-
RACS and SADL: Towards Robust SMR in the Wide-Area Network
Authors:
Pasindu Tennage,
Antoine Desjardins,
Lefteris Kokoris-Kogias
Abstract:
Consensus algorithms deployed in the crash fault tolerant setting chose a leader-based architecture in order to achieve the lowest latency possible. However, when deployed in the wide area they face two key robustness challenges. First, they lose liveness when the network is unreliable because they rely on timeouts to find a leader. Second, they cannot have a high replication factor because of the…
▽ More
Consensus algorithms deployed in the crash fault tolerant setting chose a leader-based architecture in order to achieve the lowest latency possible. However, when deployed in the wide area they face two key robustness challenges. First, they lose liveness when the network is unreliable because they rely on timeouts to find a leader. Second, they cannot have a high replication factor because of the high load imposed on the leader-replica making it a bottleneck. This effectively limits the replication factor allowed, for a given level of throughput, thus lowering the fault tolerance threshold.
In this paper, we propose RACS and SADL, a modular state machine replication algorithm that addresses these two robustness challenges. To achieve robustness under adversarial network conditions, we propose RACS, a novel crash fault-tolerant consensus algorithm. RACS consists of two modes of operations: synchronous and asynchronous, that always ensure liveness. RACS leverages the synchronous network to minimize the communication cost to O(n) and matches the lower bound of O(n2) at adversarial-case executions. To avoid the leader bottleneck and to allow higher replication factor, without sacrificing the throughput, we then propose SADL, a novel consensus-agnostic asynchronous dissemination layer. SADL separates client command dissemination from the critical path of consensus and distributes the overhead evenly among all the replicas. The combination of RACS and SADL (SADL-RACS) provides a robust and high-performing state machine replication system. We implement and evaluate RACS and SADL-RACS in a wide-area deployment running on Amazon EC2.
△ Less
Submitted 5 April, 2024;
originally announced April 2024.
-
Pilotfish: Distributed Transaction Execution for Lazy Blockchains
Authors:
Quentin Kniep,
Lefteris Kokoris-Kogias,
Alberto Sonnino,
Igor Zablotchi,
Nuda Zhang
Abstract:
Pilotfish is the first scale-out blockchain execution engine able to harness any degree of parallelizability existing in its workload. Pilotfish allows each validator to employ multiple machines, named ExecutionWorkers, under its control to scale its execution layer. Given a sufficiently parallelizable and compute-intensive load, the number of transactions that the validator can execute increases…
▽ More
Pilotfish is the first scale-out blockchain execution engine able to harness any degree of parallelizability existing in its workload. Pilotfish allows each validator to employ multiple machines, named ExecutionWorkers, under its control to scale its execution layer. Given a sufficiently parallelizable and compute-intensive load, the number of transactions that the validator can execute increases linearly with the number of ExecutionWorkers at its disposal. In addition, Pilotfish maintains the consistency of the state, even when many validators experience simultaneous machine failures. This is possible due to the meticulous co-design of our crash-recovery protocol which leverages the existing fault tolerance in the blockchain's consensus mechanism. Finally, Pilotfish can also be seen as the first distributed deterministic execution engine that provides support for dynamic reads as transactions are not required to provide a fully accurate read and write set. This loosening of requirements would normally reduce the parallelizability available by blocking write-after-write conflicts, but our novel versioned-queues scheduling algorithm circumvents this by exploiting the lazy recovery property of Pilotfish, which only persists consistent state and re-executes any optimistic steps taken before the crash. In order to prove our claims we implemented the common path of Pilotfish with support for the MoveVM and evaluated it against the parallel execution MoveVM of Sui. Our results show that Pilotfish provides good scalability up to 8 ExecutionWorkers for a variety of workloads. In computationally-heavy workloads, Pilotfish's scalability is linear.
△ Less
Submitted 16 February, 2024; v1 submitted 29 January, 2024;
originally announced January 2024.
-
Sui Lutris: A Blockchain Combining Broadcast and Consensus
Authors:
Same Blackshear,
Andrey Chursin,
George Danezis,
Anastasios Kichidis,
Lefteris Kokoris-Kogias,
Xun Li,
Mark Logan,
Ashok Menon,
Todd Nowacki,
Alberto Sonnino,
Brandon Williams,
Lu Zhang
Abstract:
Sui Lutris is the first smart-contract platform to sustainably achieve sub-second finality. It achieves this significant decrease by employing consensusless agreement not only for simple payments but for a large variety of transactions. Unlike prior work, Sui Lutris neither compromises expressiveness nor throughput and can run perpetually without restarts. Sui Lutris achieves this by safely integr…
▽ More
Sui Lutris is the first smart-contract platform to sustainably achieve sub-second finality. It achieves this significant decrease by employing consensusless agreement not only for simple payments but for a large variety of transactions. Unlike prior work, Sui Lutris neither compromises expressiveness nor throughput and can run perpetually without restarts. Sui Lutris achieves this by safely integrating consensuless agreement with a high-throughput consensus protocol that is invoked out of the critical finality path but ensures that when a transaction is at risk of inconsistent concurrent accesses, its settlement is delayed until the total ordering is resolved. Building such a hybrid architecture is especially delicate during reconfiguration events, where the system needs to preserve the safety of the consensusless path without compromising the long-term liveness of potentially misconfigured clients. We thus develop a novel reconfiguration protocol, the first to provably show the safe and efficient reconfiguration of a consensusless blockchain. Sui Lutris is currently running in production and underpins the Sui smart-contract platform. Combined with the use of Objects instead of accounts it enables the safe execution of smart contracts that expose objects as a first-class resource. In our experiments Sui Lutris achieves latency lower than 0.5 seconds for throughput up to 5,000 certificates per second (150k ops/s with transaction blocks), compared to the state-of-the-art real-world consensus latencies of 3 seconds. Furthermore, it gracefully handles validators crash-recovery and does not suffer visible performance degradation during reconfiguration.
△ Less
Submitted 6 May, 2024; v1 submitted 27 October, 2023;
originally announced October 2023.
-
Mysticeti: Reaching the Limits of Latency with Uncertified DAGs
Authors:
Kushal Babel,
Andrey Chursin,
George Danezis,
Anastasios Kichidis,
Lefteris Kokoris-Kogias,
Arun Koshy,
Alberto Sonnino,
Mingwei Tian
Abstract:
We introduce Mysticeti-C the first DAG-based Byzantine consensus protocol to achieve the lower bounds of latency of 3 message rounds. Since Mysticeti-C is built over DAGs it also achieves high resource efficiency and censorship resistance. Mysticeti-C achieves this latency improvement by avoiding explicit certification of the DAG blocks and by proposing a novel commit rule such that every block ca…
▽ More
We introduce Mysticeti-C the first DAG-based Byzantine consensus protocol to achieve the lower bounds of latency of 3 message rounds. Since Mysticeti-C is built over DAGs it also achieves high resource efficiency and censorship resistance. Mysticeti-C achieves this latency improvement by avoiding explicit certification of the DAG blocks and by proposing a novel commit rule such that every block can be committed without delays, resulting in optimal latency in the steady state and under crash failures. We further extend Mysticeti-C to Mysticeti-FPC, which incorporates a fast commit path that achieves even lower latency for transferring assets. Unlike prior fast commit path protocols, Mysticeti-FPC minimizes the number of signatures and messages by weaving the fast path transactions into the DAG. This frees up resources, which subsequently result in better performance. We prove the safety and liveness of the protocols in a Byzantine context. We evaluate Mysticeti and compare it with state-of-the-art consensus and fast path protocols to demonstrate its low latency and resource efficiency, as well as its more graceful degradation under crash failures. Mysticeti is the first Byzantine consensus protocol to achieve WAN latency of 0.5s for consensus commit while simultaneously maintaining state-of-the-art throughput of over 100k TPS. Finally, we report on integrating Mysticeti-C as the consensus protocol into a major blockchain, resulting in 4x latency reduction.
△ Less
Submitted 30 April, 2024; v1 submitted 23 October, 2023;
originally announced October 2023.
-
Cuttlefish: Expressive Fast Path Blockchains with FastUnlock
Authors:
Lefteris Kokoris-Kogias,
Alberto Sonnino,
George Danezis
Abstract:
Cuttlefish addresses several limitations of existing consensus-less and consensus-minimized decentralized ledgers, including restricted programmability and the risk of deadlocked assets. The key insight of Cuttlefish is that consensus in blockchains is necessary due to contention, rather than multiple owners of an asset as suggested by prior work. Previous proposals proactively use consensus to pr…
▽ More
Cuttlefish addresses several limitations of existing consensus-less and consensus-minimized decentralized ledgers, including restricted programmability and the risk of deadlocked assets. The key insight of Cuttlefish is that consensus in blockchains is necessary due to contention, rather than multiple owners of an asset as suggested by prior work. Previous proposals proactively use consensus to prevent contention from blocking assets, taking a pessimistic approach. In contrast, Cuttlefish introduces collective objects and multi-owner transactions that can offer most of the functionality of classic blockchains when objects transacted on are not under contention. Additionally, in case of contention, Cuttlefish proposes a novel `Unlock' protocol that significantly reduces the latency of unblocking contented objects. By leveraging these features, Cuttlefish implements consensus-less protocols for a broader range of transactions, including asset swaps and multi-signature transactions, which were previously believed to require consensus.
△ Less
Submitted 22 September, 2023;
originally announced September 2023.
-
HammerHead: Leader Reputation for Dynamic Scheduling
Authors:
Giorgos Tsimos,
Anastasios Kichidis,
Alberto Sonnino,
Lefteris Kokoris-Kogias
Abstract:
The need for high throughput and censorship resistance in blockchain technology has led to research on DAG-based consensus. The Sui blockchain protocol uses a variant of the Bullshark consensus algorithm due to its lower latency, but this leader-based protocol causes performance issues when candidate leaders crash. In this paper, we explore the ideas pioneered by Carousel on providing Leader-Utili…
▽ More
The need for high throughput and censorship resistance in blockchain technology has led to research on DAG-based consensus. The Sui blockchain protocol uses a variant of the Bullshark consensus algorithm due to its lower latency, but this leader-based protocol causes performance issues when candidate leaders crash. In this paper, we explore the ideas pioneered by Carousel on providing Leader-Utilization and present HammerHead. Unlike Carousel, which is built with a chained and pipelined consensus protocol in mind, HammerHead does not need to worry about chain quality as it is directly provided by the DAG, but needs to make sure that even though validators might commit blocks in different views the safety and liveness is preserved. Our implementation of HammerHead shows a slight performance increase in a faultless setting, and a drastic 2x latency reduction and up to 40% throughput increase when suffering faults (100 validators, 33 faults).
△ Less
Submitted 22 September, 2023;
originally announced September 2023.
-
Resilient Consensus Sustained Collaboratively
Authors:
Junchao Chen,
Suyash Gupta,
Alberto Sonnino,
Lefteris Kokoris-Kogias,
Mohammad Sadoghi
Abstract:
The recent growth of blockchain technology has accelerated research on decentralized platforms. Initial blockchain platforms decide on what should be added to the ledger based on Proof-of-Work (PoW) consensus protocol. PoW requires its participants to perform large computations and leads to massive energy wastage. Recent blockchains aim to replace PoW through Proof-of-Stake (PoS) and Malicious Fau…
▽ More
The recent growth of blockchain technology has accelerated research on decentralized platforms. Initial blockchain platforms decide on what should be added to the ledger based on Proof-of-Work (PoW) consensus protocol. PoW requires its participants to perform large computations and leads to massive energy wastage. Recent blockchains aim to replace PoW through Proof-of-Stake (PoS) and Malicious Fault-Tolerant (MFT) consensus protocols. However, the safety of the ledger created by these protocols is at the mercy of the long-term safe-kee** of the private keys of participants. As a result, these blockchains face long-range attacks. To ameliorate this situation, we present the design of our novel Power-of-Collaboration (PoC) protocol, which guards existing PoS and MFT blockchains against long-range attacks. We show that PoC can be easily appended to existing blockchains and only marginally degrades their throughputs.
△ Less
Submitted 30 June, 2023; v1 submitted 5 February, 2023;
originally announced February 2023.
-
Bullshark: The Partially Synchronous Version
Authors:
Alexander Spiegelman,
Neil Giridharan,
Alberto Sonnino,
Lefteris Kokoris-Kogias
Abstract:
The purpose of this manuscript is to describe the deterministic partially synchronous version of Bullshark in a simple and clean way. This result is published in CCS 2022, however, the description there is less clear because it uses the terminology of the full asynchronous Bullshark. The CCS version ties the description of the asynchronous and partially synchronous versions of Bullshark since it t…
▽ More
The purpose of this manuscript is to describe the deterministic partially synchronous version of Bullshark in a simple and clean way. This result is published in CCS 2022, however, the description there is less clear because it uses the terminology of the full asynchronous Bullshark. The CCS version ties the description of the asynchronous and partially synchronous versions of Bullshark since it targets an academic audience. Due to the recent interest in DAG-based BFT protocols, we provide a separate and simple description of the partially synchronous version that targets a more general audience. We focus here on the DAG ordering logic. For more details about the asynchronous version, garbage collection, fairness, proofs, related work, evaluation, and efficient DAG implementation please refer to the fullpaper. An intuitive extended summary can be found in the "DAG meets BFT" blogpost.
△ Less
Submitted 12 September, 2022;
originally announced September 2022.
-
Bullshark: DAG BFT Protocols Made Practical
Authors:
Alexander Spiegelman,
Neil Giridharan,
Alberto Sonnino,
Lefteris Kokoris-Kogias
Abstract:
We present Bullshark, the first directed acyclic graph (DAG) based asynchronous Byzantine Atomic Broadcast protocol that is optimized for the common synchronous case. Like previous DAG-based BFT protocols, Bullshark requires no extra communication to achieve consensus on top of building the DAG. That is, parties can totally order the vertices of the DAG by interpreting their local view of the DAG…
▽ More
We present Bullshark, the first directed acyclic graph (DAG) based asynchronous Byzantine Atomic Broadcast protocol that is optimized for the common synchronous case. Like previous DAG-based BFT protocols, Bullshark requires no extra communication to achieve consensus on top of building the DAG. That is, parties can totally order the vertices of the DAG by interpreting their local view of the DAG edges. Unlike other asynchronous DAG-based protocols, Bullshark provides a practical low latency fast-path that exploits synchronous periods and deprecates the need for notoriously complex view-change mechanisms. Bullshark achieves this while maintaining all the desired properties of its predecessor DAG-Rider. Namely, it has optimal amortized communication complexity, it provides fairness and asynchronous liveness, and safety is guaranteed even under a quantum adversary. In order to show the practicality and simplicity of our approach, we also introduce a standalone partially synchronous version of Bullshark which we evaluate against the state of the art. The implemented protocol is embarrassingly simple (200 LOC on top of an existing DAG-based mempool implementation (Narwhal & Tusk). It is highly efficient, achieving for example, 125,000 transaction per second with a 2 seconds latency for a deployment of 50 parties. In the same setting the state of the art pays a steep 50% latency increase as it optimizes for asynchrony.
△ Less
Submitted 7 September, 2022; v1 submitted 14 January, 2022;
originally announced January 2022.
-
Jolteon and Ditto: Network-Adaptive Efficient Consensus with Asynchronous Fallback
Authors:
Rati Gelashvili,
Lefteris Kokoris-Kogias,
Alberto Sonnino,
Alexander Spiegelman,
Zhuolun Xiang
Abstract:
Existing committee-based Byzantine state machine replication (SMR) protocols, typically deployed in production blockchains, face a clear trade-off: (1) they either achieve linear communication cost in the happy path, but sacrifice liveness during periods of asynchrony, or (2) they are robust (progress with probability one) but pay quadratic communication cost. We believe this trade-off is unwarran…
▽ More
Existing committee-based Byzantine state machine replication (SMR) protocols, typically deployed in production blockchains, face a clear trade-off: (1) they either achieve linear communication cost in the happy path, but sacrifice liveness during periods of asynchrony, or (2) they are robust (progress with probability one) but pay quadratic communication cost. We believe this trade-off is unwarranted since existing linear protocols still have asymptotic quadratic cost in the worst case. We design Ditto, a Byzantine SMR protocol that enjoys the best of both worlds: optimal communication on and off the happy path (linear and quadratic, respectively) and progress guarantee under asynchrony and DDoS attacks. We achieve this by replacing the view-synchronization of partially synchronous protocols with an asynchronous fallback mechanism at no extra asymptotic cost. Specifically, we start from HotStuff, a state-of-the-art linear protocol, and gradually build Ditto. As a separate contribution and an intermediate step, we design a 2-chain version of HotStuff, Jolteon, which leverages a quadratic view-change mechanism to reduce the latency of the standard 3-chain HotStuff. We implement and experimentally evaluate all our systems. Notably, Jolteon's commit latency outperforms HotStuff by 200-300ms with varying system size. Additionally, Ditto adapts to the network and provides better performance than Jolteon under faulty conditions and better performance than VABA (a state-of-the-art asynchronous protocol) under faultless conditions. This proves our case that breaking the robustness-efficiency trade-off is in the realm of practicality.
△ Less
Submitted 30 April, 2024; v1 submitted 18 June, 2021;
originally announced June 2021.
-
Be Prepared When Network Goes Bad: An Asynchronous View-Change Protocol
Authors:
Rati Gelashvili,
Lefteris Kokoris-Kogias,
Alexander Spiegelman,
Zhuolun Xiang
Abstract:
The popularity of permissioned blockchain systems demands BFT SMR protocols that are efficient under good network conditions (synchrony) and robust under bad network conditions (asynchrony). The state-of-the-art partially synchronous BFT SMR protocols provide optimal linear communication cost per decision under synchrony and good leaders, but lose liveness under asynchrony. On the other hand, the…
▽ More
The popularity of permissioned blockchain systems demands BFT SMR protocols that are efficient under good network conditions (synchrony) and robust under bad network conditions (asynchrony). The state-of-the-art partially synchronous BFT SMR protocols provide optimal linear communication cost per decision under synchrony and good leaders, but lose liveness under asynchrony. On the other hand, the state-of-the-art asynchronous BFT SMR protocols are live even under asynchrony, but always pay quadratic cost even under synchrony. In this paper, we propose a BFT SMR protocol that achieves the best of both worlds -- optimal linear cost per decision under good networks and leaders, optimal quadratic cost per decision under bad networks, and remains always live.
△ Less
Submitted 4 March, 2021;
originally announced March 2021.