From 463d48c34ea59c3778568d7ef68acb4b8c3ef4bc Mon Sep 17 00:00:00 2001 From: AlistairStewart <32751032+AlistairStewart@users.noreply.github.com> Date: Thu, 2 Jul 2020 17:10:03 +0200 Subject: [PATCH] reduced bibliography to one file --- pdf/grandpa.bib | 132 ++++++++++++++++++++++++++++++++++++++++++++++++ pdf/grandpa.tex | 18 ++++--- 2 files changed, 142 insertions(+), 8 deletions(-) diff --git a/pdf/grandpa.bib b/pdf/grandpa.bib index 5c157cd..9fce178 100644 --- a/pdf/grandpa.bib +++ b/pdf/grandpa.bib @@ -61,3 +61,135 @@ url={https://www.weusecoins.com/assets/pdf/library/SCP%20-%20%20A%20Computationally-Scalable%20Byzantine.pdf} } +@article{DLS, + title={Consensus in the presence of partial synchrony}, + author={Dwork, Cynthia and Lynch, Nancy and Stockmeyer, Larry}, + journal={Journal of the ACM (JACM)}, + volume={35}, + number={2}, + pages={288--323}, + year={1988}, + publisher={ACM New York, NY, USA} +} + +@misc{ nakamoto08bitcoin, + author = {Satoshi Nakamoto}, + title = {\href{https://bitcoin.org/bitcoin.pdf}{Bitcoin: A Peer-to-Peer Electronic Cash System}}, + year = 2008, +} + +@article{wood14ethereum, + title={\href{https://github.com/ethereum/wiki/wiki/White-Paper}{Ethereum: A Secure Decentralised Generalised Transaction Ledger}}, + author={Wood, Gavin}, + journal={Ethereum Project Yellow Paper}, + year={2014} +} + +@inproceedings{sasson2014zerocash, + title={\href{https://ieeexplore.ieee.org/abstract/document/6956581/}{Zerocash: Decentralized anonymous payments from {B}itcoin}}, + author={Sasson, Eli Ben and Chiesa, Alessandro and Garman, Christina and Green, Matthew and Miers, Ian and Tromer, Eran and Virza, Madars}, + booktitle={Security and Privacy (SP), 2014 IEEE Symposium on}, + pages={459--474}, + year={2014}, + organization={IEEE} +} + +@article{apostolaki16hijacking, + title={\href{http://arxiv.org/abs/1605.07524}{Hijacking Bitcoin: Large-scale Network Attacks on Cryptocurrencies}}, + author={Apostolaki, Maria and Zohar, Aviv and Vanbever, Laurent}, + journal = {38th IEEE Symposium on Security and Privacy}, + month = may, + year = {2017} +} + +@inproceedings{gervais15tampering, + title={\href{https://eprint.iacr.org/2015/578.pdf}{Tampering with the Delivery of Blocks and Transactions in {Bitcoin}}}, + author={Gervais, Arthur and Ritzdorf, Hubert and Karame, Ghassan O and Capkun, Srdjan}, + booktitle={22nd ACM SIGSAC Conference on Computer and Communications Security}, + pages={692--705}, + year={2015}, + organization={ACM}, + url = {https://eprint.iacr.org/2015/578.pdf}, +} + +@inproceedings{heilman15eclipse, + title={\href{https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-heilman.pdf}{Eclipse Attacks on {Bitcoin}'s Peer-to-Peer Network}}, + author={Heilman, Ethan and Kendler, Alison and Zohar, Aviv and Goldberg, Sharon}, + booktitle={24th USENIX Security Symposium}, + pages={129--144}, + year={2015}, + url={https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-heilman.pdf}, +} + +@inproceedings{kokoris16enhancing, + author = {Eleftherios Kokoris-Kogias and Philipp Jovanovic and Nicolas Gailly and Ismail Khoffi and Linus Gasser and Bryan Ford}, + title = {\href{http://arxiv.org/abs/1602.06997}{Enhancing Bitcoin Security and Performance with Strong Consistency via Collective Signing}}, + booktitle = {Proceedings of the 25th USENIX Conference on Security Symposium}, + year = {2016}, +} + +@InProceedings{decker16bitcoin, + author = {Christian Decker and Jochen Seidel and Roger Wattenhofer}, + title = {\href{http://www.tik.ee.ethz.ch/file/ed3e5da74fbca5584920e434d9976a12/peercensus.pdf}{Bitcoin Meets Strong Consistency}}, + booktitle = {{17th International Conference on Distributed Computing and Networking (ICDCN), Singapore}}, + month = {January}, + year = {2016}, + url = {http://www.tik.ee.ethz.ch/file/ed3e5da74fbca5584920e434d9976a12/peercensus.pdf}, +} + +@misc{pass16hybrid, + author = {Rafael Pass and Elaine Shi}, + title = {\href{http://eprint.iacr.org/2016/917}{Hybrid Consensus: Efficient Consensus in the Permissionless Model}}, + howpublished = {Cryptology ePrint Archive, Report 2016/917}, + year = {2016}, +} + +@article{avarikioti19divide, + title={Divide and Scale: Formalization of Distributed Ledger Sharding Protocols}, + author={Avarikioti, Georgia and Kokoris-Kogias, Eleftherios and Wattenhofer, Roger}, + journal={arXiv preprint arXiv:1910.10434}, + year={2019} +} + +@inproceedings{kokoris17omniledger, + title={\href{https://eprint.iacr.org/2017/406.pdf}{OmniLedger: A Secure, Scale-Out, Decentralized Ledger via Sharding}}, + author={Kokoris-Kogias, Eleftherios and Jovanovic, Philipp and Gasser, Linus and Gailly, Nicolas and Syta, Ewa and Ford, Bryan}, + booktitle={39th {IEEE Symposium on Security and Privacy}}, + pages={19--34}, + year={2018}, + organization={IEEE} +} + +@inproceedings{al18chainspace, + author = {Mustafa Al{-}Bassam and Alberto Sonnino and Shehar Bano and + Dave Hrycyszyn and George Danezis}, + title = {\href{https://arxiv.org/pdf/1708.03778.pdf}{Chainspace: {A} Sharded Smart Contracts Platform}}, + booktitle = {25th Annual Network and Distributed System Security Symposium, {NDSS} + 2018, San Diego, California, USA, February 18-21, 2018}, + year = {2018}, +} + +@inproceedings{androulaki18channels, + title={\href{https://link.springer.com/chapter/10.1007/978-3-319-99073-6_6}{Channels: Horizontal Scaling and Confidentiality on Permissioned Blockchains}}, + author={Androulaki, Elli and Cachin, Christian and De Caro, Angelo and Kokoris-Kogias, Eleftherios}, + booktitle={European Symposium on Research in Computer Security}, + pages={111--131}, + year={2018}, + organization={Springer} +} + +@techreport{zamyatin19sok, + title={Sok: Communication across distributed ledgers}, + author={Zamyatin, Alexei and Al-Bassam, Mustafa and Zindros, Dionysis and Kokoris-Kogias, Eleftherios and Moreno-Sanchez, Pedro and Kiayias, Aggelos and Knottenbelt, William J}, + year={2019}, + institution={IACR Cryptology ePrint Archive, 2019: 1128} +} + +@inproceedings{lewenberg15inclusive, + title={\href{https://link.springer.com/chapter/10.1007/978-3-662-47854-7_33}{Inclusive block chain protocols}}, + author={Lewenberg, Yoad and Sompolinsky, Yonatan and Zohar, Aviv}, + booktitle={International Conference on Financial Cryptography and Data Security}, + pages={528--547}, + year={2015}, + organization={Springer} +} diff --git a/pdf/grandpa.tex b/pdf/grandpa.tex index 0816ad7..88a4706 100644 --- a/pdf/grandpa.tex +++ b/pdf/grandpa.tex @@ -11,6 +11,8 @@ \usepackage[numbers]{natbib} + + \usepackage{tabu} %requires array. %This should be the last package before \input{Version.tex} @@ -37,8 +39,8 @@ \title{GRANDPA: a Byzantine Finality Gadget} -\author{Alistair Stewart \and Eleftherios Kokoris-Kogia} -\date{\today} +\author{Alistair Stewart \\ {\tt stewart.al@gmail.com} \and Eleftherios Kokoris-Kogia \\ {\tt eleftherios.kokoriskogias@epfl.ch}} +\date{June 30, 2020} \maketitle \begin{abstract} @@ -151,7 +153,7 @@ We say an oracle $A$ in a protocol is {\em eventually consistent} if it returns \paragraph{Impossibility of Deterministic Agreement with an Oracle.}\label{ssec:impossibility} %\xxx{Al can you extend this?} -For the binary case, i.e. when $|S|=2$, the Byzantine finality gadget problem is reducible to Byzantine agreement. This does not hold for $|S| > 2$, because the definition of validity is stronger in our protocol. Note that it is impossible for multi-valued Byzantine agreement to make the validity condition require that we decide an initial value of some honest voter and tolerate more than a $1/|S|$ fraction of faults, since we may have a $1/|S|$ fraction of voters reporting each initial value and Byzantine voters can act honestly enough not to be detectable. For finality gadgets, this stronger validity condition is possible. A natural question is then weather the celebrated FLP~\cite{fischer85impossibility} impossibility holds for our stronger requirements. +For the binary case, i.e. when $|S|=2$, the Byzantine finality gadget problem is reducible to Byzantine agreement. This does not hold for $|S| > 2$, because the definition of validity is stronger in our protocol. Note that it is impossible for multi-valued Byzantine agreement to make the validity condition require that we decide an initial value of some honest voter and tolerate more than a $1/|S|$ fraction of faults, since we may have a $1/|S|$ fraction of voters reporting each initial value and Byzantine voters can act honestly enough not to be detectable. For finality gadgets, this stronger validity condition is possible. A natural question is then weather the celebrated FLP~\cite{flp} impossibility holds for our stronger requirements. Next, we show that an asynchronous, deterministic binary finality gadget is impossible, even with one fault. This means that the extra information voters have here, that $A$ will eventually agree for all voters, is not enough to make this possible. @@ -165,7 +167,7 @@ We have number of voters which each have an initial $v_i$ in $\{0,1\}$ We may have one or more faulty nodes, which here means going offline at some point. Nodes have asynchronous communication - so any message arrives but we have no guarantee when it will. The goal is to have all non-faulty nodes output the same $v$, which must be $0$ if all inputs $v_i$ are $0$ and $1$ if all are $1$. -Fischer, Lynch and Paterson\cite{fischer85impossibility} showed that this is impossible if there is one faulty node. +Fischer, Lynch and Paterson\cite{flp} showed that this is impossible if there is one faulty node. The binary fault-safe finality gadget problem is similar, except now there is an oracle $A$ that any node can call at any time with the following properties: @@ -178,7 +180,7 @@ and we want that if A never switches, then all non-faulty nodes output x. If A d Then this is also impossible, even for one faulty node, which just goes offline. Note that this generalises Byzantine agreement, since if we could each node $i$ could call $A$ once at the start and use the output as $v_i$. (For the multi-valued case, we will define the problem so that this reduction does not hold.) -\begin{proof}[Proof sketch] We follow the notation of \cite{fischer85impossibility} and assume for a contradiction that we use a correct protocol. +\begin{proof}[Proof sketch] We follow the notation of \cite{flp} and assume for a contradiction that we use a correct protocol. Let $r$ be a run of the protocol where $A$ gives $0$ all the time. Then by correctness $r$ decides $0$. Now we consider what can happen when $A$ switches to $1$ after each configuration in $r$. If it switches to $1$ at the start, then the protocol decides $1$. If we switch to $1$ when all node have already decided $0$, then we decide $0$. @@ -354,8 +356,8 @@ consensus protocols that solve the stronger problem as described in the previous Instead, only the finalization stops, but the blocks keep getting created and propagated to everyone. This means that when the conditions are safe again, the finality gadget only needs to finalize the head of the chain\footnote{Which the oracle will return quickly to a supermajority of miners.}, instead of having to transmit and run consensus on every block. -In Figure~\ref{fig:finality}, we analyze the differences between classic blockchain protocols~\cite{nakamoto08bitcoin,wood14ethereum}, finality gadget, and hybrid consensus solutions~\cite{kokoris16enhancing,gilad17algorand} -\xxx{Experiment: Catchup 100s of blocks Hotstuff vs GRANDPA}. +%In Figure~\ref{fig:finality}, we analyze the differences between classic blockchain protocols~\cite{nakamoto08bitcoin,wood14ethereum}, finality gadget, and hybrid consensus solutions~\cite{kokoris16enhancing,gilad17algorand} +%\xxx{Experiment: Catchup 100s of blocks Hotstuff vs GRANDPA}. @@ -686,6 +688,6 @@ Then either all honest participants finalise $B$ before time $t_r+6T$ or no hone -\bibliography{net,os,sec,soc,theory, grandpa} +\bibliography{grandpa} % net,os,sec,soc,theory, \end{document}