pezkuwichain/consensus
1
0
Fork 0
mirror of https://github.com/pezkuwichain/consensus.git synced 2026-04-22 04:27:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

cleaning

Browse Source
This commit is contained in:
LefKok
2020-03-31 23:20:09 +02:00
parent 3bef09bd21
commit 74e15ead33
7 changed files with 27645 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pdf/grandpa.bib
-63
View File
@@ -1,63 +0,0 @@
@article{flp,
title={Impossibility of distributed consensus with one faulty process},
author={Fischer, Michael J and Lynch, Nancy A and Paterson, Michael S},
journal={Journal of the ACM (JACM)},
volume={32},
number={2},
pages={374--382},
year={1985},
publisher={ACM},
url={https://groups.csail.mit.edu/tds/papers/Lynch/jacm85.pdf}
}
@article{CasperFFG,
title={Casper the friendly finality gadget},
author={Buterin, Vitalik and Griffith, Virgil},
journal={arXiv preprint arXiv:1710.09437},
year={2017},
url={https://arxiv.org/abs/1710.09437}
}
@article{Tendermint,
title={The latest gossip on BFT consensus},
author={Buchman, Ethan and Kwon, Jae and Milosevic, Zarko},
journal={arXiv preprint arXiv:1807.04938},
year={2018},
url={https://arxiv.org/abs/1807.04938}
}
@article{CasperCBC,
title={Casper the Friendly Ghost: A “Correct-by-Construction” Blockchain Consensus Protocol},
author={Zamfir,Vlad},
year={2017},
url={https://github.com/ethereum/research/blob/master/papers/CasperTFG/CasperTFG.pdf}
}
@article{BitcoinBA,
title={Anonymous byzantine consensus from moderately-hard puzzles: A model for bitcoin},
author={Miller, Andrew and LaViola Jr, Joseph J},
url={https://nakamotoinstitute.org/research/anonymous-byzantine-consensus/},
year={2014}
}
@inproceedings{Discoin,
title={Bitcoin meets strong consistency},
author={Decker, Christian and Seidel, Jochen and Wattenhofer, Roger},
booktitle={Proceedings of the 17th International Conference on Distributed Computing and Networking},
pages={13},
year={2016},
organization={ACM},
url={https://arxiv.org/abs/1412.7935}
}
@article{SCP,
title={SCP: A Computationally-Scalable Byzantine Consensus Protocol For Blockchains.},
author={Luu, Loi and Narayanan, Viswesh and Baweja, Kunal and Zheng, Chaodong and Gilbert, Seth and Saxena, Prateek},
journal={IACR Cryptology ePrint Archive},
volume={2015},
pages={1168},
year={2015},
url={https://www.weusecoins.com/assets/pdf/library/SCP%20-%20%20A%20Computationally-Scalable%20Byzantine.pdf}
}
pdf/grandpa.tex
+15 -14
View File
@@ -43,17 +43,17 @@
\section{Introduction}
Bitcoin~\cite{nakamoto09bitcoin} and its descendants~\cite{wood14ethereum,zcash} are cryptocurrencies that provide
Bitcoin~\cite{nakamoto08bitcoin} and its descendants~\cite{wood14ethereum,sasson2014zerocash} are cryptocurrencies that provide
secure automated value exchange without the need for a central managing authority.
In order to achieve this, they build on peer-to-peer networks where special nodes (usually called miners)
collect transactions from users and run a consensus protocol in order to maintain a distributed public ledger
known as the \textit{blockchain}.
One of the challenges of the consensus protocols run by these systems is that they only have the property of eventual consensus - that an ever growing prefix of the chain will be agreed upon by all participants forever onward. But this eventual consensus process generally takes tens of minutes and only gives probabilistic guarantees - if we see a few blocks building on a given block, we can estimate the probability that it is final.
Unfortunately these guarantees only hold if the underlying network is well-connected and the client able to find an uncensored source of information, two assumptions that
do not hold in adversarial environments~\cite{apostolaki17hijacking, gervais16tampering, hellman15eclipse}.
do not hold in adversarial environments~\cite{apostolaki16hijacking, gervais15tampering, heilman15eclipse}.
The underlying problem which enables these attacks is that first generation blockchain protocols do not consider finality (i.e., when will a block never be reverted) as a first class property, prioritizing liveness instead.
New generation protocols~\cite{kokoris16enhancing,decker15bitcoin} propose the complete opposite by employing a \emph{hybrid} approach~\cite{pass16hybrid}, to block liveness when finality is not readily achievable.
New generation protocols~\cite{kokoris16enhancing,decker16bitcoin} propose the complete opposite by employing a \emph{hybrid} approach~\cite{pass16hybrid}, to block liveness when finality is not readily achievable.
This can only happen if we change the existing infrastructure which has multiple shortcomings.
First, these hybrid consensus protocols are exclusive which might lead to centralization, because the protocol needs to put a limit on the number of participating miners in order to achieve good performance.
Second, tying consensus with liveness of the chain means that there is no optimism and blocks are committed only when all verification information are available.\xxx{Describe why this is a problem in the context of polkadot and other probabilistic protocols.}
@@ -62,7 +62,7 @@ Second, tying consensus with liveness of the chain means that there is no optimi
In this work we show the that the middle ground also merits exploration. We introduce the idea of lazy finality which is encapsulated in the abstraction of a \emph{finality gadget.}
Separating the liveness of the consensus protocol from the finality of the blocks can have 4 concrete benefits for the overlying blockchain protocol. First, not every node that is competing to mine a block needs to be part of the finality gadget, hence we can get the \textit{best of both worlds} (i.e., full inclusive decentralization and scalable fast finality). Second we can reorganize \xxx{Al put a sentence on why this is a cool property.}. Third, a finality gadget can be deployed gradually and light clients can choose to consult it or follow the longest chain rule and ignore it, enabling light client heterogeneity.
The light client that trust the gadget do not need to have the full chain or actively listen to the network.
This can in turn enable scalability~\cite{avarikioti19divide} in an ecosystem of multiple chains (weather sharding~\cite{kokoris18omniledger,zamani19rapidchain,kokoris18channels} or heterogeneous~\cite{zamyatin19sok}), where no single party receives or stores all the data in the system.
This can in turn enable scalability~\cite{avarikioti19divide} in an ecosystem of multiple chains (weather sharding~\cite{kokoris17omniledger,al18chainspace,androulaki18channels} or heterogeneous~\cite{zamyatin19sok}), where no single party receives or stores all the data in the system.
Finally, the finality gadget protocol is simpler than consensus protocols since they do not require a complex and costly view change phase.
@@ -70,7 +70,7 @@ More specifically, this work introduces the abstraction of a \emph{finality gadg
provides provable finality guarantees instead of probabilistic.
To this end we formalise the finality gadget problem and show that it is impossible to satisfy its properties with a deterministic asynchronous protocol.
To circumvent this impossibility result , we introduce the GRANDPA finality gadget that works in a partially synchronous network model, in the presence f up to $1/3$ Byzantine actors.
The combination of GRANDPA with a classic block production mechanism like GHOST~\cite{xxx} results in the existing deployment of the polkadot network which provides fast finality under good network conditions and protects the clients without compromising the liveness when under attack.
The combination of GRANDPA with a classic block production mechanism like GHOST~\cite{lewenberg15inclusive} results in the existing deployment of the polkadot network which provides fast finality under good network conditions and protects the clients without compromising the liveness when under attack.
In our evaluation \xxx{add results}
In summary we make the following contributions:
@@ -90,7 +90,7 @@ The rest of the paper is organized as follows:
We want to formalise the notion of finality gadget to be a sub-protocol that can be deployed along any protocol providing with
eventual consensus and probabilistic finality and enhance with provable finality.
eventual consensus and probabilistic finality and enhancing it with provable finality.
To achieve this, we need to incorporate into the classic definition of Byzantine agreement
the fact that we additionally have access to a protocol that would achieve eventual consensus if we did not affect it.
@@ -126,7 +126,8 @@ We say an oracle $A$ in a protocol is {\em eventually consistent} if it returns
\end{definition}
\paragraph{Impossibility of Deterministic Agreement with an Oracle.}\label{ssec:impossibility}
For the binary case, i.e. when $|S|=2$, the Byzantine finality gadget problem is reducible to Byzantine agreement. This does not hold for $|S| > 2$, because the definition of validity is stronger in our protocol. Note that it is impossible for multi-valued Byzantine agreement to make the validity condition require that we decide an initial value of some honest voter and tolerate more than a $1/|S|$ fraction of faults, since we may have a $1/|S|$ fraction of voters reporting each initial value and Byzantine voters can act honestly enough not to be detectable. For finality gadgets, this stronger validity condition is possible. A natural question is then weather the celebrated FLP~\cite{flp} impossibility holds for our stronger requirements.
\xxx{Al can you extend this?}
For the binary case, i.e. when $|S|=2$, the Byzantine finality gadget problem is reducible to Byzantine agreement. This does not hold for $|S| > 2$, because the definition of validity is stronger in our protocol. Note that it is impossible for multi-valued Byzantine agreement to make the validity condition require that we decide an initial value of some honest voter and tolerate more than a $1/|S|$ fraction of faults, since we may have a $1/|S|$ fraction of voters reporting each initial value and Byzantine voters can act honestly enough not to be detectable. For finality gadgets, this stronger validity condition is possible. A natural question is then weather the celebrated FLP~\cite{fischer85impossibility} impossibility holds for our stronger requirements.
Next, we show that an asynchronous, deterministic binary finality gadget is impossible, even with one fault.
This means that the extra information voters have here, that $A$ will eventually agree for all voters, is not enough to make this possible.
@@ -139,7 +140,7 @@ We have number of voters which each have an initial $v_i$ in $\{0,1\}$
We may have one or more faulty nodes, which here means going offline at some point. Nodes have asynchronous communication - so any message arrives but we have no guarantee when it will.
The goal is to have all non-faulty nodes output the same $v$, which must be $0$ if all inputs $v_i$ are $0$ and $1$ if all are $1$.
Fischer, Lynch and Paterson\cite{flp} showed that this is impossible if there is one faulty node.
Fischer, Lynch and Paterson\cite{fischer85impossibility} showed that this is impossible if there is one faulty node.
The binary fault-safe finality gadget problem is similar, except now there is an oracle $A$ that any node can call at any time with the following properties:
@@ -152,7 +153,7 @@ and we want that if A never switches, then all non-faulty nodes output x. If A d
Then this is also impossible, even for one faulty node, which just goes offline. Note that this generalises Byzantine agreement, since if we could each node $i$ could call $A$ once at the start and use the output as $v_i$. (For the multi-valued case, we will define the problem so that this reduction does not hold.)
\begin{proof}[Proof sketch] We follow the notation of \cite{flp} and assume for a contradiction that we use a correct protocol.
\begin{proof}[Proof sketch] We follow the notation of \cite{fischer85impossibility} and assume for a contradiction that we use a correct protocol.
Let $r$ be a run of the protocol where $A$ gives $0$ all the time.
Then by correctness $r$ decides $0$. Now we consider what can happen when $A$ switches to $1$ after each configuration in $r$. If it switches to $1$ at the start, then the protocol decides $1$.
If we switch to $1$ when all node have already decided $0$, then we decide $0$.
@@ -198,7 +199,7 @@ We say that $F$ solves {\em blockchain Byzantine finality gadget problem} if for
\xxx{Lef I do not understand the paragraph below, clarify.}
As an example, we could assume $F$ uses proof of work to build on the longest chain and includes the last block $G$ finalised. Then we take $A(v,s_v,B)$ as being the longest chain which includes $B$ and which $v$ sees in state $s_v$. It is well-known \cite{bitcoinpapers} that longest chain with proof of work achieves eventual consensus under the right assumptions and similar arguments show that in this case we have conditional eventual consensus.
As an example, we could assume $F$ uses proof of work to build on the longest chain and includes the last block $G$ finalised. Then we take $A(v,s_v,B)$ as being the longest chain which includes $B$ and which $v$ sees in state $s_v$. It is well-known \cite{nakamoto08bitcoin} that longest chain with proof of work achieves eventual consensus under the right assumptions and similar arguments show that in this case we have conditional eventual consensus.
As long as we do not change the chain we are building on by finalising another block, we will eventually agree on some prefix longer than the last finalised block.
Thus, any finality gadget that satisfies Definition \ref{def:finality-gadget} will work in this system so that all honest voters finalise an increasingly long common chain.
Thanks to the abstraction above, we can switch $F$ for one of many possible alternative consensus algorithms and $G$ will still work.
@@ -271,7 +272,7 @@ A vote $v$ for a block $B$ by a voter $V$ is a message signed by $V$ containing
A voter equivocates in a set of votes $S$ if they have cast multiple different votes in $S$. We call a set $S$ of votes safe if the number of voters who equivocate in $S$ is at most $f$. We say that $S$ has a supermajority for a block $B$ if the set of voters who either have a vote for blocks $\geq B$ or equivocate in $S$ has size at least $(n+f+1)/2$. We count equivocations as votes for everything so that observing a vote is monotonic, meaning that if $S \subset T$ then if $S$ has a supermajority for $B$ so does $T$, while being able to ignore yet more equivocating votes from an equivocating voter.
For our finality gadget (GRANDPA) we use the ghost~\cite{ghost} eventual consensus algorithm as $F$.
For our finality gadget (GRANDPA) we use the ghost~\cite{lewenberg15inclusive} eventual consensus algorithm as $F$.
The $2/3$-GHOST function $g(S)$ takes a set $S$ of votes and returns the block $B$ with highest block number such that $S$ has a supermajority for $B$.
If there is no such block, then it returns `nil`. \com{(if $f \neq \lfloor (n-1)/3 \rfloor$, then this is a misnomer and we may change the name of the function accordingly.)}
Note that, if $S$ is safe, then we can compute $g(S)$ by starting at the genesis block and iteratively looking for a child of our current block with a supermajority, which must be unique if it exists. Thus we have:
@@ -328,7 +329,7 @@ consensus protocols that solve the stronger problem as described in the previous
Instead, only the finalization stops, but the blocks keep getting created and propagated to everyone.
This means that when the conditions are safe again, the finality gadget only needs to finalize the head of the chain\footnote{Which the oracle will return quickly to a supermajority of miner},
instead of having to transmit and run consensus on every block.
In Figure~\ref{fig:finality}, we analyze the differences between classic blockchain protocols~\cite{bitcoin,ethereum}, finality gadget, and hybrid consensus solutions~\cite{byzcoin,hybrid,algorand}
In Figure~\ref{fig:finality}, we analyze the differences between classic blockchain protocols~\cite{nakamoto08bitcoin,wood14ethereum}, finality gadget, and hybrid consensus solutions~\cite{kokoris16enhancing,gilad17algorand}
\xxx{Experiment: Catchup 100s of blocks Hotstuff vs GRANDPA}.
@@ -336,7 +337,7 @@ In Figure~\ref{fig:finality}, we analyze the differences between classic blockch
\subsection{The GRANDPA Protocol}\label{sec:grandpa}
In this section, we give our solution to the Byzantine finality gadget problem, GRANDPA. Our finality gadget works the partially synchronous setting, we also provide a fully asynchronous solution in Appendix~{app:async}.
In this section, we give our solution to the Byzantine finality gadget problem, GRANDPA. Our finality gadget works the partially synchronous setting, we also provide a fully asynchronous solution in Appendix~\ref{app:async}.
GRANDPA works in rounds, each round has a set of $3f+1$ eligible voters, $2f+1$ of which are assumed honest. Furthermore, we assume that each round has a participant designated as primary and all participants agree on the voter sets and primary. We will can either choose the primary pseudorandomly from or rotate through the voter set.
On a high-level, each round consists of a double-echo protocol after which every party waits in order to detect whether we can finalize a block in this round (this block does not need to be the immediate ancestor of the last finalized block, it might be far ahead from the last finalized block). If the round is unsuccessful, the parties simply move on to the next round with a new primary. When a good primary is selected, the oracle is consistent (returns the same value to all honest parties),
@@ -879,6 +880,6 @@ Crucially note that $h$ depends only on $S$, which is determined when $4f+1$ vot
\end{proof}
}
\bibliography{grandpa}
\bibliography{net,os,sec,soc,theory}
\end{document}
pdf/net.bib
+5040
View File
File diff suppressed because it is too large Load Diff
pdf/os.bib
+10623
View File
File diff suppressed because it is too large Load Diff
pdf/sec.bib
+7701
View File
File diff suppressed because it is too large Load Diff
pdf/soc.bib
+3562
View File
File diff suppressed because it is too large Load Diff
pdf/theory.bib
+704
View File
@@ -0,0 +1,704 @@
%A
@article{archetti12game,
title={Game theory of public goods in one-shot social dilemmas without assortment},
author={Archetti, Marco and Scheuring, Istvan},
journal={Journal of theoretical biology},
volume={299},
pages={9--20},
year={2012},
publisher={Elsevier}
}
@article{ alistarh18communication,
author = {Dan Alistarh and James Aspnes and Valerie King and
Jared Saia},
title = {\href{https://link.springer.com/article/10.1007/s00446-017-0315-1}{Communication-efficient randomized consensus}},
volume = 31,
pages = {pages489501},
month = nov,
year = 2018,
}
@article{ aspnes03randomized,
author = {James Aspnes},
title = {\href{https://link.springer.com/article/10.1007%2Fs00446-002-0081-5}{Randomized protocols for asynchronous consensus}},
journal = {Distributed Computing},
volume = 16,
number = {2--3},
pages = {165--175},
month = sep,
year = 2003,
}
@article{ aspnes15faster,
author = {James Aspnes},
title = {\href{https://link.springer.com/article/10.1007%2Fs00446-013-0195-y}{Faster randomized consensus with an oblivious adversary}},
journal = {Distributed Computing},
volume = 28,
number = 1,
month = feb,
year = 2015,
pages = {21-29},
}
@inproceedings{ aumann96efficient,
author = {Yonatan Aumann and Michael A. Bender},
title = {\href{https://doi.org/10.1007/3-540-61440-0_164}{Efficient Asynchronous Consensus with the Value-Oblivious Adversary Scheduler}},
booktitle = {\bibconf[23rd]{ICALP}{International Colloquium on
Automata, Languages and Programming}},
month = jul,
year = 1996,
location = {Paderborn, Germany},
}
@article{ aumann05efficient,
author = {Yonatan Aumann and Michael A. Bender},
title = {\href{https://link.springer.com/article/10.1007%2Fs00446-004-0113-4}{Efficient low-contention asynchronous consensus with the value-oblivious adversary scheduler}},
journal = {Distributed Computing},
volume = 17,
number = 3,
month = mar,
year = 2005,
pages = {191-207},
}
@article{avarikioti19divide,
title={Divide and Scale: Formalization of Distributed Ledger Sharding Protocols},
author={Avarikioti, Georgia and Kokoris-Kogias, Eleftherios and Wattenhofer, Roger},
journal={arXiv preprint arXiv:1910.10434},
year={2019}
}
@article{ awerbuch85complexity,
author = {Baruch Awerbuch},
title = {\href{https://dl.acm.org/citation.cfm?id=4227}{Complexity of Network Synchronization}},
journal = {Journal of the Association for Computing Machinery},
volume = 32,
number = 4,
month = oct,
year = 1985,
pages = {804-823},
}
%B
@article{babai2006probability,
title={The probability of generating the symmetric group when one of the generators is random},
author={Babai, Laszlo and Hayes, Thomas P.},
journal={Publ. Math. Debrecen},
volume={69},
number={3},
pages={271--280},
year={2006},
publisher={Citeseer}
}
@inproceedings{ bangalore18almost,
author = {Laasya Bangalore and Ashish Choudhury and Arpita Patra},
title = {\href{https://dl.acm.org/citation.cfm?id=3212735}{Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited}},
booktitle = {\bibconf{PODC}{Principles of Distributed Computing}},
month = jul,
year = 2018,
pages = {295-304},
}
@incollection{bellare03forward,
title={Forward-security in private-key cryptography},
author={Bellare, Mihir and Yee, Bennet},
booktitle = {\bibconf['03]{CT-RSA}{Topics in Cryptology - CT RSA }},
year={2003},
}
@inproceedings{bellare93defining,
title={On defining proofs of knowledge},
author={Bellare, Mihir and Goldreich, Oded},
booktitle = {\bibconf['92]{CRYPTO}{Advances in Cryptology }},
year={1993},
}
@inproceedings{ ben-or83another,
author = {Michael Ben-Or},
title = {Another advantage of free choice:
Completely asynchronous agreement protocols},
booktitle = {Principles of Distributed Computing (PODC)},
year = 1983,
}
@inproceedings{ ben-or85fast,
author = {Michael Ben-Or},
title = {\href{https://dl.acm.org/citation.cfm?id=323609}{Fast Asynchronous Byzantine Agreement (Extended Abstract)}},
booktitle = {\bibconf[4th]{PODC}{Principles of Distributed Computing}},
year = 1985,
pages = {149-151},
location = {Minaki, Ontario, Canada},
}
@inproceedings{ bracha84asynchronous,
author = {Gabriel Bracha},
title = {\href{https://dl.acm.org/citation.cfm?id=806743}{An asynchronous [(n-1)/3]-Resilient Consensus Protocol}},
booktitle = {\bibconf[3rd]{PODC}{ACM Symposium on Principles of Distributed Computing}},
year = 1984,
location = {Vancouver, British Columbia, Canada},
}
% pages = {154-162},
@article{ bracha85asynchronous,
author = {Gabriel Bracha and Sam Toueg},
title = {\href{https://dl.acm.org/citation.cfm?id=214134}{Asynchronous Consensus and Broadcast Protocols}},
journal = {Journal of the Association for Computing Machinery (JACM)},
volume = 32,
number = 4,
year = 1985,
}
% pages = {824-840},
%C
@book{ cachin11introduction,
author = {Christian Cachin and Rachid Guerraoui Lu\'is Rodrigues},
title = {Introduction to Reliable and Secure Distributed Programming},
publisher = {Springer},
month = feb,
year = 2011,
isbn = {978-3642152597},
}
@misc{ cachin19asymmetric,
author = {Christian Cachin and Bj\"orn Tackmann},
title = {\href{https://arxiv.org/pdf/1906.09314.pdf}{Asymmetric Distributed Trust}},
month = jun,
year = 2019,
}
@techreport{ camenisch97proof,
author = {Jan Camenisch and Markus Stadler},
title = {Proof Systems for General Statements about Discrete
Logarithms},
institution = {Dept. of Computer Science, ETH Zurich},
year = 1997,
month = {March},
number = 260,
}
@inproceedings{ canetti93fast,
author = {Ran Canetti and Tal Rabin},
title = {\href{https://dl.acm.org/citation.cfm?id=167105}{Fast Asynchronous Byzantine Agreement with Optimal Resilience}},
booktitle = {\bibconf[25th]{STOC}{ACM Symposium on Theory of computing}},
month = may,
year = 1993,
location = {San Diego, California, USA},
pages = {42-51},
}
% long version: unpublished?
@misc{ canetti98fast,
author = {Ran Canetti and Tal Rabin},
title = {\href{http://people.csail.mit.edu/canetti/materials/cr93.ps}{Fast Asynchronous Byzantine Agreement with Optimal Resilience}},
month = sep,
year = 1998,
institution = {IBM T.J. Watson Research Center},
}
@inproceedings{ clarkson08civitas ,
author = {Clarkson, M.R. and Chong, S. and Myers, A.C.},
booktitle = {IEEE \bibconf{SP}{Symposium on Security and Privacy}},
title = {Civitas: Toward a Secure Voting System},
year = {2008},
month = {may},
}
@article{ cristian95atomic,
author = {Flaviu Cristian and Houtan Aghili and Ray Strong and
Danny Dolev},
title = {\href{https://www.sciencedirect.com/science/article/pii/S0890540185710607}{Atomic Broadcast: From Simple Message Diffusion to Byzantine Agreement}},
journal = {Information and Computation},
volume = 118,
number = 1,
month = apr,
year = 1995,
pages = {158-179},
}
%D
@article{ defago04total,
author = {Xavier D\'efago and Andr\'e Schiper and P\'eter Urb\'an},
title = {\href{https://dl.acm.org/doi/abs/10.1145/1041680.1041682}{Total Order Broadcast and Multicast Algorithms:Taxonomy and Survey}},
journal = {ACM Computing Surveys},
month = dec,
year = 2004,
}
%F
@article{ feigenbaum08graph,
author = {Joan Feigenbaum and Sampath Kannan and Andrew McGregor
and Siddharth Suri and Jian Zhang},
title = {Graph Distances in the Data-Stream Model},
journal = {SIAM Journal on Computing},
volume = 38,
year = 2008,
pages = {1709-1727},
}
@article{ feigenbaum05graph,
author = {Joan Feigenbaum and Sampath Kannan and Andrew McGregor
and Siddharth Suri and Jian Zhang},
title = {On Graph Problems in a Semi-Streaming Model},
journal = {Theoretical Computer Science},
volume = 348,
year = 2005,
pages = {207-216},
}
@article{ feigenbaum05computing,
author = {Joan Feigenbaum and Sampath Kannan and Jian Zhang},
title = {Computing Diameter in the Streaming and Sliding-Window Models},
journal = {Algorithmica},
volume = 41,
year = 2005,
pages = {25-41},
}
@inproceedings{ feldman88optimal,
author = {Paul Feldman and Silvio Micali},
title = {\href{https://dl.acm.org/citation.cfm?id=62225}{Optimal Algorithms for Byzantine Agreement}},
booktitle = {\bibconf[20th]{STOC}{Symposium on Theory of Computing}},
month = may,
year = 1988,
pages = {148-161},
location = {Chicago, Illinois, USA},
}
@phdthesis{ feldman88thesis,
author = {Paul Feldman},
title = {\href{https://dspace.mit.edu/bitstream/handle/1721.1/14368/20051076-MIT.pdf}{Optimal Algorithms for Byzantine Agreement}},
school = {Massachusetts Institute of Technology},
month = may,
year = 1988,
}
@article{ fischer85impossibility,
title={\href{https://groups.csail.mit.edu/tds/papers/Lynch/jacm85.pdf}{Impossibility of distributed consensus with one faulty process}},
author={Fischer, Michael J and Lynch, Nancy A and Paterson, Michael S},
journal={Journal of the ACM (JACM)},
volume={32},
number={2},
pages={374--382},
year={1985},
publisher={ACM}
}
@article{ friedman05simple,
author = {Roy Friedman and Achour Mostefaoui and Michel Raynal},
title = {Simple and Efficient Oracle-Based Consensus Protocols
for Asynchronous {Byzantine} Systems},
journal = {IEEE Transactions on Dependable and Secure Computing},
volume = 2,
number = 1,
month = jan,
year = 2005,
}
%J
@book{ johnson77urn,
author = {Norman Lloyd Johnson},
title = {Urn models and their application: An approach to modern discrete probability theory},
publisher = {Wiley},
year = 1977,
isbn = {978-0471446309},
}
%K
%L
@book{ lynch96distributed,
author = {Nancy A. Lynch},
title = {Distributed Algorithms},
publisher = {Morgan Kaufmann},
month = mar,
year = 1996,
isbn = {978-1558603486},
}
%M
@book{ mahmoud08polya,
author = {Hosam Mahmoud},
title = {P\'olya Urn Models},
publisher = {Chapman and Hall/CRC},
month = jun,
year = 2008,
isbn = {978-1420059830},
}
@inproceedings{merkle88digital,
title={\href{https://people.eecs.berkeley.edu/~raluca/cs261-f15/readings/merkle.pdf}{A Digital Signature Based on a Conventional Encryption Function}},
author={Merkle, Ralph C},
booktitle={\bibconf{CRYPTO}{Advances in Cryptology}},
year={1988},
}
@article{ moran58random,
author = {{P. A. P.} Moran},
title = {Random Processes in Genetics},
journal = {\href{https://doi.org/10.1017/S0305004100033193}{Mathematical Proceedings of the Cambridge Philosophical Society}},
volume = 54,
number = 1,
month = jan,
year = 1958,
pages = {60-71},
}
@inproceedings{ mostefaoui14signature,
author = {Achour Most\'efaoui and Hamouma Moumen and Michel Raynal},
title = {\href{https://dl.acm.org/citation.cfm?id=2611468}{Signature-Free Asynchronous Byzantine Consensus with $t < n/3$ and $O(n^2)$ Messages}},
booktitle = {\bibconf{PODC}{Principles of Distributed Computing}},
month = jul,
year = 2014,
location = {Paris, France},
}
@inproceedings{munro92detskiplists,
author = {Munro, J. Ian and Papadakis, Thomas and Sedgewick, Robert},
title = {\href{http://www.ic.unicamp.br/~celio/peer2peer/skip-net-graph/deterministic-skip-lists-munro.pdf}{Deterministic Skip Lists}},
booktitle = {Proceedings of the Third Annual ACM-SIAM Symposium on Discrete Algorithms},
series = {SODA '92},
year = {1992},
isbn = {0-89791-466-X},
location = {Orlando, Florida, USA},
pages = {367--375},
numpages = {9},
url = {http://dl.acm.org/citation.cfm?id=139404.139478},
acmid = {139478},
publisher = {Society for Industrial and Applied Mathematics},
address = {Philadelphia, PA, USA},
}
%N
@book{ nowak06evolutionary,
author = {Martin A. Nowak},
title = {Evolutionary Dynamics: Exploring the Equations of Life},
publisher = {Belknap Press},
month = sep,
year = 2006,
isbn = {978-0674023383},
}
%P
@article{pease80reaching,
author={Pease, Marshall and Shostak, Robert and Lamport, Leslie},
title={\href{http://dl.acm.org/citation.cfm?id=322188}{Reaching Agreement in the Presence of Faults}},
journal={Journal of the ACM (JACM)},
volume={27},
number={2},
pages={228--234},
month=apr,
year={1980},
publisher={ACM}
}
@misc{ propp15polyas,
author = {James Propp},
title = {\href{https://mathenchant.wordpress.com/2015/10/16/polyas-urn/}{P\'olya's Urn}},
month = oct,
year = 2015,
}
@article{pugh90skiplists,
author = {Pugh, William},
title =
{\href{http://courses.cs.vt.edu/cs2604/fall05/wmcquain/Notes/Supplemental/PughSkiplistPaper.pdf}{Skip
Lists: A Probabilistic Alternative to Balanced Trees}},
journal = {Communications of the ACM},
issue_date = {June 1990},
volume = {33},
number = {6},
month = jun,
year = {1990},
issn = {0001-0782},
pages = {668--676},
numpages = {9},
url = {http://doi.acm.org/10.1145/78973.78977},
doi = {10.1145/78973.78977},
acmid = {78977},
publisher = {ACM},
address = {New York, NY, USA},
keywords = {data structures, searching, trees},
}
%R
@inproceedings{ rabin83randomized,
author = {Michael O. Rabin},
title = {Randomized {Byzantine} Generals},
booktitle = {Symposium on Foundations of Computer Science (SFCS)},
month = nov,
year = 1983,
}
@book{rapoport65prisoner,
title={Prisoner's dilemma: A study in conflict and cooperation},
author={Rapoport, Anatol and Chammah, Albert M and Orwant, Carol J},
volume={165},
year={1965},
publisher={University of Michigan press}
}
%S
@article{skala13hypergeometric,
author = {Matthew Skala},
title = {{Hypergeometric Tail Inequalities: Ending the Insanity}},
journal = {CoRR},
volume = {abs/1311.5939},
year = {2013},
url = {https://arxiv.org/abs/1311.5939},
}
@inproceedings{ stadler96publicly,
title={\href{https://link.springer.com/content/pdf/10.1007/3-540-68339-9_17.pdf}{Publicly Verifiable Secret Sharing}},
author={Stadler, Markus},
booktitle = {Eurocrypt},
month=may,
year={1996},
}
@inproceedings{
CJI09, author = "R.~Chang and G.~Jiang and F.~Ivan{\v{c}}i{\'{c}} and
S.~Sankaranarayanan and V.~Shmatikov",
title = "Inputs of Coma:
Static Detection of Denial-of-Serice Vulnerabilities",
year = {2009},
booktitle ={CSF}}
@article(
CMS05, author="R.~Chadha and J.C.~Mitchell and A.~Scedrov and V.~Shmatikov",
title="Contract signing, optimism, and advantage",
journal="J. Logic and Algebraic Programming",
pages="189--218",
volume="64", number="2",
Year="2003")
@inproceedings(
DS, Author="A.~Serjantov and G.~Danezis",
Title="Towards an information theoretic metric for anonymity",
Booktitle="Proc.\ 2nd International Workshop on
Privacy-Enhancing Technologies",
Series={LNCS},
Volume={2482},
Pages="41--53",
Year="2002")
@inproceedings(
MS05, author="A.~Mahimkar and V.~Shmatikov",
title="Game-based analysis of denial-of-service prevention protocols",
booktitle="Proc.\ 18th {IEEE} Computer Security Foundations
Workshop ({CSFW})",
publisher="{IEEE}",
year="2005",
pages="287--301")
@article(
NS06, Author="G.~Norman and V.~Shmatikov",
Title="Analysis of probabilistic contract signing",
Journal="J. Computer Security",
Year="2006",
Pages="561--589",
Volume="14",
Number="6")
@inproceedings(
nymble, author="P.~Johnson and A.~Kapadia and P.~Tsang and S.~Smith",
title="Nymble: anonymous {IP}-address blocking",
booktitle="Proc.\ {PET}",
year="2007")
@article(
S04, Author="V.~Shmatikov",
Title="Probabilistic model checking of an anonymity system",
Journal="J. Computer Security",
Year="2004",
Pages="355--377",
Volume="12",
Number="3-4")
@article(
SM02, author="V.~Shmatikov and J.C.~Mitchell",
title="Finite-state analysis of two contract signing protocols",
journal="Theoretical Computer Science",
volume=283, number="2",
pages="419-450",
year=2002)
@inproceedings(
SW-esorics06, author="V.~Shmatikov and M-H.~Wang",
Title="Timing analysis in low-latency mix networks:
attacks and defenses",
Booktitle="Proc.\ {ESORICS}",
Year="2006")
@inproceedings(
SW-fmse06, author="V.~Shmatikov and M-H.~Wang",
Title="Measuring relationship anonymity in mix networks",
Booktitle="Proc.\ {WPES}",
Year="2006")
@inproceedings(
torsk-attack, author="Q.~Wang and P.~Mittal and N.~Borisov",
title="In Search of an Anonymous and Secure Lookup:
Attacks on Peer-to-peer Anonymous Communication Systems",
booktitle="Proc.\ {CCS}",
year="2010")
@inproceedings( tsang-ccs07,
author="P.~Tsang and M.H.~Au and A.~Kapadia and S.~Smith",
title="Blacklistable anonymous credentials:
blocking misbehaving users without {TTPs}",
booktitle="Proc.\ {CCS}",
year="2007"
)
@inproceedings(
tsang-ccs08, author="P.~Tsang and M.H.~Au and A.~Kapadia and S.~Smith",
title="{PEREA}: Towards Practical {TTP}-Free Revocation in
Anonymous Authentication",
booktitle="Proc.\ {CCS}",
year="2008")
@article{ afk,
author = {Mart\'in Abadi and Joan Feigenbaum and Joe Kilian},
title = {On Hiding Information from an Oracle},
journal = {Journal of Computer and System Sciences},
volume = 39,
year = 1989,
pages = {21-50},
note = {Special issue of selected papers from the 1987
IEEE Conference on Structure in Complexity Theory}
},
@inproceedings{ bfl,
author = {Matt Blaze and Joan Feigenbaum and Jack Lacy},
title = {Decentralized Trust Management},
booktitle = {Proceedings of the 17th Symposium on Security and Privacy},
year = 1996,
pages = {164-173},
}
@inproceedings{ bfs,
author = {Matt Blaze and Joan Feigenbaum and Martin Strauss},
title = {Compliance Checking in the {PolicyMaker}
Trust Management System},
booktitle = {Proceedings of the 2nd Financial Crypto Conference},
year = 1998,
}
@article{ ff,
author = {Joan Feigenbaum and Lance Fortnow},
title = {Random-Self-Reducibility of Complete Sets},
journal = {SIAM Journal on Computing},
volume = 22,
year = 1993,
pages = {994-1005},
note = {Extended abstract appears in Proceedings of the
1991 IEEE Conference on Structure in Complexity Theory},
}
@article{ fksv,
author = {Joan Feigenbaum and Sampath Kannan and Martin Strauss
and Mahesh Viswanathan},
title = {An Approximate {L1}-Difference Algorithm for
Massive Data Streams},
journal = {SIAM Journal on Computing},
volume = 32,
year = 2002,
pages = {131--151},
note = {Extended abstract appears in Proceedings of the
1999 IEEE Symposium on Foundations of Computer Science},
}
@article{ fkmsz,
author = {Joan Feigenbaum and Sampath Kannan and Andrew McGregor
and Siddharth Suri and Jian Zhang},
title = {On Graph Problems in a Semi-Streaming Model},
journal = {Theoretical Computer Science},
volume = 348,
year = 2005,
pages = {207--216},
note = {Special issue of selected papers from the 2004 International
Colloquium on Automata, Languages, and Programming},
}
@article{ fps,
author = {Joan Feigenbaum and Christos Papadimitriou and Scott Shenker},
title = {Sharing the Cost of Multicast Transmissions},
journal = {Journal of Computer and System Sciences},
volume = 63,
year = 2001,
pages = {21--41},
note = {Preliminary version appears in Proceedings of the 2000
ACM Symposium on Theory of Computing},
}
@article{ fpss,
author = { Joan Feigenbaum and Christos Papadimitriou and Rahul Sami
and Scott Shenker},
title = {A {BGP}-based Mechanism for Lowest-Cost Routing},
journal = {Distributed Computing},
volume = 18,
year = 2005,
pages = {61--72},
note = {Special issue of selected papers from the 2002 ACM Symposium
on Principles of Distributed Computing},
}
@inproceedings{shoup00practical,
title={\href{https://link.springer.com/content/pdf/10.1007/3-540-45539-6_15.pdf}{Practical Threshold Signatures}},
author={Shoup, Victor},
booktitle={Eurocrypt},
month = may,
year={2000},
}
@book{stinson05crypto,
author = {Douglas R. Stinson},
title = {Cryptography: Theory and Practice},
year = {2005},
}
@inproceedings{guerraoui10next,
title={\href{http://www.vukolic.com/700-Eurosys.pdf}{The next 700 {BFT} protocols}},
author={Guerraoui, Rachid and Kne{\v{z}}evi{\'c}, Nikola and Qu{\'e}ma, Vivien and Vukoli{\'c}, Marko},
booktitle={5th European conference on Computer systems},
pages={363--376},
year={2010},
organization={ACM},
url={http://www.vukolic.com/700-Eurosys.pdf},
}
%V
@book{ vanderbei13linear,
author = {Robert J. Vanderbei},
title = {Linear Programming: Foundations and Extensions},
publisher = {Springer},
month = jul,
year = 2013,
isbn = {978-1461476290},
}