区块链论文速读B会-DSN 2024（2/2）区块链如何降低随机数的生成成本、延迟、存储？

• 7月 25, 2024
• hoticn

Conference：The 54th Annual IEEE/IFIP International Conference on Dependable Systems and Networks
Conference time：2024

5、A Low-Latency Random Number Generator for BFT Smart Contracts
为 BFT 智能合约设计的低延迟随机数生成器

Random numbers are essential in decentralized applications such as decentralized finance (DeFi) and non-fungible tokens (NFTs). However, their generation is challenging due to the deterministic and decentralized nature of blockchains, which can compromise the security and stability of smart contracts. Previous solutions, including Oracles that use commit-execute schemes, suffer from high transaction fees, long processing times, and increased on-chain storage, affecting efficiency. This paper introduces a new random number provider (RNP) protocol for smart contracts that eliminates reliance on traditional commit-execute methods. We also systematically identify potential attacks related to random numbers in smart contracts, particularly Post-Reveal Undo Attacks (PUAs), where attackers may reverse contract operations when randomness is unfavorable, and discuss the necessary security requirements. Our protocol mitigates these attacks by (1) integrating distributed random beacons (DRBs) with consensus processes, bridging the semantic gap between DRB and consensus, and (2) thoroughly analyzing and classifying four types of PUAs, offering robust mitigations, and providing a security proof. Our experiments demonstrate that the protocol significantly improves response times and security for random number queries in smart contracts, reducing request fees by at least 89% and on-chain data by 76.4% compared to current methods. This work advances the integration of DRB protocols and consensus mechanisms, securing and optimizing random number applications in dApps, thus fostering the creation of more reliable and robust systems.

随机数在诸如去中心化金融 (DeFi) 和非同质化代币 (NFTs) 的去中心化应用中至关重要。然而，由于区块链的确定性和去中心化特性，随机数的生成面临挑战，这可能会危及智能合约的安全性和稳定性。包括使用提交-执行方案的 Oracles 在内的先前解决方案，因交易费用高、处理时间长和链上存储增加而影响效率。本文介绍了一种新型的智能合约随机数提供者 (RNP) 协议，该协议消除了对传统提交-执行方法的依赖。我们还系统地识别了智能合约中与随机数相关的潜在攻击，特别是后披露撤消攻击 (PUAs)，攻击者可能会在随机数不利时撤消合约操作，并讨论了必要的安全要求。我们的协议通过以下方式缓解这些攻击：(1) 将分布式随机信标 (DRBs) 与共识过程相结合，弥合 DRB 与共识之间的语义差距，(2) 彻底分析和分类四种类型的 PUAs，提供强大的缓解措施，并提供安全证明。我们的实验表明，与当前方法相比，该协议显著提高了智能合约中随机数查询的响应时间和安全性，将请求费用至少减少了 89%，并将链上数据减少了 76.4%。这项工作推进了 DRB 协议和共识机制的集成，保护和优化了 dApps 中的随机数应用程序，从而促进了更可靠、更强大的系统的创建。

图 1 展示了提交-执行随机数协议（RNP）与带前向传输（BFTR）的RNP之间的比较。在图中，Tcommit 和 Texecute 分别代表提交和执行阶段的事务处理时间。每个实线框代表一个共识过程的周期。对于图 a中的提交-执行RNP，需要在两个不同的共识周期内完成两个事务，以便获取所需的随机数。相比之下，图 b中的BFTR协议能够在单一共识周期内满足一个随机数请求。图中的RNP组件用灰色区域进行了突出显示。

图 2 展示了一个名为 BlindBox 的智能合约中，两个关键函数的伪代码。该合约容易受到预言机滥用攻击（PUA）。“MintNFT” 函数接收三个参数：(from, target, amount)。其中，“from”代表发起交易的用户地址，“target”指代接收 NFT 的地址，“amount”则指定了要转移的 NFT 数量。该函数负责处理用户发起的代币转移请求，利用一个随机数来决定新生成 NFT 的稀有度，并将相应的 NFT 转移至指定接收方。另外，“GetRarity” 函数用于查询某个特定 NFT 的稀有度信息。需要指出的是，示例代码中提到的 GAS 是一个虚拟货币，仅用于演示合约功能，同时它也作为支付交易费用的计量单位。

图3：Contract PUA恶意合约的伪代码表示。NFT代表BlindBox合约。

图 4：Fallback PUA 合约的伪代码表示。NFT 代表易受攻击的 BlindBox 合约。

Pdf link:https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a389/410500a389.pdf

6、Verifying Randomized Consensus Protocols with Common Coins
使用Common Coins验证随机共识协议

Randomized consensus, Threshold automata, Distributed protocols, Common coin

随机共识、阈值自动机、分布式协议、Common Coin

Randomized fault-tolerant consensus protocols with common coins are widely used in cloud computing and blockchain platforms. Due to their fundamental role, it is crucial to ensure their correctness. Threshold automata is a formal model specifically designed for the verification of fault-tolerant consensus protocols. Recently, it has been extended to probabilistic threshold automata (PTAs) to verify randomized fault-tolerant consensus protocols. However, PTAs are currently limited to modeling randomized consensus protocols with local coins. In this paper, we extend PTAs to accommodate the verification of randomized fault-tolerant consensus protocols that incorporate common coins. Our approach introduces a novel process that simulates the common coin, referred to as the “common-coin process.” While the integration of the common-coin process disrupts the inherent symmetry and presents technical challenges, we demonstrate how PTAs can be effectively adapted to address these issues. We apply this methodology to validate the agreement, validity, and almost-certain termination properties of eight randomized consensus protocols featuring common coins.

带有Common Coins的随机容错共识协议在云计算和区块链平台中得到广泛应用。由于它们的基础作用，确保它们的正确性至关重要。阈值自动机是一种专为验证容错共识协议而设计的形式化模型。最近，它已被扩展为概率阈值自动机（PTAs），以验证随机容错共识协议。然而，PTAs目前仅限于对带有本地coin的随机共识协议进行建模。在本文中，我们扩展了PTAs，以验证包含Common Coins的随机容错共识协议。我们的方法引入了一个新颖的过程，即模拟Common Coins的“Common Coins过程”。尽管整合Common Coins过程会打破固有的对称性并带来技术挑战，但我们展示了如何有效地调整PTAs以解决这些问题。我们将这种方法应用于验证八个带有Common Coins的随机共识协议的一致性、有效性和几乎确定的终止性。

Pdf link:https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a403/410500a403.pdf

7、Efficient Asynchronous Approximate Agreement for Distributed Oracles
分布式预言机的高效异步近似协议

Agreement protocols are crucial in various emerging applications, spanning from distributed (blockchains) oracles to fault-tolerant cyber-physical systems. In scenarios where sensor/oracle nodes measure a common source, maintaining output within the convex range of correct inputs, known as convex validity, is imperative. Present asynchronous convex agreement protocols employ either randomization, incurring substantial computation overhead, or approximate agreement techniques, leading to high O(n^3) communication for an n-node system. This paper introduces Delphi, a deterministic protocol with O(n^2) communication and minimal computation overhead. Delphi assumes that honest inputs are bounded, except with negligible probability, and integrates agreement primitives from literature with a novel weighted averaging technique. Experimental results highlight Delphi’s superior performance, showcasing a significantly lower latency compared to state-of-the-art protocols. Specifically, for an n=160-node system, Delphi achieves an 8x and 3x improvement in latency within CPS and AWS environments, respectively.

在众多尖端应用中，共识协议的作用至关重要，从去中心化的区块链预言机到弹性网络物理系统。当涉及到测量共享源的传感器或预言机节点时，确保输出保持在正确输入的凸边界内——即所谓的凸一致性——是至关重要的。目前的异步共识协议要么依赖随机化，这可能会非常占用计算资源，要么采用近似共识方法，导致 n 节点系统的通信复杂度为 O(n^3)。本研究介绍了 Delphi，这是一种新的确定性协议，其通信复杂度为 O(n^2)，计算负载极小。Delphi 假设真实输入在一定范围内是受限的，只有极小的偏差概率，并将已建立的共识技术与一种创新的加权平均方法相结合。实验数据突出了 Delphi 的卓越性能，与当代协议相比，延迟显著降低。特别地，对于包含 n=160 节点的系统，Delphi 在 CPS 和 AWS 环境中分别实现了 8 倍和 3 倍的延迟降低。

Pdf link:https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a456/410500a456.pdf

8、Enhancing Block Interval and Commit Efficiency in Chain-Driven Rotating Leader BFT
在链驱动的轮换领导者 BFT 中增强区块间隔和提交效率

In the realm of partially synchronous networks, traditional chain-based rotating-leader Byzantine Fault Tolerance (BFT) State Machine Replication (SMR) protocols necessitate a block period of no less than 2δ, where δ represents the message propagation delay. Although a protocol with a block period of δ is feasible under a fully synchronous model, the associated commit latency scales linearly with the system’s size. Bridging this gap, we introduce the inaugural chain-based BFT SMR protocols that achieve a δ time delay between consecutive honest leader proposals and a commit latency of 3δ. We unveil three protocols tailored for the partially synchronous model, each embodying varying degrees of optimistic responsiveness, with two of them incorporating a pipeline mechanism. Our protocols not only exhibit reorganization resilience but also feature shorter view lengths, attributes that are notably absent in many current chain-based BFT SMR protocols. Our comprehensive evaluation within a wide-area network setting reveals a substantial surge in throughput and a marked decrease in latency, outperforming the industry-leading Jolteon. Additionally, our findings indicate that conventional methods aimed at diminishing communication complexity, such as vote-pipelining and the employment of designated vote-aggregators, may actually detract from practical performance in numerous scenarios.

在部分同步网络环境中，传统的基于链的轮换领导者拜占庭容错（BFT）状态机复制（SMR）协议需要至少 2δ 的区块周期，其中 δ 表示消息传播延迟。虽然在完全同步模型下可以实现 δ 的区块周期，但相关的提交延迟与系统规模成线性关系。为了缩小这一差距，我们首次推出了基于链的 BFT SMR 协议，实现了连续诚实领导者提议之间的 δ 时间延迟和 3δ 的提交延迟。我们为部分同步模型量身定制了三种协议，每种协议都体现了不同程度的乐观响应性，其中两种协议采用了流水线机制。我们的协议不仅展现了重组弹性，还具有较短的视图长度，这些特性在许多现有的基于链的 BFT SMR 协议中是显著缺失的。我们在广域网环境中的全面评估揭示了吞吐量的显著增加和延迟的明显减少，超越了行业领先的 Jolteon。此外，我们的研究结果还表明，旨在减少通信复杂性的常规方法，如投票流水线和使用指定的投票聚合器，实际上在许多情况下可能会降低实际性能。

图2：乐观提议（蓝色图）和投票多播（橙色图）使 Simple Moonshot 和 Pipelined Moonshot 能够以与提案和投票在传播和处理时获得认证的相同速率提议新区块。

图 5. 当区块提案（蓝色图）比投票花费更长的时间来传播时，显式提交投票（绿色图）使 Commit Moonshot 能够比其流水线对应物更快地提交区块。

Pdf link:https://dsn2024uq.github.io/Proceedings/pdfs/DSN2024-6rvE3SSpzFYmysif75Dkid/410500a470/410500a470.pdf

文章来源：https://mp.weixin.qq.com/s/1ntD92xXD1AuVQE3RK2gKw