How to Trust Strangers: Composition of Byzantine Quorum Systems

Trust is the basis of any distributed, fault-tolerant, or secure system. A trust assumption specifies the failures that a system, such as a blockchain network, can tolerate and determines the conditions under which it operates correctly. In systems subject to Byzantine faults, the trust assumption is usually specified through sets of processes that may fail together. Trust has traditionally been symmetric, such that all processes in the system adhere to the same, global assumption about potential faults. Recently, asymmetric trust models have also been considered, especially in the context of blockchains, where every participant is free to choose who to trust. In both cases, it is an open question how to compose trust assumptions. Consider two or more systems, run by different and possibly disjoint sets of participants, with different assumptions about faults: how can they work together? This work answers this question for the first time and offers composition rules for symmetric and for asymmetric quorum systems. These rules are static and do not require interaction or agreement on the new trust assumption among the participants. Moreover, they ensure that if the original systems allow for running a particular protocol (guaranteeing consistency and availability), then so will the joint system. At the same time, the composed system tolerates as many faults as possible, subject to the underlying consistency and availability properties. Reaching consensus with asymmetric trust in the model of personal Byzantine quorum systems (Losa et al., DISC 2019) was shown to be impossible, if the trust assumptions of the processes diverge from each other. With asymmetric quorum systems, and by applying our composition rule, we show how consensus is actually possible, even with the combination of disjoint sets of processes. 2012 ACM Subject Classification Theory of computation → Cryptographic protocols; Software and its engineering → Distributed systems organizing principles

[1]  Michael K. Reiter,et al.  Dynamic byzantine quorum systems , 2000, Proceeding International Conference on Dependable Systems and Networks. DSN 2000.

[2]  Avishai Wool,et al.  The load and availability of Byzantine quorum systems , 1997, PODC '97.

[3]  Ueli Maurer,et al.  Player Simulation and General Adversary Structures in Perfect Multiparty Computation , 2000, Journal of Cryptology.

[4]  Marko Vukolic,et al.  XFT: Practical Fault Tolerance beyond Crashes , 2015, OSDI.

[5]  Richard Mortier,et al.  Fast Flexible Paxos: Relaxing Quorum Intersection for Fast Paxos , 2020, ICDCN.

[6]  Matthias Fitzi,et al.  Secure Protocols with Asymmetric Trust , 2007, ASIACRYPT.

[7]  David Mazières The Stellar Consensus Protocol: A Federated Model for Internet-level Consensus , 2015 .

[8]  Michael K. Reiter,et al.  Byzantine quorum systems , 1997, STOC '97.

[9]  Ethan Buchman,et al.  The latest gossip on BFT consensus , 2018, ArXiv.

[10]  Kartik Nayak,et al.  Flexible Byzantine Fault Tolerance , 2019, CCS.

[11]  David Mazières,et al.  Fast and secure global payments with Stellar , 2019, SOSP.

[12]  Moni Naor,et al.  The load, capacity and availability of quorum systems , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[13]  David Mazières,et al.  Stellar Consensus by Instantiation , 2019, DISC.

[14]  Christian Cachin,et al.  How to Trust Strangers: Composition of Byzantine Quorum Systems , 2021, 2021 40th International Symposium on Reliable Distributed Systems (SRDS).

[15]  Christian Cachin,et al.  Asymmetric Distributed Trust , 2019, OPODIS.

[16]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[17]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[18]  Michael K. Reiter,et al.  Probabilistic quorum systems , 1997, PODC '97.

[19]  Christian Cachin,et al.  Asymmetric Byzantine Consensus , 2020, ArXiv.