Professional Documents
Culture Documents
Trust Relationships
Houwu Chen
Department of Computer Science and Technology
Tsinghua University
chenhw11@mails.tsinghua.edu.cn
arXiv:1501.06238v3 [cs.DC] 12 Feb 2015
Abstract—The decentralized nature of P2P network increases Bitcoin deals with those challenges by implicitly combining
robustness because it removes the single point of failure, however, the generation of initial states as well as and consensus process
reaching consensus over an open P2P network while maintaining in an ongoing chain of hash-based proof-of-work [5]. The
decentralization is still an open problem. We proposed a con-
sensus algorithm for P2P network based on trust relationships majority decision of Bitcoin is represented by the longest
and social consensus with emergent phenomena of complex chain, which has the greatest proof-of-work effort invested in
system. Starting from synchronous system model, we model the it. As long as a majority of computing power is controlled by
algorithm with mean field equations and analyze the performance nodes that are not cooperating to attack the network, they’ll
of convergence as well as fault tolerance. We then adapt the generate the longest chain and outpace attackers.
algorithm to asynchronous system model by incorporating a
message filter and a Chandra & Toueg style failure detector. However, the proliferation of ASIC miner and mining pools
Simulations show that on the SNAP dataset of the Wikipedia leads to the monopoly of computing power, enabling that one
who-votes-on-whom network, the algorithm can always converge single principal with top influence can control the consensus
within 40 rounds in synchronous system model and 70 seconds in and even subvert the consensus by withholding blocks [6],
synchronous system model under reasonable latency assumption [7]. This dilemma is a violation of the original idea of
if without failure. Simulations also show that the algorithm can
tolerant collusion of 15% random nodes or 2% top influential bitcoin which tried to eliminate central control to achieve full
nodes committing attack of the strongest type. decentralization.
Our idea to achieve decentralized consensus over an open
I. I NTRODUCTION p2p network consists of two key elements i.e. trust rela-
P2P network is well known on its decentralized nature tionships and social consensus with emergent phenomena of
that increase robustness because it removes the single point complex system based on the trust relationships. Each node
of failure, however, no approach to reaching consensus over is identified by its public key, other nodes follow the node if
an open P2P network while still maintaining decentralization they trust it, and thus the whole network can be abstracted to
attracts public attention until the emergence of Bitcoin, which a directed graph representing the trust relationships between
is a cryptocurrency, a form of money that uses cryptography nodes. During a consensus process, each node broadcast its
to control its creation and management, rather than relying on value signed with its private key to its followers, and each
central authorities. [1]. node decides its next value according to the latest values
Decentralization of consensus eliminates trust in central of its followees. After limited rounds of iteration, the whole
authorities while also bring great challenges for consensus over network reach consensus that all honest nodes will have the
an open p2p network. One major challenge is sybil attack, same value. Since each node make decisions only according to
wherein the attacker creates a large number of pseudony- its followers, no global view of the whole network is needed,
mous identities, and use them to gain a disproportionately and even the exact number of participants in the consensus
large influence [2]. Because of decentralization, there is no process is not needed.
logically central, trusted authority to vouch for a one-to- Starting from synchronous system model, we model the
one correspondence between entity and identity, thus make algorithm with mean field equations and analyze the per-
it difficult to resist sybil attack. Another challenge is the formance of convergence as well as fault tolerance. The
byzantine failure, which encompasses both omission failures synchronous system model is impractical for P2P network,
(e.g., crash failures, failing to receive a request, or failing to but the model enable us to get insight of the characteristics
send a response) and commission failures (e.g., processing a of our algorithm conveniently. We then adapt the algorithm
request incorrectly, corrupting local state, and/or sending an to asynchronous system model by incorporating a message
incorrect or inconsistent response to a request) [3]. Because filter and a Chandra & Toueg style failure detector. Simulations
of decentralization, there is no central coordinator and it’s even show that on the SNAP dataset of the Wikipedia who-votes-
impossible to know the exact number of participants taken part on-whom network [8], the algorithm can always converge
in the consensus, which make byzantine failure even more within 40 rounds in synchronous system model and 70 sec-
difficult to tolerant [4]. onds in synchronous system model under reasonable latency
assumption if without failure. Simulations also show that the tolerance changes of the network environment which conflicts
algorithm can tolerant collusion of 15% random nodes or 2% with the intrinsic characteristic of dynamic P2P networks.
top influential nodes committing attack of the strongest type. Puzzle computing is also introduced to increase the overhead
of Sybil attack, such puzzles involve posing a challenge
II. R ELATED W ORK that requires a large amount of computation to solve but is
Consensus fundamental Consensus is a fundamental prob- easy to verify [22]. However, this type of algorithms forces
lem for reliable distributed system to achieve agreement honest nodes to continually spend computing resources solving
among distributed nodes on a value or an action, even when a puzzles, and also there’s no way to resist Sybil attack if the
number of those nodes are faulty [9]. The first instance of the attacker has dominant computing resources. Sybil prevention
consensus problem is presented in [10], examples of applica- techniques based on the connectivity characteristics of social
tions of consensus include whether to commit a transaction to graphs is another direction [23], [24]. Because of the difficulty
a database, agreeing on the identity of a leader, state machine to engineer social connections between attack nodes and
replication, and atomic broadcasts. In a crash failure model honest nodes, this approach is considered to be more robust
nodes may fail by stopping, while in a Byzantine failure model over other ones [25], [26], [27].
nodes may fail without stopping, Byzantine failures are more Social consensus Consensus over complex networks is
complicated than crash failures, because nodes may exhibit intensively studied in the field of statistical physics where
arbitrary, erratic and unexpected behavior which may even be mean field equation is widely used to model and analyze the
malicious and disruptive [3], [11]. Consensus for asynchronous complex network [28], [29], [30], [31], [32], related topics
system which has no assumptions about the relative speeds includes opinion negotiation and epidemic spreading [33],
of nodes nor about the delay time in delivering a message [34], [35], [36]. The impact of committed individuals which
is also more generic than synchronous system. In fact, RLP are immune to influence during the consensus process is also
impossibility even tells that strict consensus without relaxation identified that a small fraction of committed individuals can
on some criteria is impossible for asynchronous system [12]. reverse the prevailing majority opinion rapidly [32]. Later
Representative consensus algorithms including leader election studies further analysis the impact of committed individuals
based algorithms [13], [14], randomized algorithm [15], failure in different scenarios, e.g. different interaction rules, and even
detectors based algorithm [16] etc. two groups committed to competing opinions [37], [38], [39],
Consensus with unknown participants Traditional con- [40].
sensus algorithms assumes a static and known set of par- Consensus in crypto currencies Bitcoin lay its consensus
ticipants which stands in classic distributed system like a mechanism on top of proof of work(PoW) and blockchain [5],
server clusters system. But for dynamic and self-organizing but the monopoly of computing power enabling that one
systems like P2P networks the participants are unknown, thus single principal with top influence can control the consensus
traditional consensus algorithms does not work in such scenar- and even subvert the consensus by withholding blocks [6],
ios. To deal with unknown participants, consensus algorithms [7]. Peercoin proposed the proof of stake(PoS) algorithm
based on graph theory are proposed [17], [4] where sink which use stake as the vote power instead of computing
component is first discovered, then the consensus process is resource [41], and derivatives of PoS are also developed in
actually executed within the sink component and the decision BitShare, Blackcoin and NXT [42], [43], [44]. PoS is blamed
is disseminated to other participants after that. However, the to enable attackers to vote on different branches losslessly thus
algorithm is sensitive to the topology of the graph, and it give it’s actually nothing at stake [45], [46], [47]. Ripple and Stellar
no solution if there are several sink components discovered. use a different consensus algorithm which leverages trust
Also the algorithm does not deal with Sybil attack problem. relationships without blockchain and PoW/PoS involved [48].
Another approach based on pseudo leader election is also pro- The algorithm built on the implicit assumption that if a node
posed, but it can only deal with crash failure [18]. Consensus has 80% followees agreed on something, then 80% of total
algorithm with Byzantine fault tolerance over wireless Ad Hoc nodes agree with the same thing, however, the assumption
networks without known participants is also introduced, but it only stand when a node follows a large portion of total nodes.
relied on a strong assumption that the network is single-hop This assumption is not only hard to reserve in practical P2P
which does not stand in a typical P2P network [19]. network but also limit the scale of the network which leads to
Sybil attack Sybil attack is a challenging security problem the reduction of decentralization, and at the time of writing,
in P2P systems, wherein the attacker creates a large number the ripple network only have 8 consensus servers [49]. After
of pseudonymous identities, and use them to gain a dispro- a consensus failure event and review of consensus algorithm
portionately large influence [2]. One approach to resisting from security researcher, Stellar admitted that the algorithm
Sybil attack is relying on a certifying authority to perform has innate weaknesses and decided to switch to a centralized
admission control [20], however, decentralization is broken by solution [50]. TenderMint is a still in progress consensus
the certifying authority. Another approach is remote issuing algorithm without PoW/PoS involved too [51], but it require
anonymous certification of identity by identifying distinct each node to collect votes from 2/3 of all the participants,
property of a node, for example utilizing geometric techniques thus it require global information of the whole network and
to establish location information [21], but the algorithm can’t also put a limitation on the scale of the network.
III. M ODEL AND P ROBLEM F ORMULATION 2) Validity: if a correct node decides v, then v was a
proposed value. In the context of PBC, v must be
A. System model
broadcasted by some nodes.
We focus on the system with the following properties. 3) Termination: every correct node decides exactly once.
P2P network We consider a peer-to-peer network where The first two are safety requirements which say that some
peers are equally privileged and equipotent participants in the bad thing cannot happen, while the last is a liveness re-
network. quirement which states good things that must happen. We
Trust relationships There are trust relationships among call a solution to the consensus problem with this agreement
nodes, and when node A trust node B, B is called as followee requirement C1.
while A is called as follower of the relationship. The network Eclipse attack and weak consensus The three requirements
can be abstracted to a directed graph where each peer is a node, can be possibly fulfilled in a traditional environment where
and each trust relationship is a edge. To ensure connectivity each node communicates with all other nodes, but in the P2P
and safety, each node is constrained to have at least a minimum network as we defined in the local information property of
number of followees, thus in the formed directed graph each the system model, the connections to the other nodes are
node’s indegree must be equal or greater than a given number, limited or each node will suffer a data bloating problem. Since
meanwhile a node may have zero outdegree. each nodes only have informations of its followees, if it is
Local information There are no centralized global coordi- under eclipse attack where the majority of its followees are
nators in the network, and each node have no global view of malicious, there is no possible solution for it to survive the
the whole network. A node can only have public information attack. Here the eclipse attack may be high order.
of its direct followees while know nothing about other nodes.
A node also have no information about the whole network Definition 1 (High order eclipse attack). For node A and B,
including the number of the participants, the structure of the node A is the followee of node B, node A is under orderi
network etc. eclipse attack, if the conditions described later is fulfilled, then
Public broadcast channel We define a new primitive B is called to be under orderi+1 attack. The condition are list
named public broadcast channel(PBC) which has the follow- in the following:
ing properties: 1) If node A is not eclipsed attacked, then B can survive
the attack
1) A followee broadcast messages to all its followers
2) If A is eclipse attacked, then B can’t survive the attack
2) The channel are unidirectional, i.e. a followee can’t
receive messages from its followees through the channel. The three properties of consensus can only stand when
3) All followers of a followee receive the same message, nodes of the network are in stop failures, whereas under
thus a followee can’t send one value to a followee malicious attacks, considering the presence of eclipse attacks,
whereas send another value to another followee. the agreement requirement is relaxed to a weaker one, i.e.
4) If a message broadcasted by a followee is corrupted, it no two correct nodes which are not eclipsed attacked decide
can be detected by the followees. differently. We call a solution to the consensus problem fulfills
5) A message broadcasted by a followee can’t be forged or those weaker requirements C2.
modified by other nodes. Network as the subject of consensus We further consider
Asynchronous A message from a followee to a follower the network as a living system, and the subject of consensus
may be delayed, duplicated or delivered to the followee out shift from individual nodes to the network as a whole. In
of order. this perspective, we don’t have to ensure every correct node
Byzantine failure A node is correct if it behave honestly without being eclipsed attacked to decide on the same value,
and without error. Conversely, a node is faulty. A faulty instead, we just need to ensure that the overwhelming majority
node may have Byzantine failure exhibiting arbitrary, erratic of the nodes decide on the same value. We call a solution to
and unexpected behavior which may even be malicious and the consensus problem with this agreement requirement C3.
disruptive. Example failures include crash, failing to receive Our goal is to ensure that C3 must be retained in any
a request, or failing to send a response, as well as processing case or the system is regarded as failed to reach consensus.
a request incorrectly, corrupting local state, or sending an However, we should try to reach C2 and even C1 as close
incorrect or inconsistent response to a request. as possible, and give node possibility to quit consensus when
it find something abnormal. That’s the reason why confused
B. Problem statement decision and distributed oracle are presented in later sections.
Goal of consensus In traditional definition of consensus, IV. E XPERIMENTAL DATASET
specifically binary consensus, each node has a initial value Apparently, no consensus algorithm can work well on
vi ∈ {0, 1}. The consensus problem is to decide upon a arbitrary network topology. For example, a network consists
common value among all nodes. A solution to the problem of two disjoint cliques have no chance to reach consensus. But
must fulfill the following three requirements: for real network with trust relationships e.g. the SNAP dataset
1) Agreement: no two correct nodes decide differently. of the Wikipedia who-votes-on-whom network which is called
1.0 Cumulative Distribution of Degrees 1) The time unit is round, and each message is delivered
0.8 in exact one round.
2) When roundi begin, each node receives all the messages
Probability
0.6 outdegree
0.4 indegree broadcasted by its followees in roundi−1 .
0.2
3) Each node then finishes processing the received mes-
0.0
sages in no time, and broadcast its new value at the end
0 50 100 150 200 250 300 350 of roundi
Degree
According to the local information property of the system
Fig. 1. Degree distribution of the wiki dataset model, each node is nondistinctive for an algorithm, and a
node can only receive messages from its followees. Thus an
algorithm can be formalized as a function F at time t for each
wiki dataset later [8], the topology is not ill formed like the nodei , by designating the value of nodei as vi , an algorithm
example. can be written in the following general equation:
We focus on the wiki dataset because it presents trust
vi (t + 1) = F (vi (t), Vi (t)) (1)
relationships in the form of votes for administration instead
of interest relationships in Twitter or mutual friendship re- where Vi (t) = [vf1 (t), vf2 (t), . . . vfn (t)] and f1 , f2 , . . . jn are
lationships in Facebook, it also respects other factors like followees of nodei
communities highly fit the case of crypto currency which is To analyze properties of our algorithms, we build the
our premier target. As mentioned in the trust relationship theoretical models with the mean field method. We denote
property of the system model , we impose a constraint that the densities of all nodes with value 0 and 1 to be p0 and p1
each node much have indegree >= 10, so all nodes in respectively, the densities of correct nodes with value 0 and 1
the wiki dataset with followees less than 10 are removed. to be c0 and c1 while densities of faulty nodes with value 0
Parameters of the result dataset is shown in Table I, and and 1 to be f0 and f1 . Because the symmetrical property of
the cumulative distribution of indegrees and outdegrees are the algorithm on binary value 0 and 1, and p0 + p1 = 1, it’s
shown in Fig. 1. The wiki dataset also presents the properties sufficient to only track p0 and only considering p0 > 0.5.
of a scale-free network. A scale-free network has its degree We also assume initially faulty nodes are evenly distributed
distribution follows a power law, at least asymptotically [52], among all the nodes with density of f . Thus one can write the
also it presents a small-world phenomenon where the low- following two equations which will be used later to facilitate
degree nodes belong to very dense sub-graphs and those sub- analyzing fault tolerance. Eq. (2) stands before the consensus
graphs are connected to each other through hubs [53]. process start, and at any time we have Eq. (3).
Name Wiki p0 + p1 = 1
Nodes Counts 998
c0 = p0 ∗ (1 − f )
Average Degree 33.33
Diameter 5
Average Path length 2.34
c1 = p1 ∗ (1 − f ) (2)
Density 0.033 f 0 = p0 ∗ f
Average Clustering Coefficient 0.183
f 1 = p1 ∗ f
Eigenvector Centrality Sum Change 0.029
TABLE I f0 + f1 = f
D ATASETS PARAMETERS
c +c =1−f
0 1
(3)
c 0 + f 0 = p0
To facilitate comparing the impact of network scale on
c1 + f 1 = p 1
algorithms, we also run simulations upon three uniform net-
works at scale of 100, 1000, 5000 nodes, where each node has Also, according to f0 + c0 = p0 in Eq. (3), we can also
the same degree and connect to each other randomly. Those have:
dataset are named as uniform-less, uniform and uniform-more
dp0 dc0 df0
respectively. = + (4)
dt dt dt
V. A PPROACH TO C ONVERGENCE For system without failures, we have:
Though our system model is asynchronous, to facilitate
f0 = 0
shaping and analyzing the asynchronous algorithm, we start
f1 = 0
from a synchronous algorithm which will be transformed to
c0 = p 0 (5)
the corresponding asynchronous algorithm in the next section.
c1 = p 1
For the synchronous algorithm, the time model is depicted
in the following: c0 + c1 = 1
1: function G REEDY(Vi (t), vi (t))
2: n0 ← count 0 in (Vf (t), vi (t))
3: n1 ← count 1 in (Vf (t), vi (t))
4: if n0 > n1 then
5: return 0 0.45
0.40
6: else if n1 > n0 then 0.35
7: return 1 0.30
8: else d 0.25
0.20
0.10
0.05
Fig. 2. Greedy algorithm 0.00
1.0
0.9
300
0.8 250
200
and thus Eq. (4) can be written to the following equation: p0
0.7
0.6 100
150
0.5 0
50
D
dp0 dc0
= (6)
dt dt
We first deal with the convergence problem assuming that all (a) Derivative of p0 on t
nodes is correct, i.e f0 = f1 = 0, starting from a greedy algo-
rithm which has best convergence speed but may stuck during
the convergence process, then proposed a simulated annealing
algorithm which won’t stuck but has low convergence speed,
and at last we combine the two algorithms and presented
a compound algorithm. Note here even we follow the same
1.1
naming convention with traditional mathematical optimization
1.0
techniques, the meaning is totally different, instead, it’s only
the driving force to producing emergent phenomena of a 0.9
p0
0.5 200
A. Greedy 20
15 100
150
D
10 50
The greedy algorithm is quite straightforward, it simply t 5
0
0
theory 3:
0.6
uniform-less 4: n ← n0 + n1
0.4 uniform
uniform-more 5: if n0 > n ∗ 0.8 then
0.2
wiki 6: return 0
0.0
0 5 10 15 20 25 30 35 40 7: else if n1 > n ∗ 0.8 then
round
8: return 1
(a) Convergence 9: else
10: test ← random select from [0, n]
0.40 Histogram of rounds to reach consensus: bin =2 11: if test < n0 then
0.35 uniform-less 12: return 0
0.30 uniform 13: else if test > n0 then:
probability
0.25 uniform-more
0.20 14: return 1
0.15 wiki
0.10 15: else
0.05 16: return random select from {0, 1}
0.00
0 5 10 15 20 25 30 35 40 45
round
Fig. 5. Simulated annealing algorithm
(b) Rounds to reach concensus
Fig. 4. Simulation of the greedy algorithm
can be written in the following mean field equation:
dp0
= s1 c1 − s0 c0
dt
convergence will be 0, while c0 = 1 or c1 = 1, convergence
0.8D
D−i 1
will be 1 which means consensus is reached. Fig. 4b shows
X
s1 = F (0.2D; D, p1 ) + f (i; D, p1 )( + )
the histogram of rounds to reach consensus for each run of 40 D 2D
i=0.2D
rounds. Note in Fig. 4b , consensus at round of 41 means the
0.8D
D−i 1
X
system failed to reach consensus in that run, and also each bin
s 0 = F (0.2D; D, p 0 ) + f (i; D, p0 )( + )
D 2D
of the histogram is 2. From the figure we can see:
i=0.2D
(10)
1) For each dataset, simulation result approximately fits The relationship between dp0 /dt, D and p0 can be plotted to
theoretical analysis. Fig. 6a, while the evolution of p0 along with time t, starting
2) Network scale has no apparent impact on convergence with p0 = 0.501 at t = 0, and D ∈ [5, 300] is shown as
speed. Fig. 6b. From those figures we can see the following facts:
3) For uniform network consensus can always be reached 1) The convergence speed is never negative.
rapidly no mater what the network scale is. 2) When p0 is near 0.5, the converge speed is zero if the
4) Mean convergence can’t reach 1 for the wiki dataset, degree D is not too small.
caused by some runs which can’t reach consensus as 3) When D is not too small, starting with p0 = 0.501 at
shown in Fig. 4b . The reason for this phenomenon t = 0, the system makes no progress in consensus over
we think is the whole network gradually splits into two time.
cohesive subgraph because of the community structure.
Following the notations and definitions same with simula-
tion of the greedy algorithm, convergence of the SA algorithm
is shown as Fig. 7a while Fig. 7b shows the histogram
of rounds to reach consensus for each run of 40 rounds.
From the two figures, we have the following conclusions and
B. Simulated Annealing
explanations:
1) For the uniform-more dataset with D = 33, none of the
To overcome the hurdle that the greedy algorithm may runs reach consensus.
stuck at some runs, we developed the simulated annealing(SA) 2) For the uniform dataset with D = 33, there are tiny
algorithm shown in Fig. 5. It provide the ability for a node to chances to reach consensus within 40 rounds.
escape from its current value at the probability proportional 3) For the uniform-less dataset with D = 33, about half
to the ratio of its followees with the other value to all its runs reach consensus within 40 rounds.
followees, while keep a node at a stable state while the ratio 4) The average convergence for uniform-more and uniform
is great enough. is nearly at the same level along with time. Note here
Following the same notations and method of deducing in positive convergence does not mean p0 > p1 . Actually
the description of the greedy algorithm, the evolution of p0 for each individual run, the ratio of p0 /p1 always
0.8
0.7 theory
0.6 uniform-less
convergence
0.5 uniform
0.4 uniform-more
0.3
0.16
wiki
0.14 0.2
0.12 0.1
0.10 0.0
0 5 10 15 20 25 30 35 40
0.08 d round
0.06
0.04
0.02
(a) Convergence
0.00
1.0 0.5
0.9
0.4 uniform-less
0
0.8
uniform
probability
50
100
150
0.7
p0 0.3 uniform-more
0.6
wiki
200
D 250
300 0.5
0.2
0.1
0.0
(a) Derivative of p0 on t 0 5 10 15 20 25 30 35 40 45
round
0.8
0.7
4: return G REEDY(Vi (t), vi (t))
0.6
5: else
0.5
6: return S IMULATEDA NNEALING(Vi (t), vi (t))
20
15
Fig. 8. Compound algorithm
10
t
0
50 5
100
150
200
D 250 0
300
C. Compound
To leverage the ability of the greedy algorithm to make
(b) Evolution of p0
quick progress in consensus as well as the ability of the SA
Fig. 6. Theory analysis of the SA algorithm
algorithm to escape from stuck, we proposed the compound
algorithm by synthesizing the two algorithms as shown in
Fig. 8.
oscillate around 1. For the compound algorithm, dp0 /dt is just a linear com-
5) The theoretical model simulation only conform when bination of that of the greedy and the SA algorithm as the
the network scale is big enough. The explanation to the following equation, where dg p0 /dt and ds p0 /dt are the
this phenomenon is that when a small portion of nodes derivatives of the greedy algorithm and the SA algorithm
escape from their existing values, the effect is non- respectively:
negligible when the network scale is mall, while in the
big network scale, small disturbance can be absorbed. dp0 dg p0 ds p0
= ∗ ratio + ∗ (1 − ratio) (11)
Simulations also show that for a run that finally reach dt dt dt
consensus, it actually keeps oscillating until it suddenly For ratio = 0.5, the relationship between dp0 /dt, D and p0
escaped from oscillating at some time and then reach can be plotted to Fig. 9a, and the evolution of p0 along with
consensus within just several rounds. time t, starting with p0 = 0.501 at t = 0, and D ∈ [5, 300] is
6) For wiki dataset, the convergence steadily increases with shown as Fig. 9b.
time. The reason that they behaves quite different to
We simulate the compound algorithm on the wiki dataset
uniform dataset is that the node degrees are disequi-
for 1000 runs with ratio = 0.5. Following the notations and
librium, actually, because of the scale-free property, a
definitions same with simulation of the greedy algorithm, the
large proportion of node degrees are about 10. And as
convergence and rounds to converge of all the algorithms on
we already know from theoretical analysis, those nodes
the wiki dataset are show in Fig. 10a and Fig. 10b , and
has a rapid convergence speed.
the convergence and rounds to converge of the compound
1.0
0.8
convergence
0.6
theory: compound
0.4 wiki: greedy
wiki: sa
0.2
0.25
wiki: compound
0.0
0 5 10 15 20 25 30 35 40
0.20 round
0.15
d (a) Convergence
0.10
0.00
200 0.25 greedy
1.0
150
0.20 sa
probability
0.9
0.8
100
D compound
0.7 50 0.15
p0
0.6
0
0.5
0.10
0.05
0.00
(a) Derivative of p0 on t 0 5 10 15 20 25 30 35 40 45
round
1.1 1.0
0.8
0.4 uniform
0.7 uniform-more
0.2
0.6
wiki
0.0
0.5 0 5 10 15 20 25 30 35 40
20 round
15
10
(a) Convergence
300
250
t 5 200
150
0
0
50
100
0.30 uniform-less
0.25 uniform
probability
−0.1
−0.3
meanwhile, all faulty nodes behaves independently to 1.1 0.5
0.9
value failure. 0.8
0.3
p ′ 0.2
p
To measure performance of faulty tolerance, we define 0 0.7
0.1
0.6
critical point which will be used in later sections. 0.5 0.0
p0
0.5 0.6 0.7 0.8 0.9 1.0
p0
convergence
3:
0.6
4: if msg.state.stage < node.state.stage then uniform-less
0.4 uniform
5: return uniform-more
0.2
6: if node.state = deciding and msg.state = deciding wiki
0.0
and msg.round < node.round then 0 10000 20000 30000 40000 50000 60000 70000
time(ms)
7: return
8: delete msg.nodeid from node.suspects
9: add msg.nodeid to node.followees Fig. 19. Convergence of the Asynchronous Algorithm
1.0
10: function O N T IMER(node, time)
11: delta ← node.round start time − time 0.8
convergence
12: if delta < TIMEOUT then 0.6
uniform-less
13: return 0.4 uniform
14: lives ← [ ] uniform-more
0.2
wiki
15: for all msg in node.buffer do 0.0
0 10000 20000 30000 40000 50000 60000 70000
16: add msg.nodeid to lives time(ms)
TABLE II
E RROR IN MISLEAD ATTACK BY RANDOM NODES
TABLE III
E RROR IN MISLEAD ATTACK BY TOP INFLUENTIAL NODES
and when ratio = 0, the compound algorithm is degraded [10] L. Lamport, “Time, clocks, and the ordering of events in a distributed
to the simulated annealing algorithm. Studying the impact system,” Commun. ACM, vol. 21, no. 7, pp. 558–565, 1978.
[11] C. Attiya, D. Dolev, and J. Gil, “Asynchronous byzantine consensus,”
of ratio may be beneficial to maximize the performance of in Proceedings of the Third Annual ACM Symposium on Principles of
convergence tother with fault tolerance. Distributed Computing, ser. PODC ’84. New York, NY, USA: ACM,
Security of the DHT is also a problem though its another 1984, pp. 119–133.
[12] M. J. Fischer, N. A. Lynch, and M. S. Paterson, “Impossibility of
topic. However, DHT is only used for a node to find the correct distributed consensus with one faulty process,” J. ACM, vol. 32, no. 2,
swarm for a new followee, once the swarm is found, nodes pp. 374–382, 1985.
of the swarm can connect directly through peer exchange [13] L. Lamport, “Paxos made simple,” SIGACT News, vol. 32, no. 4, pp.
51–58, 2001.
and informations of them can be reused later. Thus even [14] M. Castro and B. Liskov, “Practical byzantine fault tolerance,” in
DHT is compromised, each node will still work with existing Proceedings of the Third Symposium on Operating Systems Design
followees. Also, the trust relationships itself can be utilized for and Implementation, ser. OSDI ’99. Berkeley, CA, USA: USENIX
Association, 1999, pp. 173–186.
securing DHT as per existing technologies like Whanau [24]. [15] M. Ben-Or, “Another advantage of free choice (extended abstract): Com-
pletely asynchronous agreement protocols,” in Proceedings of the Second
X. C ONCLUSION Annual ACM Symposium on Principles of Distributed Computing, ser.
The consensus algorithm presented in this paper is far from PODC ’83. New York, NY, USA: ACM, 1983, pp. 27–30.
[16] T. D. Chandra and S. Toueg, “Unreliable failure detectors for reliable
perfect, but it can converge in reasonable time while preserve distributed systems,” J. ACM, vol. 43, no. 2, pp. 225–267, 1996.
decentralization for P2P network, even it can only tolerant [17] F. Greve and S. Tixeuil, “Knowledge connectivity vs. synchrony re-
collusion of 2% top influential nodes, it’s still a huge progress quirements for fault-tolerant agreement in unknown networks,” in Pro-
ceedings of the 37th Annual IEEE/IFIP International Conference on
comparing to Bitcoin which can’t survive attack by 1 top Dependable Systems and Networks, ser. DSN ’07. Washington, DC,
influential node in a network with about 8000 nodes. USA: IEEE Computer Society, 2007, pp. 82–91.
[18] C. Delporte-Gallet, H. Fauconnier, and A. Tielmann, “Fault-tolerant
XI. ACKNOWLEDGEMENT AND F UTURE W ORK consensus in unknown and anonymous networks,” in Proceedings of the
2009 29th IEEE International Conference on Distributed Computing
This study is part of the skycoin project [56] with ideas Systems, ser. ICDCS ’09. Washington, DC, USA: IEEE Computer
shaped by members of the consensus team. We are now Society, 2009, pp. 368–375.
developing a belief tree based algorithm which can parallel [19] H. Moniz, N. Neves, and M. Correia, “Byzantine fault-tolerant consensus
in wireless ad hoc networks,” IEEE Transactions on Mobile Computing,
multiple consensus processes simultaneously in the sense of vol. 12, no. 12, pp. 2441–2454, 2013.
eventual consensus, and the algorithm is expected to reduce [20] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach,
the average time for each consensus process. “Secure routing for structured peer-to-peer overlay networks,” SIGOPS
Oper. Syst. Rev., vol. 36, no. SI, pp. 299–314, 2002.
R EFERENCES [21] R. A. Bazzi and G. Konjevod, “On the establishment of distinct identities
in overlay networks,” in Proceedings of the Twenty-fourth Annual ACM
[1] J. Brito and A. Castillo, Bitcoin: A Primer for Policymakers, 1st ed. Symposium on Principles of Distributed Computing, ser. PODC ’05.
Mercatus Center at George Mason University, 8 2013. New York, NY, USA: ACM, 2005, pp. 312–320.
[2] J. R. Douceur, “The sybil attack,” in Revised Papers from the First Inter- [22] N. Borisov, “Computational puzzles as sybil defenses,” in Proceedings
national Workshop on Peer-to-Peer Systems, ser. IPTPS ’01. London, of the Sixth IEEE International Conference on Peer-to-Peer Computing,
UK, UK: Springer-Verlag, 2002, pp. 251–260. ser. P2P ’06. Washington, DC, USA: IEEE Computer Society, 2006,
[3] L. Lamport, R. Shostak, and M. Pease, “The byzantine generals prob- pp. 171–176.
lem,” ACM Trans. Program. Lang. Syst., vol. 4, no. 3, pp. 382–401, [23] H. Yu, M. Kaminsky, P. B. Gibbons, and A. Flaxman, “SybilGuard:
1982. Defending against sybil attacks via social networks,” in Proceedings of
[4] E. A. Alchieri, A. N. Bessani, J. Silva Fraga, and F. Greve, “Byzantine the 2006 Conference on Applications, Technologies, Architectures, and
consensus with unknown participants,” in Proceedings of the 12th Protocols for Computer Communications, ser. SIGCOMM ’06. New
International Conference on Principles of Distributed Systems, ser. York, NY, USA: ACM, 2006, pp. 267–278.
OPODIS ’08. Berlin, Heidelberg: Springer-Verlag, 2008, pp. 22–40. [24] C. Lesniewski-Laas and M. F. Kaashoek, “Whanau: A sybil-proof
[5] S. Nakamoto, “Bitcoin: A peer-to-peer electronic cash system,” distributed hash table,” in Proceedings of the 7th USENIX Conference on
http://www.bitcoin.org/bitcoin.pdf , 2009. Networked Systems Design and Implementation, ser. NSDI’10. Berke-
[6] D. Cawrey, “Are 51% attacks a real threat to bitcoin?” ley, CA, USA: USENIX Association, 2010, pp. 8–8.
http://www.coindesk.com/51-attacks-real-threat-bitcoin/, June 20 [25] M. N. Al-Ameen and M. Wright, “Persea: A sybil-resistant social DHT,”
2014. in Proceedings of the Third ACM Conference on Data and Application
[7] N. T. Courtois and L. Bahack, “On subversive miner strategies and Security and Privacy, ser. CODASPY ’13. New York, NY, USA: ACM,
block withholding attack in bitcoin digital currency,” CoRR, vol. 2013, pp. 169–172.
abs/1402.1718, 2014. [26] L. Alvisi, A. Clement, A. Epasto, S. Lattanzi, and A. Panconesi, “SoK:
[8] J. Leskovec and A. Krevl, “SNAP Datasets: Stanford large network The evolution of sybil defense via social networks,” in Proceedings
dataset collection,” http://snap.stanford.edu/data, Jun. 2014. of the 2013 IEEE Symposium on Security and Privacy, ser. SP ’13.
[9] M. Pease, R. Shostak, and L. Lamport, “Reaching agreement in the Washington, DC, USA: IEEE Computer Society, 2013, pp. 382–396.
presence of faults,” J. ACM, vol. 27, no. 2, pp. 228–234, 1980.
[27] W. Wei, F. Xu, C. C. Tan, and Q. Li, “SybilDefender: A defense [43] nxtcrypto.org, “Nxt whitepaper,” https://wiki.nxtcrypto.org/wiki/Whitepaper:Nxt,
mechanism for sybil attacks in large social networks,” IEEE Trans. 2014.
Parallel Distrib. Syst., vol. 24, no. 12, pp. 2492–2502, 2013. [44] P. Vasin, “Blackcoin’s proof-of-stake protocol v2,”
[28] A.-L. Barabási, R. Albert, and H. Jeong, “Mean-field theory for scale- http://www.blackcoin.co/blackcoin-pos-protocol-v2-whitepaper.pdf,
free random networks,” Physica A: Statistical Mechanics and its Appli- 2014.
cations, vol. 272, no. 1, pp. 173–187, 1999. [45] I. Bentov, A. Gabizon, and A. Mizrahi, “Cryptocurrencies without proof
[29] E. Estrada and E. Vargas-Estrada, “How peer pressure shapes consensus, of work,” 06 2014.
leadership, and innovations in social groups,” Sci. Rep., vol. 3, 2013. [46] V. Buterin, “On stake,” https://blog.ethereum.org/2014/07/05/stake/, 7
[30] D. Vilone, J. J. Ramasco, A. Sánchez, and M. S. Miguel, “Social and 2014.
strategic imitation: the way to consensus,” Sci. Rep., vol. 2, 2012. [47] A. Poelstra, “A treatise on altcoins,”
[31] C. Doyle, S. Sreenivasan, B. K. Szymanski, and G. Korniss, “Social https://download.wpsoftware.net/bitcoin/alts.pdf, 10 2014.
consensus and tipping points with opinion inertia,” arXiv:1411.1723 [48] D. Schwartz, N. Youngs, and A. Britto, “The Ripple protocol consen-
[cond-mat, physics:physics], 11 2014. sus algorithm,” https://ripple.com/files/ripple consensus whitepaper.pdf,
[32] J. Xie, S. Sreenivasan, G. Korniss, W. Zhang, C. Lim, and B. Szymanski, 2014.
“Social consensus through the influence of committed minorities,” [49] https://ripple.com/ripple.txt.
Physical Review E, vol. 84, no. 1, p. 011130, 2011. [50] J. Kim, “Safety, liveness and fault
[33] R. M. Anderson and R. M. May, Infectious diseases of humans. Oxford tolerance—the consensus choices stellar,”
university press Oxford, 1991, vol. 1. https://www.stellar.org/blog/safety liveness and fault tolerance consensus choice/,
[34] N. Bailey, The Mathematical Theory of Infectious Diseases and its 2014.
Applications. London: Griffin, 1975. [51] J. Kwon, “TenderMint: Consensus without mining,”
[35] X. Castelló, A. Baronchelli, and V. Loreto, “Consensus and ordering in http://tendermint.com/docs/tendermint.pdf, 2014.
language dynamics,” The European Physical Journal B, vol. 71, no. 4, [52] A.-L. Barabási and R. Albert, “Emergence of scaling in random net-
pp. 557–564, 2009. works,” science, vol. 286, no. 5439, pp. 509–512, 1999.
[36] A. Baronchelli, “Role of feedback and broadcasting in the naming [53] D. J. Watts and S. H. Strogatz, “Collective dynamics of ‘small-
game,” Phys. Rev. E, vol. 83, no. 4, p. 046103, 2011. world’networks,” nature, vol. 393, no. 6684, pp. 440–442, 1998.
[37] P. Singh, S. Sreenivasan, B. K. Szymanski, and G. Korniss, “Accelerating [54] F. Dabek, J. Li, E. Sit, J. Robertson, M. F. Kaashoek, and
consensus on coevolving networks: The effect of committed individuals,” R. Morris, “Designing a DHT for low latency and high throughput,” in
Phys. Rev. E, vol. 85, no. 4, p. 046104, 2012. Proceedings of the 1st Conference on Symposium on Networked Systems
[38] J. A. K. M. A. S. S. A. S. B. K. A. K. G. Xie, Jierui AND Emenheiser, Design and Implementation - Volume 1, ser. NSDI’04. Berkeley,
“Evolution of opinions on social networks in the presence of competing CA, USA: USENIX Association, 2004, pp. 7–7. [Online]. Available:
committed groups,” PLoS ONE, vol. 7, no. 3, p. e33215, 2012. http://dl.acm.org/citation.cfm?id=1251175.1251182
[39] X.-T. Liu, Z.-X. Wu, and L. Zhang, “Impact of committed individuals [55] J. Li, J. Stribling, R. Morris, M. Kaashoek, and T. Gil, “A performance
on vaccination behavior,” Phys. Rev. E, vol. 86, no. 5, p. 051132, 2012. vs. cost framework for evaluating DHT design tradeoffs under churn,”
[40] M. Turalska, B. J. West, and P. Grigolini, “Role of committed minorities in Proceedings IEEE INFOCOM 2005. 24th Annual Joint Conference of
in times of crisis,” Sci. Rep., vol. 3, 2013. the IEEE Computer and Communications Societies, vol. 1, Mar. 2005,
[41] S. N. Sunny King, “Ppcoin: Peer-to-peer crypto-currency with proof-of- pp. 225–236 vol. 1.
stake,” http://www.peercoin.net/assets/paper/peercoin-paper.pdf, 2012. [56] https://github.com/skycoin .
[42] bitshares.com, “Bitshares toolkit: Delegated proof of stake,”
http://bitshares.org/documentation/group dpos.html, 2014.