain Slides adapted from Claudio Orlandi.
A SECURE SHARDING PROTOCOL FOR OPEN BLOCKCHAINS
Bitcoin and the Blockchain
Blockchains . or . How to avoid paying $40,000,000 for two pizzas
CS 525 Advanced Distributed Systems Spring 2013
Evaluation Forms for Blockchain- Based System ver. 1.0
Distributed Systems – Paxos
Virtual currency? Crypto-currency? Internet Money? Property?
Bitcoin - a distributed virtual currency system
Instability Of Bitcoin Without the Block Reward.
Distributed Systems for Information Systems Management
Bitcoin and the Blockchain

CS898AT – Bitcoins and Cryptocurrencies
Advanced Cryptography Protocols
Let’s build a Blockchain!
Nakamoto Consensus Marco Canini
EECS 498 Introduction to Distributed Systems Fall 2017
CS 240: Computing Systems and Concurrency Lecture 20 Marco Canini
Bitcoin & Blockchains Kevin Sekniqi.
EECS 498 Introduction to Distributed Systems Fall 2017
Implementing Consistency -- Paxos
CS 525 Advanced Distributed Systems Spring 2018
Introduction to Blockchains
Distributed Systems, Consensus and Replicated State Machines
Bitcoin and the Blockchain
Blockchains (2) slides have been taken from:
Campbell R. Harvey Duke University and NBER
EEC 688/788 Secure and Dependable Computing
Blockchain technology
Nonce Making Sense of Nonces.
Fault-tolerance techniques RSM, Paxos
CS 425 / ECE 428 Distributed Systems Fall 2017 Indranil Gupta (Indy)
Can blockchains be made better using hardware-assisted security?
EEC 688/788 Secure and Dependable Computing
IS 651: Distributed Systems Blockchain
HW5 What’s a quorum? How can we use the concept of quorum?
Blockchain Concepts RISK FORUM 2017 Hash function (e.g. SHA-256)
Bitcoin and Blockchains
EEC 688/788 Secure and Dependable Computing
IS 651: Distributed Systems Final Exam
Replicated state machine and Paxos
Consensus Algorithms.
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Kai Bu 04 Blockchain Kai Bu
EEC 688/788 Secure and Dependable Computing
Blockchains and Auditing
Blockchains and Smart Contracts for the Internet of Things
Byzantine Fault-Tolerance
EEC 688/788 Secure and Dependable Computing
EEC 688/788 Secure and Dependable Computing
Faculty Seminar Series Blockchain Technology
Cryptography Lecture 24.
Bitcoin & Blockchains Kevin Sekniqi.
Implementing Consistency -- Paxos
Blockchain == Crypto + Raft++
Bitcoin and Blockchain
Explore Txs, block, blockchain in Bitcoin
Blockchain Mining Games
Announcement Sign up google sheet for in class lectures
Sisi Duan Assistant Professor Information Systems
Presentation transcript:

Solida: A Blockchain Protocol Based on Reconfigurable Byzantine Consensus Ling Ren Joint work with Ittai Abraham, Dahlia Malkhi, Kartik Nayak and Alexander Spiegelman *Work done at VMware Research

Bitcoin Ordered blocks (of transactions) A block must be hard to generate -- mining To talk about cryptocurreny, we have to start with Bitcoin Only the payer can initiate a tx Refer to a previous tx in which he was the payee The number one challenge: double spending Alice pays Bob $1 & Dan $2 Dan pays Carol $50 …… Carol pays Bob $50 …… Bob pays Alice $10 …… Double spending Carol pays Carol’ $50 ……

Bitcoin Mining Mining: solve hard puzzles ffffffffca780f89 Random function ffffffffca780f89 > Threshold ? nonce By the time Carol finds this cheating block, the rest of the world has found more blocks on the main chain Longest chain wins Proof-of-Work (PoW) Alice pays Bob $1 Alice pays Dan $2 Dan pays Carol $50 …… Carol pays Bob $50 Bob pays Alice $10 PoW PoW PoW

Permissionless Consensus Bitcoin: PoW + longest chain wins Alice Bob Emily Dave Charlie Participants reach consensus on tx history Anyone can leave or join at any time Newly minted coins & tx fees

Permissionless Consensus Bitcoin: PoW + longest chain wins Alice Bob Emily Dave Charlie

Bitcoin Consensus is Slow 10min / block, > 60min latency Byzantine consensus (e.g., PBFT) is instant Member 1 (Leader) Member 2 Member 3 Member 4 Pre-prepare Prepare Commit n = 3f+1 PBFT Courtesy of J. Li @ NYU

PBFT for Blockchains? Reconfiguration Wedging [Peercensus, Byzcoin, Hybrid Consensus] Numerous challenges: PBFT is permissioned TXs concurrent to reconfiguration “altruistic” vs. “rational” participants Reconfiguration Wedging They tried to make it permisssionless, but we will see later, they didn’t succeed. Hardly justifiable. E.g., mine Bitcoin voluntarily, no need for reward What is Solidus

Reconfiguration puzzle puzzle Committee F PoW A B C D E PoW G PoW

Reconfigure PBFT The newcomer acts as an external leader Let me in PoW Decision Member 1 An elect phase like Paxos. Leader is external. Use PoW as a ticket to get into the committee. The 3 phases in the middle same as PBFT, but renamed. A propagate phase for the world. Member 2 PoW Member 3 Decision Member 4 Propose Accept Commit Propagate

Reconfigure PBFT - Contention Paxos-style leader election with ranks Leader B PoW Leader A Member 1 Leader -> rank High ranked leader can interrupt low ranked ones. What to use as ranks? Paxos, a leader picks its own rank. Here, A leader must not control its own rank. PoW as rank. Member 2 PoW Member 3 Member 4 Propose Accept Commit

Reconfigure PBFT - Contention PoW as rank Leader B Let me in! PoW Leader A Member 1 PoW as rank. B interrupts A. Case 1: A has not done much, B proposes his own proposal Yessir! Member 2 PoW Member 3 Member 4 Status Propose Accept Commit

Reconfigure PBFT - Contention PoW as rank Let A in! Leader B PoW Leader A Member 1 PoW as rank. B interrupts A. Case 2: A has done a lot and cannot be reverted Member 2 Help A finish! PoW Member 3 Member 4 Status Propose Accept Commit

PoW Problem with PoW Ranks A Byzantine leader can stall Leader A Member 1 PoW as rank. B interrupts A. Case 2: A has done a lot and cannot be reverted Member 2 PoW Member 3 Member 4 Elect Propose Accept Commit

A Fix with Epochs rank = (lifespan, PoW) rank Lifespan = # of PoWs seen so far Leader A Member 1 PoW as rank. B interrupts A. Case 2: A has done a lot and cannot be reverted Member 2 rank Member 3 Member 4 Elect Propose Accept Commit

Safety follows from PBFT Proof-of-Work gives sybil-proof and eventually unique leader Lifespan prevents stalling A Fix with Epochs rank = (epoch, PoW) Each member maintains a local epoch rank.epoch = median among 2f+1 replies Leader A Member 1 PoW as rank. B interrupts A. Case 2: A has done a lot and cannot be reverted Member 2 rank Member 3 Member 4 Get-epoch Elect Propose Accept Commit

Proof Sketch Goal: Adversary cannot get 1/3 seats Sketch: Message delay for honest users  extra time to work on PoW for adversaries Synchrony? Seriously? Necessary for Bitcoin/PoW [PSS’16] Why PBFT if the model is synchronous? Actual speed vs. ½ fault tolerance

Summary Bitcoin: PoW  a PoW chain  permissionless consensus Solida: PoW

Solidus  Solida

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.