The Stellar Consensus Protocol (SCP) draft-mazieres-dinrg-scp-00

Similar documents
The Stellar Consensus Protocol (SCP)

The Stellar Consensus Protocol

Distributed Systems. 11. Consensus: Paxos. Paul Krzyzanowski. Rutgers University. Fall 2015

Quorums. Christian Plattner, Gustavo Alonso Exercises for Verteilte Systeme WS05/06 Swiss Federal Institute of Technology (ETH), Zürich

What can happen if two quorums try to lock their nodes at the same time?

Fast Paxos (Leslie Lamport) Yuxin Liu, Hua Zhu EECS 591 Distributed systems

DPaxos: Managing Data Closer to Users for Low-Latency and Mobile Applications

BY-LAWS OF UNITY CHRIST CHURCH As Amended Through March, 2011 ARTICLE I

Bigdata High Availability Quorum Design

Principles of Distributed Computing. Burcu Canakci. Lorenzo Alvisi Cornell University. Natacha Crooks. Cong Ding

Circularity in ethotic structures

Artificial Intelligence Prof. Deepak Khemani Department of Computer Science and Engineering Indian Institute of Technology, Madras

What is a distributed system? A first course in Distributed Computing... A first course in Distributed Computing... Principle of Distributed Computing

Williamson s proof of the primeness of mental states

St. Mary s Pastoral Council Bylaws

1.2. What is said: propositions

INTERMEDIATE LOGIC Glossary of key terms

CHICAGOLAND PRESBYTERIAN PILGRIMAGE BY-LAWS

Chadwick Prize Winner: Christian Michel THE LIAR PARADOX OUTSIDE-IN

The Episcopal Electoral Model in the Church in Wales and the Scottish Episcopal Church

Does Deduction really rest on a more secure epistemological footing than Induction?

Is the law of excluded middle a law of logic?

AMENDMENTS TO THE MODEL CONSTITUTION FOR CONGREGATIONS

Holy Trinity Greek Orthodox Church of Biloxi Mississippi. Bylaws. February 8, Preamble

Whatever happened to cman?

BYLAWS OF THE BETHEL EVANGELICAL FREE CHURCH

UNIVERSITY FACULTY COUNCIL. Special Meeting July 2018, 2 pm Eastern / 1 pm Central Meeting and Videoconference MINUTES

Load balanced Scalable Byzantine Agreement through Quorum Building, with Full Information

SECTION 1: GENERAL REGULATIONS REGARDING ORDINATION

Presenting DALI Control your light easy, versatile and digital:

Figure 1 Figure 2 U S S. non-p P P

TRINITY EVANGELICAL FREE CHURCH

Deduction by Daniel Bonevac. Chapter 1 Basic Concepts of Logic

Semantic Foundations for Deductive Methods

Against Lewis: branching or divergence?

Parish Pastoral Council GUIDELINES ON CONSTITUTION AND BYLAWS

From Necessary Truth to Necessary Existence

THEALLIANCE 2017 MANUAL. of The Christian and Missionary Alliance

1. Preliminary Definitions Application of Legislation Act

THE CONSTITUTION AND BYLAWS OF GLENVIEW COMMUNITY CHURCH

6.080 / Great Ideas in Theoretical Computer Science Spring 2008

Quantificational logic and empty names

The Constitution of Non-denominational Christian Fellowship (Updated December 10, 2014)

BYLAWS CHURCH ON MILL FIRST SOUTHERN BAPTIST CHURCH OF TEMPE TEMPE, ARZONA ARTICLE I ORGANIZATION ARTICLE II MEMBERSHIP

PHILOSOPHY OF LOGIC AND LANGUAGE OVERVIEW LOGICAL CONSTANTS WEEK 5: MODEL-THEORETIC CONSEQUENCE JONNY MCINTOSH

Additions are underlined. Deletions are struck through in the text.

ST. CASIMIR CATHOLIC PARISH CLEVELAND, OHIO PARISH PASTORAL COUNCIL GUIDELINES Approved August 31, 2010 Updated March 5, 2013 with Amendment 1

SECTION 1: GENERAL REGULATIONS REGARDING ORDINATION

15 Does God have a Nature?

Highland Community Church Bylaws

Legal Positivism: the Separation and Identification theses are true.

Solving the Lucky and Guaranteed Proof Problems* Stephen Steward, Syracuse University

Oxford Scholarship Online

THE CONSTITUTION OF DURAL BAPTIST CHURCH

CONSTITUTION EVANGELICAL LUTHERAN CHURCH IN CANADA

Module 5. Knowledge Representation and Logic (Propositional Logic) Version 2 CSE IIT, Kharagpur

THE STANDING ORDERS OF THE SCHOOL COUNCIL OF AUBURN HIGH SCHOOL

CONSTITUTION AND BYLAWS THE CHURCH OF ST JOHN THE EVANGELIST BAPTIST (A/K/A ST JOHN BAPTIST CHURCH) ARTICLE I NAME

A Family Membership Form VALLEY HOME SCHOOL ASSOCIATION

BYLAWS FOR ELDER LED CHURCH

CONSTITUTION. NOWRA CHURCH OF CHRIST April 2014

Ling 98a: The Meaning of Negation (Week 1)

Minimal and Maximal Models in Reinforcement Learning

Some proposals for understanding narrow content

Announcements. CS243: Discrete Structures. First Order Logic, Rules of Inference. Review of Last Lecture. Translating English into First-Order Logic

Logic and Artificial Intelligence Lecture 26

Church Affiliation Process Administration Process

BYLAWS OF SOUTH VANCOUVER PACIFIC GRACE MB CHURCH

BYE-LAWS TO THE CONSTITUTION OF THE EVANGELICAL LUTHERAN CHURCH IN SOUTHERN AFRICA RELATING THE ORGANIZATION OF THE CHURCH

INTRODUCTION TO LOGIC 1 Sets, Relations, and Arguments

BYLAWS of Thomasville Road Baptist Church Tallahassee, Florida

News and Views. Coming up... F a w n L a k e M a i n t e n a n c e C o m m i s s i o n. June 2017

Understanding Truth Scott Soames Précis Philosophy and Phenomenological Research Volume LXV, No. 2, 2002

Proposed Constitution of Zion United Church of Christ Baroda, Michigan Preamble

Phil 435: Philosophy of Language. [Handout 7] W. V. Quine, Quantifiers and Propositional Attitudes (1956)

Summary of Registration Changes

BYLAWS OF FIRST BAPTIST CHURCH 1100 Malone Denton, Texas

Frankfort Congregational Church, UCC 42 Main Road South, Frankfort, ME Constitution & Bylaws

The Connection between Prudential Goodness and Moral Permissibility, Journal of Social Philosophy 24 (1993):

Ramsey s belief > action > truth theory.

Washtenaw Independent Bible Church Constitution

TERMS & CONDITIONS NEW YEAR'S EVE 2018/2019 The Great Gatsby at Zamoyski Palace Endorfina Foksal Foksal Street 2, Warsaw on

BYLAWS FIRST BAPTIST CHURCH DECATUR, TEXAS. Adopted: 7/19/00 Last Revised: 2/14/16

Kevin Scharp, Replacing Truth, Oxford: Oxford University Press, 2013, At 300-some pages, with narrow margins and small print, the work

Verification and Validation

Reasoning and Decision-Making under Uncertainty

Bylaws of Westoak Woods Baptist Church

Logic: inductive. Draft: April 29, Logic is the study of the quality of arguments. An argument consists of a set of premises P1,

2017 Constitutional Updates. Based upon ELCA Model Constitution adopted 2016 at 14th Church Wide Assembly

Policy: Validation of Ministries

BY-LAWS THE MISSIONARY CHURCH, INC., WESTERN REGION

The Quigley Scholars Program Parent Agreement Form

HOW TO WRITE AN NDES POLICY MODULE

DEFINING ONTOLOGICAL CATEGORIES IN AN EXPANSION OF BELIEF DYNAMICS

Aboutness and Justification

Glossary of Terms Jim Pryor Princeton University 2/11/03

The Constitution of The Coptic Orthodox Church of Western Australia Incorporated

Guideline Leaflet C04: Approved Governing Document

UC Berkeley, Philosophy 142, Spring 2016

C&MA Accredited Local Church Constitution

Transcription:

The Stellar Consensus Protocol (SCP) draft-mazieres-dinrg-scp-00 Nicolas Barry, David Mazières, Jed McCaleb, Stanislas Polu IETF101 Monday, March 19, 2018

An open Byzantine agreement protocol Majority-based voting doesn t work against Sybil attacks Instead, determine quorums in decentralized way based on trust - Let V be all nodes in the world - Each v V would accept any of Q(v) = {q 1,..., q n } as a quorum - But q i is not a quorum it is a quorum slice - A quorum must (transitively) satisfy all of its members Definition (Quorum) A quorum U V is a set of nodes that contains at least one slice of each of its members: v U, q Q(v) such that q U Assumes trust overlaps transitively. Analogies: - Transitive reachability on the Internet - Rough agreement on who constitutes a tier-1 ISP - Overlapping notions of valid certificate authorities 2 / 20

v 1,..., v 4 is the smallest quorum containing v 1 3 / 20 Definition (Quorum) A quorum U V is a set of nodes that encompasses at least one slice of each of its members: v U, q Q(v) such that q U v 4 quorum for v 2, v 3, v 4 v 2 v 3 Q(v 1 ) = {{v 1, v 2, v 3 }} Q(v 2 ) = Q(v 3 ) = Q(v 4 ) = {{v 2, v 3, v 4 }} v 1 quorum slice for v 1, but not a quorum quorum for v 1,..., v 4 Visualize quorum slice dependencies with arrows v 2, v 3, v 4 is a quorum contains a slice of each member v 1, v 2, v 3 is a slice for v 1, but not a quorum - Doesn t contain a slice for v 2, v 3, who demand v 4 s agreement

v 1,..., v 4 is the smallest quorum containing v 1 3 / 20 Definition (Quorum) A quorum U V is a set of nodes that encompasses at least one slice of each of its members: v U, q Q(v) such that q U v 4 quorum for v 2, v 3, v 4 v 2 v 3 Q(v 1 ) = {{v 1, v 2, v 3 }} Q(v 2 ) = Q(v 3 ) = Q(v 4 ) = {{v 2, v 3, v 4 }} v 1 quorum slice for v 1, but not a quorum quorum for v 1,..., v 4 Visualize quorum slice dependencies with arrows v 2, v 3, v 4 is a quorum contains a slice of each member v 1, v 2, v 3 is a slice for v 1, but not a quorum - Doesn t contain a slice for v 2, v 3, who demand v 4 s agreement

v 1,..., v 4 is the smallest quorum containing v 1 3 / 20 Definition (Quorum) A quorum U V is a set of nodes that encompasses at least one slice of each of its members: v U, q Q(v) such that q U v 4 quorum for v 2, v 3, v 4 v 2 v 3 Q(v 1 ) = {{v 1, v 2, v 3 }} Q(v 2 ) = Q(v 3 ) = Q(v 4 ) = {{v 2, v 3, v 4 }} v 1 quorum slice for v 1, but not a quorum quorum for v 1,..., v 4 Visualize quorum slice dependencies with arrows v 2, v 3, v 4 is a quorum contains a slice of each member v 1, v 2, v 3 is a slice for v 1, but not a quorum - Doesn t contain a slice for v 2, v 3, who demand v 4 s agreement

v 1,..., v 4 is the smallest quorum containing v 1 3 / 20 Definition (Quorum) A quorum U V is a set of nodes that encompasses at least one slice of each of its members: v U, q Q(v) such that q U v 4 quorum for v 2, v 3, v 4 v 2 v 3 Q(v 1 ) = {{v 1, v 2, v 3 }} Q(v 2 ) = Q(v 3 ) = Q(v 4 ) = {{v 2, v 3, v 4 }} v 1 quorum slice for v 1, but not a quorum quorum for v 1,..., v 4 Visualize quorum slice dependencies with arrows v 2, v 3, v 4 is a quorum contains a slice of each member v 1, v 2, v 3 is a slice for v 1, but not a quorum - Doesn t contain a slice for v 2, v 3, who demand v 4 s agreement

Quorum slice representation union PublicKey switch (PublicKeyType type) { case PUBLIC_KEY_TYPE_ED25519: uint256 ed25519; }; // supports things like: A,B,C,(D,E,F),(G,H,(I,J,K,L)) // only allows 2 levels of nesting struct SCPQuorumSet { uint32 threshold; // the k in k-of-n PublicKey validators<>; SCPQuorumSet innersets<>; }; Can t represent arbitrary quorum slices compactly Instead, use two-levels of k-of-n configuration 4 / 20

Federated voting v vote a, slices = {q 1,..., q n } Nodes exchanges vote messages to agree on statements - Well-behaved nodes cannot vote for contradictory statements - Every vote specifies quorum slices - Allows dynamic quorum discovery while assembling votes Two important thresholds for statement a at node v: - quorum threshold a quorum containing v unanimously votes for a - blocking threshold q Q(v), v q such that v voted for a (no contradictory a a can reach quorum threshold w/o illegal votes) v ratifies a iff a reaches quorum threshold at v - Can t ratify contradictory statements if you have quorum intersection despite [i.e., after deleting] ill-behaved nodes (qidin) 5 / 20

Vote messages typedef opaque Hash[32]; struct SCPStatement { PublicKey nodeid; uint64 slotindex; Hash quorumsethash; SCPStatement pledges; }; // SHA-256 // v (node signing message) typedef opaque Signature<64>; struct SCPEnvelope { SCPStatement statement; Signature signature; }; Transmit quorum slices as SHA-256 hash of SCPQuorumSet - Use side protocol to request preimage if not cached 6 / 20

Federated voting outcomes a-valent a agreed bivalent stuck a-valent a agreed Before any node votes, system is bivalent - Any value may be ratified If a node ratifies a, system is a-valent - With qidin, no contradictory a can be ratified If every node learns system a-valent, then system agrees on a System can also get stuck at any point along the way - Non-faulty node can t ratify a because voting for a - Or ratified a and don t know it because of crash & message loss 7 / 20

When have we reached agreement? a-valent a agreed bivalent Reached here if you saw T votes for a. a-valent stuck How do you know if you reached here? a agreed Centralized protocols (e.g., PBFT) accept statement if quorum intersection says ratified - Centralized systems care about whole-system failure, not per-node - Now can t assume correctness of quorums you don t belong to First-hand ratification now the only way to know system a-valent - How to agree on statement a even after voting against it? - How to know everyone else will learn system agreed on a? 8 / 20

When have we reached agreement? Quorum A Quorum B v 0... v N T... v T 1... v N 1 We saw a quorum vote for a Who cares? Quorum A = Sybil? Centralized protocols (e.g., PBFT) accept statement if quorum intersection says ratified - Centralized systems care about whole-system failure, not per-node - Now can t assume correctness of quorums you don t belong to First-hand ratification now the only way to know system a-valent - How to agree on statement a even after voting against it? - How to know everyone else will learn system agreed on a? 8 / 20

When have we reached agreement? Quorum A Quorum B v 0... v N T... v T 1... v N 1 We saw a quorum vote for a Who cares? Quorum A = Sybil? Centralized protocols (e.g., PBFT) accept statement if quorum intersection says ratified - Centralized systems care about whole-system failure, not per-node - Now can t assume correctness of quorums you don t belong to First-hand ratification now the only way to know system a-valent - How to agree on statement a even after voting against it? - How to know everyone else will learn system agreed on a? 8 / 20

Accepting statements 3/4 system is a-valent system is a-valent v 1 v 2 v 3 v 4 EVIL EVIL Q(v 1 ) = {{v 1, v 2, v 3 }, {v 1, v 2, v 4 }, {v 1, v 3, v 4 }} What if system is a-valent reaches blocking threshold at v 1? - Either true or v 1 not member of any well-behaved quorum (no liveness) Node v accepts a statement a consistent with history iff either: 1. I vote a or I accept a reaches quorum threshold, or 2. I accept a reaches blocking threshold #2 lets nodes accept statements they voted against, but - Nodes can accept contradictory statements in cases with no fully honest quorum but where you still have qidin - No guarantee all nodes in non-faulty quorum will accept a 9 / 20

Accepting statements 3/4 v 1 v 2 v 3 v 4 EVIL EVIL Q(v 1 ) = {{v 1, v 2, v 3 }, {v 1, v 2, v 4 }, {v 1, v 3, v 4 }} What if system is a-valent reaches blocking threshold at v 1? - Either true or v 1 not member of any well-behaved quorum (no liveness) Node v accepts a statement a consistent with history iff either: 1. I vote a or I accept a reaches quorum threshold, or 2. I accept a reaches blocking threshold #2 lets nodes accept statements they voted against, but - Nodes can accept contradictory statements in cases with no fully honest quorum but where you still have qidin - No guarantee all nodes in non-faulty quorum will accept a 9 / 20

Confirming statements accept a accept a accept a v 1 v 2 v 3 Quorum Idea: Hold a second vote on the fact that the first vote succeeded Node v confirms a by ratifying I accepted a. Solves safety through quorum threshold of ratification Also solves nodes in honest quorum being unable to accept - Nodes in well-behaved quorum may vote against accepted statements - Won t vote against the fact that those statements were accepted Theorem: If 1 node in well-behaved quorum confirms a, all will 10 / 20

Summary of federated voting process vote a accept a quorum thresh. accept a quorum thresh. a is valid voted a accepted a confirmed a uncommitted voted a accept a blocking thresh. A node v that locally confirms a knows system has agreed on a - If Q() admits any safe protocol, well-behaved nodes can t contradict a - If v in well-behaved quorum, whole quorum will eventually confirm a 11 / 20

SCP nomination message typedef opaque Value<>; struct SCPNomination { Value votes<>; // vote to nominate these values Value accepted<>; // assert that these are accepted }; union SCPStatement switch (SCPStatementType type) { case SCP_ST_NOMINATE: SCPNomination nominate; /*... */ }; Nodes broadcast nominated values in votes - Initially vote values in all received votes (ignoring optimization here) Upon accepting nomination of a, move from votes to accepted Stop voting for new values when any confirmed nominated - But continue accepting and repeating votes already cast 12 / 20

Nomination flow NOMINATE tx 1, tx 2 NOMINATE tx 3 NOMINATE v 1 v 2 v 3 Nodes nominate values and re-nominate any nominations seen Stop adding to votes once any value confirmed nominated Converge on set of nominated values Deterministically combine nominations into composite value x All nodes guaranteed to converge on same value x! - Complication: impossible to know when protocol has converged [FLP] - c.f. asynchronous reliable broadcast 13 / 20

Nomination flow NOMINATE tx 1, tx 2, tx 3 NOMINATE tx 1, tx 2, tx 3 NOMINATE tx 3 v 1 v 2 v 3 Nodes nominate values and re-nominate any nominations seen Stop adding to votes once any value confirmed nominated Converge on set of nominated values Deterministically combine nominations into composite value x All nodes guaranteed to converge on same value x! - Complication: impossible to know when protocol has converged [FLP] - c.f. asynchronous reliable broadcast 13 / 20

Nomination flow NOMINATE tx 1, tx 2, tx 3 NOMINATE tx 1, tx 2, tx 3 NOMINATE tx 1, tx 2, tx 3 v 1 v 2 v 3 Nodes nominate values and re-nominate any nominations seen Stop adding to votes once any value confirmed nominated Converge on set of nominated values Deterministically combine nominations into composite value x All nodes guaranteed to converge on same value x! - Complication: impossible to know when protocol has converged [FLP] - c.f. asynchronous reliable broadcast 13 / 20

Nomination flow x = i tx i x = i tx i x = i tx i v 1 v 2 v 3 Nodes nominate values and re-nominate any nominations seen Stop adding to votes once any value confirmed nominated Converge on set of nominated values Deterministically combine nominations into composite value x All nodes guaranteed to converge on same value x! - Complication: impossible to know when protocol has converged [FLP] - c.f. asynchronous reliable broadcast 13 / 20

SCP ballots struct SCPBallot { uint32 counter; Value value; }; // n // x Composite nominated must be run through balloting - Guarantees safety even if started before nomination converges A ballot b is a pair b.n, b.x where b.x is a candidate output value - Ballots totally ordered with field n more significant than x - Nodes may vote to commit or abort a ballot, not both - If federated voting confirms commit b for any b, can output value b.x Let prepared(b) = {abort b old b old < b and b old.x b.x} Invariant: cannot vote commit b unless federated voting has confirmed every statement in prepared(b) 14 / 20

SCP prepare message struct SCPPrepare { SCPBallot ballot; // b SCPBallot *prepared; // p SCPBallot *preparedprime; // p uint32 nc; // c.n uint32 nh; // h.n }; union SCPStatement switch (SCPStatementType type) { case SCP_ST_PREPARE: SCPPrepare prepare; /*... */ }; 15 / 20

Prepare fields ballot.x starts at 1, increases w. timeouts, msg receipt ballot.n b.x from highest b for which prepared(b) confirmed (if any) otherwise composite nomination value prepared highest b for which sender accepted prepared(b) prepared highest b with accepted prepared(b) and different x from prepared nh b.n from highest b with confirmed prepared(b), else 0 nc if not 0 and ballot.x = 1, implies votes for commit nc, x, commit nc + 1, x,..., commit nh, x 16 / 20

SCP confirm message struct SCPConfirm { SCPBallot ballot; uint32 nprepared; uint32 ncommit; uint32 nh; }; // b // p.n // c.n // h.n union SCPStatement switch (SCPStatementType type) { case SCP_ST_CONFIRM: SCPConfirm confirm; /*... */ }; Implies votes for all messages in the set {accept(commit b ) ncommit b.n nh and b.x = ballot.x} Implies SCPPrepare with ballot, confirm.ballot.x, prepared confirm.nprepared, confirm.ballot.x, and nh value. 17 / 20

SCP externalize message struct SCPExternalize { SCPBallot commit; uint32 nh; }; // c // h.n union SCPStatement switch (SCPStatementType type) { case SCP_ST_EXTERNALIZE: SCPExternalize externalize; /*... */ }; By the time you send this, already externalized commit.x - Means you have confirmed committed a ballot with commit.x - Goal is definitive record to help other nodes prove value/catch up Implies SCPConfirm with ballot, externalize.commit.x, nprepared externalize.commit.n, and nh Implies SCPConfirm with ballot, externalize.commit.x, nprepared externalize.commit.n, nh externalize.nh, and a special quorum slice declaration of only the sending node 18 / 20

Balloting flow PREPARE 1, x CONFIRM 1, x PREPARE 1, x CONFIRM 1, x PREPARE 1, x CONFIRM 1, x v 1 v 2 v 3 In the common case, will prepare and commit nominated value Else, arm timer when ballot counter reaches quorum threshold Bump counter and restart with new ballot whenever - Timer fires - A blocking threshold is at a higher ballot counter Nomination may finish converging in background Or if any value confirmed prepared, all nodes will eventually see it confirmed prepared and start using that value 19 / 20

Balloting flow PREPARE 1, x CONFIRM 1, x PREPARE 1, x CONFIRM 1, x PREPARE 1, x CONFIRM 1, x v 1 v 2 v 3 In the common case, will prepare and commit nominated value Else, arm timer when ballot counter reaches quorum threshold Bump counter and restart with new ballot whenever - Timer fires - A blocking threshold is at a higher ballot counter Nomination may finish converging in background Or if any value confirmed prepared, all nodes will eventually see it confirmed prepared and start using that value 19 / 20

Questions? 20 / 20

2024 © religiondocbox.com Privacy Policy | Terms of Service | Feedback