16Nh8nPXUefq9GA1L1vJW5Yse



Offline



Activity: 2

Merit: 0







NewbieActivity: 2Merit: 0 Achieving consensus through crypto-random leader election April 26, 2014, 06:07:09 PM #1 Achieving consensus through crypto-random leader election

One of the main issues with the solution of the Byzantine Generals problem implemented by Satoshi Nakamoto as the very base of the crypto-currency Bitcoin, the Proof-of-Work mechanism, is the perpetual power race it implies. One cannot be satisfied by this solution, and should work around to find another way to achieve consensus which does not rely on massive resources waste.



Recently, in have been reading a bunch of articles exploring technical innovations in order to set up the basis of the next generation of crypto-currencies and I came up with the idea of a decentralized protocol that will choose one node to forge the next block based on the mathematical properties of signatures.



Basic concept

Each block will be forged by a random node picked in the subset of registered nodes.



Registration

Each node that is willing to take part of the forging process will have to register in the block chain so every other node can acknowledge that it is competing for the forging process. This can be achieved by numerous ways such as Proof of Stake or Proof of Burn.



The preferred solution must have the following properties:

 The subset of nodes competing to forge block N + D is known when block N is accepted. Where N is the number of the block and D is the delay between registration and effectively entering the competition.

 The registration must have a cost so that if the node is willingly submitting an invalid block, or not taking his turn, it will suffer severe losses.



Ill give it a try and share my version of the registration protocol.

 There is a special address where the registration fees must be sent, lets call it Registry.

 Node A send X coins to the Registry, where X is a fixed amount.

 Node B forges the block N which includes the registration transaction.

 Node A has now the proof that he can compete for the forging of block N + D.

 Node A takes part of the competition until it forges a block or the registration lifetime is over.

 Node A is awarded the X coins spent for registration when it has successfully submitted a block.

 Node B is awarded the X coins spent by Node A as registration if Node A has not successfully submitted a block during the registration lifetime, as an incentive to accept all submitted registration.



Lifetime must be long enough so that it is unlikely that the Node never had chance to forge a block. This lifetime limitation must be designed to protect benevolent nodes from bad luck, and punish malevolent nodes for submitting invalid blocks.



Leader Election

The following protocol for randomly choosing a leader in a set of node is based on a paper called Fast Asynchronous Byzantine Agreement and Leader Election with Full Information which was about cooperation between processors. I made some changes to fit the introduction of cryptographic signatures.



The main idea is:

 Each node generate a random number

 The node with the greatest number is the chosen one



A malevolent node could listen to what other nodes are saying and say a greater word:

 Each node has to prove this number is random



A malevolent node could try to generate random numbers until it finds the greatest one:

 Each node has to prove the random number is unique



The question is why should the number be random? What are the properties we want for this number:

 Each node has to prove he owns this number

 Each node has to prove this number is unique

 Each node has to prove this number was created before he knew the other nodes numbers

 Each node has to prove that he did not chose this number



I am aware that my description is not really accurate, but what is really interesting comes next:

We can use the mathematical properties of cryptographic signature to ensure the number we generate has the required properties.



Example: Leader Election for Block 100

 Each node sign the string Block 100 with their private key and broadcast the result

 The node with the greatest hash forge the Block number 100 and include the signed hash of Block 100 and broadcast it

 The other nodes will integrate the block with the greatest hash in their blockchain



This leads to interesting properties:

 Each node knows what their number will be for every Leader Election

 Each node ignores what the other numbers will be

 Nobody can predict which node will be chosen without knowing all the private keys of the competing nodes

 Each node has equal probabilities to be chosen (in theory)



Disrupting the network

This solution will also avoid synchronization issues. Lets say you have an election between 100 nodes, if every node waits for every numbers, the network will be slow and can be disrupted if one node doesnt send its number. Same goes with forging the block, the network wont wait for the chosen node to submit it. What will occur is that each node will broadcast their number, if they are in something like their known top 5, they will forge a block that will be accepted by the other nodes if they dont receive blocks forged with a better number.



If you are the chosen one but you submit an invalid block, the second best block will be accepted if valid. If you are the one and dont submit block, same result.



Block forging rate

Since there are no time consuming operations, the rate at which blocks must be forged should be fixed by the network.



Pitfalls

The fact that each node knows what their number will be for each block, means that they also know the probability to be the chosen one. So they can maximize the probability to be picked, and someone with high computing power could mine for high probability private for one given block and then try a double spending attack creating a side chain made with N consecutive chosen nodes. Wich implies adding a minor proof of work with number.



Sources



WHAT PROOF OF STAKE IS AND WHY IT MATTERS

by VITALIK BUTERIN on AUGUST 26, 2013

http://bitcoinmagazine.com/6528/what-proof-of-stake-is-and-why-it-matters/



PROOF OF BURN

Internet  Early 2012 ?

https://en.bitcoin.it/wiki/Proof_of_burn



FAST ASYNCHRONOUS BYZANTINE AGREEMENT AND LEADER ELECTION WITH FULL INFORMATION

Bruce Kapron ∗ David Kempe  Valerie King  Jared Saia § Vishal Sanwalani  SODA 2008

http://webhome.cs.uvic.ca/~val/Publications/asynch07.pdf







Author : 16Nh8nPXUefq9GA1L1vJW5YsekWXnWPe1b

One of the main issues with the solution of the Byzantine Generals problem implemented by Satoshi Nakamoto as the very base of the crypto-currency Bitcoin, the Proof-of-Work mechanism, is the perpetual power race it implies. One cannot be satisfied by this solution, and should work around to find another way to achieve consensus which does not rely on massive resources waste.Recently, in have been reading a bunch of articles exploring technical innovations in order to set up the basis of the next generation of crypto-currencies and I came up with the idea of a decentralized protocol that will choose one node to forge the next block based on the mathematical properties of signatures.Each block will be forged by a random node picked in the subset of registered nodes.Each node that is willing to take part of the forging process will have to register in the block chain so every other node can acknowledge that it is competing for the forging process. This can be achieved by numerous ways such asorThe preferred solution must have the following properties: The subset of nodes competing to forge blockis known when block N is accepted. Whereis the number of the block andis the delay between registration and effectively entering the competition. The registration must have a cost so that if the node is willingly submitting an invalid block, or not taking his turn, it will suffer severe losses.Ill give it a try and share my version of the registration protocol. There is a special address where the registration fees must be sent, lets call it Nodesendcoins to the, whereis a fixed amount. Nodeforges the blockwhich includes the registration transaction. Nodehas now the proof that he can compete for the forging of block Nodetakes part of the competition until it forges a block or the registration lifetime is over. Nodeis awarded thecoins spent for registration when it has successfully submitted a block. Nodeis awarded thecoins spent by Nodeas registration if Nodehas not successfully submitted a block during the registration lifetime, as an incentive to accept all submitted registration.Lifetime must be long enough so that it is unlikely that the Node never had chance to forge a block. This lifetime limitation must be designed to protect benevolent nodes from bad luck, and punish malevolent nodes for submitting invalid blocks.The following protocol for randomly choosing a leader in a set of node is based on a paper called Fast Asynchronous Byzantine Agreement and Leader Election with Full Information which was about cooperation between processors. I made some changes to fit the introduction of cryptographic signatures.The main idea is: Each node generate a random number The node with the greatest number is the chosen oneA malevolent node could listen to what other nodes are saying and say a greater word: Each node has to prove this number is randomA malevolent node could try to generate random numbers until it finds the greatest one: Each node has to prove the random number is uniqueThe question is why should the number be random? What are the properties we want for this number: Each node has to prove he owns this number Each node has to prove this number is unique Each node has to prove this number was created before he knew the other nodes numbers Each node has to prove that he did not chose this numberI am aware that my description is not really accurate, but what is really interesting comes next:We can use the mathematical properties of cryptographic signature to ensure the number we generate has the required properties.Example: Leader Election for Block 100 Each node sign the string Block 100 with their private key and broadcast the result The node with the greatest hash forge the Block number 100 and include the signed hash of Block 100 and broadcast it The other nodes will integrate the block with the greatest hash in their blockchainThis leads to interesting properties: Each node knows what their number will be for every Leader Election Each node ignores what the other numbers will be Nobody can predict which node will be chosen without knowing all the private keys of the competing nodes Each node has equal probabilities to be chosen (in theory)This solution will also avoid synchronization issues. Lets say you have an election between 100 nodes, if every node waits for every numbers, the network will be slow and can be disrupted if one node doesnt send its number. Same goes with forging the block, the network wont wait for the chosen node to submit it. What will occur is that each node will broadcast their number, if they are in something like their known top 5, they will forge a block that will be accepted by the other nodes if they dont receive blocks forged with a better number.If you are the chosen one but you submit an invalid block, the second best block will be accepted if valid. If you are the one and dont submit block, same result.Since there are no time consuming operations, the rate at which blocks must be forged should be fixed by the network.The fact that each node knows what their number will be for each block, means that they also know the probability to be the chosen one. So they can maximize the probability to be picked, and someone with high computing power could mine for high probability private for one given block and then try a double spending attack creating a side chain made withconsecutive chosen nodes. Wich implies adding a minor proof of work with number.by VITALIK BUTERIN on AUGUST 26, 2013Internet  Early 2012 ?Bruce Kapron ∗ David Kempe  Valerie King  Jared Saia § Vishal Sanwalani  SODA 2008Author :