Presentation on how to chat with PDF using ChatGPT code interpreter
Stellar
1. Yongrae Jo
Pohang University of Science and Technology
System Software Laboratory
Fast and secure global payments with
Stellar
Marta Lokhava, Giuliano Losa*, David Mazières, Graydon Hoare, Nicolas Barry, Eli Gafni†,
Jonathan Jove, Rafał Malinowsky, and Jed McCaleb, Stellar Development Foundation
SOSP'19
5. 5
Traditional Byzantine Agreement System : Limitations
Closed Membership
• i.e., fixed set of nodes
Fixed Quorum
• i.e., 2f+1 of specific nodes
Fixed & Symmetric trust
• i.e., all nodes are equally trusted
6. 6
Federated Byzantine Agreement System
Open Membership
• i.e., flexible set of nodes; freely join/leave
Flexible Quorum
• i.e., a user-defined quorum to guarantee transaction finality
Flexible & Asymmetric trust
• i.e., certain nodes are more trusted
7. 7
Federated Byzantine Agreement System
Nodes exchange messages asserting statements about slots
When a node hears a sufficient set of nodes assert a
statement, it assumes no node will ever contradict that
statement
Slots
Statement (Tx)
n n+1
n-1
n-2
Update
(Federated) Consensus
(Irreversible)
Externalized
value
(ledger entry)
8. 8
Federated Byzantine Agreement System (FBAS)
V = {A,B,C,D}
{A}, {B}, {C}, {D}
{A,B}, {A,C}, {A,D}, {B,C}, {B,D}, {C,D}
{A,B,C}, {A,B,D}, {A,C,D}, {B,C,D}, {A,B,C,D}
{{A,B,C}}, {{A,B,C}, {A,B,D}} , {{A,B}, {B,C}}, …
𝟐𝟐𝑽
𝟐𝑽
Quorum Slices
Quorum
9. 9
Byzantine Agreement vs. Federated Byzantine Agreement
A B
C D
A B
C D
A’s quorum slice = {A,C,D}
B’s quorum slice = {B,D}
C’s quorum slice = {B,C,D}
D’s quorum slice = {A,D}
A’s quorum slice = {A,B,C,D}
B’s quorum slice = {A,B,C,D}
C’s quorum slice = {A,B,C,D}
D’s quorum slice = {A,B,C,D}
Traditional Byzantine Agreement Federated Byzantine Agreement
A B : A requires agreement with B
Generalize
10. 10
Quorum Slice
Enabling each node v to choose its own quorum slice set Q(v)
Nodes may select slices based on arbitrary criteria
• e.g., reputation or financial arrangements
An individual node need not know all nodes in the system, yet
consensus should still be possible
All nodes specify their quorum slices in their message
13. 13
Safety & Liveness: Fault Model
Nodes : well-behaved vs. ill-behaved
• A well-behaved node chooses sensible quorum slices and obeys
the protocol
• An ill-behaved node does not
14. 14
Safety & Liveness: Safety & Liveness
Nodes : well-behaved vs. ill-behaved
• A well-behaved node chooses sensible quorum slices and obeys
the protocol
• An ill-behaved node does not
Safety
Liveness
A set of nodes in an FBAS enjoy safety if
no two of them ever externalize different
values for the same slot.
Nodes that enjoy both
safety and liveness
A node in an FBAS enjoys liveness if it can
externalize new values without the
participation of any failed (including
ill-behaved) nodes.
Nodes that are not correct
15. 15
Safety & Liveness: Quorum Intersection
No protocol can guarantee safety in the absence of quorum intersection
17. 17
Concepts: Inter-twined, Intact Set, v-Blocking Set
Inter-twined (v1, v2)
• Every quorum of v1 intersects every quorum of v2 in at least one
non-faulty node
Intact Set, I
• A set of inter-twined nodes, even if every node outside of I is
faulty
v-blocking set
• A set of nodes that intersects every slice of v
18. 18
Federated Voting
From a node’s perspective, a statement goes through the following sequences
Statement a
Safety guarantee: no two members of an intertwined set confirm contradictory stat
ements
Liveness guarantee: an intact set whose members all vote the same way
19. 19
Stellar Consensus Protocol (SCP)
Quorum-based Byzantine agreement protocol with open
membership
• Nodes only recognize quorums to which they belong themselves
Tolerates heterogeneous views
• nodes can join and leave unilaterally with no need for a “view
change” protocol to coordinate membership
Partially synchronous network
Steps
• nomination to filter transactions to be include in a ledger
• A series of ballots to reach consensus
20. 20
SCP: Nomination Protocol
Scopes the set of values to agree on, by employing federated
voting on statements such as “Nominate transaction set C”
If the vote succeeds, the transaction set is added to the list of
candidates to be used later in ballot protocol
a node may start the ballot protocol as soon as it confirms a
candidate
Run in background
Nomination
Protocol
Statements
(Txes) Nominated
Txes
21. 21
SCP: Ballot Protocol
SCP nodes proceed through a series of numbered ballots
In each ballot n, nodes employ federated voting on two types
of statement
• Prepare <n,x> states that no value other than x was or will ever b
e decided in any ballot ≤ n
determine a value to propose that does not contradict any previous
decision.
• Commit <n,x> : states that x is decided in ballot n
try to make a decision on the prepared value.
22. 22
SCP in a funnel
https://www.stellar.org/developers-blog/intuitive-stellar-consensus-protocol?locale=en
23. 23
Cascading Effects of Federated Voting
An example with contradictory statements
Contradictory statements X and
Y are introduced
Nodes vote for valid
statements
Node 1 accepts X after its
quorum {1, 2, 3, 4}
unanimously votes for X
24. 24
Cascading Effects of Federated Voting
Set {5} is 6- and 7-blocking, so 6
and 7 both accept X.
Nodes 1, 2, 3, and 4 all accept X
Set {1} is 5-blocking, so node 5 accepts X,
overruling its previous vote for Y
An example with contradictory statements
25. 25
Formal Verification
Formally verified SCP’s safety and liveness properties
Modeled SCP in first-order logic (FOL) using Ivy’s Linear
Temporal Logic and verified abstraction with Isabelle/HOL
Consists of manually providing inductive conjectures that are
then automatically checked by Ivy.
26. 26
Limitation
SCP can only guarantee safety when nodes choose adequate
quorum slices
• Stellar only provides guidelines on how to pick quorums
A problem of quorum intersection checking is NP-hard
• Currently, only 20-30 nodes are practically deployed
27. 27
Conclusion
Introduces new open-membership federated Byzantine
agreement (FBA), a model for achieving decentralized
consensus while preserving the traditional benefits of
Byzantine agreement
FBA forms quorums from participants’ individual trust
decisions, allowing an organic growth model similar to that of
the Internet
Leverages the peer-to-peer structure of the network to
achieve global consensus under a novel Internet hypothesis.