HotStuff: BFT Consensus with Linearity and Responsiveness

Once network communication becomes synchronous, HotStuff enables a correct leader to drive the protocol to consensus at the pace of actual (vs.maximum) network delay—a property called responsiveness—and with communication complexity that is linear in the number of replicas.

Each validator set is a category such that the objects are the validators and the morphisms represent interactions between validators. Each transition between validator sets represents a functor from one category to another because the morphisms are the same flavor between validator sets.

• Category Theory Pertaining to Dynamical Systems
• Dynamical Systems and Their Steady State

Ring Signatures Explainer

• MetaAnalysis of Alternative Consensus Protocols

Avalanche

• Exploring Liveness of Avalanche (… or any consensus algorithm that relies on an unstable equilibrium)
• What avalanche paper is not
• Avalanche vs The new IOTA consensus algorithm, with a touch of Spacemesh

Threshold Signatures Explained by Omer Shlomovits
...both multisig and TSS are essentially trying to achieve similar goals, but TSS is using cryptography off-chain, while multisig happens on-chain. However, the blockchain needs a way to encode multisig, which might harm privacy because the access structure (number of signers) is exposed on the blockchain. The cost of a multisig transaction is higher because the information on the different signers also needs to be communicated on the blockchain. In TSS, the signers’ details are folded into a regular looking transaction, reducing cost and maintaining privacy. On the other hand, multisig can be non-interactive, which saves the trouble of running a complex communication layer between the different signers.

Brick: Asynchronous State Channels

This is an emerging cryptographic primitive common to modern consensus protocols.

metalink

• On Verifiable Delay Functions (blog post)

I've already written some basic, use-case oriented notes, but I want to understand how it actually works. Seems like a useful mechanism for achieving proportionally justified representation in any context (ie not limited to blockchain consensus algorithms)

Web 3 Reference Implementations

• web3 simple ref
• web3 auction dynamic thingy
• complicated phragmen

Paper

• Threshold Quantifying Proportionality Criteria for Election Methods

Substrate Implementation

• https://github.com/paritytech/substrate/blob/master/srml/staking/src/phragmen.rs

structure a state machine that formats transactions in a way that provides domain-specific context with IPLD.

calculating dependence

The transaction format should allow us to calculate some meaningful measure of independence between transactions. This dependence measure can be used to manage the flow rate of proposals, voter participation, and other signalling expectations that the blockchain will need to be live to receive and incorporate into its future state.

dependence allows us to construct a flexible DAG

The metric for dependence does not need to be binary -- the point is to use measurements of dependence to allow for stateful merging of transactions while also limiting transaction throughput for certain operations to manage flow rate of actions.

in summary

When it comes to thinking about the transaction format, I have a few unrelated concepts that I think might prove useful for fostering certain stateful network operations over the read uncommitted (dirty) transactions

• https://ipld.io
• http://kcsrk.info/papers/oopsla19-mrdt.pdf

I'd also like to aspire to one of age's goal and adopt a simple, streaming encryption protocol (like noise/disco): "A good seekable streaming encryption scheme based on modern chunked AEADs, reusable as a general encryption format", but this should probably be done in some client-side library (the node)

I would like to at some point catalogue the varying levels of accuracy and efficiency for proving set membership and estimating membership/equality.

Proving Set Membership

• vector commitments and accumulators (see subatomic repo)
• merkle trees

Estimating Membership or Set Equality

• odd sketch, oddsketch.rs

Timing, Clocks, and the Order of Events in a Distributed System by Lamport

• timestamps
• vlocks

seems like this could be vaguely related to proxy re-encryption

Watermarking Public Key Cryptographic Primitives
Watermarking public-key encryption or signatures means modifying the signing/decryption algorithm so that signatures are still verifiable on the same key and ciphertexts decryptable but one can extract a mark from the decryption/signing circuit. The authors suggest new constructions for both, allowing public marking, public mark extraction, and prohibiting mark removal.

Sunny's Thoughts on Iota brings up two issues:

1. the suggested tip strategy may not be optimal => \exists some chance that a malicious strategy is optimal
2. how can the Proof of Work be easy enough that IoT devices will have the ability to do it for their own transactions but still be hard enough to prevent 33% attacks or Denial of Service attacks on the system

Proving (1) seems difficult if not impossible. Equilibria in the Tangle provides some relevant analysis.

(2) might be addressed by coordicide and never occurred in Iota because of the use of a central coordinator

legitimate use cases

I agree; iota may be "put to better use as a permissioned second-layer micro-transaction solution amongst a number of semi-trusted devices on top of blockchains"

• bribery and on-chain vote buying (phil daian)
• Incentive Attacks on PoW

Selfish Mining

• Majority is not enough: Bitcoin Mining is vulnerable by Ittay, Emin
• Defense by Ren Zhang