A Tendermint Light Client

In Tendermint blockchains, the proof-of-stake mechanism and the underlying consensus algorithm entail a dynamic fault model that implies that the active validators (nodes that sign blocks) may change over time, and a quorum of these validators is assumed to be correct only for a limited period of time (called trusting period). The changes of the validator set are under control of the blockchain application, and are committed in every block. In order to check what is the state of the blockchain application at some height h, one needs to know the validator set at that height so that one can verify the corresponding digital signatures and hashes. A naive way of determining the validator set for height h requires one to: (i) download all blocks before h, (ii) verify blocks by checking digital signatures and hashes and (iii) execute the corresponding transactions so the changes in the validator sets are reproduced. This can potentially be very slow and computationally and data intensive. In this paper we formalize the dynamic fault model imposed by Tendermint, and describe a light client protocol that allows to check the state of the blockchain application that, in realistic settings, reduces significantly the amount of data needed to be downloaded, and the number of required computationally expensive signature verification operations. In addition to mathematical proofs, we have formalized the light client protocol in TLA+, and checked safety and liveness with the APALACHE model checker.

[1]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[2]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[3]  Hagit Attiya,et al.  Sharing memory robustly in message-passing systems , 1990, PODC '90.

[4]  Emmanuelle Anceaume,et al.  Clock Synchronization in the Byzantine-Recovery Failure Model , 2007, OPODIS.

[5]  André Schiper,et al.  The Heard-Of model: computing in distributed systems with benign faults , 2009, Distributed Computing.

[6]  Leslie Lamport,et al.  Generalized Consensus and Paxos , 2005 .

[7]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[8]  Leslie Lamport,et al.  Byzantizing Paxos by Refinement , 2011, DISC.

[9]  Jens Groth,et al.  On the Size of Pairing-Based Non-interactive Arguments , 2016, EUROCRYPT.

[10]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[11]  Leslie Lamport,et al.  Specifying Systems: The TLA+ Language and Tools for Hardware and Software Engineers [Book Review] , 2002, Computer.

[12]  Alysson Neves Bessani,et al.  State Machine Replication for the Masses with BFT-SMART , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[13]  Helmut Veith,et al.  A short counterexample property for safety and liveness verification of fault-tolerant distributed algorithms , 2016, POPL.

[14]  Loi Luu,et al.  FlyClient: Super-Light Clients for Cryptocurrencies , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[15]  Joseph Bonneau,et al.  Coda: Decentralized Cryptocurrency at Scale , 2020, IACR Cryptol. ePrint Arch..

[16]  Ethan Buchman,et al.  The latest gossip on BFT consensus , 2018, ArXiv.

[17]  Ethan Buchman,et al.  Tendermint: Byzantine Fault Tolerance in the Age of Blockchains , 2016 .

[18]  Helmut Veith,et al.  Decidability of Parameterized Verification , 2015, Synthesis Lectures on Distributed Computing Theory.

[19]  Aggelos Kiayias,et al.  Proofs of Proofs of Work with Sublinear Complexity , 2016, Financial Cryptography Workshops.

[20]  Satoshi Nakamoto Bitcoin : A Peer-to-Peer Electronic Cash System , 2009 .

[21]  André Schiper,et al.  Tolerating corrupted communication , 2007, PODC '07.

[22]  Aggelos Kiayias,et al.  Non-Interactive Proofs of Proof-of-Work , 2020, IACR Cryptol. ePrint Arch..

[23]  Dan S. Wallach,et al.  Efficient Data Structures For Tamper-Evident Logging , 2009, USENIX Security Symposium.

[24]  Josef Widder,et al.  Communication-Closed Asynchronous Protocols , 2019, CAV.

[25]  Thomas A. Henzinger,et al.  Synchronizing the Asynchronous , 2018, CONCUR.

[26]  Jae Kwon,et al.  Tendermint : Consensus without Mining , 2014 .

[27]  Justin Cappos,et al.  CHAINIAC: Proactive Software-Update Transparency via Collectively Signed Skipchains and Verified Builds , 2017, USENIX Security Symposium.

[28]  Constantin Enea,et al.  On the Completeness of Verifying Message Passing Programs under Bounded Asynchrony , 2018, CAV.

[29]  Sebastian Burckhardt,et al.  Consistency models with global operation sequencing and their composition (extended version) , 2017, DISC.

[30]  Vitalik Buterin,et al.  Fraud and Data Availability Proofs: Maximising Light Client Security and Scaling Blockchains with Dishonest Majorities. , 2018, 1809.09044.

[31]  Thomas A. Henzinger,et al.  A Logic-Based Framework for Verifying Consensus Algorithms , 2014, VMCAI.

[32]  Eli Ben-Sasson,et al.  Scalable Zero Knowledge Via Cycles of Elliptic Curves , 2014, Algorithmica.

[33]  Igor Konnov,et al.  TLA+ model checking made symbolic , 2019, Proc. ACM Program. Lang..

[34]  Shai Halevi,et al.  Clock synchronization with faults and recoveries (extended abstract) , 2000, PODC '00.

[35]  Leslie Lamport,et al.  Real-Time Model Checking Is Really Simple , 2005, CHARME.

[36]  Sharon Shoham,et al.  Verification of Threshold-Based Distributed Algorithms by Decomposition to Decidable Logics , 2019, CAV.