Presentation is loading. Please wait.

Presentation is loading. Please wait.

Consensus Campbell R. Harvey Joey Santoro Christopher Sides.

Published byGizem Balcı Modified over 6 years ago

Similar presentations

Presentation on theme: "Consensus Campbell R. Harvey Joey Santoro Christopher Sides."— Presentation transcript:

1 Consensus Campbell R. Harvey Joey Santoro Christopher Sides

2 Overview What is Consensus?
Why is Consensus needed for Blockchain systems? Byzantine Generals Problem Proof-of-Work (PoW) Proof-of-Stake (PoS) Delegated-Proof-of-Stake (DPoS) Other approaches Longest Chain Issue: Blockchain ‘length’ is measured in terms of each block’s work For each block: Length += block.work End

3 What is Consensus? Consensus is an agreement among a group of people on an idea, statement, or plan of action Majority: 51% Supermajority: 66% (sometimes higher) Unanimous: 100% Weighted: not all votes weighed equally

4 What is Consensus? Consensus is typically only relevant when there is no distinguished leader A jury must reach a consensus on a court verdict (Unanimous) The senate must reach a consensus on new bills being passed (Majority or Supermajority) Particularly important when there is significant disagreement or potential for untrustworthy parties in the discussions around the decision

5 What is Consensus in Blockchain?
The agreement of system components (nodes) on the [next] state of the system, or the transition between the current state and the next state The nodes must agree on a set of valid transactions representing the change from the current state of the system to the next state of the system Consensus must be achieved automatically (without human oversight)

6 What is Consensus in Blockchain?
Consensus is irreversible: posted transactions are final Blockchain consensus is a subset of distributed system consensus Distributed System: A number of independent computers linked by a network Must be resistant to malicious or false actors “Consensus is the process by which all nodes agree on the same ledger”

7 Blockchain Consensus: Nodes
Common types are: Mining Node: These nodes have the most invested in the system, and as a result have the most power. These nodes actually compute and propose new blocks to the chain according to the system rules. They are the receivers of block rewards, which often include mining fees

8 Blockchain Consensus: Nodes
Common types are: Full Node: These nodes are an intermediate step between mining nodes and light nodes. They store the full copy of the blockchain, and verify all blocks to ensure valid transactions. They are often not paid for their contribution to the blockchain system.

9 Blockchain Consensus: Nodes
Common types are: Light Node: These nodes usually only store a partial copy of the blockchain, or simply address balances. They can often verify transactions, but usually do not participate in consensus. They are almost never paid for their contribution to the blockchain system, and mostly act as an access point for broadcasting transactions

10 Why is Consensus Needed?
Consensus is a very difficult problem when parties are not trusted The network must maintain integrity in order to maintain value Past transactions must be trusted for the network to function Thus, the ability to verify transactions without trust is needed This problem is solved with various forms of consensus The consensus problem can often be rephrased as the ability to trust the result of a transaction or block, without trusting the parties involved in the transaction, or the party that verified it

11 Consensus Algorithms “The purpose of a consensus algorithm, in general, is to allow for the secure updating of a state according to some specific state transition rules, where the right to perform the state transitions is distributed among some economic set.” - Vitalik Buterin (Co-Founder of Ethereum)

12 Byzantine Generals Problem (BGP)
A general and his armies have laid siege to a city The city is very strong, and has thus far resisted their attacks They must all decide to retreat or attack, and a time to do either An uncoordinated attack or retreat will result in unacceptable losses

13 Byzantine Generals Problem (BGP)
The general(s) and officers must communicate through messengers The officers may communicate among themselves using messengers as well Any party involved may be a traitor: The general himself may be a traitor The officers controlling his armies may be traitorous The messengers can traitorous, and can also be abducted by enemy forces

14 BGP Outcomes Acceptable Retreat Victory!

15 BGP Outcomes Defeat! Defeat! Defeat! (Traitorous Messengers)
(Traitorous Officers) Defeat! (Traitorous General)

16 Byzantine Fault Tolerance (BFT)
A system is considered to be Byzantine Fault Tolerant (BFT) if it is resistant to the dilemmas of the Byzantine Generals Problem A Byzantine Fault is defined as a failure mode of the system, either failing to function or functioning incorrectly, caused by an inability to reach or error in consensus among the system

17 Byzantine Fault Tolerance (BFT)
This is often considered the most difficult of fault tolerance modes, as it does not include any rules on the actions a node may take or assumptions about how a malicious/defective party in the system may behave For example: consensus may be easier to achieve if there is an assumption that nodes will be consistently honest or dishonest in communications with other nodes

18 Byzantine Fault Tolerance (BFT)
Most consensus algorithms used in blockchain technologies are Byzantine Fault Tolerant Some algorithms assume dishonest nodes take certain actions, or send certain messages, and thus are not BFT Sometimes how a system implements the consensus algorithm determines its fault tolerance

19 Proof-of-Work (PoW) A given node collects transactions that are broadcast to the entire network and stores them in a block Before including transactions in the block, the node verifies that the transactions are valid invalid transactions result in a block not being accepted by the other nodes) The transactions are typically assembled in a type of Merkle tree (an efficient cryptographic data structure) The transactions pay a fee to the mining node to be included the transaction, higher fees are included first

20 Proof-of-Work (PoW) The mining node begins solving an extremely difficult cryptographic hashing problem, with the transactions being part of the input to the problem This is essentially a guessing game with a very low chance of guessing correctly Once the correct answer is known, it is very easy for other people to check that it works Part of the motivation for solving the problem is that the miner can give themselves a reward

21 Proof-of-Work (PoW) The mining node that has found the correct solution broadcasts it to the rest of the network, and begins the next block with another complex cryptographic hashing problem The longest blockchain (weighted by work) is always taken to be the correct chain, and thus the other miners will also begin the new problem: the length of each block is determined by how much work it took to create The other nodes can quickly check that the transactions included in the block are valid, and that the broadcast solution is actually a solution to the problem Repeat

22 PoW Strengths Proven reliability/Predictable block times/Robust algorithm Does not rely on any other node being trustworthy Only known vulnerability is the so-called ‘51% attack’ One miner or group of miners is able to take over the resources driving the chain forward However, expenditure of large computing and energy cost to take 51% would be lost if crypto collapsed Uncensorable and publicly broadcast: provides a great backbone for auditory purposes Public transactions can be seen as a drawback in some cases Notes on public transactions: This refers to basic implementations of proof of work. There are other ways to obfuscate transaction parties and amounts present in many ‘privacy currencies’ today. See ZKsnarks (Zcash), Ring signatures and confidential transactions (Monero and dash), among others. See for basic overview:

23 PoW Drawbacks Enormous Waste of Resources
PoW Drawbacks Enormous Waste of Resources A report from Morgan Stanley indicated Bitcoin alone consumes roughly as much energy as Argentina ASIC hardware give advanced miners and mining pools a substantial advantage over the average miner Massive start up costs can result in centralization of pools and resources A regular computer has essentially no hope of ever mining a block Mining pools are able to slightly game the system by delaying the release of a found block and gaining a slight head start on the next one Scalability issues due to the consistent block time Lower transaction throughput in terms of transactions per second Lowering the block time (problem difficulty) is potentially less secure Miners often sell the coins immediately, removing any loyalty to the chain they are mining

24 Current PoW Systems Bitcoin Ethereum (until Casper) Litecoin
Bitcoin Cash Many, many more We see a common trend of many systems launching with a Proof-of-Work like consensus mechanism, but later transitioning to a different, less resource intensive approach, often with proprietary features

25 Proof-of-Stake (PoS) The right to mine blocks is given out randomly, but proportionally, based on ‘stake’ Stake is defined as some form their share or involvement in the network Often the amount of the currency owned Example: If you owned 10% of all of the given coin, you could expect to win the right to mine 10% of all blocks The chosen miners still do some form of guess-and-check to create the block: They try various combinations of features of their address and wallet, and previous block variables The number of combinations possible is based on their stake, hence why larger stakeholders have higher chances of successfully mining the block These combinations are quickly exhausted, making PoS significantly less computationally intensive The miners are incentivized to only provide valid blocks, as they have great incentive to keep the network functioning correctly (their stake or holdings will be worthless if the network fails to function) Some implementations demand that miners put their coins into escrow that is lost if they break the rules The block is validated as usual by the rest of the network before they continue to the next block There are many variations on Proof of Stake (often named something slightly different), and the mechanisms by which rewards are distributed, validators are selected, and stake is determined Stake Escrow: Many implementations do not actually require an escrow of coins. In the implementations that do require escrow, there are often complicated rules on how and when the escrow is actually forfeit. There is often a ‘gray area’ of node actions that are not correct, but are not directly attack the network, that do not result in escrow forfeiture. Guess and Check Combinations: In certain (many?) implementations of proof-of-stake, the validators / forgers / miners (various names for block creating nodes) have options of what to include in the block. For example, they may choose to include lower fee transactions in the block, if this results in the block hitting the target difficulty with their current stake input.

26 PoS Strengths No useless mining: there is no unnecessary use of resources to further power the blockchain Little to no hardware advantage ASIC mining pools do not have a significant advantage over a powerful home computer Those ‘guarding’ the value of the coins have the most to lose if the network is compromised The incentives to be honest are aligned with individuals motives The 51% attacks becomes essentially infeasible An attacked would need to accumulate 51% of all the coins on the network to accomplish this Currently for Ethereum this is $23.9 Billion, which would be lost if the attack were successful Proof of Stake has the potentially to be magnitudes more efficient than Proof of Work, making it significantly more scalable Very high transaction throughput is possible with PoS (transactions per second)

27 PoS Drawbacks Theoretically encourages centralization:
Higher stake means higher rewards, keeping the ‘rich’ richer ‘Nothing at stake attack’ Since forwarding the blockchain costs effectively nothing (compared to PoW), nodes are actually encouraged to work on every possible fork at once, as doing so increases the chance that they receive part of the reward in the event that the forked chain becomes longer Results in consensus being difficult to reach, or unreachable Proof of Stake is often claimed to be not as secure as Proof of Work There are many implementations of various ‘claimed’ security, and most of these just need to stand the test of time to be considered more secure Some implementations are vulnerable to a Sybil attack

28 Sybil Attack A Sybil Attack is an attack on a peer-to-peer network (not necessarily blockchain) that involves a single party controlling many nodes on the given network, unbeknownst to the rest of the network. This is carried out in an attempt to gain more power over the network that one individual would have There are two popularly cited varieties: hijacking and forging Hijack: the attack is able to take control of others network members nodes (usually without the network member knowing it) and can use them for malicious purposes Forge: the attacker creates many of their own nodes through the use of multiple computers, VPNs, or other means of spoofing identity, appearing to be multiple people acting on their own (Important for Blockchain) Named after a case study of dissociative identity disorder (person’s name was Sybil) Common Prevention Techniques: Require identity verification of some kind before one can join the network (Permissioned blockchain) Require identities to be expensive to create (Ex. there is a large fee to join the network) Do not rely on identity as a means of power or network influence (Ex. PoW relies on Hash power, not identity) Weight identities differently based on other network factors (Ex. trust networks determining voting power)

29 Current PoS Systems Ethereum (after Casper) Cardano Waves Peercoin Nxt

30 Casper: Ethereum Serenity
Serenity is the final planned phase of Ethereum (more may come later) The major improvement in Serenity is Casper: a new consensus protocol transitioning the Ethereum network from Proof-of-Work to Proof-of-Stake Instead of mining nodes, Casper has Validator nodes, which are responsible for driving consensus To become a validator, you must ‘stake’ some of your Ethereum in a process called ‘bonding’ This serves as an escrow, and will be forfeited if your actions are malicious on the blockchain If you do not meet the minimum amount of ETH required (~1500 ETH), you may join a staking pool Validators place ‘bets’ on blocks: if the block is eventually validated, they win a reward, if the block isn’t validated, they pay a penalty Thus, validators are incentivized to only vote on valid blocks that will become part of the dominant chain A block is confirmed once the ‘bets’ on a block converge to infinity Example: I will take a bet with 99999:1 odds that the sun will rise tomorrow, as I am certain this will happen, similarly, I am willing to take a bet with 99999:1 odds that block #2 in the Ethereum chain will not change Validators are also responsible for making blocks, which functions similar to other consensus protocols

31 Delegated-Proof-of-Stake
Developed by Dan Larimer in 2013 This consensus model is aimed at modeling a digital democracy Token holders (stake holders) can vote for witnesses The number of votes they can cast is proportional to their token holdings Witnesses are the block creators, and are paid transaction fees when they create a new block Witnesses can be voted out at any time, and thus will lose their income if they do not create new blocks, or create blocks that aren’t trustworthy In some cases, witnesses are rotated on a regular basis to give more people opportunity to participate Current projects include Bitshares, Steem, EOS (all Dan Larimer founded), Lisk and Ark

32 Other Consensus Algorithms
Practical Byzantine Fault Tolerance (PBFT) - Hyperledger Fabric Federated Byzantine Fault Tolerance (FBFT) - Stellar Delegated byzantine fault tolerance - Neo Proof-of-Importance (PoI) - NEM Proof-of-Elapsed-Time (PoET) - Hyperledger Sawtooth Proof-of-Capacity (PoC - aka P-o-Space) Proof-of-Authority (PoA) Raft (more classical consensus, not blockchain specific)

33 Practical Byzantine Fault Tolerance (PBFT)
The nodes in this model are in sequence (linear order) with the first node being the leader When a user of the network (client) sends a transaction, the leader casts (redirects) the request to all of the other active nodes in the sequence (called backup nodes) The client awaits a certain number (⅓ + 1) of the same response sent from the backup nodes, at which point the transaction is final The leader can be replaced each round with the nodes voting on the next leader, or can even be replaced in the middle of a round if the leader fails to cast the clients requests or is deemed as faulty by a super majority of the participating nodes Resistant to ⅓ faulty or untrustworthy nodes: With at most ⅓ of the nodes being faulty, the system will be both live and trustworthy Advantages: There is no need for block confirmations, all transactions are final once the client receives the responses Significantly more energy efficient that PoW Disadvantages: Only works with a small number of participating backup nodes Also runs into issues with single parties faking multiple nodes (Sybil attack) Resistant to ⅓ faulty or untrustworthy nodes: From my research, it appears as if this is a chosen number. It has to do with balancing speed of the network with security. When the leader is verifying a transaction, he waits for (#nodes*⅓) + 1 identical responses. Once he receives those responses, he considers the transaction valid and moves on. If the number were higher (say ⅔), the transactions would take longer to process, as the leader would have to wait for more responses.

34 Federated Byzantine Fault Tolerance (PBFT)
Introduced by Ripple, proven, refined and adopted by Stellar Based on the idea of trusting nodes not to collude with each other Each node has a list (or multiple lists) of peer-nodes that it trusts not to collude with each other Called Unique-Node-List (UNL) or Quorum List These nodes are not trusted to have the right answer or behavior, only that they won't work together to defraud you: while we might not trust Wile E Coyote or Road-Runner to be honest, we trust that they won’t collude During each round of consensus, the nodes rely on their UNL or Quorum list (in addition to their own calculation) to determine valid transactions The start and end of the process follows PBFT, with a leader casting client requests and nodes responding A transaction that fails one round of consensus will often succeed in the next A significant step to preventing the Sybil attack, but not completely invulnerable

35 Proof-of-Importance Introduced by NEM, and aims to solve problems with PoW and PoS Discourages coin hoarding, and ASIC hardware gives you no advantage Nodes are assigned an ‘Importance Score’ based on 3 factors, and selected to harvest (mine) blocks proportional to this score (similar to PoS selection) Stake: Coins vest staking power over time, and more coins leads to higher importance (similar to PoS) Partners: The algorithm considers who and how many people you have made transactions with, encouraging using the network as a payment Recent Transactions: Large, recent, and frequent transactions have a large impact on Importance Score The structure encourages and rewards people for using the blockchain functionally (as currency), as opposed to using it just as a way to generate income Blocks are verified by the other nodes as usual, and the longest chain is always considered correct Delegate Harvesting: You are able to delegate your importance score to another node such that it is able to harvest (mine) the blocks on your behalf, and you claim the rewards Delegated Harvesting: I have been unable to fully determine how the reward system works. By delegating your importance, you collect some rewards. Some sources seem to indicate that you get all of the reward, some seem to indicate that the node doing harvesting get the transaction fees.

36 Proof-of-Elapsed-Time
Different than other consensus algorithms in that it requires a permissioned blockchain: Participants identify themselves to the network, and the network can decide to let them participate At a high level, this consensus algorithm is essentially a random lottery between all participating nodes deciding who gets to mine the next block Participating nodes use a trusted timer to wait a randomly assigned time The first node to finish waiting it’s given time is able to mine the next block The block is verified by the other participants, and new times are assigned (drawn) Relies on trusted code: Intel Software Guard Extensions (SGX) - keeps the lottery fair Used by Hyperledger Sawtooth Not suitable algorithm for public, untrusted blockchains, but demonstrates another flavor of consensus algorithms possible when conditions are applied to the consensus problem

37 Proof-of-Capacity Nodes ‘map’ or ‘plot’ their storage (hard-drive) with a very slow hashing algorithm (Shabal) This is essentially pre-storing the solutions to blocks in their hard drive Each block, the person with the lowest hash (quickest) solution wins the right to mine the block The larger the storage allocated for the map, the more likely that node wins the block As the hashing is very slow, it’s infeasible to attempt to compute new solutions in real time As the solutions are stored, minimal computation is needed for each new block Advantages: very power efficient, equipment lasts a long time, equipment readily available Disadvantages: potential for specialized storage arms race (PoW arms race for hashing power) Hard drive space used for mining is useless Has seen very little adoption: Only Burstcoin implements the algorithm (Algorithm released 2014) Network peaked at ~0.4 Exabytes (400,000 Terabytes)

38 Proof-of-Authority Very similar to Proof-of-Stake in concept, and implementation of most aspects Authentication nodes (mining nodes) require reliable and thorough identity confirmation This kind of blockchain is known as a permissioned blockchain The identity of the node is at stake, in addition to the holdings (currency) which they are staking Identity can serve as a moreful motivator for honest behavior than financial consequences Compare to getting a criminal record versus paying a speeding ticket In the case of a malicious actor, not only is their stake forfeit (and in some cases all of their holdings), but also their identity: their reputation is tarnished Addresses the issue with PoS in which incentives may not be equal (equal stake != equal incentive) $10,000 isn’t worth that much to a billionaire, but is a ton to a college student Also addresses the Sybil attacker issue with PoS (without getting into faking government identification) B2: The identity of a party being added to the chain is confirmed off-chain. The examples often require a public official (notary) to do some verification of the person, and then on-chain authorities add them. The on chain authorities can be the blockchain owner, or a trusted committee of people / nodes. B4: Forfeiting their identity is in essence losing their identity stake (identity -> collateral). The chain is proposed as this both having on chain consequences (losing ability to participate) and off chain (would go on a public record of some sort, similar to a criminal record).

39 Raft (Classical Consensus)
Not applicable for blockchain technologies Consensus is resolved by an elected leader The leader is responsible for state verification (most up to date system state) and replication The leader sends out a heartbeat to all participating nodes in the network The follower nodes expect this signal ~3-10 times a second The leader leads until it either fails or disconnects from the network The leaders resolutions to the question at hand (the problem that needs consensus) are verified by the other nodes independently, and they are responsible for electing a new leader if need be The follower nodes do not frequently communicate with each other Supplementary example of other consensus algorithms: not blockchain specific, cover only if time allows

40 Sources

41 Sources

42 Sources https://nem.io/xem/harvesting-and-poi/

Download ppt "Consensus Campbell R. Harvey Joey Santoro Christopher Sides."

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.

REDUNDANT ARRAY OF INEXPENSIVE DISCS RAID. What is RAID ? RAID is an acronym for Redundant Array of Independent Drives (or Disks), also known as Redundant.
Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.

Bitcoin Double Spending Attack Karame, Androulaki & Capkun Presented by Subhro Kar CSCE 715, Fall 2013.
Database Replication techniques: a Three Parameter Classification Authors : Database Replication techniques: a Three Parameter Classification Authors :

Database Replication techniques: a Three Parameter Classification Authors : Database Replication techniques: a Three Parameter Classification Authors :
BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.

BITCOIN An introduction to a decentralised and anonymous currency. By Andy Brodie.
Basic Concepts of Computer Networks

Basic Concepts of Computer Networks
Practical Byzantine Fault Tolerance

Practical Byzantine Fault Tolerance
Byzantine fault-tolerance COMP 413 Fall 2002. Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.

Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.

SCP: A Computationally Scalable Byzantine Consensus Protocol for Blockchains Loi Luu, Viswesh Narayanan, Kunal Baweja, Chaodong Zheng, Seth Gilbert, Prateek.
Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.

Bitcoin is a cryptographic currency that has been in continuous operation over the last 3 years. It currently enjoys an exchange rate of $4.80 (as of April.
CSE 486/586 Distributed Systems Byzantine Fault Tolerance

CSE 486/586 Distributed Systems Byzantine Fault Tolerance
Block Chain 101 May 2017.

Block Chain 101 May 2017.
Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet

Motivation ✓ ✘ ? Bitcoin/Ideal Credit Card Works on Internet
Self-enforcing and executing contracts

Self-enforcing and executing contracts
CSE 4095 Lecture 22 – BlockChain Slides adapted from Claudio Orlandi.

CSE 4095 Lecture 22 – BlockChain Slides adapted from Claudio Orlandi.
Subject Name: File Structures

Subject Name: File Structures
Cryptocurrencies by.

Cryptocurrencies by.
Evaluation Forms for Blockchain- Based System ver. 1.0

Evaluation Forms for Blockchain- Based System ver. 1.0
Distributed Systems – Paxos

Distributed Systems – Paxos
Blockchains in 12 Easy Steps and Observations to Ponder…

Blockchains in 12 Easy Steps and Observations to Ponder…

Similar presentations

Ads by Google