Abstract
Advances in blockchains have influenced the State-Machine-Replication (SMR) world and many state-of-the-art blockchain-SMR solutions are based on two pillars: Chaining and Leader-rotation. A predetermined round-robin mechanism used for Leader-rotation, however, has an undesirable behavior: crashed parties become designated leaders infinitely often, slowing down overall system performance. In this paper, we provide a new Leader-Aware SMR framework that, among other desirable properties, formalizes a Leader-utilization requirement that bounds the number of rounds whose leaders are faulty in crash-only executions.
We introduce Carousel, a novel, reputation-based Leader-rotation solution to achieve Leader-Aware SMR. The challenge in adaptive Leader-rotation is that it cannot rely on consensus to determine a leader, since consensus itself needs a leader. Carousel uses the available on-chain information to determine a leader locally and achieves Liveness despite this difficulty. A HotStuff implementation fitted with Carousel demonstrates drastic performance improvements: it increases throughput over 2x in faultless settings and provided a 20x throughput increase and 5x latency reduction in the presence of faults.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This can be achieved by multi-signature schemes which are practically as efficient as threshold signatures [3].
- 2.
Existing SMR protocols may have separate rounds (and even leaders) for forming and committing blocks, but this distinction is not relevant for the purposes of the paper and LBR abstraction is defined accordingly.
- 3.
LBR-synchronized requires that the corresponding execution intervals have a shared intersection lasting \(\ge c\delta \) time.
- 4.
Note that Endorsement implies that although LBR can be invoked for round r with more than one leader l, there is at most one author for a block in r.
- 5.
- 6.
- 7.
- 8.
- 9.
- 10.
- 11.
References
Androulaki, E., et al.: Hyperledger fabric: a distributed operating system for permissioned blockchains. In: Proceedings of the Thirteenth EuroSys Conference, pp. 1–15 (2018)
Bano, S., et al.: Twins: Bft systems made robust. In: 25th International Conference on Principles of Distributed Systems (OPODIS 2021). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2022)
Boneh, D., Drijvers, M., Neven, G.: The modified BLS multi-signature construction (2018). http://www.crypto.stanford.edu/~dabo/pubs/papers/BLSmultisig.html
Bravo, M., Chockler, G., Gotsman, A.: Making byzantine consensus live. In: 34th International Symposium on Distributed Computing (DISC 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2020)
Buchman, E.: Tendermint: Byzantine fault tolerance in the age of blockchains. Ph.D. thesis (2016)
Buterin, V., Griffith, V.: Casper the friendly finality gadget
Castro, M., Liskov, B., et al.: Practical byzantine fault tolerance. In: OSDI 99, pp. 173–186 (1999)
Chan, B.Y., Shi, E.: Streamlet: textbook streamlined blockchains. In: Proceedings of the 2nd ACM Conference on Advances in Financial Technologies, pp. 1–11 (2020)
Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM (JACM) 35(2), 288–323 (1988)
Garay, J., Kiayias, A., Leonardos, N.: The bitcoin backbone protocol: analysis and applications. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 281–310. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_10
Kelkar, M., Zhang, F., Goldfeder, S., Juels, A.: Order-fairness for byzantine consensus. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12172, pp. 451–480. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_16
Lamport, L.: Time, clocks, and the ordering of events in a distributed system. In: Communications of the ACM, vol. 21, pp. 558–565 (1978)
Lamport, L., et al.: Paxos made simple. ACM Sigact News 32(4), 18–25 (2001)
Liu, S., Viotti, P., Cachin, C., Quéma, V., Vukolić, M.: \(\{\)XFT\(\}\): practical fault tolerance beyond crashes. In: 12th USENIX Symposium on Operating Systems Design and Implementation (\(\{\)OSDI\(\}\) 16), pp. 485–500 (2016)
Naor, O., Baudet, M., Malkhi, D., Spiegelman, A.: Cogsworth: byzantine View Synchronization. Cryptoeconomic Syst. 1(2), 22 Oct 2021
Naor, O., Keidar. I.:. Expected linear round synchronization: the missing link for linear byzantine smr. In: 34th International Symposium on Distributed Computing (DISC 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik (2020)
Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: 2014 USENIX Annual Technical Conference (USENIX ATC 14), pp. 305–319 (2014)
Sharov, A., Shraer, A., Merchant, A., Stokely, M.: Take me to your leader! online optimization of distributed storage configurations. In: Proceedings of the VLDB Endowment, vol. 8(12) (2015)
Spiegelman, A.: In search for an optimal authenticated byzantine agreement. In: 35th International Symposium on Distributed Computing (2021)
Spiegelman, A., Rinberg, A., Malkhi, D.: Ace: abstract consensus encapsulation for liveness boosting of state machine replication. In: 24th International Conference on Principles of Distributed Systems (OPODIS 2020). Schloss Dagstuhl-Leibniz-Zentrum für Informatik
The Diem Team. Diembft v4: State machine replication in the diem blockchain. http://www.developers.diem.com/docs/technical-papers/state-machine-replication-paper.html
Yin, M., Malkhi, D., Reiter, M.K., Gueta, G.G., Abraham, I.: Hotstuff: Bft consensus with linearity and responsiveness. In: Proceedings of the 2019 ACM Symposium on Principles of Distributed Computing, pp. 347–356 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendix ACorrectness
Appendix ACorrectness
Lemma 9
If \(\mathtt {choose\_leader}\) returns the same honest party at all honest parties for infinitely many rounds, then each honest party commits an unbounded number of blocks.
Proof
If \(\mathtt {choose\_leader}\) returns the same honest party at all honest parties for infinitely many rounds, then there are infinitely many rounds after GST for which it does so. Let r be such a round. By the Pacemaker guarantees, all honest parties make LBR-synchronized(\(\ell \)) invocations with the same honest leader \(\ell \) returned from the \(\mathtt {choose\_leader}\) procedure. By the LBR Progress property, they all return a certified block B and commit it at line 6.
Lemma 1
In a crash-only execution, let r be a round with \(k \ge 2f+1\) LBR-synchronized(\(\ell \)) invocations, such that \(\ell \) is alive at round r, then these k invocations return a certified B with round number r authored by \(\ell \).
Proof
Let \(\pi _1\) be a crash-only execution, such that round r has \(k \ge 2f+1\) LBR-synchronized(\(\ell \)) invocations with a leader \(\ell \) that is alive at round r. If \(\ell \) is honest, then the LBR Progress property concludes the proof.
Otherwise, \(\ell \) is faulty and by definition it crashes in round \(> r\). Let \(\pi _2\) be a crash-only execution that is identical to \(\pi _1\) until \(\ell \) crashes, and the rest of \(\pi _2\) is an arbitrary execution where the honest parties in \(\pi _1\) remain honest but \(\ell \) never crashes and is also honest. Thus, in \(\pi _2\) the preconditions of the LBR Progress property hold and all k LBR-synchronized(\(\ell \)) invocations return a certified B with round number r authored by \(\ell \).
An \(LBR(r, \ell )\) invocation by any party p completes within \(\varDelta _l\) time, and starts immediately after Pacemaker’s \(\mathtt {new\_round(r)} \) notification at p (because \(\mathtt {choose\_leader}\) is computed locally and takes 0 time). By Pacemaker’s guarantees, no party receives \(\mathtt {new\_round} (r+1)\) notification until \(\varDelta _p = \varDelta _l\) time after the last \(\mathtt {new\_round} (r+1)\) notification at some party, hence all \(LBR(r, \ell )\) invocations must complete before any party receives a \(\mathtt {new\_round} (r+1)\) notification.
\(\pi _1\) and \(\pi _2\) are identical until \(\ell \) crashes, which must happen after \(\ell \) receives its \(\mathtt {new\_round} (r+1)\) notification from the Pacemaker. This is because \(\ell \) is alive in round r and follows the protocol, invoking LBR in round \(r+1\) after receiving the \(\mathtt {new\_round} (r+1)\) notification. As a result, \(\pi _1\) and \(\pi _2\) are indistinguishable to all \(LBR(r, \ell )\) invocations, and the k LBR-synchronized(\(\ell \)) invocations in \(\pi _1\) return certified block B with round number r authored by \(\ell \) as in \(\pi _2\), as desired.
Rights and permissions
Copyright information
© 2022 International Financial Cryptography Association
About this paper
Cite this paper
Cohen, S. et al. (2022). Be Aware of Your Leaders. In: Eyal, I., Garay, J. (eds) Financial Cryptography and Data Security. FC 2022. Lecture Notes in Computer Science, vol 13411. Springer, Cham. https://doi.org/10.1007/978-3-031-18283-9_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-18283-9_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-18282-2
Online ISBN: 978-3-031-18283-9
eBook Packages: Computer ScienceComputer Science (R0)