TY - GEN
T1 - Brief Announcement
T2 - 40th ACM SIGACT-SIGOPS Symposium on Principles of Distributed Computing, PODC 2021
AU - Abspoel, Mark
AU - Attema, Thomas
AU - Rambaud, Matthieu
N1 - Publisher Copyright:
© 2021 Owner/Author.
PY - 2021/7/21
Y1 - 2021/7/21
N2 - We consider consensus protocols in the model that is most commonly considered for use in state machine replication, as initiated by Dwork-Lynch-Stockmeyer, then by Castro-Liskov in 1999 with "PBFT."Such protocols guarantee, assuming n players out of which t < n/3 are maliciously corrupted, that the honest players output the same valid value within a finite number of messages, after the (unknown) point in time where both: the network becomes synchronous, and a designated player (the leader) is honest. The state of the art (Hotstuff, PODC'19), achieves linear communication complexity, but at the cost of additional latency, due to one more round-trip with the leader. Furthermore, it relies on constant-size threshold signatures schemes (TSS), for which all prior-known constructions require a costly interactive (or trusted) setup. We remove all of these limitations. The communication bottleneck of PBFT lies in the subprotocol, denoted as "view change,"in which the leader forwards 2t+1 signed messages to each player. Then, each player checks that these 2t+1 messages satisfy some predicate, which we denote "non-supermajority''. We replace this with a responsive subprotocol, with linear communication complexity, that enables players to check this predicate. Its construction is elementary, since it requires only black box use of any TSS. In the full version of our paper \citemalicious2 we achieve three things. Firstly, we further optimize this subprotocol from succinct arguments of many signed messages, which we instantiate from Attema-Cramer-Rambaud \cite[2021-3-9 version]ACR20. As an introduction to these methods, we discuss here the simplest case, which is the construction in \citeACR20 of the first logarithmic-sized TSS with transparent setup. Second, we also address another complexity challenge pointed in Hotstuff, namely, that protocols with fast termination in favorable runs, have so far quadratic complexity, due to an even more complex view change. Third, we enable halting in finite time with (amortized) linear complexity, which was an unsolved question so far when external validity is required.
AB - We consider consensus protocols in the model that is most commonly considered for use in state machine replication, as initiated by Dwork-Lynch-Stockmeyer, then by Castro-Liskov in 1999 with "PBFT."Such protocols guarantee, assuming n players out of which t < n/3 are maliciously corrupted, that the honest players output the same valid value within a finite number of messages, after the (unknown) point in time where both: the network becomes synchronous, and a designated player (the leader) is honest. The state of the art (Hotstuff, PODC'19), achieves linear communication complexity, but at the cost of additional latency, due to one more round-trip with the leader. Furthermore, it relies on constant-size threshold signatures schemes (TSS), for which all prior-known constructions require a costly interactive (or trusted) setup. We remove all of these limitations. The communication bottleneck of PBFT lies in the subprotocol, denoted as "view change,"in which the leader forwards 2t+1 signed messages to each player. Then, each player checks that these 2t+1 messages satisfy some predicate, which we denote "non-supermajority''. We replace this with a responsive subprotocol, with linear communication complexity, that enables players to check this predicate. Its construction is elementary, since it requires only black box use of any TSS. In the full version of our paper \citemalicious2 we achieve three things. Firstly, we further optimize this subprotocol from succinct arguments of many signed messages, which we instantiate from Attema-Cramer-Rambaud \cite[2021-3-9 version]ACR20. As an introduction to these methods, we discuss here the simplest case, which is the construction in \citeACR20 of the first logarithmic-sized TSS with transparent setup. Second, we also address another complexity challenge pointed in Hotstuff, namely, that protocols with fast termination in favorable runs, have so far quadratic complexity, due to an even more complex view change. Third, we enable halting in finite time with (amortized) linear complexity, which was an unsolved question so far when external validity is required.
KW - bft
KW - consensus
KW - state machine replication
KW - succinct proofs
U2 - 10.1145/3465084.3467953
DO - 10.1145/3465084.3467953
M3 - Conference contribution
AN - SCOPUS:85112381661
T3 - Proceedings of the Annual ACM Symposium on Principles of Distributed Computing
SP - 195
EP - 198
BT - PODC 2021 - Proceedings of the 2021 ACM Symposium on Principles of Distributed Computing
PB - Association for Computing Machinery
Y2 - 26 July 2021 through 30 July 2021
ER -