Thunderella: Blockchains with Optimistic Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech & Cornell University
State-machine replication ( a.k.a. linearly ordered log, consensus, blockchain)
State-machine replication ( a.k.a. linearly ordered log, consensus, blockchain ) Consistency: honest nodes agree on log Liveness: TXs are incorporated soon
Classical (e.g. PBFT, Paxos) Blockchains
Classical (e.g. PBFT, Paxos) Fast (most of the time) Complex Asynch Blockchains
Classical (e.g. PBFT, Paxos) Fast (most of the time) Complex Simple Asynch Robust Slow Sync Blockchains (PoW and non-PoW)
Thunderella As simple and robust as a blockchain Confirm in 2 actual network rounds in the “ optimistic case ” Fall back to blockchain when things “go bad”
Classical (e.g. PBFT, Paxos) Let’s start with this Roadmap Blockchains (PoW and non-PoW)
Classical (e.g. PBFT, Paxos) Roadmap Blockchains (PoW and non-PoW)
Leader proposes transaction (Seq, )
Everyone “ack’s”
Confirm on upon “ enough ” acks
Ex: Assume ⅔ n+1 honest; wait for ⅔ n+1 acks
Must intersect at an honest node ⅔ n+1 ⅔ n+1 “Y” Assume ⅔ n+1 honest
Must intersect at an honest node ⅔ n+1 ⅔ n+1 “Y” Assume 1/3n malicious
Must intersect at an honest node ⅔ n+1 ⅔ n+1 “Y” Thus X = Y
Assume ⅔ honest and online
Assume ⅔ honest and online Consistency Liveness
Assume ⅔ honest and online Consistency Consistency Liveness No liveness
How do we achieve liveness?
How do we achieve liveness? You don’t want to know … [PBFT, Paxos...]
Anatomy of classical consensus Simple normal path Complicated recovery path
Classical Roadmap (e.g. PBFT, Paxos) Blockchains (PoW and non-PoW)
Thunderella blockchain
Thunderella Thunderella for for permissionless permissioned
For concreteness, Thunderella we’ ll focus on this for permissionless
Leader/ ”accelerator” Committee (recent miners/ blockchain miners stakeholders)
“ Optimistic ” mode: Instant confirmation honest and online 3/4 fraction honest and online majority honest
But, still SECURE as long as: Arbitrary deviation! majority majority honest (but need not be online) majority honest
Must intersect at an honest node ¾n+1 ¾n+1 “X” “Y” Assume ½n+1 honest
Propose (seq, ) Ack
Propose (seq, ) Ack ¾ acks: notarized
¾ voted: notarized Confirm maximal “ lucky ” sequence
No liveness when ¾ voted: notarized Confirm maximal “ lucky ” sequence
blockchain collects evidence of
blockchain collects evidence of Now enter slow mode
What evidence do we collect? Need: faulty nodes cannot implicate honest leader
Miners “ tell blockchain ” everything they know
What evidence do we collect? k blocks
What evidence do we collect? has not appeared in a lucky sequence k blocks
blockchain collects evidence of Now enter slow mode
Nodes have different logs when entering slow mode Now enter slow mode
Need: agree on log before entering slow mode Now enter slow mode
● Stop optimistic output Stop “ acking ” new transactions ● Share knowledge Tell others what you know ● All knowledge → blockchain Miners tell blockchain what they know Grace period: k blocks
Summary has not appeared in a lucky sequence k blocks Grace Slow period mode
“ Optimistic ” mode: Instant confirmation honest and online 3/4 fraction honest and online majority honest
But, still SECURE as long as: Arbitrary deviation! majority majority honest (but need not be online) majority honest
Thank you.
Recommend
More recommend
