-
A Confirmation Rule for the Ethereum Consensus Protocol
Authors:
Aditya Asgaonkar,
Francesco D'Amato,
Roberto Saltini,
Luca Zanolini,
Chenyi Zhang
Abstract:
A Confirmation Rule, within blockchain networks, refers to an algorithm implemented by network nodes that determines (either probabilistically or deterministically) the permanence of certain blocks on the blockchain. An example of Confirmation Rule is the Bitcoin's longest chain Confirmation Rule where a block is confirmed (with high probability) when it has a sufficiently long chain of successors…
▽ More
A Confirmation Rule, within blockchain networks, refers to an algorithm implemented by network nodes that determines (either probabilistically or deterministically) the permanence of certain blocks on the blockchain. An example of Confirmation Rule is the Bitcoin's longest chain Confirmation Rule where a block is confirmed (with high probability) when it has a sufficiently long chain of successors, its siblings have notably shorter successor chains, and network synchrony holds. In this work, we devise a Confirmation Rule for Ethereum's consensus protocol, Gasper. Initially, our focus is on developing a rule specifically for LMD-GHOST, the component of Gasper responsible for ensuring dynamic availability. This is done independently of the influence of FFG-Casper, which is designed to finalize the blocks produced by LMD-GHOST. Subsequently, we build upon this rule to consider FFG-Casper's impact, aiming to achieve fast block confirmations through a heuristic that balances confirmation speed with a trade-off in safety guarantees. This refined Confirmation Rule could potentially standardize fast block confirmation within Gasper.
△ Less
Submitted 1 May, 2024;
originally announced May 2024.
-
Streamlining Sleepy Consensus: Total-Order Broadcast with Single-Vote Decisions in the Sleepy Model
Authors:
Francesco D'Amato,
Luca Zanolini
Abstract:
Over the past years, distributed consensus research has shifted its focus towards addressing challenges in large-scale, permissionless systems, such as blockchains. This shift is characterized by the need to accommodate dynamic participation, contrasting the traditional approach of a static set of continuously online participants. Works like Bitcoin and the Sleepy Model have set the stage for this…
▽ More
Over the past years, distributed consensus research has shifted its focus towards addressing challenges in large-scale, permissionless systems, such as blockchains. This shift is characterized by the need to accommodate dynamic participation, contrasting the traditional approach of a static set of continuously online participants. Works like Bitcoin and the Sleepy Model have set the stage for this developing framework.
Notable contributions from Momose and Ren (CCS 2022) and subsequent works have introduced Total-Order Broadcast protocols leveraging Graded Agreement primitives and supporting dynamic participation, though often requiring multiple rounds of voting per decision -- a potential bottleneck for real-world large-scale systems.
Addressing this, our paper presents a novel Total-Order Broadcast protocol in the Sleepy Model resilient to up to 1/2 adversarial participants, requiring just a single round of voting per decision. This work paves the way to more practical Total-Order Broadcast protocols to be implemented in real-world systems where a large number of participants are involved simultaneously and their participation level might fluctuate over time.
△ Less
Submitted 17 October, 2023;
originally announced October 2023.
-
Asynchrony-Resilient Sleepy Total-Order Broadcast Protocols
Authors:
Francesco D'Amato,
Giuliano Losa,
Luca Zanolini
Abstract:
Dynamically available total-order broadcast (TOB) protocols tolerate fluctuating participation, e.g., as high as 99% of their participants going offline, which is especially useful in permissionless blockchain environments. However, dynamically available TOB protocols are synchronous protocols, and they lose their safety guarantees during periods of asynchrony. This is a major issue in practice.…
▽ More
Dynamically available total-order broadcast (TOB) protocols tolerate fluctuating participation, e.g., as high as 99% of their participants going offline, which is especially useful in permissionless blockchain environments. However, dynamically available TOB protocols are synchronous protocols, and they lose their safety guarantees during periods of asynchrony. This is a major issue in practice.
In this paper, we propose a simple but effective mechanism for tolerating bounded periods of asynchrony in dynamically available TOB protocols that ensure safety deterministically. We propose to trade off assumptions limiting the online/offline churn rate in exchange for tolerating bounded asynchronous periods through the use of a configurable message-expiration period.
In practice, this allows picking a small synchrony bound $δ$, and therefore obtain a fast protocol in the common case, knowing that the protocol tolerates occasional periods of duration at most $π>δ$ during which the bound does not hold. We show how to apply this idea to a state-of-the-art protocol to make it tolerate bounded periods of asynchrony.
△ Less
Submitted 6 May, 2024; v1 submitted 11 September, 2023;
originally announced September 2023.
-
A Simple Single Slot Finality Protocol For Ethereum
Authors:
Francesco D'Amato,
Luca Zanolini
Abstract:
Currently, Gasper, the implemented consensus protocol of Ethereum, takes between 64 and 95 slots to finalize blocks. Because of that, a significant portion of the chain is susceptible to reorgs. The possibility to capture MEV (Maximum Extractable Value) through such reorgs can then disincentivize honestly following the protocol, breaking the desired correspondence of honest and rational behavior.…
▽ More
Currently, Gasper, the implemented consensus protocol of Ethereum, takes between 64 and 95 slots to finalize blocks. Because of that, a significant portion of the chain is susceptible to reorgs. The possibility to capture MEV (Maximum Extractable Value) through such reorgs can then disincentivize honestly following the protocol, breaking the desired correspondence of honest and rational behavior. Moreover, the relatively long time to finality forces users to choose between economic security and faster transaction confirmation. This motivates the study of the so-called single slot finality protocols: consensus protocols that finalize a block in each slot and, more importantly, that finalize the block proposed at a given slot within such slot.
In this work we propose a simple, non-blackbox protocol that combines a synchronous dynamically available protocol with a partially synchronous finality gadget, resulting in a consensus protocol that can finalize one block per slot, paving the way to single slot finality within Ethereum. Importantly, the protocol we present can finalize the block proposed in a slot, within such slot.
△ Less
Submitted 15 August, 2023; v1 submitted 24 February, 2023;
originally announced February 2023.
-
Recent Latest Message Driven GHOST: Balancing Dynamic Availability With Asynchrony Resilience
Authors:
Francesco D'Amato,
Luca Zanolini
Abstract:
Dynamic participation has recently become a crucial requirement for devising permissionless consensus protocols. This notion, originally formalized by Pass and Shi (ASIACRYPT 2017) through their "sleepy model", captures the essence of a system's ability to handle participants joining or leaving during a protocol execution. A dynamically available consensus protocol preserves safety and liveness wh…
▽ More
Dynamic participation has recently become a crucial requirement for devising permissionless consensus protocols. This notion, originally formalized by Pass and Shi (ASIACRYPT 2017) through their "sleepy model", captures the essence of a system's ability to handle participants joining or leaving during a protocol execution. A dynamically available consensus protocol preserves safety and liveness while allowing dynamic participation. Blockchain protocols, such as Bitcoin's consensus protocol, have implicitly adopted this concept. In the context of Ethereum's consensus protocol, Gasper, Neu, Tas, and Tse (S&P 2021) presented an attack against LMD-GHOST -- the component of Gasper designed to ensure dynamic availability. Consequently, LMD-GHOST results unable to fulfill its intended function of providing dynamic availability for the protocol. Despite attempts to mitigate this issue, the modified protocol still does not achieve dynamic availability, highlighting the need for more secure dynamically available protocols. In this work, we present RLMD-GHOST, a synchronous consensus protocol that not only ensures dynamic availability but also maintains safety during bounded periods of asynchrony. This protocol is particularly appealing for practical systems where strict synchrony assumptions may not always hold, contrary to general assumptions in standard synchronous protocols. Additionally, we present the "generalized sleepy model", within which our results are proven. Building upon the original sleepy model proposed by Pass and Shi, our model extends it with more generalized and stronger constraints on the corruption and sleepiness power of the adversary. This approach allows us to explore a wide range of dynamic participation regimes, spanning from complete dynamic participation to no dynamic participation, i.e., with every participant online.
△ Less
Submitted 17 August, 2023; v1 submitted 22 February, 2023;
originally announced February 2023.
-
Goldfish: No More Attacks on Ethereum?!
Authors:
Francesco D'Amato,
Joachim Neu,
Ertem Nusret Tas,
David Tse
Abstract:
The LMD GHOST consensus protocol is a critical component of proof-of-stake Ethereum. In its current form, this protocol is brittle, as evidenced by recent attacks and patching attempts. We propose Goldfish, a new protocol that satisfies key properties required of a drop-in replacement for LMD GHOST: Goldfish is secure in the sleepy model, assuming a majority of the validators follows the protocol.…
▽ More
The LMD GHOST consensus protocol is a critical component of proof-of-stake Ethereum. In its current form, this protocol is brittle, as evidenced by recent attacks and patching attempts. We propose Goldfish, a new protocol that satisfies key properties required of a drop-in replacement for LMD GHOST: Goldfish is secure in the sleepy model, assuming a majority of the validators follows the protocol. Goldfish is reorg resilient so that honestly produced blocks are guaranteed inclusion in the ledger, and it supports fast confirmation with expected confirmation latency independent of the desired security level. Subsampling validators can improve the communication efficiency of Goldfish, and Goldfish is composable with finality/accountability gadgets. Crucially, Goldfish is structurally similar to LMD GHOST, providing a credible path to adoption in Ethereum. Attacks on LMD GHOST exploit lack of coordination among honest validators, typically provided by a locking mechanism in classical BFT protocols. However, locking requires votes from a quorum of all participants and is not compatible with fluctuating participation. Goldfish is powered by a novel coordination mechanism to synchronize the honest validators' actions. Experiments with our prototype implementation of Goldfish suggest practicality.
△ Less
Submitted 30 December, 2023; v1 submitted 7 September, 2022;
originally announced September 2022.