SlideShare a Scribd company logo

SCP: A Computationally Scalable Byzantine Consensus Protocol

Y
YongraeJo

SCP is a computationally scalable Byzantine consensus protocol that uses committees to achieve scalability. It partitions users into multiple committees, with each committee running a traditional BFT consensus protocol in parallel. This allows throughput to scale with increased computational power. SCP combines proof-of-work for identity generation and committee assignment with message passing-based BFT within committees. Evaluation shows SCP scales computationally with increased cores and has lower bandwidth consumption than Bitcoin.

Technology
1 of 36
Download to read offline
SCP: A Computationally-Scalable Byzantine Consensus Protocol For Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena School of Computing, National University of Singapore IACR Cryptology ePrint Archive 2015 Yongrae Jo (20172938)
Traditional BFT is Not scalable : Heavy message passing based consensus → Network bandwidth quickly exhausted → Communication efficient protocol
Breakthroughs in BFT Oral Message Algorithm (1982) O(N^f) Fast distributed agreement (1985) O(N^3) or O(Nf^2) PBFT (1999) O(N^2) Randomized BA (2013) O(N polylog(N)) Exponential Polynomial (cubic) Quadratic Sub-linear
My previous seminar(Algorand)
My previous seminar(Algorand) Computation based consensus Message passing based consensus
Computation based consensus ● Reaching consensus via (heavy) computation rather than communication(e.g. PoW) ● Computationally scalable – As the computation power increases in the network, throughput increases as well – Bitcoin is not computationally scalable ● More computing power doesn’t increase its throughput ● SCP is an attempt to find computationally scalable consensus algorithm while keeping the advantages of message passing based consensus
Finding the sweet spot Sweet Spot More Computation More Message passing CPU power Slow Scalable Secure Network bandwidth Fast Not scalable Not secure(in open network)
SCP in a Nutshell PoW Subset Committee Protocol (or Scalable Consensus Protocol) ● Generating identities ● Forming committees ● Shared public randomness ● Prevent sybil attack BFT ● Reaching consensus on a value in normal committee or a block in final committee ● Parallel consensus via committee C1 C2 C3 (Final committee) ● Each committee runs traditional BFT. ● Integrated into single ordered blockchain in final committee Run BFT C4 Stellar Consensus Protocol?
Subset Committee Problem (1) ● Problem Definition: Subset Consensus – Agreement over a subset of transactions – Description ● Assumption – Let there be n identity-less processors, f(< n/3) of which are controlled by a byzantine adversary – Each processor has integer input(x), output(y) and constraint function(mapped to 0 or 1) ● Then, the following condition holds.(next slide)
Subset Committee Problem (2) P1 P2 P3 P4 x1 x2 x3 x4 y1 y2 y3 y4 Subset Consensus Protocol 0 or 1 0 or 1 0 or 1 0 or 1 X Constraint Func. y1 = y2 = y3 = y4 (with prob. p)
SCP Protocol Protocol proceeds in epoch. In each epoch, following steps executed Step1. Committee Formation Step2. Committee Overlay Joins Step3. Intra-committee consensus Step4. Final Consensus Broadcast Step5. Generating Shared Randomness
Committee Formation (1) ● Establish processor’s (virtual) identity via local computation – Generating (IP addr / Public Key / Private Key) – Broadcast (IP addr, Public Key) ● Establish committee – Committee that the processor participates in a epoch – Allocate the identity to random committee via PoW Step 1
Committee Formation (2) 0 0 0 0 0 0 1 1 0 10 0 0 000000...1111 s-bits# of leading zeros Public Key IP Addr. Shared random seed Committee Identity PoW Solution Broadcast (IP, PK, nonce, s-bits) 2s = # of committee SHA256 Step 1
Committee Overlay Join (1) ● Once identities and their committees are established, committee members need a way to establish point-to- point connections with their committee peers ● Directory committee – The first c identities created in the network – All subsequent identities created will contact the directory members to announce their committee membership – Keeps track of the committee membership – When their list for a committee reaches size c, they multicast it to all members of that committee Step 2
Committee Overlay Join (2) Established first c identities 1 Broadcast channel Established Point to Point Channel 2 When new identity is generated, it firstly contacts directory committee 3 Contact When c/2 + 1 messages are received, It accepts the member lists of the committee which it belongs to 4 Receive member list Step 2 First c identities forms directory committee
Intra-committee Consensus (1) ● Runs traditional BFT to agree on a value ● After reaching consensus on a value, send that value to final committee – O(c2) ● Partitioned transactions(values) into independent set for parallelism ● (There was no description on how to partition transactions into independent committee and end-to- end message flow on client’s request) → Let’s assume :) Step 3
Intra-committee Consensus (2) C1 C2 C3 Run BFT C4 Run BFT Run BFT Run BFT Step 3 Each committee runs BFT protocol → O(c2 )
Final Consensus Broadcast (1) ● Merge the results of committees – Set union of all inputs – Create a cryptographic digest (a digital signature) of the final agreed result ● Run the same intra-committee algorithm(BFT) to get verifiable result by at least c/2 + 1 Step 4
Final Consensus Broadcast (2) C1 C2 C3 Run BFT C4 (final committee) Run BFT Run BFT Step 4 Each committee member runs BFT protocol (sames previous intra-committee consensus)
Final Consensus Broadcast (3) C1 C2 C3 C4 (final committee) v1 v2 v3 Step 4 All normal committee members multicast agreed value to members in final committee → O(nc)
Final Consensus Broadcast (4) C1 C2 C3 C4 (final committee) Run BFT Step 4 Final committee runs BFT to check that its members get the same values from normal committee
Final Consensus Broadcast (5) C1 C2 C3 C4 (final committee) Agreed result Agreed result Agreed result Step 4
Generating Shared Randomness (1) ● Final committee generates a set of random strings for PoW in the next epoch ● Two rounds of communication – First round ● Each member of the final committee chooses a random string u consisting of r random bits and broadcasts a hash H(u) to everyone. This serves as a commitment to the random string. – Second round ● Each member of the final committee broadcasts a message containing the random string u itself to everyone ● Users XORs the set of valid random strings received Step 5
Generating Shared Randomness (2) C1 C2 C3 C4 (final committee) H(u1 ), ... H(uc ) H(u): Hash of random string u First Round Send broadcast commitment first H(u1 ), ... H(uc ) H(u1 ), ... H(uc ) Step 5
Generating Shared Randomness (3) C1 C2 C3 C4 (final committee) u1 ...uc H(u): Hash of random string u Second Round Broadcast random string u u1 ...uc u1 ... uc Step 5
Generating Shared Randomness (4) C1 C2 C3 C4 (final committee) Each user XORs over u1 ...uc to get shared random string for random seed for PoW in the next epoch u1 …⊕ ⊕uc u1 …⊕ ⊕uc u1 …⊕ ⊕uc u1 …⊕ ⊕ uc Step 5
In a given epoch, for each committee, we refer to the frst c identities that broadcast a valid proof-of-work for this committee as the members of this committee. (If more than one proof-of-work is broadcasted during the same round, they are ordered lexicographically, and the smallest one is picked.) Security Analysis Defnition 1 (Committee) We say that an epoch has good randomness if: (1) every user has a publically random string of r bits, verifably generated in the previous epoch, with at least r−c/2 bits of entropy, and (2) no user has access to such a verifable random string more than two communication rounds prior to the beginning of the epoch Defnition 2 (Good randomness)
Security Analysis In every epoch with good randomness, for every integer n’ among the frst n’ identities created, at most n’/2 are controlled by the adversary, with probability at least 1 − e(−27n’ /160) Lemma 3 (Good Majority) In every epoch with good randomness, for each committee, at least c/2 + 1 committee members will be honest with probability at least 1−e(−27c/160) . Moreover, the probability of generating c/2 + 1 malicious identities by the end of the epoch is also exponentially small. Lemma 4 (Committees Good)
Security Analysis In every epoch with good randomness, if the directory size is d, then for each committee, with probability at least 1 − e−27c/160 , all honest committee members will correctly adopt the (same) member list for the committee. Lemma 5 (Consistent Committees) In every epoch with good randomness, the honest members agree on a unique value with at least c/2+1 signatures, with probability at least 1− e (−27c/116) Lemma 6 (Consensus)
Security Analysis In every epoch with good randomness, the fnal committee its honest members will broadcast a combined value (from values from other committees) which has at least c/2 + 1 signatures, with probability at least 1 − 2s · (e−27c/160 ). → Termination of protocol(Liveness) Lemma 7 (Final Committee) In every epoch with good randomness, with probability at least 1 − e (−27c/160) : at the end of the epoch every user computes a random string of r bits that: (a) contains at least r −c/2 bits of entropy, and (b) can be verifed as validly generated in that epoch. Moreover, no user knows any of the random strings until at least two rounds prior to the end of the epoch. That is, if epoch e has good randomness, then epoch e+1 also has good randomness. Lemma 8 (Good Randomness)
SCP Blockchain Implementation ● Two layers of Blockchain – Two types of Block ● Consensus block (proposed by final committee) ● Data block (proposed by normal committee) Separating consensus data and transaction data Lazy broadcast Used in consensus protocol Immediate broadcast
Evaluation (Configuration) ● Local network ● SCP by modifying existing Bitcoin client code ● Authenticated BFT protocol for intra-committee consensus ● Committee size(c) = 50 ● 10 / 20 / 40 / 80 CPU cores ● (not known computer hardware spec and # of computer) Bitcoin SCP ● Amazon EC2 platform ● Nakamoto consensus ● Deploy instances in different geographical regions ● 20 / 40 / 80 CPU cores ● (not known # of instances and types of instances)
Evaluation (Computational Scalability) SCP is more computationally scalable Epoch time: 1 minute Block rate remains almost constant regardless of computation power in the network BitcoinBitcoin SCP (more computing power --> more identity, more committee --> more parallel)
Evaluation (Bandwidth consumption)
Conclusion ● SCP is committee based consensus, which partitions users into several committees to achieve scalability and parallelization ● By combining computation based consensus(PoW) and message passing based consensus(BFT), SCP finds sweet spot between the two.
Thanks

Recommended

Viral classification and Types of Replication in virus
Viral classification and Types of Replication in virus Viral classification and Types of Replication in virus
Viral classification and Types of Replication in virus Rakshith K, DVM
 
AWS Black Belt Tech シリーズ 2015 - AWS WAF
AWS Black Belt Tech シリーズ 2015 - AWS WAFAWS Black Belt Tech シリーズ 2015 - AWS WAF
AWS Black Belt Tech シリーズ 2015 - AWS WAFAmazon Web Services Japan
 
FastBFT
FastBFTFastBFT
FastBFTYongraeJo
 
Distributed Video Streaming over Internet
Distributed Video Streaming over InternetDistributed Video Streaming over Internet
Distributed Video Streaming over InternetVideoguy
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Ashutosh Jaiswal
 
Real time-embedded-system-lec-06
Real time-embedded-system-lec-06Real time-embedded-system-lec-06
Real time-embedded-system-lec-06University of Computer Science and Technology
 
What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docxajoy21
 
Chapter 2.1.1.pptx
Chapter 2.1.1.pptxChapter 2.1.1.pptx
Chapter 2.1.1.pptxbotAlert
 

Recommended

Viral classification and Types of Replication in virus
Viral classification and Types of Replication in virus Viral classification and Types of Replication in virus
Viral classification and Types of Replication in virus Rakshith K, DVM
 
AWS Black Belt Tech シリーズ 2015 - AWS WAF
AWS Black Belt Tech シリーズ 2015 - AWS WAFAWS Black Belt Tech シリーズ 2015 - AWS WAF
AWS Black Belt Tech シリーズ 2015 - AWS WAFAmazon Web Services Japan
 
FastBFT
FastBFTFastBFT
FastBFTYongraeJo
 
Distributed Video Streaming over Internet
Distributed Video Streaming over InternetDistributed Video Streaming over Internet
Distributed Video Streaming over InternetVideoguy
 
Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Flexible Symmetric Global Snapshot
Flexible Symmetric Global Snapshot Ashutosh Jaiswal
 
Real time-embedded-system-lec-06
Real time-embedded-system-lec-06Real time-embedded-system-lec-06
Real time-embedded-system-lec-06University of Computer Science and Technology
 
What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docx What are the specific ICMP errors that are generated during a tracero.docx
What are the specific ICMP errors that are generated during a tracero.docxajoy21
 
Chapter 2.1.1.pptx
Chapter 2.1.1.pptxChapter 2.1.1.pptx
Chapter 2.1.1.pptxbotAlert
 
Scaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan BonehScaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan Bonehr1tretyakov
 
spins
spinsspins
spinsbhumikashah22111990
 
Dynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devicesDynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devicesRoger Gomes
 
Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)Ammar Shafiq
 
Osi model
Osi modelOsi model
Osi modelAnuj Kumar
 
Framing Protocols
Framing ProtocolsFraming Protocols
Framing Protocolsselvakumar_b1985
 
Distributed System
Distributed SystemDistributed System
Distributed SystemPraveen Penumathsa
 
Week15 lec1
Week15 lec1Week15 lec1
Week15 lec1syedhaiderraza
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing timeDeepak John
 
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptxNibrasulIslam
 
COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3MrMRajaCSESTAFF
 
Lte imp
Lte impLte imp
Lte impPrashant Sengar
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Praveen Joshi
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms상문 오
 
Computer network (13)
Computer network (13)Computer network (13)
Computer network (13)NYversity
 
TCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer NetworkTCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer NetworkSwarajSonavane
 
Os3
Os3Os3
Os3issbp
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsMabelOza12
 
AGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETsAGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETsIDES Editor
 
Zeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptxZeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptxYongraeJo
 
basil.pptx
basil.pptxbasil.pptx
basil.pptxYongraeJo
 

More Related Content

Similar to SCP: A Computationally Scalable Byzantine Consensus Protocol

Scaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan BonehScaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan Bonehr1tretyakov
 
Dynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devicesDynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devicesRoger Gomes
 
Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)Ammar Shafiq
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing timeDeepak John
 
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptxNibrasulIslam
 
COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3MrMRajaCSESTAFF
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Praveen Joshi
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms상문 오
 
Computer network (13)
Computer network (13)Computer network (13)
Computer network (13)NYversity
 
TCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer NetworkTCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer NetworkSwarajSonavane
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsMabelOza12
 
AGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETsAGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETsIDES Editor
 

Similar to SCP: A Computationally Scalable Byzantine Consensus Protocol (20)

Scaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan BonehScaling blockchain poart II: Rollups by Dan Boneh
Scaling blockchain poart II: Rollups by Dan Boneh
 
spins
spinsspins
spins
 
Dynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devicesDynamic time warping and PIC 16F676 for control of devices
Dynamic time warping and PIC 16F676 for control of devices
 
Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)Skr+3200+chapter+3+(kweh)
Skr+3200+chapter+3+(kweh)
 
Osi model
Osi modelOsi model
Osi model
 
Framing Protocols
Framing ProtocolsFraming Protocols
Framing Protocols
 
Distributed System
Distributed SystemDistributed System
Distributed System
 
Week15 lec1
Week15 lec1Week15 lec1
Week15 lec1
 
Distributed computing time
Distributed computing timeDistributed computing time
Distributed computing time
 
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
15_NEW-2020-ATTENTION-ENC-DEC-TRANSFORMERS-Lect15.pptx
 
COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3COmputer Networks Andrew tanenbaum CHAPTER 3
COmputer Networks Andrew tanenbaum CHAPTER 3
 
Lte imp
Lte impLte imp
Lte imp
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
 
Detailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocolsDetailed cryptographic analysis of contact tracing protocols
Detailed cryptographic analysis of contact tracing protocols
 
Basic Consensus Algorithms
Basic Consensus AlgorithmsBasic Consensus Algorithms
Basic Consensus Algorithms
 
Computer network (13)
Computer network (13)Computer network (13)
Computer network (13)
 
TCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer NetworkTCP vs UDP in OSI model Computer Network
TCP vs UDP in OSI model Computer Network
 
Os3
Os3Os3
Os3
 
Hyperledger Consensus Algorithms
Hyperledger Consensus AlgorithmsHyperledger Consensus Algorithms
Hyperledger Consensus Algorithms
 
AGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETsAGPM: An Authenticated Secure Group Communication Protocol for MANETs
AGPM: An Authenticated Secure Group Communication Protocol for MANETs
 

More from YongraeJo

Zeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptxZeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptxYongraeJo
 
blockchain-and-trusted-computing
blockchain-and-trusted-computingblockchain-and-trusted-computing
blockchain-and-trusted-computingYongraeJo
 
Blockchain meets database
Blockchain meets databaseBlockchain meets database
Blockchain meets databaseYongraeJo
 
Byzantine ordered consensus
Byzantine ordered consensusByzantine ordered consensus
Byzantine ordered consensusYongraeJo
 
BlockLot: Blockchain-based verifiable lottery
BlockLot: Blockchain-based verifiable lotteryBlockLot: Blockchain-based verifiable lottery
BlockLot: Blockchain-based verifiable lotteryYongraeJo
 
Simple robot pets with three emotions (uC/OS III)
Simple robot pets with three emotions (uC/OS III)Simple robot pets with three emotions (uC/OS III)
Simple robot pets with three emotions (uC/OS III)YongraeJo
 
Honeybadger of BFT Protocols
Honeybadger of BFT ProtocolsHoneybadger of BFT Protocols
Honeybadger of BFT ProtocolsYongraeJo
 
Practical Byzantine Fault Tolernace
Practical Byzantine Fault TolernacePractical Byzantine Fault Tolernace
Practical Byzantine Fault TolernaceYongraeJo
 
Making BFT Protocols Really Adaptive
Making BFT Protocols Really AdaptiveMaking BFT Protocols Really Adaptive
Making BFT Protocols Really AdaptiveYongraeJo
 

More from YongraeJo (20)

Zeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptxZeus Locality aware distributed transaction upload.pptx
Zeus Locality aware distributed transaction upload.pptx
 
basil.pptx
basil.pptxbasil.pptx
basil.pptx
 
HotStuff
HotStuff HotStuff
HotStuff
 
Fbft
FbftFbft
Fbft
 
blockchain-and-trusted-computing
blockchain-and-trusted-computingblockchain-and-trusted-computing
blockchain-and-trusted-computing
 
Blockchain meets database
Blockchain meets databaseBlockchain meets database
Blockchain meets database
 
Beat
BeatBeat
Beat
 
Byzantine ordered consensus
Byzantine ordered consensusByzantine ordered consensus
Byzantine ordered consensus
 
Stellar
StellarStellar
Stellar
 
Ledgerdb
LedgerdbLedgerdb
Ledgerdb
 
Blockene
BlockeneBlockene
Blockene
 
BlockLot: Blockchain-based verifiable lottery
BlockLot: Blockchain-based verifiable lotteryBlockLot: Blockchain-based verifiable lottery
BlockLot: Blockchain-based verifiable lottery
 
Simple robot pets with three emotions (uC/OS III)
Simple robot pets with three emotions (uC/OS III)Simple robot pets with three emotions (uC/OS III)
Simple robot pets with three emotions (uC/OS III)
 
FlexSC
FlexSCFlexSC
FlexSC
 
Honeybadger of BFT Protocols
Honeybadger of BFT ProtocolsHoneybadger of BFT Protocols
Honeybadger of BFT Protocols
 
Cheapbft
Cheapbft Cheapbft
Cheapbft
 
Practical Byzantine Fault Tolernace
Practical Byzantine Fault TolernacePractical Byzantine Fault Tolernace
Practical Byzantine Fault Tolernace
 
Making BFT Protocols Really Adaptive
Making BFT Protocols Really AdaptiveMaking BFT Protocols Really Adaptive
Making BFT Protocols Really Adaptive
 
Pileus
PileusPileus
Pileus
 
Vft
VftVft
Vft
 

Recently uploaded

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 

Recently uploaded (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 

SCP: A Computationally Scalable Byzantine Consensus Protocol

  • 1. SCP: A Computationally-Scalable Byzantine Consensus Protocol For Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek Saxena School of Computing, National University of Singapore IACR Cryptology ePrint Archive 2015 Yongrae Jo (20172938)
  • 2. Traditional BFT is Not scalable : Heavy message passing based consensus → Network bandwidth quickly exhausted → Communication efficient protocol
  • 3. Breakthroughs in BFT Oral Message Algorithm (1982) O(N^f) Fast distributed agreement (1985) O(N^3) or O(Nf^2) PBFT (1999) O(N^2) Randomized BA (2013) O(N polylog(N)) Exponential Polynomial (cubic) Quadratic Sub-linear
  • 5. My previous seminar(Algorand) Computation based consensus Message passing based consensus
  • 6. Computation based consensus ● Reaching consensus via (heavy) computation rather than communication(e.g. PoW) ● Computationally scalable – As the computation power increases in the network, throughput increases as well – Bitcoin is not computationally scalable ● More computing power doesn’t increase its throughput ● SCP is an attempt to find computationally scalable consensus algorithm while keeping the advantages of message passing based consensus
  • 7. Finding the sweet spot Sweet Spot More Computation More Message passing CPU power Slow Scalable Secure Network bandwidth Fast Not scalable Not secure(in open network)
  • 8. SCP in a Nutshell PoW Subset Committee Protocol (or Scalable Consensus Protocol) ● Generating identities ● Forming committees ● Shared public randomness ● Prevent sybil attack BFT ● Reaching consensus on a value in normal committee or a block in final committee ● Parallel consensus via committee C1 C2 C3 (Final committee) ● Each committee runs traditional BFT. ● Integrated into single ordered blockchain in final committee Run BFT C4 Stellar Consensus Protocol?
  • 9. Subset Committee Problem (1) ● Problem Definition: Subset Consensus – Agreement over a subset of transactions – Description ● Assumption – Let there be n identity-less processors, f(< n/3) of which are controlled by a byzantine adversary – Each processor has integer input(x), output(y) and constraint function(mapped to 0 or 1) ● Then, the following condition holds.(next slide)
  • 10. Subset Committee Problem (2) P1 P2 P3 P4 x1 x2 x3 x4 y1 y2 y3 y4 Subset Consensus Protocol 0 or 1 0 or 1 0 or 1 0 or 1 X Constraint Func. y1 = y2 = y3 = y4 (with prob. p)
  • 11. SCP Protocol Protocol proceeds in epoch. In each epoch, following steps executed Step1. Committee Formation Step2. Committee Overlay Joins Step3. Intra-committee consensus Step4. Final Consensus Broadcast Step5. Generating Shared Randomness
  • 12. Committee Formation (1) ● Establish processor’s (virtual) identity via local computation – Generating (IP addr / Public Key / Private Key) – Broadcast (IP addr, Public Key) ● Establish committee – Committee that the processor participates in a epoch – Allocate the identity to random committee via PoW Step 1
  • 13. Committee Formation (2) 0 0 0 0 0 0 1 1 0 10 0 0 000000...1111 s-bits# of leading zeros Public Key IP Addr. Shared random seed Committee Identity PoW Solution Broadcast (IP, PK, nonce, s-bits) 2s = # of committee SHA256 Step 1
  • 14. Committee Overlay Join (1) ● Once identities and their committees are established, committee members need a way to establish point-to- point connections with their committee peers ● Directory committee – The first c identities created in the network – All subsequent identities created will contact the directory members to announce their committee membership – Keeps track of the committee membership – When their list for a committee reaches size c, they multicast it to all members of that committee Step 2
  • 15. Committee Overlay Join (2) Established first c identities 1 Broadcast channel Established Point to Point Channel 2 When new identity is generated, it firstly contacts directory committee 3 Contact When c/2 + 1 messages are received, It accepts the member lists of the committee which it belongs to 4 Receive member list Step 2 First c identities forms directory committee
  • 16. Intra-committee Consensus (1) ● Runs traditional BFT to agree on a value ● After reaching consensus on a value, send that value to final committee – O(c2) ● Partitioned transactions(values) into independent set for parallelism ● (There was no description on how to partition transactions into independent committee and end-to- end message flow on client’s request) → Let’s assume :) Step 3
  • 18. Final Consensus Broadcast (1) ● Merge the results of committees – Set union of all inputs – Create a cryptographic digest (a digital signature) of the final agreed result ● Run the same intra-committee algorithm(BFT) to get verifiable result by at least c/2 + 1 Step 4
  • 19. Final Consensus Broadcast (2) C1 C2 C3 Run BFT C4 (final committee) Run BFT Run BFT Step 4 Each committee member runs BFT protocol (sames previous intra-committee consensus)
  • 20. Final Consensus Broadcast (3) C1 C2 C3 C4 (final committee) v1 v2 v3 Step 4 All normal committee members multicast agreed value to members in final committee → O(nc)
  • 21. Final Consensus Broadcast (4) C1 C2 C3 C4 (final committee) Run BFT Step 4 Final committee runs BFT to check that its members get the same values from normal committee
  • 22. Final Consensus Broadcast (5) C1 C2 C3 C4 (final committee) Agreed result Agreed result Agreed result Step 4
  • 23. Generating Shared Randomness (1) ● Final committee generates a set of random strings for PoW in the next epoch ● Two rounds of communication – First round ● Each member of the final committee chooses a random string u consisting of r random bits and broadcasts a hash H(u) to everyone. This serves as a commitment to the random string. – Second round ● Each member of the final committee broadcasts a message containing the random string u itself to everyone ● Users XORs the set of valid random strings received Step 5
  • 24. Generating Shared Randomness (2) C1 C2 C3 C4 (final committee) H(u1 ), ... H(uc ) H(u): Hash of random string u First Round Send broadcast commitment first H(u1 ), ... H(uc ) H(u1 ), ... H(uc ) Step 5
  • 25. Generating Shared Randomness (3) C1 C2 C3 C4 (final committee) u1 ...uc H(u): Hash of random string u Second Round Broadcast random string u u1 ...uc u1 ... uc Step 5
  • 26. Generating Shared Randomness (4) C1 C2 C3 C4 (final committee) Each user XORs over u1 ...uc to get shared random string for random seed for PoW in the next epoch u1 …⊕ ⊕uc u1 …⊕ ⊕uc u1 …⊕ ⊕uc u1 …⊕ ⊕ uc Step 5
  • 27. In a given epoch, for each committee, we refer to the frst c identities that broadcast a valid proof-of-work for this committee as the members of this committee. (If more than one proof-of-work is broadcasted during the same round, they are ordered lexicographically, and the smallest one is picked.) Security Analysis Defnition 1 (Committee) We say that an epoch has good randomness if: (1) every user has a publically random string of r bits, verifably generated in the previous epoch, with at least r−c/2 bits of entropy, and (2) no user has access to such a verifable random string more than two communication rounds prior to the beginning of the epoch Defnition 2 (Good randomness)
  • 28. Security Analysis In every epoch with good randomness, for every integer n’ among the frst n’ identities created, at most n’/2 are controlled by the adversary, with probability at least 1 − e(−27n’ /160) Lemma 3 (Good Majority) In every epoch with good randomness, for each committee, at least c/2 + 1 committee members will be honest with probability at least 1−e(−27c/160) . Moreover, the probability of generating c/2 + 1 malicious identities by the end of the epoch is also exponentially small. Lemma 4 (Committees Good)
  • 29. Security Analysis In every epoch with good randomness, if the directory size is d, then for each committee, with probability at least 1 − e−27c/160 , all honest committee members will correctly adopt the (same) member list for the committee. Lemma 5 (Consistent Committees) In every epoch with good randomness, the honest members agree on a unique value with at least c/2+1 signatures, with probability at least 1− e (−27c/116) Lemma 6 (Consensus)
  • 30. Security Analysis In every epoch with good randomness, the fnal committee its honest members will broadcast a combined value (from values from other committees) which has at least c/2 + 1 signatures, with probability at least 1 − 2s · (e−27c/160 ). → Termination of protocol(Liveness) Lemma 7 (Final Committee) In every epoch with good randomness, with probability at least 1 − e (−27c/160) : at the end of the epoch every user computes a random string of r bits that: (a) contains at least r −c/2 bits of entropy, and (b) can be verifed as validly generated in that epoch. Moreover, no user knows any of the random strings until at least two rounds prior to the end of the epoch. That is, if epoch e has good randomness, then epoch e+1 also has good randomness. Lemma 8 (Good Randomness)
  • 31. SCP Blockchain Implementation ● Two layers of Blockchain – Two types of Block ● Consensus block (proposed by final committee) ● Data block (proposed by normal committee) Separating consensus data and transaction data Lazy broadcast Used in consensus protocol Immediate broadcast
  • 32. Evaluation (Configuration) ● Local network ● SCP by modifying existing Bitcoin client code ● Authenticated BFT protocol for intra-committee consensus ● Committee size(c) = 50 ● 10 / 20 / 40 / 80 CPU cores ● (not known computer hardware spec and # of computer) Bitcoin SCP ● Amazon EC2 platform ● Nakamoto consensus ● Deploy instances in different geographical regions ● 20 / 40 / 80 CPU cores ● (not known # of instances and types of instances)
  • 33. Evaluation (Computational Scalability) SCP is more computationally scalable Epoch time: 1 minute Block rate remains almost constant regardless of computation power in the network BitcoinBitcoin SCP (more computing power --> more identity, more committee --> more parallel)
  • 35. Conclusion ● SCP is committee based consensus, which partitions users into several committees to achieve scalability and parallelization ● By combining computation based consensus(PoW) and message passing based consensus(BFT), SCP finds sweet spot between the two.