diff options
author | Florian Dold <florian.dold@gmail.com> | 2018-11-02 12:38:28 +0100 |
---|---|---|
committer | Florian Dold <florian.dold@gmail.com> | 2018-11-02 12:38:28 +0100 |
commit | 9698ce63d5b647a815493704c517a5e8be4bf6c4 (patch) | |
tree | 0742e7c26ab5c4a990cf9e945a229e9dabdc2fdd /consensus | |
parent | 8fbe026078f944872bcc610cc8801a0a07373c51 (diff) | |
download | dold-thesis-phd-9698ce63d5b647a815493704c517a5e8be4bf6c4.tar.gz dold-thesis-phd-9698ce63d5b647a815493704c517a5e8be4bf6c4.tar.bz2 dold-thesis-phd-9698ce63d5b647a815493704c517a5e8be4bf6c4.zip |
wip
Diffstat (limited to 'consensus')
-rw-r--r-- | consensus/chap.tex | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/consensus/chap.tex b/consensus/chap.tex index 2c37fdf..a6dfd73 100644 --- a/consensus/chap.tex +++ b/consensus/chap.tex @@ -194,7 +194,7 @@ This work follows the path of \cite{dwork1988consensus} in relaxing the full asynchrony assumption behind the FLP impossibility result. -\subsection{Byzantine consensus in the partially synchronous model} +\subsection{Byzantine Consensus in the Partially Synchronous Model} % See 'Signature-Free Asynchronous Byzantine Consensus ...' % for a good list of references. @@ -333,7 +333,7 @@ message complexity is obviously worse than the $O(n^2)$ of PBFT, there is a way to use set reconciliation to benefit from the parallelism of the Gradecast rounds and thereby reduce the complexity to $O(fn^2)$. -\subsection{Set reconciliation} +\subsection{Set Reconciliation} The goal of set reconciliation is to identify the differences between two large sets, say $S_a$ and $S_b$, that are stored on two different @@ -496,7 +496,7 @@ for the actual set reconciliation. % FIXME: This entire section needs to be polished. -\section{Our approach} +\section{Our Approach} %\subsection{Assumptions about inputs} We now describe how to combine the previous approaches into a protocol @@ -542,7 +542,7 @@ in electronic voting, canonicalization would remove malformed ballots and combine multiple different (encrypted) ballots submitted by the same voter into a single ``invalid'' ballot for that voter. -\subsection{Byzantine set-union consensus (BSC) protocol} +\subsection{Byzantine Set-Union Consensus (BSC) Protocol} Recall that every peer $P_i$, $0 < i \le n$ starts with a set $S^{(0)}_i$. The BSC protocol incorporates two subprotocols, bounded @@ -569,7 +569,7 @@ ${\cal L} = 0$, the bounded set reconciliation is still allowed to cost $O(m)$. -\subsubsection{Bounded set reconciliation} \label{sec:boundedeppstein} +\subsubsection{Bounded Set Reconciliation} \label{sec:boundedeppstein} In {\em bounded} set reconciliation we are thus concerned with modifications that ensure that a set reconciliation step between @@ -666,7 +666,7 @@ implicitly assured that memory and CPU consumption of the bounded set reconciliation is also $O(k + (m - {\cal L}))$. -\subsubsection{Lower bound agreement}\label{sec:lower-bound} +\subsubsection{Lower Bound Agreement}\label{sec:lower-bound} To provide a lower bound on the permissable set size for set reconciliation, BSC first executes a protocol for \emph{lower bound @@ -717,7 +717,7 @@ elements to malicious peer $P_M$ after $P_M$ requested $m_i - \ell_i set reconciliation with peer $m_i$ to $O(k)$ using ${\cal L} = \ell_i$. -\subsubsection{Exact set agreement} \label{sec:complexity} +\subsubsection{Exact Set Agreement} \label{sec:complexity} After LBA, an \emph{exact set agreement} is executed, where all peers reach Byzantine agreement for a super-set of the set reached in LBA. @@ -848,7 +848,7 @@ the CONFIRM round. Thus, BSC has overall message complexity of $O(mnf We implemented the BSC protocol in the SET and CONSENSUS services of GNUnet~\cite{gnunet-www}. -\subsection{The GNUnet framework} +\subsection{The GNUnet Framework} GNUnet is composed of various components that run in separate operating system processes and communicate via message passing. @@ -862,7 +862,7 @@ resulting encryption is relatively expensive compared to the other operations, and thus dominates in terms of CPU consumption for the experiments. -\subsection{Set reconciliation} +\subsection{Set Reconciliation} Bounded set reconciliation is implemented in the SET service. The SET service provides a generic interface for set operations @@ -912,7 +912,7 @@ same bucket indices even modulo a power of two, where doubling the size of the IBF does not remove the collision. -\subsection{Set-Union consensus} +\subsection{Set-Union Consensus} To keep the description of the set-union consensus protocol in the previous section succinct, we merely stated that peers efficiently @@ -932,7 +932,7 @@ each element to indicate which peer included or excluded that element. This also allows for a rather efficient computation of the set to determine the $\bot$-result in the CONFIRM round. -\subsection{Evaluating malicious behavior} +\subsection{Evaluating Malicious Behavior} For the evaluation, our CONSENSUS service can be configured to exhibit the following types of adversarial behavior: @@ -964,7 +964,7 @@ traffic is the same as for additional elements, and memory usage would only be reduced. -\section{Experimental results} +\section{Experimental Results} All of the experiments were run on a single machine with a 24-core 2.30GHz Intel Xeon E5-2630 CPU, and GNUnet SVN revision 36765. We @@ -994,7 +994,7 @@ functionality, which uses the \texttt{wait3} system call for that purpose. -\subsection{Bounded set reconciliation} +\subsection{Bounded Set Reconciliation} We now summarize the experimental results for the bounded set reconciliation protocol between two peers. We first @@ -1099,7 +1099,7 @@ computed. \label{fig:set-traffic-switch} \end{figure} -\subsection{Byzantine set consensus} +\subsection{Byzantine Set Consensus} For our experiments with the BSC implementation, all ordinary peers start with the same set of elements; different sets would only affect @@ -1188,12 +1188,12 @@ in Figures~\ref{fig:consensus-amplify-traffic}, \ref{fig:consensus-amplify-stuffed}). -\section{Opportunities for further improving BSC} +\section{Opportunities for Further Improving BSC} We now discuss some of the key limitations of the current implementation and, how it could be optimised further. -\subsection{Extension to partial synchrony} +\subsection{Extension to Partial Synchrony} The prototype used in the evaluation only works in the synchronous model. It would be trivial to extend it to the partially synchronous @@ -1211,7 +1211,7 @@ lead to a protocol with lower latency, since the timeouts are dynamically adjusted instead of being increased for each failed iteration. -\subsection{Persistent data structures} +\subsection{Persistent Data Structures} Both the SET and CONSENSUS service have to store many variations of the same set when faulty peers elide or add @@ -1223,7 +1223,7 @@ the element storage by using data structures that are more well suited, such as the persistent data structures described by Okasaki~\cite{okasaki1999purely}. -\subsection{Fast dissemination} +\subsection{Fast Dissemination} Recall that in order to be included in the final set, an element must be sent to at least $t+1$ peers, so that at least one correct peer @@ -1286,7 +1286,7 @@ voting. We show how BSC is useful at multiple stages of the protocol, and discuss how our approach differs from existing solutions found in the literature. -\subsection{Bulletin board for electronic voting} +\subsection{Bulletin Board for Electronic Voting} The \emph{bulletin board} is a communication abstraction commonly used for electronic voting \cite{benaloh1987verifiable,peters2005secure}. @@ -1335,7 +1335,7 @@ peers that jointly implements the bulletin board. -\subsection{Distributed threshold key generation and cooperative decryption} +\subsection{Distributed Threshold Key Generation and Cooperative Decryption} Voting schemes as well as other secure multiparty computation protocols often rely on threshold @@ -1383,7 +1383,7 @@ decryptions is typically linear in the number of peers, set-union consensus is still a reasonable choice here, this way the whole system only needs one agreement primitive. -\subsection{Electronic voting with homomorphic encryption} +\subsection{Electronic Voting with Homomorphic Encryption} Various conceptually different voting schemes use homomorphic encryption; we look as the scheme by Cramer et @@ -1417,7 +1417,7 @@ BSC and is used in our implementation~\cite{dold2014crypto} of Cramer-style~\cite{cramer1997secure} electronic voting. -\subsection{Other applications of BSC} +\subsection{Other Applications of BSC} Bitcoin~\cite{nakamoto2008bitcoin} has gained immense popularity over the past few years. Bitcoin solves a slight variation of Byzantine |