-
Communication Lower Bounds for Cryptographic Broadcast Protocols
Authors:
Erica Blum,
Elette Boyle,
Ran Cohen,
Chen-Da Liu-Zhang
Abstract:
Broadcast protocols enable a set of $n$ parties to agree on the input of a designated sender, even facing attacks by malicious parties. In the honest-majority setting, randomization and cryptography were harnessed to achieve low-communication broadcast with sub-quadratic total communication and balanced sub-linear cost per party. However, comparatively little is known in the dishonest-majority set…
▽ More
Broadcast protocols enable a set of $n$ parties to agree on the input of a designated sender, even facing attacks by malicious parties. In the honest-majority setting, randomization and cryptography were harnessed to achieve low-communication broadcast with sub-quadratic total communication and balanced sub-linear cost per party. However, comparatively little is known in the dishonest-majority setting. Here, the most communication-efficient constructions are based on Dolev and Strong (SICOMP '83), and sub-quadratic broadcast has not been achieved. On the other hand, the only nontrivial $ω(n)$ communication lower bounds are restricted to deterministic protocols, or against strong adaptive adversaries that can perform "after the fact" removal of messages.
We provide new communication lower bounds in this space, which hold against arbitrary cryptography and setup assumptions, as well as a simple protocol showing near tightness of our first bound.
1) We demonstrate a tradeoff between resiliency and communication for protocols secure against $n-o(n)$ static corruptions. For example, $Ω(n\cdot {\sf polylog}(n))$ messages are needed when the number of honest parties is $n/{\sf polylog}(n)$; $Ω(n\sqrt{n})$ messages are needed for $O(\sqrt{n})$ honest parties; and $Ω(n^2)$ messages are needed for $O(1)$ honest parties.
Complementarily, we demonstrate broadcast with $O(n\cdot{\sf polylog}(n))$ total communication facing any constant fraction of static corruptions.
2) Our second bound considers $n/2 + k$ corruptions and a weakly adaptive adversary that cannot remove messages "after the fact." We show that any broadcast protocol within this setting can be attacked to force an arbitrary party to send messages to $k$ other parties. This rules out, for example, broadcast facing 51% corruptions in which all non-sender parties have sublinear communication locality.
△ Less
Submitted 4 September, 2023;
originally announced September 2023.
-
Musings on the HashGraph Protocol: Its Security and Its Limitations
Authors:
Vinesh Sridhar,
Erica Blum,
Jonathan Katz
Abstract:
The HashGraph Protocol is a Byzantine fault tolerant atomic broadcast protocol. Its novel use of locally stored metadata allows parties to recover a consistent ordering of their log just by examining their local data, removing the need for a voting protocol. Our paper's first contribution is to present a rewritten proof of security for the HashGraph Protocol that follows the consistency and livene…
▽ More
The HashGraph Protocol is a Byzantine fault tolerant atomic broadcast protocol. Its novel use of locally stored metadata allows parties to recover a consistent ordering of their log just by examining their local data, removing the need for a voting protocol. Our paper's first contribution is to present a rewritten proof of security for the HashGraph Protocol that follows the consistency and liveness paradigm used in the atomic broadcast literature. In our second contribution, we show a novel adversarial strategy that stalls the protocol from committing data to the log for an expected exponential number of rounds. This proves tight the exponential upper bound conjectured in the original paper. We believe that our proof of security will make it easier to compare HashGraph with other atomic broadcast protocols and to incorporate its ideas into new constructions. We also believe that our attack might inspire more research into similar attacks for other DAG-based atomic broadcast protocols.
△ Less
Submitted 24 October, 2022;
originally announced October 2022.
-
Network-Agnostic State Machine Replication
Authors:
Erica Blum,
Jonathan Katz,
Julian Loss
Abstract:
We study the problem of state machine replication (SMR)---the underlying problem addressed by blockchain protocols---in the presence of a malicious adversary who can corrupt some fraction of the parties running the protocol. Existing protocols for this task assume either a synchronous network (where all messages are delivered within some known time $Δ$) or an asynchronous network (where messages c…
▽ More
We study the problem of state machine replication (SMR)---the underlying problem addressed by blockchain protocols---in the presence of a malicious adversary who can corrupt some fraction of the parties running the protocol. Existing protocols for this task assume either a synchronous network (where all messages are delivered within some known time $Δ$) or an asynchronous network (where messages can be delayed arbitrarily). Although protocols for the latter case give seemingly stronger guarantees, this is not the case since they (inherently) tolerate a lower fraction of corrupted parties.
We design an SMR protocol that is network-agnostic in the following sense: if it is run in a synchronous network, it tolerates $t_s$ corrupted parties; if the network happens to be asynchronous it is resilient to $t_a \leq t_s$ faults. Our protocol achieves optimal tradeoffs between $t_s$ and $t_a$.
△ Less
Submitted 27 March, 2020; v1 submitted 9 February, 2020;
originally announced February 2020.
-
Linear Consistency for Proof-of-Stake Blockchains
Authors:
Erica Blum,
Aggelos Kiayias,
Cristopher Moore,
Saad Quader,
Alexander Russell
Abstract:
The blockchain data structure maintained via the longest-chain rule---popularized by Bitcoin---is a powerful algorithmic tool for consensus algorithms. Such algorithms achieve consistency for blocks in the chain as a function of their depth from the end of the chain. While the analysis of Bitcoin guarantees consistency with error $2^{-k}$ for blocks of depth $O(k)$, the state-of-the-art of proof-o…
▽ More
The blockchain data structure maintained via the longest-chain rule---popularized by Bitcoin---is a powerful algorithmic tool for consensus algorithms. Such algorithms achieve consistency for blocks in the chain as a function of their depth from the end of the chain. While the analysis of Bitcoin guarantees consistency with error $2^{-k}$ for blocks of depth $O(k)$, the state-of-the-art of proof-of-stake (PoS) blockchains suffers from a quadratic dependence on $k$: these protocols, exemplified by Ouroboros (Crypto 2017), Ouroboros Praos (Eurocrypt 2018) and Sleepy Consensus (Asiacrypt 2017), can only establish that depth $Θ(k^2)$ is sufficient. Whether this quadratic gap is an intrinsic limitation of PoS---due to issues such as the nothing-at-stake problem---has been an urgent open question, as deployed PoS blockchains further rely on consistency for protocol correctness.
We give an axiomatic theory of blockchain dynamics that permits rigorous reasoning about the longest-chain rule and achieve, in broad generality, $Θ(k)$ dependence on depth in order to achieve consistency error $2^{-k}$. In particular, for the first time, we show that PoS protocols can match proof-of-work protocols for linear consistency. We analyze the associated stochastic process, give a recursive relation for the critical functionals of this process, and derive tail bounds in both i.i.d. and martingale settings via associated generating functions.
△ Less
Submitted 22 November, 2019;
originally announced November 2019.
-
pH sensing properties of flexible, bias-free graphene microelectrodes in complex fluids: from phosphate buffer solution to human serum
Authors:
**glei **,
Jacquelyn E. Blum,
Ramya Vishnubhotla,
Amey Vrudhula,
Carl H. Naylor,
Zhaoli Gao,
Jeffery G. Saven,
A. T. Charlie Johnson
Abstract:
Advances in techniques for monitoring pH in complex fluids could have significant impact on analytical and biomedical applications ranging from water quality assessment to in vivo diagnostics. We developed flexible graphene microelectrodes (GEs) for rapid (< 5 seconds), very low power (femtowatt) detection of the pH of complex biofluids. The method is based on real-time measurement of Faradaic cha…
▽ More
Advances in techniques for monitoring pH in complex fluids could have significant impact on analytical and biomedical applications ranging from water quality assessment to in vivo diagnostics. We developed flexible graphene microelectrodes (GEs) for rapid (< 5 seconds), very low power (femtowatt) detection of the pH of complex biofluids. The method is based on real-time measurement of Faradaic charge transfer between the GE and a solution at zero electrical bias. For an idealized sample of phosphate buffer solution (PBS), the Faradaic current varied monotonically and systematically with the pH with resolution of ~0.2 pH unit. The current-pH dependence was well described by a hybrid analytical-computational model where the electric double layer derives from an intrinsic, pH-independent (positive) charge associated with the graphene-water interface and ionizable (negative) charged groups described by the Langmuir-Freundlich adsorption isotherm. We also tested the GEs in more complex bio-solutions. In the case of a ferritin solution, the relative Faradaic current, defined as the difference between the measured current response and a baseline response due to PBS, showed a strong signal associated with the disassembly of the ferritin and the release of ferric ions at pH ~ 2.0. For samples of human serum, the Faradaic current showed a reproducible rapid (<20s) response to pH. By combining the Faradaic current and real time current variation, the methodology is potentially suitable for use to detect tumor-induced changes in extracellular pH.
△ Less
Submitted 30 August, 2017;
originally announced October 2017.