A Secure Sharding Protocol For Open Blockchains
24 Oct 2016-pp 17-30
TL;DR: ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries, and scalability experiments on Amazon EC2 with up to $1, 600$ nodes confirm ELASTICO's theoretical scaling properties.
Abstract: Cryptocurrencies, such as Bitcoin and 250 similar alt-coins, embody at their core a blockchain protocol --- a mechanism for a distributed network of computational nodes to periodically agree on a set of new transactions. Designing a secure blockchain protocol relies on an open challenge in security, that of designing a highly-scalable agreement protocol open to manipulation by byzantine or arbitrarily malicious nodes. Bitcoin's blockchain agreement protocol exhibits security, but does not scale: it processes 3--7 transactions per second at present, irrespective of the available computation capacity at hand. In this paper, we propose a new distributed agreement protocol for permission-less blockchains called ELASTICO. ELASTICO scales transaction rates almost linearly with available computation for mining: the more the computation power in the network, the higher the number of transaction blocks selected per unit time. ELASTICO is efficient in its network messages and tolerates byzantine adversaries of up to one-fourth of the total computational power. Technically, ELASTICO uniformly partitions or parallelizes the mining network (securely) into smaller committees, each of which processes a disjoint set of transactions (or "shards"). While sharding is common in non-byzantine settings, ELASTICO is the first candidate for a secure sharding protocol with presence of byzantine adversaries. Our scalability experiments on Amazon EC2 with up to $1, 600$ nodes confirm ELASTICO's theoretical scaling properties.
Citations
More filters
TL;DR: Numerical results indicate that the double auction mechanism can achieve social welfare maximization while protecting privacy of the PHEVs and security analysis shows that the proposed PETCON improves transaction security and privacy protection.
Abstract: We propose a localized peer-to-peer (P2P) electricity trading model for locally buying and selling electricity among plug-in hybrid electric vehicles (PHEVs) in smart grids Unlike traditional schemes, which transport electricity over long distances and through complex electricity transportation meshes, our proposed model achieves demand response by providing incentives to discharging PHEVs to balance local electricity demand out of their own self-interests However, since transaction security and privacy protection issues present serious challenges, we explore a promising consortium blockchain technology to improve transaction security without reliance on a trusted third party A localized P 2P E lectricity T rading system with CO nsortium blockchai N (PETCON) method is proposed to illustrate detailed operations of localized P2P electricity trading Moreover, the electricity pricing and the amount of traded electricity among PHEVs are solved by an iterative double auction mechanism to maximize social welfare in this electricity trading Security analysis shows that our proposed PETCON improves transaction security and privacy protection Numerical results based on a real map of Texas indicate that the double auction mechanism can achieve social welfare maximization while protecting privacy of the PHEVs
933 citations
Cites background from "A Secure Sharding Protocol For Open..."
...Once the authorized LAGs formation is complete and remains almost constant, the total time needed for reaching consensus of one new block is about 1 minute regardless of the network size [13]....
[...]
20 May 2018
TL;DR: OmniLedger ensures security and correctness by using a bias-resistant public-randomness protocol for choosing large, statistically representative shards that process transactions, and by introducing an efficient cross-shard commit protocol that atomically handles transactions affecting multiple shards.
Abstract: Designing a secure permissionless distributed ledger (blockchain) that performs on par with centralized payment processors, such as Visa, is a challenging task. Most existing distributed ledgers are unable to scale-out, i.e., to grow their total processing capacity with the number of validators; and those that do, compromise security or decentralization. We present OmniLedger, a novel scale-out distributed ledger that preserves longterm security under permissionless operation. It ensures security and correctness by using a bias-resistant public-randomness protocol for choosing large, statistically representative shards that process transactions, and by introducing an efficient cross-shard commit protocol that atomically handles transactions affecting multiple shards. OmniLedger also optimizes performance via parallel intra-shard transaction processing, ledger pruning via collectively-signed state blocks, and low-latency "trust-but-verify" validation for low-value transactions. An evaluation of our experimental prototype shows that OmniLedger’s throughput scales linearly in the number of active validators, supporting Visa-level workloads and beyond, while confirming typical transactions in under two seconds.
856 citations
TL;DR: This work exploits the consortium blockchain technology to propose a secure energy trading system named energy blockchain, which can be widely used in general scenarios of P2P energy trading getting rid of a trusted intermediary and a credit-based payment scheme to support fast and frequent energy trading.
Abstract: In industrial Internet of things (IIoT), peer-to-peer (P2P) energy trading ubiquitously takes place in various scenarios, e.g., microgrids, energy harvesting networks, and vehicle-to-grid networks. However, there are common security and privacy challenges caused by untrusted and nontransparent energy markets in these scenarios. To address the security challenges, we exploit the consortium blockchain technology to propose a secure energy trading system named energy blockchain. This energy blockchain can be widely used in general scenarios of P2P energy trading getting rid of a trusted intermediary. Besides, to reduce the transaction limitation resulted from transaction confirmation delays on the energy blockchain, we propose a credit-based payment scheme to support fast and frequent energy trading. An optimal pricing strategy using Stackelberg game for credit-based loans is also proposed. Security analysis and numerical results based on a real dataset illustrate that the proposed energy blockchain and credit-based payment scheme are secure and efficient in IIoT.
778 citations
Cites background from "A Secure Sharding Protocol For Open..."
...The total time needed for reaching consensus of a new block is stable regardless of the network size, when the authorized EAGs formation is complete and remains as a constant [18]....
[...]
TL;DR: This paper conducts a comprehensive evaluation of three major blockchain systems based on BLOCKBENCH, namely Ethereum, Parity, and Hyperledger Fabric, and discusses several research directions for bringing blockchain performance closer to the realm of databases.
Abstract: Blockchain technologies are gaining massive momentum in the last few years. Blockchains are distributed ledgers that enable parties who do not fully trust each other to maintain a set of global states. The parties agree on the existence, values, and histories of the states. As the technology landscape is expanding rapidly, it is both important and challenging to have a firm grasp of what the core technologies have to offer, especially with respect to their data processing capabilities. In this paper, we first survey the state of the art, focusing on private blockchains (in which parties are authenticated). We analyze both in-production and research systems in four dimensions: distributed ledger, cryptography, consensus protocol, and smart contract. We then present BLOCKBENCH, a benchmarking framework for understanding performance of private blockchains against data processing workloads. We conduct a comprehensive evaluation of three major blockchain systems based on BLOCKBENCH, namely Ethereum, Parity, and Hyperledger Fabric. The results demonstrate several trade-offs in the design space, as well as big performance gaps between blockchain and database systems. Drawing from design principles of database systems, we discuss several research directions for bringing blockchain performance closer to the realm of databases.
769 citations
Cites background from "A Secure Sharding Protocol For Open..."
...Other examples are Elastico [26] and Algorand [27] which improve PoW by randomly sampling a small set of nodes at each round....
[...]
...Byzcoin [61] and Elastico [26] propose novel, two-phase protocols that combine PoW and PBFT....
[...]
...Recent work [26] has demonstrated the feasibility of sharding the consensus protocol, making important steps towards partitioning the entire blockchain....
[...]
...Similar to Byzcoin and Elastico, Dfinity [43] and Algorand [27] select at each round a random set of nodes that can propose blocks....
[...]
...Threshold Relay Public Dfinity [43] proposes threshold relay in which nodes form random group based on a public verifiable random function (Byzcoin [61] and Elastico [26] adopt similar approaches)....
[...]
TL;DR: Although the feature of blockchain technologies may bring us more reliable and convenient services, the security issues and challenges behind this innovative technique is also an important topic that the authors need to concern.
Abstract: Blockchain technologies is one of the most popular issue in recent years, it has already changed people's lifestyle in some area due to its great influence on many business or industry, and what it can do will still continue cause impact in many places Although the feature of blockchain technologies may bring us more reliable and convenient services, the security issues and challenges behind this innovative technique is also an important topic that we need to concern
756 citations
Cites background from "A Secure Sharding Protocol For Open..."
...There still have many use case of blockchain technologies, like protection of Intellectual property, traceability in supply chain, identity certification, insurance, international payments, IOT, patient’s privacy in medical treatment or prediction market [14, 20]....
[...]
References
More filters
TL;DR: The double dixie cup problem was studied in this paper, where the expected number of dixie cups needed to be purchased before a complete set of n pictures is obtained was shown to be n(log n(m1) log log n+o(l)).
Abstract: The familiar childhood occupation of obtaining a complete set of pictures of baseball players, movie stars, etc., which appear on the covers of dixie cups raises some interesting questions. One, which has already been answered, is the "single dixie cup problem," that of determining the expected number, E(n), of dixie cups which must be purchased before a complete set of n pictures is obtained: E(n) = n(I + 1/2 + * * * + 1 /n) ( [1 ] p. 213). Some time ago W. Weissblum asked how long, on the average, it would take to obtain two complete sets of n pictures. This corresponds to the situation observed when two tots collect cooperatively, i.e., "trading" takes place. This "double dixie cup" problem cannot be handled by the same device used for the problem of the single set and in this paper we find a new method which allows us to write down the solution, Em(ln), (as an easily evaluated definite integral) for the problem of collecting m sets. For m fixed and n large the expected number of dixie cups turns out to be n(log n+(m1) loglog n+o(l)). Thus, although the first set "costs" n log n, all further sets cost n loglog n. Suppose m sets are desired. Let pi be the probability of failure of obtaining m sets up to and including the purchase of the ith dixie cup. Then the expected number of dixie cups Em(ln) = Z%=0 pi, by a well-known argument ([1] p. 211). Now pi= Ni/ni where Ni is the number of ways that the purchase of i dixie cups can fail to yield m copies of each of the n pictures in the set. If we represent the pictures by xi, * , xn, then Ni is simply (xi + * * * +xn)i expanded and evaluated at (1, . . ., 1) after all the terms have been removed which have each exponent for each variable larger than m -1. Now consider m fixed and introduce the following notation. If P(x1, . . . , x,,) is a polynomial or power series we define { P(xi, . . . , x,C) } to be the polynomial, or series, resulting when all terms having all exponents _ m have been removed. In terms of this notation pi is { (xi + * +x.) } /ni evaluated at x = *= -1. If we now make the definition
178 citations
23 Oct 2011
TL;DR: This paper describes the design, implementation, and evaluation of Scatter, a scalable and consistent distributed key-value storage system that adopts the highly decentralized and self-organizing structure of scalable peer-to-peer systems, while preserving linearizable consistency even under adverse circumstances.
Abstract: Distributed storage systems often trade off strong semantics for improved scalability. This paper describes the design, implementation, and evaluation of Scatter, a scalable and consistent distributed key-value storage system. Scatter adopts the highly decentralized and self-organizing structure of scalable peer-to-peer systems, while preserving linearizable consistency even under adverse circumstances. Our prototype implementation demonstrates that even with very short node lifetimes, it is possible to build a scalable and consistent system with practical performance.
164 citations
"A Secure Sharding Protocol For Open..." refers background or methods in this paper
...Our scalability experiments on Amazon EC2 with up to 1, 600 nodes confirm ELASTICO’s theoretical scaling properties....
[...]
...Each committee member then sends the signed value along with the signatures to the final committee (using the directory, again, to acquire the list of final committee members)....
[...]
Posted Content•
TL;DR: In this paper, the verifier's dilemma is used to incentivize correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify, where rational miners are well-incentivized to accept unvalidated blockchains.
Abstract: Cryptocurrencies like Bitcoin and the more recent Ethereum system allow users to specify scripts in transactions and contracts to support applications beyond simple cash transactions. In this work, we analyze the extent to which these systems can enforce the correct semantics of scripts. We show that when a script execution requires nontrivial computation effort, practical attacks exist which either waste miners’ computational resources or lead miners to accept incorrect script results. These attacks drive miners to an illfated choice, which we call the verifier’s dilemma, whereby rational miners are well-incentivized to accept unvalidated blockchains. We call the framework of computation through a scriptable cryptocurrency a consensus computer and develop a model that captures incentives for verifying computation in it. We propose a resolution to the verifier’s dilemma which incentivizes correct execution of certain applications, including outsourced computation, where scripts require minimal time to verify. Finally we discuss two distinct, practical implementations of our consensus computer in real cryptocurrency networks like Ethereum.
141 citations
Posted Content•
TL;DR: This paper proposes a new system, PeerCensus, which acts as a certification authority, manages peer identities in a peer-to-peer network, and ultimately enhances Bitcoin and similar systems with strong consistency.
Abstract: The Bitcoin system only provides eventual consistency. For everyday life, the time to confirm a Bitcoin transaction is prohibitively slow. In this paper we propose a new system, built on the Bitcoin blockchain, which enables strong consistency. Our system, PeerCensus, acts as a certification authority, manages peer identities in a peer-to-peer network, and ultimately enhances Bitcoin and similar systems with strong consistency. Our extensive analysis shows that PeerCensus is in a secure state with high probability. We also show how Discoin, a Bitcoin variant that decouples block creation and transaction confirmation, can be built on top of PeerCensus, enabling real-time payments. Unlike Bitcoin, once transactions in Discoin are committed, they stay committed.
136 citations
TL;DR: It is shown that, in the absence of eavesdropping, without using cryptography, for any ε > 0 and t = n, there is a randomized protocol with O(log) expected number of rounds, which is an improvement on the lower bound of t + 1 rounds required for deterministic protocols.
Abstract: Byzantine Generals protocols enable processes to broadcast messages reliably in the presence of faulty processes. These protocols are run in a system that consists of n processes, t of which are faulty. The protocols are conducted in synchronous rounds of message exchange. It is shown that, in the absence of eavesdropping, without using cryptography, for any e > 0 and t = n/(3 + e), there is a randomized protocol with O(log n) expected number of rounds. If cryptographic methods are allowed, then, for e > 0 and t = n/(2 + e), there is a randomized protocol with O(log n) expected number of rounds. This is an improvement on the lower bound of t + 1 rounds required for deterministic protocols, and on a previous result of t/log n expected number of rounds for randomized noncryptographic protocols.
128 citations