Streamlet: Textbook Streamlined Blockchains

Nakamoto consensus is definitely simpler than Streamlet, exactly inwards contrast to Nakamoto consensus Streamlet provides deterministic finalization as well as does non endure from the costly proof-of-work (POW) as well as the low-throughput prisoner of war induces. And, amidst the protocols that render deterministic finalization, including PBFT, Tendermint, HotStuff, yes, Streamlet is the simplest protocol. So, yes, Streamlet deserves your attention.

Streamlet protocol

Streamlet is an amalgamation of existing techniques. It borrows materials from Casper, HotStuff, as well as Elaine Shi's before work. But that's OK. The destination is to exhibit the simplest protocol, non necessarily the most novel or the most efficient protocol. Here is the protocol, verbatim from the introduction of the paper.

In Streamlet, each epoch has a designated leader chosen at random past times a publicly known hash function. We assume that a valid blockchain is a sequence of blocks cryptographically “chained” together past times a hash function, i.e., each block contains a hash of its prefix.

Propose-Vote. In every epoch: 

• The epoch’s designated leader proposes a novel block extending from the longest notarized chain it has seen (if at that topographic point are multiple, intermission ties arbitrarily). The notion “notarized” is defined below.
• Every histrion votes for the get-go proposal they meet from the epoch’s leader, equally long equally the proposed block extends from (one of) the longest notarized chain(s) that the voter has seen. A vote is a signature on the proposed block. 
• When a block gains votes from at to the lowest degree 2n/3 distinct players, it becomes notarized. A chain is notarized if its ingredient blocks are all notarized.

Finalize. Notarized does non hateful final. If inwards whatsoever notarized chain, at that topographic point are 3 following blocks alongside consecutive epoch numbers, the prefix of the chain upwards to the minute of the 3 blocks is considered final. When a block becomes final, all of its prefix must live concluding too.

Is this a elementary protocol?

It is a brusk unmarried activeness protocol. It looks simple. Let's delve in.

Normal functioning is simple, sure. Let's assume synchronous epochs of tell 1 minute length. If it is node j's plow to suggest inwards this epoch (i.e., at this second) according to the rotation function, j identifies the longest notarized chain, adds the proposed block to that as well as broadcasts it. The honest nodes vote for j's proposal as well as broadcast their votes to every node. These are all received inside the epoch duration. And that is it. Rinse, repeat. 

Yes, at that topographic point is all-to-all communication inwards the vote phase, as well as that has about toll associated alongside it. But that also serves to strengthen the resilience of the protocol as well as makes it tardily to rotate the leaders. Since every node gets all the votes, the leader does non take away to conclude/teach/finalize anything to the other nodes; each node tin exercise that itself.

Another thing that helps alongside resilience is that Streamlet performs consensus on chains rather than private consensus instances. The big sentiment inwards Streamlet is that the chain matters as well as should live leveraged. Unlike PBFT as well as its derivatives, which treats each consensus illustration isolated as well as independent of each other, Streamlet leverages the chain construction that links consensus instances to each other. Here consensus on 1 block is also vote for the previous blocks inwards the chain. That agency fifty-fifty though a block does non learn notarized, tell because of leader failure before reaching plenty nodes, that block tin subsequently live grandparented inwards to finalization when a chain including it gets notarized alongside 3 consecutive blocks at its end.

OK, let's directly banking concern check how the protocol behaves inwards a partially asynchronous system, where the synchronization assumptions tin live violated temporarily. In Figure 1, nosotros meet that forks tin develop inwards the absence of synchrony, exactly according to the finality dominion the prefix of the exceed chain upwards to the epoch-6 block is considered final. If nosotros had synchrony it wouldn't live possible to convey forks, because if 2/3 of the nodes authorize epoch 1 block, they would non live OK alongside authorizing epoch 2 block linking to the root block after that. But without the synchrony assumptions, it is possible for both blocks to live proposed without notarization at get-go as well as and then brand progress toward notarization concurrently. That means, epoch 1 block was non notarized when epoch 2 block was added. The leader of 2 did non meet 1 notarized (or it could also live that the leader of 2 was Byzantine as well as ignored it). The notarizations reached to the nodes virtually 1 as well as 2 subsequently on. And the same thing happened alongside epoch 3 as well as v blocks. Even if nosotros required that the nodes vote to epochs inwards increasing order, as well as turn down to vote for a lower epoch lay out block after voting for a higher epoch numbered block this scenario would all the same live possible. Distributed systems is hard, let's travel prepare neural networks.

The newspaper includes a proof of why after 5,6,7 is notarized it is impossible to convey the other fork to survive. It is an tardily to follow proof... over again relative to the distributed systems standards.

I genuinely similar that the normal activeness is also the 1 that plant inwards the asynchronous case. There is no dissever detect-and-switch-to-recovery way when synchrony assumptions are violated. The protocol is self-stabilizing alongside the normal illustration activeness as well as is ever prophylactic to the human face upwards of asynchrony.

One thing all the same lingered inwards my hear though. I was all the same super suspicious how at that topographic point was no take away for using the epoch lay out cognition inwards the protocol or the proof. The protocol uses the longest chain rule. Longest chain does non necessarily hateful the chain alongside the highest epoch. It is virtually how many blocks at that topographic point are inwards the chain. As far equally the epoch numbers is concerned, the alone thing the protocol cares virtually is to meet 3 consecutive epoch blocks for finalization. The protocol doesn't tell virtually monotonically increasing requirement for epoch numbers inwards an asynchronous surround (again except for the finality dominion which requires 3 consecutive epoch blocks).

So to examination that security is all the same satisfied alongside this protocol inwards an asynchronous setup I modeled Streamlet inwards TLA+. To live specific, I modeled the crash fault-tolerant version given inwards the Appendix. But that is genuinely almost the same equally the BFT protocol. It tolerates upto a minority lay out of nodes crash failing, as well as the alone alter is that notarization require alone bulk votes. The finality dominion is all the same the same. That is about other groovy thing virtually Streamlet, almost the same protocol plant for byzantine as well as crash fault-tolerance.

So, what did I discover when I modeled Streamlet inwards TLA+? Was it tardily to model it inwards TLA+? Was at that topographic point a security violation inwards an asynchronous arrangement if nosotros don't require the nodes to live epoch-monotonic inwards their voting? You volition convey to hold off for the following weblog postal service to hear the answers.

In the meanwhile, I convey to a greater extent than questions for you.

MAD questions

1. How tin nosotros add together pipelining to Streamlet?

If nosotros tin add together pipelining to Streamlet, that volition assist amend throughput. Each epoch has the same communication structure, as well as that is promising for adding pipelining to Streamlet. The inquiry is how exercise nosotros exercise that.

2. Is at that topographic point a vulnerability if the leader is known beforehand?

The epoch leader is known inwards advance inwards Streamlet. So a rigid network adversary tin exercise this information to block communication from the epoch leader. There are about protocols that enshroud this information to avoid this vulnerability. I am guessing it may live possible to blueprint the rotating share to enshroud this information as well as divulge the leader alone at the corresponding epoch, exactly I am non a cryptologist.

3. Is it tardily to learn v consecutive blocks notarized alongside Byzantine nodes?

The newspaper says that inwards social club to brand progress, at that topographic point needs to live v consecutive honest leaders after GST. But if 1/3rd of the nodes are Byzantine, as well as the rotation share is random, it volition live a piece before nosotros learn a sequence of v consecutive honest leaders, right? I wonder if this causes whatsoever problems.

Share this post