Abstract
We present a theoretical framework for analyzing the efficiency of consensus protocols, and apply it to analyze the optimistic and pessimistic confirmation times of state-of-the-art partially-synchronous protocols in the so-called “rotating leader/random leader” model of consensus (recently popularized in the blockchain setting).
We next present a new and simple consensus protocol in the partially synchronous setting, tolerating \(f < n/3\) byzantine faults; in our eyes, this protocol is essentially as simple to describe as the simplest known protocols, but it also enjoys an even simpler security proof, while matching and, even improving, the efficiency of the state-of-the-art (according to our theoretical framework).
As with the state-of-the-art protocols, our protocol assumes a (bare) PKI, a digital signature scheme, collision-resistant hash functions, and a random leader election oracle, which may be instantiated with a random oracle (or a CRS).
B. Y. Chan—Supported in part by NSF CNS-2128519, NSF Award RI-1703846 and AFOSR Award FA9550-18-1-0267.
R. Pass—Supported in part by NSF Award RI-1703846, AFOSR Award FA9550-18-1-0267, a JP Morgan Faculty Award and an award from the Algorand Foundation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
As usual, the model can also be extended a more general model where liveness hold during “periods of synchrony”; for simplicity, we ignore this distinction.
- 2.
See the related notion of chain quality [32], which (informally) requires that any sufficiently long chain contain a large fraction of blocks that are mined by honest parties.
- 3.
We may also consider an expected worst-case confirmation time, where, for any transaction arrival time t after \(\textsf {GST}\), both fixed ahead of time, a transaction must be finalized soon after t in expectation over the coins of the execution. Such a bound may be useful to capture real-world liveness, but is typically difficult to analyze in a setting where the adversary can control the scheduling of messages.
- 4.
While the version of Algorand agreement in [28] is not optimistically responsive, it can be easily made so if every period has a unique leader known ahead of time (provided by a leader election oracle in lieu of using a VRF). Then, players can simply ‘soft-vote’ immediately on seeing a proposal from the leader, and ‘cert-vote’ immediately on seeing 2n/3 soft-votes, much like in PBFT.
- 5.
We do not consider optimizations of the variety made in Parametrized FaB Paxos [49] and SBFT [36], where if \(f < (n+2)/5\), a proposal confirmation time of \(2\delta \) is possible without affecting worst-case fault tolerance. We are particularly interested in the case when leaders are honest, but 1/3 of voters are not.
- 6.
Here, Chained Hotstuff is analyzed using a timeout-based pacemaker from LibraBFT [11] and a timeout of \(3\varDelta \), since they don’t instantiate their own pacemaker. PaLa is analyzed with a less conservative timeout of 1min=\(5\varDelta \), and 1sec=\(2\varDelta \) than the ones presented in their paper.
- 7.
An alternative is to have a single leader be in power for k iterations in a row, before switching to the next leader; this sacrifices fairness, since we would like to rotate leaders more frequently, and the latency is still not ideal, since a faulty leader can delay the execution for k iterations.
- 8.
To recover a streamlined protocol, it is possible to “piggyback” the finalize message onto the first vote message of the next block; this would only make liveness a little slower, and consistency would still hold.
- 9.
Note that this is referred to as a Bare PKI [10] since malicious parties may pick their own, potentially malformed, public keys.
- 10.
In addition, we could optimistically fire the timer when the leader “equivocates”; we omit the rule for brevity.
- 11.
- 12.
Sometimes, this is referred to as the ‘hidden lock problem’.
- 13.
Another reason we use a different variable is to make clear that it is possible to elect leaders from an entirely different set of processes than the main set of protocol processes; indeed, our protocol supports a setting where most leaders are corrupt (i.e. \(\gamma > 3/2\)) even when the number of faulty voters is required to be small (\(f < n/3\)).
References
Abraham, I.: Two round hotstuff. https://decentralizedthoughts.github.io/2022-11-24-two-round-HS/. Accessed: 2022-12-30
Abraham, I., Ben-David, N., Yandamuri, S.: Efficient and adaptively secure asynchronous binary agreement via binding crusader agreement. In: Proceedings of the 2022 ACM Symposium on Principles of Distributed Computing, pp. 381–391 (2022)
Abraham, I., Gueta, G., Malkhi, D.: Hot-stuff the linear, optimal-resilience, one-message bft devil. CoRR, abs/1803.05069 (2018)
Abraham, I., Malkhi, D., Spiegelman, A.: Asymptotically optimal validated asynchronous byzantine agreement. In: Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, pp. 337–346 (2019)
Abraham, I., Nayak, K., Ren, L., Xiang, Z.: Good-case latency of byzantine broadcast: a complete categorization. In: Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, pp. 331–341 (2021)
Aiyer, A.S., Alvisi, L., Clement, A., Dahlin, M., Martin, J.P., Porth, C.: Bar fault tolerance for cooperative services. In: Proceedings of the Twentieth ACM Symposium on Operating Systems Principles, pp. 45–58 (2005)
Allen, S., Juels, A., Khaire, M., Kell, T., Shrivastava, S.: Nfts for art and collectables: Primer and outlook (2022)
Apache Software Foundation: ZooKeeper internals. https://zookeeper.apache.org/doc/r3.4.13/zookeeperInternals.html. Accessed 24 Feb 2023
Backes, M., Manoharan, P., Mohammadi, E.: Tuc: time-sensitive and modular analysis of anonymous communication. In: 2014 IEEE 27th Computer Security Foundations Symposium, pp. 383–397. IEEE (2014)
Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: 45th Annual IEEE Symposium on Foundations of Computer Science, pp. 186–195. IEEE (2004)
Baudet, M., et al.: State machine replication in the libra blockchain. The Libra Assn., Technical report 7 (2019)
Baum, C., David, B., Dowsley, R., Nielsen, J.B., Oechsner, S.: Tardis: a foundation of time-lock puzzles in UC. In: Annual International Conference on the Theory and Applications of Cryptographic Techniques, pp. 429–459. Springer (2021)
Boyle, E., Chung, K.M., Pass, R.: Large-scale secure computation: Multi-party computation for (parallel) ram programs. In: Advances in Cryptology-CRYPTO 2015: 35th Annual Cryptology Conference, Santa Barbara, CA, USA, August 16–20, 2015, Proceedings, Part II, pp. 742–762. Springer (2015)
Buchman, E., Kwon, J., Milosevic, Z.: The latest gossip on bft consensus. arXiv preprint arXiv:1807.04938 (2018)
Burrows, M.: The chubby lock service for loosely-coupled distributed systems. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 335–350 (2006)
Buterin, V., Griffith, V.: Casper the friendly finality gadget. arXiv preprint arXiv:1710.09437 (2017)
Buterin, V., et al.: A next-generation smart contract and decentralized application platform. White Paper 3(37), 2–1 (2014)
Cachin, C., Kursawe, K., Shoup, V.: Random oracles in constantinopole: practical asynchronous byzantine agreement using cryptography. In: Proceedings of the Nineteenth Annual ACM Symposium on Principles of Distributed Computing, pp. 123–132 (2000)
Camenisch, J., Drijvers, M., Hanke, T., Pignolet, Y.A., Shoup, V., Williams, D.: Internet computer consensus. In: Proceedings of the 2022 ACM Symposium on Principles of Distributed Computing, pp. 81–91 (2022)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Proceedings 42nd IEEE Symposium on Foundations of Computer Science, pp. 136–145. IEEE (2001)
Canetti, R., Hogan, K., Malhotra, A., Varia, M.: A universally composable treatment of network time. In: 2017 IEEE 30th Computer Security Foundations Symposium (CSF), pp. 360–375. IEEE (2017)
Canetti, R., Rabin, T.: Fast asynchronous byzantine agreement with optimal resilience. In: Proceedings of the Twenty-Fifth Annual ACM Symposium on Theory of Computing, pp. 42–51 (1993)
Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OsDI. 99, pp. 173–186 (1999)
Chan, B.Y., Shi, E.: Streamlet: Textbook streamlined blockchains. In: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 1–11 (2020)
Chan, B.Y., Shi, E.: Streamlet: Textbook streamlined blockchains (earlier version). Cryptology ePrint Archive, Paper 2020/088 (2020). https://eprint.iacr.org/archive/2020/088/20200204:124247
Chan, T.H., Pass, R., Shi, E.: Pala: A simple partially synchronous blockchain. Cryptology ePrint Archive (2018)
Chandran, N., Chongchitmate, W., Garay, J.A., Goldwasser, S., Ostrovsky, R., Zikas, V.: The hidden graph model: communication locality and optimal resiliency with adaptive faults. In: Proceedings of the 2015 Conference on Innovations in Theoretical Computer Science, pp. 153–162 (2015)
Chen, J., Gorbunov, S., Micali, S., Vlachos, G.: Algorand agreement: super fast and partition resilient byzantine agreement. Cryptology ePrint Archive (2018)
Chen, J., Micali, S.: Algorand: a secure and efficient distributed ledger. Theoret. Comput. Sci. 777, 155–183 (2019)
Daian, P., Goldfeder, S., Kell, T., Li, Y., Zhao, X., Bentov, I., Breidenbach, L., Juels, A.: Flash boys 2.0: frontrunning in decentralized exchanges, miner extractable value, and consensus instability. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 910–927. IEEE (2020)
Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM (JACM) 35(2), 288–323 (1988)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Gelashvili, R., Kokoris-Kogias, L., Sonnino, A., Spiegelman, A., Xiang, Z.: Jolteon and ditto: network-adaptive efficient consensus with asynchronous fallback. In: Financial Cryptography and Data Security: 26th International Conference, FC 2022, Grenada, May 2–6, 2022, Revised Selected Papers, pp. 296–315. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-18283-9_14
Gilad, Y., Hemo, R., Micali, S., Vlachos, G., Zeldovich, N.: Algorand: scaling byzantine agreements for cryptocurrencies. In: Proceedings of the 26th Symposium on Operating Systems Principles, pp. 51–68 (2017)
Guerraoui, R., Knežević, N., Quéma, V., Vukolić, M.: The next 700 bft protocols. In: Proceedings of the 5th European Conference on Computer Systems, EuroSys 2010, pp. 363–376. ACM, New York (2010)
Gueta, G.G., et al.: Sbft: a scalable and decentralized trust infrastructure. In: 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 568–580. IEEE (2019)
Håstad, J., Impagliazzo, R., Levin, L.A., Luby, M.: A pseudorandom generator from any one-way function. SIAM J. Comput. 28(4), 1364–1396 (1999)
Hubert Chan, T.-H., Pass, R., Shi, E.: Consensus through herding. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 720–749. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_24
Jalalzai, M.M., Niu, J., Feng, C., Gai, F.: Fast-hotstuff: a fast and resilient hotstuff protocol. arXiv preprint arXiv:2010.11454 (2020)
Kalai, Y.T., Lindell, Y., Prabhakaran, M.: Concurrent general composition of secure protocols in the timing model. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing, pp. 644–653 (2005)
Katz, J., Maurer, U., Tackmann, B., Zikas, V.: Universally composable synchronous computation. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 477–498. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36594-2_27
Keidar, I., Kokoris-Kogias, E., Naor, O., Spiegelman, A.: All you need is dag. In: Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing, pp. 165–175 (2021)
Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 451–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16
Kiayias, A., Zhou, H.-S., Zikas, V.: Fair and robust multi-party computation using a global transaction ledger. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 705–734. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_25
Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.L.: Zyzzyva: speculative byzantine fault tolerance. In: Proceedings of the 21st ACM Symposium on Operating Systems Principles 2007, SOSP 2007, Stevenson, Washington, USA, October 14–17, 2007, pp. 45–58 (2007)
Lamport, L.: The part-time parliament. ACM Trans. Comput. Syst. 16(2), 133–169 (1998)
Lamport, L.: Paxos made simple. ACM SIGACT News (Distributed Computing Column) 32, 4 (Whole Number 121, December 2001), pp. 51–58 (2001)
Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Trans. Program. Lang. Syst. 4(3), 382–401 (1982)
Martin, J.P., Alvisi, L.: Fast byzantine consensus. IEEE Trans. Dependable Secur. Comput. 3(3) (2006)
Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of BFT protocols. In: Proceedings of the 2016 ACM SIGSAC Conference on computer and communications security, pp. 31–42 (2016)
Nakamoto, S.: Bitcoin: A peer-to-peer electronic cash system. Decentralized business review, p. 21260 (2008)
Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: Proceedings of the 2014 USENIX Conference on USENIX Annual Technical Conference, USENIX ATC 2014, pp. 305–320. USENIX Association, USA (2014)
Pass, R., Shi, E.: The sleepy model of consensus. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10625, pp. 380–409. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70697-9_14
Pass, R., Shi, E.: Thunderella: blockchains with optimistic instant confirmation. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 3–33. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78375-8_1
Rabin, M.O.: Randomized byzantine generals. In: 24th Annual Symposium on Foundations of Computer Science (sfcs 1983), pp. 403–409. IEEE (1983)
Reiter, M.K.: Secure agreement protocols: reliable and atomic group multicast in rampart. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, pp. 68–80 (1994)
Rompel, J.: One-way functions are necessary and sufficient for secure signatures. In: Proceedings of the Twenty-Second Annual ACM Symposium on Theory of Computing, pp. 387–394 (1990)
Spiegelman, A., Giridharan, N., Sonnino, A., Kokoris-Kogias, L.: Bullshark: Dag BFT protocols made practical. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 2705–2718 (2022)
Spiegelman, A., Giridharan, N., Sonnino, A., Kokoris-Kogias, L.: Bullshark: the partially synchronous version. arXiv preprint arXiv:2209.05633 (2022)
Wensley, J.H., et al.: Sift: design and analysis of a fault-tolerant computer for aircraft control. Proc. IEEE 66(10), 1240–1255 (1978)
Yao, A.C.: Protocols for secure computations. In: 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982), pp. 160–164. IEEE (1982)
Yin, M., Malkhi, D., Reiter, M.K., Gueta, G.G., Abraham, I.: Hotstuff: BFT consensus with linearity and responsiveness. In: Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, pp. 347–356 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Chan, B.Y., Pass, R. (2023). Simplex Consensus: A Simple and Fast Consensus Protocol. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14372. Springer, Cham. https://doi.org/10.1007/978-3-031-48624-1_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-48624-1_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-48623-4
Online ISBN: 978-3-031-48624-1
eBook Packages: Computer ScienceComputer Science (R0)
