Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Pages

Posts

3-Slot-Finality: SSF is not about “Single” Slot

1 minute read

Published:

In this post, we introduce 3-Slot Finality (3SF), a protocol designed to finalize blocks proposed by an honest proposer within 3 slots when network latency is bounded by a known value Δ – even if subsequent proposers might be dishonest – while requiring only one voting phase per slot. This approach contrasts with previously proposed protocols for Single-Slot Finality 14, which require three voting phases per slot to finalize an honestly proposed block within a single slot resulting in longer slot time. We also show that 3SF guarantees all the key properties expected from SSF, offering an efficient and practical alternative that reduces overhead while ensuring fast and predictable block finalization within a few slots, and a shorter practical slot time (as voting phases take practically longer than other phases). As a result, our protocol achieves a shorter expected confirmation time compared to the previously proposed protocol, at the expense of a slight delay in block finalization, which extends to the time required to propose three additional blocks, rather than finalizing before the next block proposal. However, we believe that a shorter expected confirmation time could be sufficient for most users. Also, slot time is a crucial parameter affecting economic leakage in on-chain automated market makers (AMMs) due to arbitrage. Specifically, arbitrage profits – and consequently, liquidity providers’ (LP) losses – are proportional to the square root of slot time. Therefore, reducing slot time is highly desirable for financial applications on smart contract blockchains. Finally, we show that we can make a further trade-off: we can increase the number of voting phases to two, without this affecting the actual slot length, and achieve finalization in only two slots.

Quorum systems in permissionless networks

less than 1 minute read

Published:

Fail-prone systems, and their quorum systems, are useful tools for the design of distributed algorithms. However, fail-prone systems as studied so far require every process to know the full system membership in order to guarantee safety through globally intersecting quorums. Thus, they are of little help in an open, permissionless setting, where such knowledge may not be available. We propose to generalize the theory of fail-prone systems to make it applicable to permissionless systems. We do so by enabling processes not only to make assumptions about failures, but also to make assumptions about the assumptions of other processes. Thus, by transitivity, processes that do not even know of any common process may nevertheless have intersecting quorums and solve, for example, reliable broadcast. Our model generalizes existing models such as the classic fail-prone system model [Malkhi and Reiter, 1998] and the asymmetric fail-prone system model [Cachin and Tackmann, OPODIS 2019]. Moreover, it gives a characterization with standard formalism of the model used by the Stellar blockchain.

Quick Fair Order

less than 1 minute read

Published:

Leader-based protocols for consensus, i.e., atomic broadcast, allow some processes to unilaterally affect the final order of transactions. This has become a problem for blockchain networks and decentralized finance because it facilitates front-running and other attacks. To address this, order fairness for payload messages has be en introduced recently as a new safety property for atomic broadcast complementing traditional agreement and liveness. We relate order fairness to the standard validity notions for consensus protocols and highlight some limitations with the existing formalization. Based on this, we introduce a new differential order fairness property that fixes these issues. We also present the quick order-fair atomic broadcast protocol that guarantees payload message delivery in a differentially fair order and is much more efficient than existing order-fair consensus protocols. It works for asynchronous and for eventually synchronous networks with optimal resilience, tolerating corruptions of up to one third of the processes. Previous solutions required there to be less than one fourth of faults. Furthermore, our protocol incurs only quadratic cost, in terms of amortized message complexity per delivered payload.

How to Trust Strangers

1 minute read

Published:

Trust is the basis of any distributed, fault-tolerant, or secure system. A trust assumption specifies the failures that a system, such as a blockchain network, can tolerate and determines the conditions under which it operates correctly. In systems subject to Byzantine faults, the trust assumption is usually specified through sets of processes that may fail together. Trust has traditionally been symmetric, such that all processes in the system adhere to the same, global assumption about potential faults. Recently, asymmetric trust models have also been considered, especially in the context of blockchains, where every participant is free to choose who to trust. In both cases, it is an open question how to compose trust assumptions. Consider two or more systems, run by different and possibly disjoint sets of participants, with different assumptions about faults: how can they work together? This work answers this question for the first time and offers composition rules for symmetric and for asymmetric quorum systems. These rules are static and do not require interaction or agreement on the new trust assumption among the participants. Moreover, they ensure that if the original systems allow for running a particular protocol (guaranteeing consistency and availability), then so will the joint system. At the same time, the composed system tolerates as many faults as possible, subject to the underlying consistency and availability properties. Reaching consensus with asymmetric trust in the model of personal Byzantine quorum systems (Losa et al., DISC 2019) was shown to be impossible, if the trust assumptions of the processes diverge from each other. With asymmetric quorum systems, and by applying our composition rule, we show how consensus is actually possible, even with the combination of disjoint sets of processes.

Revisiting signature-free asynchronous Byzantine consensus

less than 1 minute read

Published:

Among asynchronous, randomized, and signature-free implementations of consensus, the protocols of Mostéfaoui et al. (PODC 2014 and JACM 2015) represent a landmark result, which has been extended later and taken up in practical systems. The protocols achieve optimal resilience and take, in expectation, only a constant expected number of rounds and have quadratic message complexity. Randomization is provided through a common-coin primitive. However, the first version of this simple and appealing protocol suffers from a little-known liveness issue due to asynchrony. The JACM 2015 version avoids the problem, but is considerably more complex.

Asymmetric Asynchronous Byzantine Consensus

less than 1 minute read

Published:

An important element of every blockchain network is its protocol for reaching consensus. In traditional, permissioned consensus protocols, all involved processes adhere to a global, symmetric failure model, typically only defined by bounds on the number of faulty processes. More flexible trust assumptions have recently been considered, especially in connection with blockchains. With asymmetric trust, in particular, a process is free to choose which other processes it trusts and which ones might collude against it.

portfolio

publications

talks

teaching

Cryptography

MSc course - English, University of Bern, Institute of Computer Science, 2019

Cryptography addresses the protection of data in the digital world; it has become a crucial technology for the information society, with influence to public policy and questions of privacy. This course presents an introduction to modern cryptography. Based on mathematical models for reasoning about the security of information systems, the course explains the fundamental concepts of cryptography and discusses the most important cryptographic algorithms that are in everyday use on the Internet. It covers security proofs, computational security, pseudorandomness, block ciphers, hash functions, and message authentication. Public-key cryptosystems and public-key signature schemes that rely on number-theoretic primitives are also introduced and some elementary cryptographic protocols will be presented.

Discrete Mathematics

BSc course - German, University of Bern, Institute of Computer Science, 2020

Diese Vorlesung führt in diskrete Mathematik ein und behandelt eine Reihe von zentralen Methoden und Konzepten, welche wichtig sind für das tiefere Verständnis der Informatik. Diskrete Mathematik ist ein Teilgebiet der Mathematik, das sich hauptsächlich mit endlichen und abzählbaren Strukturen beschäftigt. Wichtige Themen sind zuerst Mengen, Relationen und Funktionen. Es folgen Grundlagen der Algebra und Zahlentheorie, welche auch für kryptographische Verfahren oder Codierungstheorie die Basis bilden. Darüber hinaus werden Konzepte aus der Graphentheorie vorgestellt und die Grundlagen der Logik eingeführt, insbesondere Aussagenlogik und Prädikatenlogik. Die Vorlesung dient auch der Vorbereitung auf weitergehende Themen der theoretischen Informatik, wie Berechenbarkeit, Komplexität, Effizienz und probabilistische Algorithmen.

Privacy and Data Security

MSc course - English, University of Bern, Institute of Computer Science, 2021

The reliance of the information society on pervasive networks, mobile computing, online services, and cloud platforms continues to grow. The privacy of human activities and the security of personal data are challenged by today’s information technology in ways never seen before in history. This course focuses on privacy and security in a digital world. It presents cryptographic and non-cryptographic methods relevant for protecting privacy, anonymity, and data security. Topics include pseudonymity, data anonymization and de-anonymization, notions of privacy and privacy regulation, measures for the privacy of data, steganography and traffic hiding, network anonymity, and censorship resistance. Systems like onion routing (TOR) and Freenet are presented. Knowledge in computer science and networking is needed, but no background in cryptography is expected.

Discrete Mathematics

BSc course - German, University of Bern, Institute of Computer Science, 2022

Diese Vorlesung führt in diskrete Mathematik ein und behandelt eine Reihe von zentralen Methoden und Konzepten, welche wichtig sind für das tiefere Verständnis der Informatik. Diskrete Mathematik ist ein Teilgebiet der Mathematik, das sich hauptsächlich mit endlichen und abzählbaren Strukturen beschäftigt. Wichtige Themen sind zuerst Mengen, Relationen und Funktionen. Es folgen Grundlagen der Algebra und Zahlentheorie, welche auch für kryptographische Verfahren oder Codierungstheorie die Basis bilden. Darüber hinaus werden Konzepte aus der Graphentheorie vorgestellt und die Grundlagen der Logik eingeführt, insbesondere Aussagenlogik und Prädikatenlogik. Die Vorlesung dient auch der Vorbereitung auf weitergehende Themen der theoretischen Informatik, wie Berechenbarkeit, Komplexität, Effizienz und probabilistische Algorithmen.