rafael pass
play

Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional - PowerPoint PPT Presentation

Mar 27, 2023 •210 likes •757 views

Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi] Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT Traditional distributed systems: The

  1. Analysis and Design of Blockchains Rafael Pass Rafael Pass Based on [P-Seeman-Shelat] and [P-Shi]

  2. Traditional distributed systems: The “Permissioned” Model ● Consistency ● Liveness Paxos/PBFT

  3. Traditional distributed systems: The “Permissioned” Model ● Nodes a-priori known and authenticated ● 30 years of distributed systems Paxos/PBFT ● Multi-party computation [GMW,BGW, ...] ○ Nearly all works assume authenticated channels

  4. The “Permissionless” Model: Bitcoin/Blockchain The Times 03/Jan/2009 Chancellor on brink of second bailout for banks .

  5. The “Permissionless” Model ● Nodes do not know each other a-priori The Times 03/Jan/2009 Chancellor on brink of second bailout for banks . ● Nodes come and go ● ANYONE can join ● No network synchronization Relatively little is known about this model

  6. The “Permissionless” Model ● Strong impossibility results known in the “permissionless” (“unauthenticated”) model [BCLPR05] ○ Consistency is impossible ○ Sybil attacks unavoidable. ■ [BCLPR05] defined “weakened” security model (w/o consistency)

  7. Nakamoto’s Blockchain [Nak’08] Prevents Sybil attacks with Proofs-of-Work Puzzles [DN’92] Claims blockchain achieves “public ledger” assuming “honest majority”: ● Consistency : everyone sees the same history ● Liveness : everyone can add new transactions

  8. Nakamoto’s Blockchain [Nak’08] Prevents Sybil attacks with Proofs-of-Work Puzzles [DN’92] Claims blockchain achieves “public ledger” assuming “honest majority” 2 amazing aspects: ● Overcomes permissionless barrier [BCLPR’05] ● Consistency : everyone sees the same history ● Liveness : everyone can add new transactions ● Overcomes ⅓ barrier even in permissioned setting [LSP’83] 2 amazing aspects: ● Overcomes permissionless barrier [BCLPR] ● Overcomes ⅓ barrier even in permissioned setting[

  9. Everyone wants a “blockchain” 9

  10. Nakamoto’s Blockchain: OPEN PROBLEMS ● WHAT IS a blockchain? ○ no definition of an “abstract blockchain” ● Does Nakamoto’s protocol achieve CONSISTENCY ? ○ “Specific attacks” don’t work [N’08,GKL’15, SZ’15] ○ 49.1% attack (with 10s network delays) claimed [DW’14] ● Is Nakamoto’s consensus OPTIMAL ? ○ Several issues known (load,latency,incentives)

  11. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  12. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  13. What is a blockchain?

  14. Idea: Use Proof-of-Work Puzzles to defend against sybil attacks Users have to do work to cast votes.

  15. How to build a “blockchain”

  16. elaine ➔ mariana : Ƀ 50 How to build a “blockchain”

  17. “Hash function” D > H ( , , ) How to build a “blockchain”

  18. puzzle solution Difficulty D > ( , , ) H Search for a puzzle solution

  19. puzzle solution Difficulty D > ( , , ) H Search for a puzzle solution

  20. D > H ( , , ) We found a new block

  21. D > H ( , , ) Best way to find a solution is brute- force search: model H as RO

  22. What if you join network and you see this.

  23. Honest nodes only “believe” longest chain

  24. Elaine → Mariana Elaine wants to erase this transaction

  25. Elaine → Mariana For Elaine to erase his transaction, he has to find a longer chain!

  26. Elaine → Mariana “If transaction is sufficiently deep, he cannot do this unless he has majority hashpower” ● [Nak’08]: “simply trying to mine alternative chain fails” ● [GLK’15]: in synchronous network ● [SZ’15]: “non-withholding attacks” fail also with Delta-delay networks

  27. Elaine → Mariana “If transaction is sufficiently deep, he cannot do this unless he has majority hashpower” ● [Nak’08]: “simply trying to mine alternative chain fails” ● [GLK’15]: in synchronous network ● [SZ’15]: “non-withholding attacks” fail also with Δ-delays

  28. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  29. Blockchain abstraction Future-self w/ prob exp(- k ) consistency Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  30. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks ≤ k unstable ≤ k unstable

  31. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks Chain quality: Any consecutive k blocks contain “sufficiently many” honest blocks k

  32. Blockchain abstraction w/ prob exp(- k ) Consistency: Honest nodes agree on all but last k blocks Chain quality: Any consecutive k blocks contain “sufficiently many” honest blocks Chain growth: Chain grows at a steady rate

  33. Blockchain implies “state machine replication” in the permissionless model Consistency Traditional “state machine replication” Chain quality Consistency Chain growth Liveness

  34. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  35. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  36. Theorem [P-Seeman-Shelat]: For every ρ <1/3 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - (1/3)/(2/3) = 1/2 ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  37. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  38. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) “Blocks are found SLOWER than Δ ” ● Chain growth: O(1/ Δ ) where ρ adv’s fraction of hashpower, and adv controls the network

  39. Theorem [P-Seeman-Shelat]: For every ρ <1/2 , if “mining difficulty” is appropriately set (as a function of the network delay Δ , and total mining power), Nakamoto’s blockchain guarantees: ● Consistency ● Chain quality: 1 - ρ /(1- ρ ) ● Chain growth: O(1/ Δ ) “Blocktime” >> Δ where ρ adv’s fraction of hashpower, and adv controls the network

  40. “Appropriately set” When c = 60 (10 min blocktime, 10s network delays) Secure: ρ < 49.57 (contradicts [DW’14]’attack!) Attack: ρ > 49.79

  41. “Appropriately set” Mining rate of Network Delay Mining rate honest players of Adv

  42. Theorem [Security of Nakamoto] For every ρ <1/2, if mining difficulty is appropriately set (as a function of the network delay, and total mining power), Nakamoto’s blockchain guarantees a) consistency, b) chain quality 1 - ρ /(1- ρ ), and c) Chain growth: O(1/ Δ ) Theorem [Blatant attack]: For every ρ >0, for every mining difficulty, there exists a network delay such that Nakamoto’s blockchain is inconsistent and has 0 chain quality

  43. This talk Desiderata of blockchain Nakamoto Achieves Desiderata Overcoming Bottlenecks

  44. Nakamoto: ISSUES Terrible Not incentive performance compatible

  45. Bitcoin has terrible performance • Cost per confirmed transaction in Bitcoin: $6.20 • 7 tx/sec , 10 min TX confirmation time c.f. Visa credit card: average 2,000 tx/sec , peak 59,000 tx/sec [Source: K. Croman et al. On Scaling Decentralized Blockchains. In Bitcoin workshop, 2016.]

  46. Traditional BFT protocols are performant PBFT at ~100 nodes: Throughput: ~10,000 tx/sec Confirmation time: ~ seconds [Source: K. Croman et al. On Scaling Decentralized Blockchains. In Bitcoin workshop, 2016.]

  47. Hybrid consensus [P-Shi] Snailchain TXs BFT committee

  48. Hybrid Consensus: The idea k unstable k

  49. Hybrid Consensus: The idea k unstable k PBFT

  50. Hybrid Consensus: The idea k unstable k PBFT

  51. Hybrid Consensus: The idea k unstable k: PBFT Chain quality : ⅔ committee honest (if ¾ honest overall) Committee members sign each (seq #, tx) Chain growth : this won’t take too long Non-members count ⅓k Consistency : everyone agrees on committee

  52. Hybrid Consensus: The idea k unstable k: PBFT Achieves static security ● Committee members sign each confirmed (seq #, tx) Not adaptively secure ● Non-members count ⅓ k + 1 sigs ● Can deal with it using rotating committees

Recommend

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi

Hybrid Consensus: Efficient Consensus in the Permissionless Model Rafael Pass and Elaine Shi IC3 1 Blockchains Satoshi Nakamoto, 2009 Public database Shared &amp; maintained between network participants Blockchain agreement protocol

296 views • 15 slides
Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi

Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi

Analysis of the Blockchain Protocol in Asynchronous Networks Rafael Pass Lior Seeman abhi shelat Cornell Tech Uber Northeastern Traditional distributed systems: The Permissioned Model Consistency Liveness Paxos/PBFT The

636 views • 42 slides
+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern

+ Mohammad Mahmoody Rafael Pass + Modern Cryptography and One-Way Functions Modern Cryptography is based on computational assumptions. [Shannon 1950s] easy OWFs, a central player: f {0,1} n {0,1} n Easy to compute f(x) Hard to find x

686 views • 24 slides
FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang

FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang

FruitChains: A Fair Bloc ockchain Authors: Rafael Pass, Elaine Shi presented by Han Zhang Nakamotos Blockchain A sequence of (mined) blocks = Assumption: Majority of the computing power is controlled by ( %&amp; , , ,

379 views • 9 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT &amp; BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University

Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University

Thunderella: Blockchains with Optimistic Instant Confirmation Rafael Pass and Elaine Shi Cornell Tech &amp; Cornell University State-machine replication ( a.k.a. linearly ordered log, consensus, blockchain) State-machine replication ( a.k.a.

628 views • 49 slides
Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart

Blind Certificate Authorities Liang Wang 1 , Gilad Asharov 2 , Rafael Pass 2 , Thomas Ristenpart 2 , abhi shelat 3 1 Princeton University 2 Cornell Tech 3 Northeastern University Motivation Certificate Authorities (CA) issue certificates

454 views • 30 slides
Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr

Formal Abstractions for Attested Execution Secure Processors Eurocrypt May 1 st , 2017 Rafael Pass, Elaine Shi, Florian Tramr Trusted hardware: Different communities, different world views 2 Trusted hardware: Different communities,

929 views • 72 slides
Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University

Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University

Crowd-Blending Privacy Johannes Gehrke, Michael Hay, Edward Lui, Rafael Pass Cornell University Data Privacy Alice Users Bob Jack San . . . Database Jane mechanism Database containing data. E.g., census data, medical records, etc.

437 views • 19 slides
San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members

San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members

San Rafael City Council Age-Friendly San Rafael San Rafael Age-Friendly Task Force Members Chris Asimos, Caran Cuneo, Gail Gifford, Linda Jackson, Salamah Locks, Diana Lpez, Patty McCulley, Susie Pollak, and Sparkie Spaeth Process

235 views • 22 slides
For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only

For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only

LBECA: Pushing Xenon TPCs to Single Electrons For the LBECA Collaboration: Rafael F. Lang, Purdue University, rafael@purdue.edu S2 Only Channel XENON1T Exploit built-in amplification (proportional scintillation) Rafael Lang: LBECA, Your

392 views • 14 slides
U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the

U-PASS IMPLEMENTATION 2015/2016 Why are we implementing the U-Pass? In 2014/2015, the Algonquin Students Association sponsored a Universal Transit Pass Referendum which was passed and in March 2015 the U-Pass Agreement was formally

446 views • 10 slides
50% pass developmental credit course course pass take pass developmental credit credit

50% pass developmental credit course course pass take pass developmental credit credit

Calculating Success Co-Requisite Models # who # who # who # who take pass take pass 115 115 121 121 # who # who = Success Rate pass take 121 115 credit course 50% pass developmental credit course course pass take

633 views • 16 slides
U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot

U-Pass Program Executive Management Committee May 17, 2018 1 U-PASS The U-Pass Pilot Program has completed 21 months of its 24- month pilot program, which will expire in August 2018. Through partnerships with colleges, U-Pass TAP

87 views • 8 slides
RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and

RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and

RFID based People-Object Direction of Pass Detection Ral Parada a , Joan Meli-Segu b , c and Rafael Pous a Universitat Pompeu Fabra (UPF) a Departament de Tecnologies de la Informaci i les Comunicacions (DTIC) Universitat Oberta de

1.14k views • 39 slides
QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With

QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With

QUINTESSENTIAL WINES San Rafael San Rafael is located in the Southern Region of Mendoza. With more than 118,000 residents, it is the largest city in Argentina. The rapid waters of the Diamante River and Atuel River, give birth to this

394 views • 14 slides
XENON1T for the XENON collaboration Rafael F. Lang Purdue University rafael@purdue.edu Aspen,

XENON1T for the XENON collaboration Rafael F. Lang Purdue University rafael@purdue.edu Aspen,

XENON1T for the XENON collaboration Rafael F. Lang Purdue University rafael@purdue.edu Aspen, January 30, 2013 Key Points sensitivity 1 event/ton/year, 210 -47 cm 2 data taking 2015 at Gran Sasso: approved &amp; funded DAMA CoGeNT

748 views • 30 slides
bae urban economics EXISTING ECONOMIC CONDITIONS San Rafael, California SAN RAFAEL 2040

bae urban economics EXISTING ECONOMIC CONDITIONS San Rafael, California SAN RAFAEL 2040

bae urban economics EXISTING ECONOMIC CONDITIONS San Rafael, California SAN RAFAEL 2040 STEERING COMMITTEE JULY 10, 2019 AGENDA Demographic and Economic Information Real Estate Market Conditions and Trends Questions DEMOGRAPHICS

557 views • 40 slides
GUATEMALA Universidad Rafael Landvar Rafael Landivar University URLs main task is to

GUATEMALA Universidad Rafael Landvar Rafael Landivar University URLs main task is to

GUATEMALA Universidad Rafael Landvar Rafael Landivar University URLs main task is to respond to a: Research Institutes IARNA: Institute for Agriculture, Natural Resources and Evironment IDIES: Institute of Socio-Economic Research IEH:

459 views • 23 slides
Ensembl Overview Rafael Torres-Perez #QuedateEnCasa 27/04/2020 rafael.torres@cnb.csic.es Local

Ensembl Overview Rafael Torres-Perez #QuedateEnCasa 27/04/2020 rafael.torres@cnb.csic.es Local

#AprendeBioinformticaEnCasa Ensembl Overview Rafael Torres-Perez #QuedateEnCasa 27/04/2020 rafael.torres@cnb.csic.es Local (new) References, experimentation auxiliars... User data Fasta GFF Fastq Results Local (new) Deposited

595 views • 21 slides
Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision

Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision

Consulting, Teaching, Developing Pass Rushers Since 2002 Since 2002 Building a Pass Rusher from Scratch Since 2002 Big Skill Pass Rush System V.G.H.H Vision +GetOff+Hands+Hips V.G.H.H This system was created for DefensiveLineman,

258 views • 9 slides
What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent

What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent

6/18/2015 Acton Boxborough Regional School District Elementary Bus Passing Policy and Procedures 06/11/2015 What is a bus pass? Permanent bus pass is a change to a busing schedule that remains consistent for the course of the year. Typically

406 views • 5 slides
1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in

1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in

1 2 3 The pass rates continue to be disappointing. For several years the pass rate has been in the low to mid 30% range. Reasons for less than satisfactory performance has been discussed at every past conference and in every past examiners

633 views • 15 slides
What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to

What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to

What is Our Pass? Its a bus pass for, young people aged 16-18* that gives you the freedom to get around Greater Manchester. Whether you want to get to college, visit friends or family, go shopping or visit one of Greater Manchesters

497 views • 11 slides

More recommend