Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†,...
Transcript of Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†,...
![Page 1: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/1.jpg)
Extending Existing Blockchains with Virtualchain
Jude Nelson*, Muneeb Ali*†,Ryan Shea†, Michael J. Freedman*
* †
![Page 2: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/2.jpg)
Pretend cryptocurrenciesdo not exist
![Page 3: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/3.jpg)
What’s in a Proof-of-Work Blockchain?
● Total ordering of writes● “Stable” view ordering (*)● Append-only● 100% replicated● Tamper-resistant● Anyone can write● Fixed growth rate (pay-to-play)● Hard to upgrade once deployed
![Page 4: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/4.jpg)
● Replicated state machines (RSMs) on top?● Strategy: store input history
Distributed Applications and Blockchains
RSM1
RSM1
RSM1
block nblock n-1block n-2block n-3
S1
S1
S1RSM1RSM1RSM1
Bootstrapping state
![Page 5: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/5.jpg)
Advantages
● Open app membership● Survive total app failure● Blockchain-agnostic● App-agnostic
![Page 6: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/6.jpg)
Challenges
● Blockchain failure○ Goes offline○ “Centralization” attacks
● Blockchain forks○ Data loss○ Chain reorganization
![Page 7: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/7.jpg)
Virtualchain
● Fork*-consistent RSMs on existing blockchains● Fork detection & recovery● Cross-chain migration
![Page 8: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/8.jpg)
Fork*-Consistency (Li & Maziéres, NSDI’07)
● RSMs in “fork sets”● Fork set shares history● Partition after fork detection
op1 op2 op3 op5
op4
op7
op6
FSa = {1,2,3,4,6}
FSb = {1,2,3,4,7}
FSc = {1,2,3,5}Time → FORK!
RSM fork set
FORK!
![Page 9: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/9.jpg)
● Multiple leaders● Conflicting writes
Nakamoto Consensus Creates Fork Sets
RSM1 S1’
RSM1 S1
block n-3 block n-2
block n-1
block n’-1
block n
Divergent state
RSM1 S1
RSM1 S1’
![Page 10: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/10.jpg)
● Conflicting TXs discarded● Accepted TXs re-ordered
Reorganizations Create Fork Sets
block n-3 block n-2 block n-1 block n
RSM2 S2
RSM2 S2’RSM2RSM2 RSM2
Divergent bootstrapping state
Different block!
![Page 11: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/11.jpg)
Solution: Consensus Hashes
● In-band app-level consensus ● Used for:
○ Identifying fork sets (multiplexing)○ Fork detection and recovery○ Blockchain migration○ Lightweight fork set selection
![Page 12: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/12.jpg)
Consensus Hash Construction
● CH(n): cryptographic hash● Covers state transition history (“journal”)
n - 8 n - 7 n - 6 n - 5 n - 4 n - 3 n - 2 n - 1 n
M(Jn)CH(n-8) CH(n-4) CH(n-2) CH(n-1)
Pb= {CH(p) | p = b - 2k} CH(n) = Hash(Merkle(Jn), Pn)
![Page 13: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/13.jpg)
In-band Consensus
● Fork sets: agree on CH(n) for all n● Client: embed latest CH in input TX
○ Obtained from preferred fork set● Server: consider TX only if CH is “recent”
○ “Send/ACK” with K-block timeout
![Page 14: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/14.jpg)
Lightweight Fork Set Selection
● Given CH(n), search for characteristic state transitions
T
T
T
T
n0CH(n) is trusted
CH(n-8) is now trusted,because CH(n) was trusted
block with journal entry
Block n-11’s journal entries can be verified now
(1)
(2)
(3)
(4)
![Page 15: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/15.jpg)
Dealing with Blockchain Forks
● Most forks are short-lived○ Avoid with “confirmations”
● Long-lasting forks are rare○ But widely noticed!○ Due to bugs or attacks
![Page 16: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/16.jpg)
Fork/Reorganization Detection
● Continuously audit CH history● Alert on disagreement
RSM1 S1
Reorg’edblocks
n’-16 n-8 n-4 n-2 n-1
CH(n’-8) != CH(n-8)
n
![Page 17: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/17.jpg)
● CHECKPOINT from trusted party○ Last “valid” CH(n)
● Host CH(n)’s journal off-chain● Fetch and verify with CH(n)
Joining Fork Sets
block n-1 block n block n+1
RSM1 S1’RSM1 RSM1 RSM1 S1
RSM1 S1CHECKPOINTDifferent block
CH(n)’s journal
block n+2
![Page 18: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/18.jpg)
Cross-chain Migration
● Similar to fork set join● Trusted MIGRATE
MIGRATE_TO(2) MIGRATE_FROM(1,b) CHECKPOINT(CH(b))S1,b
b b’b0’
J ends on blockchain 1.Final RSM state is S1,b
J resumes on blockchain 2.Initial RSM state is S1,b’+1
Blockchain 1 Blockchain 2
Application state at blockchain 1, block b
CH(b)’s journalfrom blockchain 1
S1,b’+1RSM1
Bootstrap for continuity
![Page 19: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/19.jpg)
On Centralization, Trust, and Cryptocurrencies
● Already trust RSM author● Use CHECKPOINT, MIGRATE judiciously
○ Ignore with no loss of security● Cryptocurrency: RSM input rate-limiter
○ RSMs becoming key use-case○ Cloud market is >10x more valuable
![Page 20: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/20.jpg)
Example: Bitcoin OP_RETURN UsageSource: Harry Kalodner
![Page 21: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/21.jpg)
Concluding Remarks
● In production for >1 year in Blockstack● https://github.com/blockstack/blockstack-virtualchain● Ali, Nelson, Shea, Freedman (ATC’16)● Migrated from Namecoin to Bitcoin
Source:opreturn.org
![Page 22: Ryan Shea Extending Existing Jude Nelson*, …...Jude Nelson*, Muneeb Ali* †, Ryan Shea†, Michael J. Freedman* * † Pretend cryptocurrencies do not exist What’s in a Proof-of-Work](https://reader036.fdocuments.in/reader036/viewer/2022081614/5fccd630c10066284163c56e/html5/thumbnails/22.jpg)
Thank you!Questions?