All You Need is DAG

Keidar, Idit; Kokoris-Kogias, Eleftherios; Naor, Oded; Spiegelman, Alexander

doi:10.48550/arxiv.2102.08325

Cited by 3 publications

(10 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2. Cipher broadcast (Line 7-10, [16][17][18][19][20][21][22][23][24][25][26]. In this phase, the dealer broadcasts its actual input encrypted by the key shared in the earlier phase, i.e., A(0).…”

Section: Verifiable Random Functionmentioning

confidence: 99%

“…-Committing phase-Seed aggregation (Line 1-4, [20][21][22][23][24].In this phase, each party invokes Deal to create a pvss script and send this script to the leader P L . When the leader receives pvss j from P j , it verifies the pvss using ek and checks if the weights of pvss j are all zeros but one at the j th position.…”

Section: C3 Constructing Seedingmentioning

confidence: 99%

“…Recently, following the unprecedented demand of deploying BFT protocols on the Internet for robust and highly available decentralized applications, renewed attentions are gathered to implement more efficient asynchronous Byzantine agreements [3,24,29,21,28]. Nevertheless, asynchronous protocols have to rely on randomized executions to circumvent the seminal FLP "impossibility" result [20].…”

Section: Introductionmentioning

confidence: 99%

“…Nevertheless, asynchronous protocols have to rely on randomized executions to circumvent the seminal FLP "impossibility" result [20]. In particular, to quickly decide the output in expected constant time, many asynchronous protocols [15,30,29,13,12,3,28,21,24,17,9] essentially need common randomness, given which for free, one can construct optimally resilient asynchronous Byzantine agreements that are at least as efficient as using expected O(n 2 ) messages and constant running time [3,28,30,13].…”

Section: Introductionmentioning

confidence: 99%

“…For example, initialed by M. Rabin [32], it can directly assume that a trusted dealer uses a secret sharing scheme to distribute a large number of secrets among the participating parties before the protocol execution, which later can be collectively reconstructed by the parties to generate a sequence of random bits. Later, Cachin et al [13] presented how to construct a non-interactive threshold pseudorandom function (tPRF) assuming that a trusted dealer can faithfully share a short tPRF key, which now is widely used by most practical asynchronous BFT protocols including [3,24,29,28].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Efficient Asynchronous Byzantine Agreement without Private Setups

Gao¹,

Lu²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

Though recent breakthroughs have greatly improved the efficiency of asynchronous Byzantine agreement protocols, they mainly focused on the setting with private setups, e.g., assuming a trusted dealer to establish non-interactive threshold cryptosystems. Challenges remain to reduce the large communication complexities in the absence of private setups, for example: (i) for asynchronous binary agreement (ABA) with optimal resilience, prior private-setup free protocols (Cachin et al., CCS' 2002; Kokoris-Kogias et al., CCS' 2020) have to incur O(λn 4 ) bits and O(n 3 ) messages; (ii) for asynchronous multi-valued agreement with external validity (VBA), Abraham et al. [2] very recently gave the first elegant construction with O(n 3 ) messages, relying on only public key infrastructure (PKI), but the design still costs O(λn 3 log n) bits. Here n is the number of participating parties and λ is the cryptographic security parameter. We for the first time close the remaining efficiency gap between the communication complexity and the message complexity of private-setup free asynchronous Byzantine agreements, i.e., reducing their communication cost to only O(λn 3 ) bits on average. At the core of our design, we give a systematic treatment of reasonably fair common randomness, and proceed as follows:-We construct a reasonably fair common coin (Canetti and Rabin, STOC' 1993) in the asynchronous setting with PKI instead of private setup, using only O(λn 3 ) bit and constant asynchronous rounds. The common coin protocol ensures that with at least 1/3 probability, all honest parties can output a common bit that is as if uniformly sampled, rendering a more efficient private-setup free ABA with expected O(λn 3 ) bit communication and constant running time.-More interestingly, we lift our reasonably fair common coin protocol to attain perfect agreement without incurring any extra factor in the asymptotic complexities, resulting in an efficient reasonably fair leader election primitive pluggable in all existing VBA protocols (including Cachin et al., CRYPTO' 2001; Abraham et al., PODC' 2019; Lu et al., PODC' 2020), thus reducing the communication of private-setup free VBA to expected O(λn 3 ) bits while preserving expected constant running time. This leader election primitive and its construction might be of independent interest. -Along the way, we also improve an important building block, asynchronous verifiable secret sharing (Canetti and Rabin, STOC' 1993) by presenting a private-setup free implementation costing only O(λn 2 ) bits in the PKI setting. By contrast, prior art having the same communication complexity (Backes et al., CT-RSA' 2013) has to rely on a private setup.

show abstract

Section: Verifiable Random Functionmentioning

confidence: 99%

Section: C3 Constructing Seedingmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Efficient Asynchronous Byzantine Agreement without Private Setups

Gao¹,

Lu²,

Lu³

et al. 2021

Preprint

View full text Add to dashboard Cite

show abstract

Cordial Miners: A Family of Simple, Efficient and Self-Contained Consensus Protocols for Every Eventuality

Keidar¹,

Naor²,

Shapiro³

2022

Preprint

Self Cite

View full text Add to dashboard Cite

Cordial Miners is a family of simple, efficient, self-contained, Byzantine Atomic Broadcast protocols, with optimal instances for asynchrony and eventual synchrony. Its simplicity-cum-efficiency stems from using the blocklace-a partially-ordered generalization of the totally-ordered blockchain-for all key algorithmic tasks, including block dissemination, equivocation exclusion, leader finality, block ordering, and for the identification and exclusion of faulty miners. The algorithm employs piecemeal topological sort of the partially-ordered blocklace into a totally-ordered sequence of blocks, excluding equivocations as well as the Byzantine miners perpetrating them along the way. The conversion process is monotonic in that the output sequence only extends as the input blocklace increases, which implies (i) safety -the outputs of two correct miners are consistent (one is a prefix of the other), and (ii) finality -any output of a correct miner is final.The Cordial Miners protocols are self-contained, using simple all-to-all block communication to realize blocklace-based dissemination and equivocation exclusion. They promptly excommunicate equivocating Byzantine miners, and thus can reduce the supermajority required for finality and eventually enjoy equivocation-free execution. In contrast, state-of-the-art protocols such as DAG-Rider and its successor Bullshark employ reliable broadcast as a black box and thus allow Byzantine miners to participate and equivocate indefinitely.We present two instances of the protocol family: One for the eventual synchrony model, employing deterministic/predicted leader selection and 3 rounds of communication to leader finality in the good case, which is three-quarters of the latency of state-of-the-art protocols. The second for the asynchrony model, employing retroactive random leader selection, 6 rounds to leader finality in the good case, and 9 rounds in the expected case, which is half the latency of state-of-the-art protocols in the good case and three-quarters of their latency in the expected case. In both protocols, message complexity is the same as the state-of-the-art.

show abstract

Grassroots Distributed Systems: Concept, Examples, Implementation and Applications

Shapiro¹

2023

Preprint

View full text Add to dashboard Cite

A distributed system is grassroots if it can have autonomous, independently-deployed instances-geographically and over time-that can interoperate once interconnected. An example would be a serverless smartphone-based social network supporting multiple independently-budding communities that merge when a member of one community becomes also a member of another. Grassroots applications are potentially important as they may better distribute power and wealth within a society and allow citizens to better defend themselves against surveillance, manipulation, exploitation and control by global digital platforms and authoritarian regimes. Here, we formalize the notion of grassroots distributed systems and grassroots implementations; specify an abstract grassroots dissemination protocol; describe and prove an implementation of grassroots dissemination for the model of asynchrony; and illustrate how grassroots dissemination can implement serverless social networking and sovereign cryptocurrencies. The mathematical construction employs distributed multiagent transition systems to define the notion of grassroots protocols and grassroots implementations, to specify grassroots dissemination protocols, and to prove their correctness. It uses the blocklace-a partially-ordered generalization of the blockchain-for the grassroots implementation.CCS Concepts: • Computer systems organization → Peer-to-peer architectures; • Networks → Network protocol design; Formal specifications; • Software and its engineering → Distributed systems organizing principles.

show abstract

All You Need is DAG

Cited by 3 publications

References 26 publications

Efficient Asynchronous Byzantine Agreement without Private Setups

Efficient Asynchronous Byzantine Agreement without Private Setups

Cordial Miners: A Family of Simple, Efficient and Self-Contained Consensus Protocols for Every Eventuality

Grassroots Distributed Systems: Concept, Examples, Implementation and Applications

Contact Info

Product

Resources

About