Confidential gossip

Abstract

Epidemic gossip has proven a reliable and efficient technique for sharing information in a distributed network. Much of this reliability and efficiency derives from processes collaborating, sharing the work of distributing information. As a result of this collaboration, processes may receive information that was not originally intended for them. For example, some process may act as an intermediary, aggregating and forwarding messages from some set of sources to some set of destinations. But what if rumors are confidential? In that case, only processes that were originally intended to receive the rumor should be allowed to learn the rumor. This blatantly contradicts the basic premise of epidemic gossip, which assumes that processes can collaborate. In fact, if only processes in a rumor’s “destination set” participate in gossiping that rumor, we show that high message complexity is unavoidable. A natural approach is to rely on cryptography, for example, assuming that each process has a well-known public-key that can be used to encrypt the rumor. In a dynamic system, with changing sets of destinations, such a process seems potentially expensive. In this paper, we propose a scheme in which each rumor is broken into multiple fragments using a very simple coding scheme; any given fragment provides no information about the rumor, while together, the fragments can be reassembled into the original rumor. The processes collaborate in disseminating the rumor fragments in such a way that no process outside of a rumor’s destination set ever receives all the fragments of a rumor, while every process in the destination set eventually learns all the fragments. Notably, our solution operates in an environment where rumors are dynamically and continuously injected into the system and processes are subject to crashes and restarts. In addition, the presented scheme can tolerate a moderate amount of collusions among curious processes without a substantial increase in cost; curious processes are non-malicious processes that are not in a rumor’s destination set, and still want to learn the rumor (that is, collect all fragments of the rumor).

Appendix: Detailed pseudocode of algorithm ConGos

In this section we present the detail pseudocode for algorithm ConGos. In particular we give a separate pseudocode for each service of the algorithm at a process i. Figure 8 describes the operation of the \(\mathsf{ConfidentialGossip}\) service which is the main control of the algorithm. It basically coordinates the other services that run in parallel: \(\mathsf{Proxy}\) (Fig. 9), \(\mathsf{GroupDistribution}\) (Fig. 10) and \(\mathsf{Filter}\) (Fig. 11); the code for these services is given for a certain partition \(\ell \).

Fig. 8

Main protocol at process i

Fig. 9

Proxy search at process i for partition \(\ell \)

Fig. 10

Rumor distribution between groups at process i for partition \(\ell \)

As mentioned before, a non-confidential Continuous Gossip service (protocol) is assumed (e.g., the one presented in [13]), which guarantees rumor dissemination within a specified deadline. \(\mathsf{GroupGossip}[\ell ]\) refers to an instance of the service for partition \(\ell \) that is filtered (from the \(\mathsf{Filter}[\ell ]\) service) in restricting rumor disseminations in certain process groups. \(\mathsf{AllGroup}\) refers to an instance of the gossip service for partition \(\ell \) that it is not filtered (hence rumors are sent to all processes in [n]).

We now explain the operation of the function \(\mathbf random-split \) used in line 14 of the \(\mathsf{ConfidentialGossip}\) service (Fig. 8). Recall that a rumor r is a tuple (z, d, D) where r.z is the data to be disseminated, r.d the deadline and r.D the rumor destination set (only processes in the set must learn r). Once the function is executed, rumor \(r_0\) has as \(r_0.z\) the tuple \(\langle z_0,r.D,counter \rangle \), \(r_0.d=\sqrt{{ dline}/6}\), and \(r_0.D=[n]\). Rumor \(r_1\) is similar (\(r_1.z\) contains \(z_1\) and not \(z_0\)). As explained before, \(z_0\) is a random binary string and \(z_1 = z\mathbf {XOR}z_0\). Note that r is split differently for each partition \(\ell \). The function \(\mathbf merge \) in line 32 of the \(\mathsf{ConfidentialGossip}\) service works reversely to reconstruct a rumor from its two fragments. We will be using the notation rumor.z.D to denote the original destination set of a rumor (which rumor is a fragment of it) and rumor.z.cnt the value of the counter that the rumor was assigned upon injection into the source process. See for example lines 27 and 28 of the \(\mathsf{GroupDistribution}\) service (Fig. 10).

Fig. 11

Filter \(\ell \) at process i

Throughout the codes, we denote by R the data type which is a set representing all rumors, that is, all rumors of the form \(\langle z,d,D \rangle \). We also consider \(round\in \mathbb {Z}\) to be a global counter representing time (round numbers), taken from the global clock.