EP3834366A1 - System and method for consensus ordering of broadcast messages - Google Patents

System and method for consensus ordering of broadcast messages

Info

Publication number
EP3834366A1
EP3834366A1 EP19847544.4A EP19847544A EP3834366A1 EP 3834366 A1 EP3834366 A1 EP 3834366A1 EP 19847544 A EP19847544 A EP 19847544A EP 3834366 A1 EP3834366 A1 EP 3834366A1
Authority
EP
European Patent Office
Prior art keywords
consensus
node
ordering
event
broadcast
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
EP19847544.4A
Other languages
German (de)
French (fr)
Other versions
EP3834366A4 (en
Inventor
Aleksey Nogin
Joshua D. LAMPKINS
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HRL Laboratories LLC
Original Assignee
HRL Laboratories LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US16/433,928 external-priority patent/US10887092B2/en
Application filed by HRL Laboratories LLC filed Critical HRL Laboratories LLC
Publication of EP3834366A1 publication Critical patent/EP3834366A1/en
Publication of EP3834366A4 publication Critical patent/EP3834366A4/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1425Traffic logging, e.g. anomaly detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1863Arrangements for providing special services to substations for broadcast or conference, e.g. multicast comprising mechanisms for improved reliability, e.g. status reports
    • H04L12/1877Measures taken prior to transmission
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1881Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with schedule organisation, e.g. priority, sequence management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/1895Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for short real-time information, e.g. alarms, notifications, alerts, updates

Definitions

  • the present invention relates to a system and method for multi-party network protocols and, more specifically, to a system and method for implementing a protocol where messages are processed based on a consensus ordering amongst the nodes in the protocol.
  • the present disclosure is related to addressing issues presented when
  • a networking protocol for multiple nodes (e.g., computers or other devices) on a network.
  • nodes e.g., computers or other devices
  • MPC secure multi-party computation
  • a particular participant may detect that another participant is deviating from the protocol and is therefore malicious.
  • the term“malicious” refers to any reason for the failure to follow the protocol, such as software bug, hardware failure, cyber-attack, etc.
  • a common approach in MPC implementations is for the party to broadcast a“dispute” message indicating that it is in dispute with the malicious party. Note that a dispute message necessarily indicates that at least one party involved is malicious but does not necessarily indicate which one, as a malicious party could choose to broadcast a dispute message pointing to an honest one.
  • control of such ordering should ideally be at a higher level.
  • the system includes a plurality of nodes in a network. Each node has one or more processors and a memory.
  • the memory is a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions, one or more nodes in the plurality of nodes perform several operations, such as:
  • one or more nodes further perform an operation of
  • one or more nodes further perform an operation of broadcasting a dispute message, such that the dispute message is transmitted by a first node to indicate that the first node accuses the second node of failing to follow protocol.
  • one or more nodes further perform an operation of designating a node in the network as a known malicious node, based on a number of other nodes with which the given node has disputes.
  • the known malicious node is a sensor in a network, where the sensor is isolated from the network such that signals from the sensor are discarded by honest nodes in the network.
  • the consensus broadcast reception protocol is based on a consensus ordering between a time message derived event A is received and between either the time the sender of the message derived event A became known malicious, or an offset from such time, such that:
  • ordering of the two or more broadcast message derived events A and B modify a shared state, such that a consensus ordering protocols is used to maintain a consistent view of the shared state to ensure that whenever ordering of modifications could result in different end states, honest nodes are notified of which order to use.
  • the present invention also includes a computer program product and a computer implemented method.
  • the computer program product includes computer-readable instructions stored on a non-transitory computer-readable medium that are executable by a computer having one or more processors, such that upon execution of the instructions, the one or more processors of one or more nodes perform the operations listed herein.
  • the computer implemented method includes an act of causing a computer to execute such instructions and perform the resulting operations.
  • FIG. 1 is a block diagram depicting the components of a system according to various embodiments of the present invention.
  • FIG. 2 is an illustration of a computer program product embodying an aspect of the present invention.
  • FIG. 3 is a flowchart illustrating a process for consensus ordering according to various aspects of the present invention.
  • FIG. 4 is a flowchart illustrating a consensus broadcast reception protocol according to various aspects of the present invention.
  • FIG. 5 is a flowchart illustrating a vote count protocol according to various aspects of the present invention. [00031 ] DETAILED DESCRIPTION
  • the present invention relates to a system and method for multi-party network protocols and, more specifically, to a system and method for implementing a protocol where messages are processed based on a consensus ordering amongst the nodes in the protocol.
  • a non-limiting example of such a protocol that can implement the system is a multi-party network (e.g., multi-party computation (MPC)).
  • MPC multi-party computation
  • Messages are broadcast without any regard to consensus ordering. Once a broadcast message arrives at the recipient, the recipient needs to process it in a consensus order (that is - the correct functionality in some other part of the system depends on making sure that all“honest” recipients of a set of broadcast messages consume them in identical order, even if the order in which the messages initially arrived is potentially different at every recipient).
  • any element in a claim that does not explicitly state“means for” performing a specified function, or“step for” performing a specific function, is not to be interpreted as a“means” or“step” clause as specified in 35 U.S.C.
  • the first is a system for system.
  • the system is typically in the form of a computer system or several computer systems in a network operating software or in the form of a“hard-coded” instruction set. This system may be incorporated into a wide variety of devices that provide different functionalities.
  • the second principal aspect is a method, typically in the form of software, operated using a data processing system (computer).
  • the third principal aspect is a computer program product.
  • the computer program product generally represents computer- readable instructions stored on a non-transitory computer-readable medium such as an optical storage device, e.g., a compact disc (CD) or digital versatile disc (DVD), or a magnetic storage device such as a floppy disk or magnetic tape.
  • a non-transitory computer-readable medium such as an optical storage device, e.g., a compact disc (CD) or digital versatile disc (DVD), or a magnetic storage device such as a floppy disk or magnetic tape.
  • a non-transitory computer-readable medium such as an optical storage device, e.g., a compact disc (CD) or digital versatile disc (DVD), or a magnetic storage device such as a floppy disk or magnetic tape.
  • CD compact disc
  • DVD digital versatile disc
  • magnetic storage device such as a floppy disk or magnetic tape.
  • Other, non-limiting examples of computer-readable media include hard disks, read-only memory (ROM), and flash-type memories.
  • FIG. 1 A block diagram depicting an example of at least one computer in the system of the present invention is provided in FIG. 1.
  • each node when implemented in a network with multiple nodes, each node is an independent computer system that communicates with other nodes in the network.
  • FIG. 1 provides a non limiting example of at least one of those computer systems 100.
  • the computer system 100 can be a typical computer or, in other aspects, mobile devices as well as IoT devices (e.g., sensor network), or even a set of control computers on an airplane or other platform that uses the protocol (e.g., a multi-party computation protocol, etc.) for fault tolerance and cybersecurity purposes.
  • protocol e.g., a multi-party computation protocol, etc.
  • computer system 100 is configured to perform
  • the computer system 100 may include an address/data bus 102 that is
  • processors configured to communicate information.
  • one or more data processing units such as a processor 104 (or processors) are coupled with the address/data bus 102.
  • the processor 104 is configured to process information and instructions.
  • the processor 104 is a microprocessor.
  • the processor 104 may be a different type of processor such as a parallel processor, application-specific integrated circuit (ASIC), programmable logic array (PLA), complex programmable logic device (CPLD), or a field
  • FPGA programmable gate array
  • the computer system 100 is configured to utilize one or more data storage units.
  • the computer system 100 may include a volatile memory unit 106 (e.g., random access memory (“RAM”), static RAM, dynamic RAM, etc.) coupled with the address/data bus 102, wherein a volatile memory unit 106 is configured to store information and instructions for the processor 104.
  • the computer system 100 further may include a non-volatile memory unit 108 (e.g., read-only memory (“ROM”), programmable ROM (“PROM”), erasable programmable ROM
  • the computer system 100 may execute instructions retrieved from an online data storage unit such as in“Cloud” computing.
  • the computer system 100 also may include one or more interfaces, such as an interface 110, coupled with the address/data bus 102. The one or more interfaces are configured to enable the computer system 100 to interface with other electronic devices and computer systems.
  • the communication interfaces implemented by the one or more interfaces may include wireline (e.g., serial cables, modems, network adaptors, etc.) and/or wireless (e.g., wireless modems, wireless network adaptors, etc.) communication technology.
  • wireline e.g., serial cables, modems, network adaptors, etc.
  • wireless e.g., wireless modems, wireless network adaptors, etc.
  • the computer system 100 may include an input device 112
  • the input device 112 is coupled with the address/data bus 102, wherein the input device 112 is configured to communicate information and command selections to the processor 100.
  • the input device 112 is an alphanumeric input device, such as a keyboard, that may include alphanumeric and/or function keys.
  • the input device 112 may be an input device other than an alphanumeric input device.
  • the computer system 100 may include a cursor control device 114 coupled with the address/data bus 102, wherein the cursor control device 114 is configured to communicate user input information and/or command selections to the processor 100.
  • the cursor control device 114 is implemented using a device such as a mouse, a track-ball, a track pad, an optical tracking device, or a touch screen.
  • the cursor control device 114 is directed and/or activated via input from the input device 112, such as in response to the use of special keys and key sequence commands associated with the input device 112.
  • the cursor control device 114 is configured to be directed or guided by voice commands.
  • the computer system 100 further may include one or more
  • a storage device 116 coupled with the address/data bus 102.
  • the storage device 116 is configured to store information and/or computer executable instructions.
  • the storage device 116 is a storage device such as a magnetic or optical disk drive (e.g., hard disk drive (“HDD”), floppy diskette, compact disk read only memory (“CD-ROM”), digital versatile disk (“DVD”)).
  • a display device 118 is coupled with the address/data bus 102, wherein the display device 118 is configured to display video and/or graphics.
  • the display device 118 may include a cathode ray tube (“CRT”), liquid crystal display (“LCD”), field emission display (“FED”), plasma display, or any other display device suitable for displaying video and/or graphic images and alphanumeric characters recognizable to a user.
  • CTR cathode ray tube
  • LCD liquid crystal display
  • FED field emission display
  • plasma display or any other display device suitable for displaying video and/or graphic images and alphanumeric characters recognizable to a user.
  • the computer system 100 presented herein is an example computing
  • the non-limiting example of the computer system 100 is not strictly limited to being a computer system.
  • the computer system 100 represents a type of data processing analysis that may be used in accordance with various aspects described herein.
  • other computing systems may also be implemented.
  • the spirit and scope of the present technology is not limited to any single data processing environment.
  • one or more operations of various aspects of the present technology are controlled or implemented using computer-executable instructions, such as program modules, being executed by a computer.
  • program modules include routines, programs, objects, components and/or data structures that are configured to perform particular tasks or implement particular abstract data types.
  • an aspect provides that one or more aspects of the present technology are implemented by utilizing one or more distributed computing environments, such as where tasks are performed by remote processing devices that are linked through a communications network, or such as where various program modules are located in both local and remote computer- storage media including memory- storage devices.
  • FIG. 2 An illustrative diagram of a computer program product (i.e., storage device) embodying the present invention is depicted in FIG. 2.
  • the computer program product is depicted as floppy disk 200 or an optical disk 202 such as a CD or DVD.
  • the computer program product generally represents computer-readable instructions stored on any compatible non-transitory computer-readable medium.
  • “instructions” as used with respect to this invention generally indicates a set of operations to be performed on a computer, and may represent pieces of a whole program or individual, separable, software modules.
  • Non-limiting examples of“instruction” include computer program code (source or object code) and“hard-coded” electronics (i.e. computer operations coded into a computer chip).
  • The“instruction” is stored on any non-transitory computer-readable medium, such as in the memory of a computer or on a floppy disk, a CD-ROM, and a flash drive. In either event, the instructions are encoded on a non-transitory computer-readable medium.
  • This disclosure provides a networking protocol for multiple nodes (e.g.,
  • broadcast operations are transmissions such that if at least one recipient receives the message, then all recipients participating in the exchange would receive the same message, even if the sender is trying to“cheat”. This property can be ensured either by network hardware, such as an Infmiband fabric, or via a separate underlying broadcast subprotocol, such as the Bracha’s asynchronous broadcast protocol (see Literature
  • the protocol is designed to allow a global agreement (among non-malicious nodes or“honest” nodes) on the ordering between two or more broadcast events. For example, if two different senders broadcast at approximately the same time and different recipients see the broadcasts in different order, then the protocol would result in some consensus ordering, where all honest nodes agree to consider the two events as happening in a particular order. When all non- malicious nodes see the events in the same order (e.g. if they happened far apart), then the consensus ordering would coincide with that.
  • the protocol is capable of ordering any broadcast-based events, not just individual broadcasts (e.g., ordering “10 seconds after broadcasts A, B, and C were all received” vs“broadcast D was received”).
  • This protocol of the present disclosure was developed for at least the following scenario and can be implemented in a variety of applications, including shared states, sensor networks, etc.
  • MPC multi-party computation
  • the nodes perform some common tasks using a secure MPC protocol.
  • a particular participant may detect that another participant is deviating from the protocol and is therefore malicious.
  • a common approach in MPC implementations is for the party to broadcast a“dispute” message indicating that it is in dispute with the malicious party.
  • a dispute message is some sort of a message from a party indicating that they have a dispute with another party, such as“[I have a] dispute with X”.
  • a typical network protocol would have a notion of a“header”, where one field of the header would be designated as“message type”, and a message body.
  • An example implementation would send a message, where the message type field in the header would contain a numerical value assigned by the protocol designer to indicate the“dispute” message type, and the body would just be the identification of the node that the sender is in dispute with.
  • the protocol of the present disclosure can be used to allow distributed vehicles/aircraft to efficiently submit jobs or otherwise communicate with distributed servers in a secure manner.
  • the present disclosure provides a system implementing a networking protocol for multiple nodes through consensus ordering of broadcast messages. Before describing the protocol in detail, it is helpful to provide a preliminary understanding of concepts associated with the present protocol.
  • the protocol applies to a network where each party can send a group message to all other parties (possibly including itself). While the terminology of “broadcast” is broadly used for such message transmissions, it also encompasses other related technologies, such as multicast. This protocol also applies to networks where the broadcast propagation delay (the time between the message is sent and the time it is received by all participants) is bounded. The maximal propagation delay of a broadcast is denoted herein as“T4”.
  • T6 is a predetermined time period and is denoted as a time period such that if a given node receives two broadcast messages more than a predetermined time period (i.e., T6) apart, it knows that all nodes received those messages in the same order.
  • T6 is at most 2*T4 (one could use 2*T4 for simplicity, but the use of a separate T6 constant allows for more generality and assists in explicitly describing the invention).
  • an assumption is made that the network has a broadcast-like operation. It is further assumed that, however that operation is implemented, the relevant timing properties are known. In particular, it is known how long it can take for such operation to complete, once initiated. In other words, the worst-case broadcast completion time is denoted as T4. This implies that if two broadcast messages (from potentially different senders) are received at least 2*T4 apart, then it is guaranteed that all the recipients will see the messages in the same order. It may be possible to determine a time constant smaller than 2*T4 that would still have such property.
  • the starting point for the consensus ordering protocol is that each node from a fixed set of nodes (each node knows what the set is) in a network receives the same broadcast messages in some order; subject to the T6 constraint that the order of the messages may differ from one receiver to another.
  • the consensus ordering protocol that is at the heart of the present disclosure is executed by a larger system that incorporates such a protocol when there is a need for the larger system to “consistently” define an ordering between broadcast-derived events A and B.
  • “consistently” means that the determination should be the same at all honest nodes. Note that this consistency would only be needed by such larger system when the ordering actually matters (for example, when both A and B are modifying the same portion of a global shared state, or when one of them is“X became known malicious” and the other is“X sent a broadcast” and there is a need to have an agreement on whether to accept the actual message sent by X, or to ignore X and accept 0 instead). To achieve this consistency the nodes would execute the consensus ordering protocol specified below. At the conclusion of the protocol each node outputs either“A consensus-before B”, or“B consensus- before A” and the protocol guarantees that all honest nodes would output the same result regardless of the behavior of dishonest nodes.
  • a system implementing a secure MPC protocol could use this protocol as discussed above.
  • Another example could be a distributed file system or a distributed database ordering write/write or read/write races when they refer to the same data.
  • Provided in further detail below are a pair of mutually interdependent algorithms; the consensus ordering protocol and the consensus broadcast reception protocol.
  • the protocol begins through any broadcast-derived events 300 of A and B.
  • each honest node begins by determining an order and timing of receipt of at least two messages, A and B. Thereafter, each honest node executes the following steps:
  • Lemma (a property of this part of the consensus ordering protocol that makes it easier to see that the overall consensus ordering protocol has the desired property): If this happened (more generally - if there are honest votes on both sides), then all honest nodes have sent a request for vote;
  • Receive Request to Vote 320 and Add a Dispute or Vote 316 After receiving a request to vote from any node (including a node that the user may be operating) before it became known malicious (locally before, not “before”): i. If at least one event (either A or B) is seen locally more than 2*T6 before receiving the request, add a dispute with requestor;
  • Lemma will either see both events within T4, or within 2*T4+T6 the requestor would become designated as known malicious
  • Step 4 is a supporting step in that the other steps are directed to how a particular node decides its own output, while Step 4 is directed to helping other nodes make a decision which is an independent sequence as shown in FIG. 3.
  • the protocol needs to wait until there are n votes.
  • malware nodes may refuse to vote, but if a node maliciously delays its vote too much, then it would result in: 1) A dispute being added with that node in Step 4.iv (unless there was already a dispute), 2) As each honest node gets to Step 4.iv, there will eventually be t+l disputes (as there are at least t+l honest nodes) disputes and the node would become known malicious (as discussed above), and 3) Now it becomes possible to replace the anticipated vote from the known malicious node with 0 (again, as discussed above), and that eventually brings the total number of votes to n.
  • the consensus broadcast reception protocol is used to guarantee that all nodes in the network consensus-receive the same value.
  • the consensus broadcast reception protocol process proceeds as follows:
  • the present disclosure also provides an alternative shifted consensus
  • a rare event is case specific depending on the particular implementation and developer.
  • discovery of a malicious node more than Z could be pre-defmed as a rare event.
  • the system implements the basic consensus broadcast reception protocol described above, replacing “sender became known malicious” with“T6 after the sender became known malicious”.
  • The“uncertainty” period is the period where the reception of the network broadcast message would result in the consensus ordering protocol called by the consensus broadcast protocol being required to execute its voting step 3 above.
  • the cost of shifting the uncertainty period is doubling the length of period when the system may be willing to wait for and accept broadcasts from nodes that just became known malicious, before the network or system can start completely ignoring them (e.g., block broadcasts from the node, isolating broadcasts from the node for review only by an administrator node while terminating broadcasts to other nodes in the network).
  • the recursion happens whenever the consensus ordering protocol calls the consensus broadcast reception protocol in step 3(ii), since that would in turn call the consensus ordering protocol.
  • the final optimization is to batch the votes that the consensus ordering protocol takes in service of a consensus broadcast reception protocol, which results in the following optimized consensus broadcast protocol as shown in FIG. 5 :
  • control units have a consistent view that one of the sensors is faulty, the system could then isolate or otherwise stop receiving data from the relevant sensor (as it is deemed“malicious” in this context).
  • the control units have a consistent view that one of the redundant controllers is faulty, that particular faulty controller can be isolated or otherwise removed from communications with the remaining control units.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The system is directed to a plurality of nodes in a network and a process by which the nodes reach a consensus ordering of broadcast messages. For example, one or more nodes proceed by agreeing on an order of two or more broadcast message derived events A and B. If a node sees event A longer than a time period (T6) before seeing event B, then the node outputs "A consensus-before B" as a consensus broadcast ordering. If the node sees the event A and not the event B after waiting at least T6, then the node outputs "A consensus-before B" as a consensus broadcast ordering. However, if the node sees both events A and event B within T6, then the node broadcasts a request for a vote on message ordering, executes a consensus broadcast reception protocol for the votes, and makes an ordering decision based on the votes received.

Description

[0001] SYSTEM AND METHOD FOR CONSENSUS ORDERING OF BROADCAST
MESSAGES
[0002] GOVERNMENT RIGHTS
[0003] This invention was made with government support under contract number
HSHQDC-13-C-B0026, issued by Department of Homeland Security. The government has certain rights in the invention.
[0004] CROSS-REFERENCE TO RELATED APPLICATIONS
[0005] This is a Continuation-in-Part application ofU.S. Application No. 16/433,928, filed on June 06, 2019, which is a non-provisional patent application ofU.S. Provisional Application No. 62/716,680, filed on August 09, 2018, the entirety of which are hereby incorporated by reference.
[0006] This application is ALSO a non-provisional patent application ofU.S. Provisional Application No. 62/722,754, filed on August 24, 2018, the entirety of which is hereby incorporated by reference.
[0007] BACKGROUND OF INVENTION
[0008] (1) Field of Invention
[0009] The present invention relates to a system and method for multi-party network protocols and, more specifically, to a system and method for implementing a protocol where messages are processed based on a consensus ordering amongst the nodes in the protocol.
[00010] (2) Description of Related Art
[00011] The present disclosure is related to addressing issues presented when
implementing a networking protocol for multiple nodes (e.g., computers or other devices) on a network. In one example, suppose the nodes perform some common tasks using a secure multi-party computation (MPC) protocol. At any point in time, a particular participant may detect that another participant is deviating from the protocol and is therefore malicious. It should be noted that the term“malicious” refers to any reason for the failure to follow the protocol, such as software bug, hardware failure, cyber-attack, etc. At this point, a common approach in MPC implementations is for the party to broadcast a“dispute” message indicating that it is in dispute with the malicious party. Note that a dispute message necessarily indicates that at least one party involved is malicious but does not necessarily indicate which one, as a malicious party could choose to broadcast a dispute message pointing to an honest one.
[00012] Some researchers have attempted to address the issues associated with
identifying the malicious party or node. By way of example, Tapus et al.
attempted to solve this problem in a very different setting by providing a serialization mechanism as opposed to an MPC implementation (see the List of Incorporated Literature References, Literature Reference No. 2). Notably, the work of Tapus et al. uses a protocol with a comparatively higher complexity than is desired in most implementations. Other group communication work
concentrates on developing a reliable multicast layer to achieve total order (see Literature Reference Nos. 3 and 4). For the purposes of a filesystem, for example, such an approach is not well fitted due to the lower level of the approach and the possibility of a very large number of multicast groups present in such systems.
The control of such ordering should ideally be at a higher level.
[00013] In other words, there are systems that address both total order at the
application layer and multi-group process membership (see Literature Reference Nos. 5 and 6). Some of these systems assume a hierarchy of the nodes they use to obtain global total ordering in the subgroups. Such methods are heavyweight, as in requiring significant amount of communication and significant delays, even when no nodes are malicious. [00014] Thus, a continuing need exists for a simple and effective protocol that requires very little computational overhead as compared to the prior art.
[00015] SUMMARY OF INVENTION
[00016] This disclosure is directed to a system and method for consensus ordering of broadcast messages. In various aspects, the system includes a plurality of nodes in a network. Each node has one or more processors and a memory. The memory is a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions, one or more nodes in the plurality of nodes perform several operations, such as:
agreeing on an order of two or more broadcast message derived events A and B on one or more networks;
wherein if a node sees event A longer than a predetermined time period (T6) before seeing event B, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees the event A and not the event B after waiting at least T6, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees both events A and event B within T6, then:
broadcasting a request for a vote on message ordering;
executing a consensus broadcast reception protocol for the votes; and
making an ordering decision based on the votes received.
[00017] In another aspect, one or more nodes further perform an operation of
observing, by each node in the network, one or more broadcast message derived events, A and B, in some order, such that upon receipt, the system proceeds to perform the operation of agreeing on an order of two or more message derived events A and B.
[00018] In yet another aspect, one or more nodes further perform an operation of broadcasting a dispute message, such that the dispute message is transmitted by a first node to indicate that the first node accuses the second node of failing to follow protocol.
[00019] In yet another aspect, one or more nodes further perform an operation of designating a node in the network as a known malicious node, based on a number of other nodes with which the given node has disputes.
[00020] In another aspect, the known malicious node is a sensor in a network, where the sensor is isolated from the network such that signals from the sensor are discarded by honest nodes in the network.
[00021] In another aspect, the consensus broadcast reception protocol is based on a consensus ordering between a time message derived event A is received and between either the time the sender of the message derived event A became known malicious, or an offset from such time, such that:
if the message derived event A is received“consensus-before” the sender became known malicious, or an offset from such time, then consensus-receive amongst honest nodes an actual value of the message derived event A; or
if the sender node becomes known malicious, or an offset from such time is“consensus-before” its network broadcast is received, then consensus-receive amongst the honest nodes a value of zero of the message derived event A.
[00022] In another aspect, ordering of the two or more broadcast message derived events A and B modify a shared state, such that a consensus ordering protocols is used to maintain a consistent view of the shared state to ensure that whenever ordering of modifications could result in different end states, honest nodes are notified of which order to use.
[00023] Finally, the present invention also includes a computer program product and a computer implemented method. The computer program product includes computer-readable instructions stored on a non-transitory computer-readable medium that are executable by a computer having one or more processors, such that upon execution of the instructions, the one or more processors of one or more nodes perform the operations listed herein. Alternatively, the computer implemented method includes an act of causing a computer to execute such instructions and perform the resulting operations.
[00024] BRIEF DESCRIPTION OF THE DRAWINGS
[00025] The objects, features and advantages of the present invention will be apparent from the following detailed descriptions of the various aspects of the invention in conjunction with reference to the following drawings, where:
[00026] FIG. 1 is a block diagram depicting the components of a system according to various embodiments of the present invention;
[00027] FIG. 2 is an illustration of a computer program product embodying an aspect of the present invention; and
[00028] FIG. 3 is a flowchart illustrating a process for consensus ordering according to various aspects of the present invention;
[00029] FIG. 4 is a flowchart illustrating a consensus broadcast reception protocol according to various aspects of the present invention; and
[00030] FIG. 5 is a flowchart illustrating a vote count protocol according to various aspects of the present invention. [00031 ] DETAILED DESCRIPTION
[00032] The present invention relates to a system and method for multi-party network protocols and, more specifically, to a system and method for implementing a protocol where messages are processed based on a consensus ordering amongst the nodes in the protocol. A non-limiting example of such a protocol that can implement the system is a multi-party network (e.g., multi-party computation (MPC)). Messages are broadcast without any regard to consensus ordering. Once a broadcast message arrives at the recipient, the recipient needs to process it in a consensus order (that is - the correct functionality in some other part of the system depends on making sure that all“honest” recipients of a set of broadcast messages consume them in identical order, even if the order in which the messages initially arrived is potentially different at every recipient). [00033] The following description is presented to enable one of ordinary skill in the art to make and use the invention and to incorporate it in the context of particular applications. Various modifications, as well as a variety of uses in different applications will be readily apparent to those skilled in the art, and the general principles defined herein may be applied to a wide range of aspects. Thus, the present invention is not intended to be limited to the aspects presented, but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
[00034] In the following detailed description, numerous specific details are set forth in order to provide a more thorough understanding of the present invention.
However, it will be apparent to one skilled in the art that the present invention may be practiced without necessarily being limited to these specific details. In other instances, well-known structures and devices are shown in block diagram form, rather than in detail, in order to avoid obscuring the present invention. [00035] The reader’s attention is directed to all papers and documents which are filed concurrently with this specification and which are open to public inspection with this specification, and the contents of all such papers and documents are incorporated herein by reference. All the features disclosed in this specification,
(including any accompanying claims, abstract, and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise. Thus, unless expressly stated otherwise, each feature disclosed is one example only of a generic series of equivalent or similar features.
[00036] Furthermore, any element in a claim that does not explicitly state“means for” performing a specified function, or“step for” performing a specific function, is not to be interpreted as a“means” or“step” clause as specified in 35 U.S.C.
Section 112, Paragraph 6. In particular, the use of“step of’ or“act of’ in the claims herein is not intended to invoke the provisions of 35 U.S.C. 112, Paragraph
6
[00037] Before describing the invention in detail, first a list of cited references is
provided. Next, a description of the various principal aspects of the present invention is provided. Subsequently, an introduction provides the reader with a general understanding of the present invention. Finally, specific details of various embodiment of the present invention are provided to give an understanding of the specific aspects. [00038] (1) List of Incorporated Literature References
[00039] The following references are cited throughout this application. For clarity and convenience, the references are listed herein as a central resource for the reader. The following references are hereby incorporated by reference as though fully set forth herein. The references are cited in the application by referring to the corresponding literature reference number, as follows:
1. G. Bracha. An asynchronous [(n-l)/3]-resilient consensus protocol. In T.
Kameda, J. Misra, J. Peters, and N. Santoro, editors, Proceedings of the Third Annual ACM Symposium on Principles of Distributed Computing , Vancouver, B. C., Canada, August 27-29, 1984, pages 154-162. ACM, 1984.
2. Cristian Tapus, Aleksey Nogin, Jason Hickey, and Jerome White. A
Simple Serializability Mechanism for a Distributed Objects System. In David A. Bader and Ashfaq A. Khokhar, editors, Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems (PDCS-2004). International Society for Computers and Their Applications (ISCA), 2004.
3. G. V. Chockler, N. Huleihel, and D. Dolev. An adaptive totally ordered multicast protocol that tolerates partitions. In Proceedings of the seventeenth annual ACM symposium on Principles of distributed computing , pages 237-246. ACM Press, 1998.
4. George Coulouris, Jean Dollimore, and Tim Kindberg. Distributed Systems: Concepts and Design. Addison- Wesley, fifth edition, Chapters 15-17 (2012).
5. Paul D. Ezhilchelvan, Raimundo A. Mac'edo, and Santosh K. Shrivastava.
Newtop: a fault-tolerant group communication protocol. In Proceedings of the 15th International Conference on Distributed Computing Systems (ICDCS’95), page 296. IEEE Computer Society, 1995.
6. L. E. Moser, P. M. Melliar-Smith, D. A. Agarwal, R. K. Budhia, and C. A.
Lingley-Papadopoulos. Totem: a fault-tolerant multicast group communication system. Commun. ACM, 39(4):54-63, 1996.
[00040] (2) Principal Aspects [00041] Various embodiments of the invention include three“principal” aspects. The first is a system for system. The system is typically in the form of a computer system or several computer systems in a network operating software or in the form of a“hard-coded” instruction set. This system may be incorporated into a wide variety of devices that provide different functionalities. The second principal aspect is a method, typically in the form of software, operated using a data processing system (computer). The third principal aspect is a computer program product. The computer program product generally represents computer- readable instructions stored on a non-transitory computer-readable medium such as an optical storage device, e.g., a compact disc (CD) or digital versatile disc (DVD), or a magnetic storage device such as a floppy disk or magnetic tape. Other, non-limiting examples of computer-readable media include hard disks, read-only memory (ROM), and flash-type memories. These aspects will be described in more detail below.
[00042] A block diagram depicting an example of at least one computer in the system of the present invention is provided in FIG. 1. For example, when implemented in a network with multiple nodes, each node is an independent computer system that communicates with other nodes in the network. Thus, FIG. 1 provides a non limiting example of at least one of those computer systems 100. Note that the system and method as described herein can be implemented on servers in the cloud as well as desktops. The computer system 100 can be a typical computer or, in other aspects, mobile devices as well as IoT devices (e.g., sensor network), or even a set of control computers on an airplane or other platform that uses the protocol (e.g., a multi-party computation protocol, etc.) for fault tolerance and cybersecurity purposes.
[00043] In various embodiments, computer system 100 is configured to perform
calculations, processes, operations, and/or functions associated with a program or algorithm. In one aspect, certain processes and steps discussed herein are realized as a series of instructions (e.g., software program) that reside within computer readable memory units and are executed by one or more processors of the computer system 100. When executed, the instructions cause the computer system 100 to perform specific actions and exhibit specific behavior, such as described herein.
[00044] The computer system 100 may include an address/data bus 102 that is
configured to communicate information. Additionally, one or more data processing units, such as a processor 104 (or processors), are coupled with the address/data bus 102. The processor 104 is configured to process information and instructions. In an aspect, the processor 104 is a microprocessor. Alternatively, the processor 104 may be a different type of processor such as a parallel processor, application-specific integrated circuit (ASIC), programmable logic array (PLA), complex programmable logic device (CPLD), or a field
programmable gate array (FPGA).
[00045] The computer system 100 is configured to utilize one or more data storage units. The computer system 100 may include a volatile memory unit 106 (e.g., random access memory ("RAM"), static RAM, dynamic RAM, etc.) coupled with the address/data bus 102, wherein a volatile memory unit 106 is configured to store information and instructions for the processor 104. The computer system 100 further may include a non-volatile memory unit 108 (e.g., read-only memory ("ROM"), programmable ROM ("PROM"), erasable programmable ROM
("EPROM"), electrically erasable programmable ROM "EEPROM"), flash memory, etc.) coupled with the address/data bus 102, wherein the non-volatile memory unit 108 is configured to store static information and instructions for the processor 104. Alternatively, the computer system 100 may execute instructions retrieved from an online data storage unit such as in“Cloud” computing. In an aspect, the computer system 100 also may include one or more interfaces, such as an interface 110, coupled with the address/data bus 102. The one or more interfaces are configured to enable the computer system 100 to interface with other electronic devices and computer systems. The communication interfaces implemented by the one or more interfaces may include wireline (e.g., serial cables, modems, network adaptors, etc.) and/or wireless (e.g., wireless modems, wireless network adaptors, etc.) communication technology.
[00046] In one aspect, the computer system 100 may include an input device 112
coupled with the address/data bus 102, wherein the input device 112 is configured to communicate information and command selections to the processor 100. In accordance with one aspect, the input device 112 is an alphanumeric input device, such as a keyboard, that may include alphanumeric and/or function keys.
Alternatively, the input device 112 may be an input device other than an alphanumeric input device. In an aspect, the computer system 100 may include a cursor control device 114 coupled with the address/data bus 102, wherein the cursor control device 114 is configured to communicate user input information and/or command selections to the processor 100. In an aspect, the cursor control device 114 is implemented using a device such as a mouse, a track-ball, a track pad, an optical tracking device, or a touch screen. The foregoing notwithstanding, in an aspect, the cursor control device 114 is directed and/or activated via input from the input device 112, such as in response to the use of special keys and key sequence commands associated with the input device 112. In an alternative aspect, the cursor control device 114 is configured to be directed or guided by voice commands.
[00047] In an aspect, the computer system 100 further may include one or more
optional computer usable data storage devices, such as a storage device 116, coupled with the address/data bus 102. The storage device 116 is configured to store information and/or computer executable instructions. In one aspect, the storage device 116 is a storage device such as a magnetic or optical disk drive (e.g., hard disk drive ("HDD"), floppy diskette, compact disk read only memory ("CD-ROM"), digital versatile disk ("DVD")). Pursuant to one aspect, a display device 118 is coupled with the address/data bus 102, wherein the display device 118 is configured to display video and/or graphics. In an aspect, the display device 118 may include a cathode ray tube ("CRT"), liquid crystal display ("LCD"), field emission display ("FED"), plasma display, or any other display device suitable for displaying video and/or graphic images and alphanumeric characters recognizable to a user.
[00048] The computer system 100 presented herein is an example computing
environment in accordance with an aspect. However, the non-limiting example of the computer system 100 is not strictly limited to being a computer system. For example, an aspect provides that the computer system 100 represents a type of data processing analysis that may be used in accordance with various aspects described herein. Moreover, other computing systems may also be implemented. Indeed, the spirit and scope of the present technology is not limited to any single data processing environment. Thus, in an aspect, one or more operations of various aspects of the present technology are controlled or implemented using computer-executable instructions, such as program modules, being executed by a computer. In one implementation, such program modules include routines, programs, objects, components and/or data structures that are configured to perform particular tasks or implement particular abstract data types. In addition, an aspect provides that one or more aspects of the present technology are implemented by utilizing one or more distributed computing environments, such as where tasks are performed by remote processing devices that are linked through a communications network, or such as where various program modules are located in both local and remote computer- storage media including memory- storage devices. [00049] An illustrative diagram of a computer program product (i.e., storage device) embodying the present invention is depicted in FIG. 2. The computer program product is depicted as floppy disk 200 or an optical disk 202 such as a CD or DVD. However, as mentioned previously, the computer program product generally represents computer-readable instructions stored on any compatible non-transitory computer-readable medium. The term“instructions” as used with respect to this invention generally indicates a set of operations to be performed on a computer, and may represent pieces of a whole program or individual, separable, software modules. Non-limiting examples of“instruction” include computer program code (source or object code) and“hard-coded” electronics (i.e. computer operations coded into a computer chip). The“instruction” is stored on any non-transitory computer-readable medium, such as in the memory of a computer or on a floppy disk, a CD-ROM, and a flash drive. In either event, the instructions are encoded on a non-transitory computer-readable medium.
[00050] (3) Introduction
[00051] This disclosure provides a networking protocol for multiple nodes (e.g.,
computer systems or other devices capable of implementing such a protocol) on a network that supports broadcast operations. The broadcast operations are transmissions such that if at least one recipient receives the message, then all recipients participating in the exchange would receive the same message, even if the sender is trying to“cheat”. This property can be ensured either by network hardware, such as an Infmiband fabric, or via a separate underlying broadcast subprotocol, such as the Bracha’s asynchronous broadcast protocol (see Literature
Reference No. 1); where the broadcasts from a given sender are always received in the order they were sent, and where there is a limit on how long a particular broadcast operation can take before it completes. [00052] Further, a setting is assumed where up to t participants (t is a public parameter and for this protocol can be as large as (n-l)/2) can be malicious and violate the protocol in arbitrary manner. The remaining nodes (referred to as“honest”) would follow the protocol as defined in this disclosure.
[00053] The protocol is designed to allow a global agreement (among non-malicious nodes or“honest” nodes) on the ordering between two or more broadcast events. For example, if two different senders broadcast at approximately the same time and different recipients see the broadcasts in different order, then the protocol would result in some consensus ordering, where all honest nodes agree to consider the two events as happening in a particular order. When all non- malicious nodes see the events in the same order (e.g. if they happened far apart), then the consensus ordering would coincide with that. The protocol is capable of ordering any broadcast-based events, not just individual broadcasts (e.g., ordering “10 seconds after broadcasts A, B, and C were all received” vs“broadcast D was received”).
[00054] The importance of such consensus ordering lies in it enabling the honest nodes to maintain a consistent global state without having to have any further coordination. As just one example, if all honest nodes start with an identical representation of some global state that they do not necessarily have direct visibility into, and each broadcast operation implies a particular change to that state, then making sure that all honest nodes agree on the order of such changes would be sufficient for them to maintain a consistent view of that global state without any further synchronization. Additional protocols could then take further advantage of this consistent global state. Examples of such a global state would include a distributed database, a distributed filesystem, and a distributed agreement on which nodes are malicious and to be ignored and/or isolated from the relevant network. [00055] This protocol of the present disclosure was developed for at least the following scenario and can be implemented in a variety of applications, including shared states, sensor networks, etc. Thus, it should be understood that although a multi-party computation (MPC) protocol is described herein, it is used for illustrative purposes of one example embodiment and that the invention is not intended to be limited thereto. Suppose that the nodes perform some common tasks using a secure MPC protocol. At any point in time, a particular participant may detect that another participant is deviating from the protocol and is therefore malicious. At this point, a common approach in MPC implementations is for the party to broadcast a“dispute” message indicating that it is in dispute with the malicious party. A dispute message is some sort of a message from a party indicating that they have a dispute with another party, such as“[I have a] dispute with X”. A typical network protocol would have a notion of a“header”, where one field of the header would be designated as“message type”, and a message body. An example implementation would send a message, where the message type field in the header would contain a numerical value assigned by the protocol designer to indicate the“dispute” message type, and the body would just be the identification of the node that the sender is in dispute with.
[00056] Note that a dispute message necessarily indicates that at least one party
involved is malicious but does not necessarily indicate which one, as a malicious party could choose to broadcast a dispute message pointing to an honest one. However, once a single party P has a dispute with at least t+l other parties, it is known that at least one of the t+l must be honest (due to the threshold t assumption), and so P must be malicious. Since the broadcast disputes are seen by all participants, the fact that P must be malicious is known by all participants at this point and P is designated as“known malicious”. As part of the MPC implementation, it is common to disallow a known malicious party to contribute to the MPC computation; in those steps of the computation where that party would have normally provided input, an empty (zero) input is used instead. This eliminates both the potential interference and potential delays due to trying to get an input from the malicious party. However, if a party P broadcasts a message M, the correctness of the MPC protocol would often require that either all honest parties accept the message M, or all honest parties replace M with empty/zero message - but in either case, it must be consistent. This raises the need for a consensus among the honest parties as to whether M was broadcast before or after P became known malicious. The present protocol addresses this issue and includes an additional property that it does not introduce any delays into the underlying MPC processing, except for a l-time bounded delay every time a new entity becomes known malicious (which can only happen up to t times).
[00057] The system and method described herein provides a technological
improvement in the field of distributed protocols and allows for a significant speedup in systems that need such consistency and can be used in a variety of applications. For example, the protocol of the present disclosure can be used to allow distributed vehicles/aircraft to efficiently submit jobs or otherwise communicate with distributed servers in a secure manner.
[00058] (4) Specific Details of Various Embodiments
[00059] As noted above, the present disclosure provides a system implementing a networking protocol for multiple nodes through consensus ordering of broadcast messages. Before describing the protocol in detail, it is helpful to provide a preliminary understanding of concepts associated with the present protocol.
Further, provided below are also an overview of usage of the consensus ordering protocol, specifics of the consensus ordering protocol, a consensus broadcast reception protocol, and optimizations that can be implemented to improve performance for specific uses of the protocols. Each of these are described in turn and in further detail below.
[00060] (4.1) Concept Overview [00061] The protocol applies to a network where each party can send a group message to all other parties (possibly including itself). While the terminology of “broadcast” is broadly used for such message transmissions, it also encompasses other related technologies, such as multicast. This protocol also applies to networks where the broadcast propagation delay (the time between the message is sent and the time it is received by all participants) is bounded. The maximal propagation delay of a broadcast is denoted herein as“T4”. Further,“T6” is a predetermined time period and is denoted as a time period such that if a given node receives two broadcast messages more than a predetermined time period (i.e., T6) apart, it knows that all nodes received those messages in the same order.
It is easy to see that T6 is at most 2*T4 (one could use 2*T4 for simplicity, but the use of a separate T6 constant allows for more generality and assists in explicitly describing the invention). As noted above, an assumption is made that the network has a broadcast-like operation. It is further assumed that, however that operation is implemented, the relevant timing properties are known. In particular, it is known how long it can take for such operation to complete, once initiated. In other words, the worst-case broadcast completion time is denoted as T4. This implies that if two broadcast messages (from potentially different senders) are received at least 2*T4 apart, then it is guaranteed that all the recipients will see the messages in the same order. It may be possible to determine a time constant smaller than 2*T4 that would still have such property. Whatever the smallest known time period that has such a property is denoted as T6. Both are predetermined time periods constituting conservative estimates (conservative = can be larger than the potentially unknown true value, but cannot be smaller) of the worst-case timing properties of the broadcast implementation in the specific system. It is also easy to see that if the T6 bound holds for all broadcasts, then it also holds for events derived from broadcasts, such as:
1. “X became known malicious” that happens on each node when it receives “t+l”th dispute broadcasts for X (this is a derived event as different nodes see the dispute in different order and if, for example, more than t+l nodes broadcast that they have a dispute with X, then honest nodes may receive the subset of the first t+l disputes received at a particular node might not be the same across all nodes)
2 “Certain specific time have elapsed since a particular broadcast event”
[00062] (4.2) Overview of the Usage of the Consensus Ordering Protocol
[00063] The starting point for the consensus ordering protocol is that each node from a fixed set of nodes (each node knows what the set is) in a network receives the same broadcast messages in some order; subject to the T6 constraint that the order of the messages may differ from one receiver to another. The consensus ordering protocol that is at the heart of the present disclosure is executed by a larger system that incorporates such a protocol when there is a need for the larger system to “consistently” define an ordering between broadcast-derived events A and B.
[00064] Here,“consistently” means that the determination should be the same at all honest nodes. Note that this consistency would only be needed by such larger system when the ordering actually matters (for example, when both A and B are modifying the same portion of a global shared state, or when one of them is“X became known malicious” and the other is“X sent a broadcast” and there is a need to have an agreement on whether to accept the actual message sent by X, or to ignore X and accept 0 instead). To achieve this consistency the nodes would execute the consensus ordering protocol specified below. At the conclusion of the protocol each node outputs either“A consensus-before B”, or“B consensus- before A” and the protocol guarantees that all honest nodes would output the same result regardless of the behavior of dishonest nodes. For example, a system implementing a secure MPC protocol could use this protocol as discussed above. Another example could be a distributed file system or a distributed database ordering write/write or read/write races when they refer to the same data. Provided in further detail below are a pair of mutually interdependent algorithms; the consensus ordering protocol and the consensus broadcast reception protocol.
[00065] (4.3) Consensus Ordering Protocol
[00066] When implementing the consensus ordering protocol and as shown in FIG. 3, the protocol begins through any broadcast-derived events 300 of A and B. For example, each honest node begins by determining an order and timing of receipt of at least two messages, A and B. Thereafter, each honest node executes the following steps:
1. If A received more than T6 before B 302: If the honest node saw A more than T6 before seeing B, then output 308“A consensus-before B” (and similarly for“B consensus-before A”). For example, the protocol is executed after at least A and (in all cases other than 2) B were broadcast and received. These outputs are delivered to the larger system and then the larger system decides what the consequences of this are (the point is making sure that all honest nodes would arrive at the same answer).
2. If A received and not B 304: If it saw A, and has not seen B after waiting at least T6 after A, then output 310“A consensus-before B” (and similarly for“B consensus-before A”);
3. Both A and B received 306: If it saw both events within T6 of each other, then:
i. Broadcast a request for vote 312;
ii. Execute consensus broadcast reception protocol 314 described below to consensus-receive n votes, each being a number from 0 to 2 (vote of“0” is what gets received from known malicious nodes, vote of“1” designates a vote for“A before B”, vote of“2” designates a vote for“B before A”); 1. If (# of Os + # of“A after B” votes) < t+l, output“A consensus-before B” (and similarly for“B consensus- before A”);
2. If (# of 0s + # of“A after B” votes) >= t+l and (# of 0s + # of“B after A” votes) >= t+l :
a. Lemma (a property of this part of the consensus ordering protocol that makes it easier to see that the overall consensus ordering protocol has the desired property): If this happened (more generally - if there are honest votes on both sides), then all honest nodes have sent a request for vote;
b. Arbitrary tie-breaking is OK here, as long as it is consistent across all honest nodes. (That is, the present disclosure describes a family of
embodiments; any consistent method for tie- breaking at this step would be a workable embodiment of this invention);
c. When the consensus ordering protocol is used as a part of the consensus broadcast reception protocol, the following is the desired tie breaking process: consider that the sender became known malicious “consensus-before” the message was received (that is, break ties towards all honest nodes deciding to receive 0 instead of the actual message from node that became known-malicious);
Receive Request to Vote 320 and Add a Dispute or Vote 316: After receiving a request to vote from any node (including a node that the user may be operating) before it became known malicious (locally before, not “before”): i. If at least one event (either A or B) is seen locally more than 2*T6 before receiving the request, add a dispute with requestor;
ii. If at least one event (either A or B) still has not been seen locally more than T4 after receiving the request, add a dispute with requestor;
iii. If at least one event is seen locally, send a vote for which of the two happened first;
1. Lemma: will either see both events within T4, or within 2*T4+T6 the requestor would become designated as known malicious; and
iv. After an appropriate timeout, add a dispute with any node that did not vote for a request from a node that is not known malicious by the time the timeout expired.
5. Output a Consensus Ordering 318: After each participant casts their own vote, the protocol distributes amongst the nodes a consensus ordering, such as“A consensus-before B” or“B consensus-before A”, depending on result of each vote.
[00067] Note that Step 4 is a supporting step in that the other steps are directed to how a particular node decides its own output, while Step 4 is directed to helping other nodes make a decision which is an independent sequence as shown in FIG. 3. In Step 3ii, the protocol needs to wait until there are n votes. Of course, malicious nodes may refuse to vote, but if a node maliciously delays its vote too much, then it would result in: 1) A dispute being added with that node in Step 4.iv (unless there was already a dispute), 2) As each honest node gets to Step 4.iv, there will eventually be t+l disputes (as there are at least t+l honest nodes) disputes and the node would become known malicious (as discussed above), and 3) Now it becomes possible to replace the anticipated vote from the known malicious node with 0 (again, as discussed above), and that eventually brings the total number of votes to n.
[00068] (4.4) Consensus Broadcast Reception Protocol
[00069] The consensus broadcast reception protocol is used to guarantee that all nodes in the network consensus-receive the same value. In operation and as shown in FIG. 4, the consensus broadcast reception protocol process proceeds as follows:
1. Each time a network broadcast is received from a sender 400, utilize the consensus ordering between the time the broadcast is received and between the time the sender of the broadcast became known malicious
(which is a broadcast derived event);
i. 402: If network broadcast is received“consensus-before” the sender became known malicious, consensus-receive an actual value of that network broadcast, or
ii. 404: If the sender node becomes known malicious“consensus- before” its network broadcast is received, consensus-receive a value of 0.
[00070] (4.5) Optimizations to Improve Performance for Specific Uses of the
Protocols
[00071] The present disclosure also provides an alternative shifted consensus
broadcast reception protocol that is optimized for use cases where the discovery of malicious nodes is a rare event. A rare event is case specific depending on the particular implementation and developer. As a non-limiting example, discovery of a malicious node more than Z (e.g., more than one time every month, etc.) could be pre-defmed as a rare event. In such a scenario, the system implements the basic consensus broadcast reception protocol described above, replacing “sender became known malicious” with“T6 after the sender became known malicious”. [00072] By shifting the“uncertainty” period (the period where the reception of the network broadcast message would result in the consensus ordering protocol called by the consensus broadcast protocol being required to execute its voting step 3) from [-T6;T6] interval around the sender became known malicious to [0;2*T6] around it, the system allows all messages from senders that have not yet become known malicious to be processed right away. The“uncertainty” period is the period where the reception of the network broadcast message would result in the consensus ordering protocol called by the consensus broadcast protocol being required to execute its voting step 3 above. The cost of shifting the uncertainty period is doubling the length of period when the system may be willing to wait for and accept broadcasts from nodes that just became known malicious, before the network or system can start completely ignoring them (e.g., block broadcasts from the node, isolating broadcasts from the node for review only by an administrator node while terminating broadcasts to other nodes in the network).
[00073] Similarly, in the consensus ordering protocol, a helpful optimization is to use the consensus broadcast reception protocol shifted in the other direction. This would have the effect of being able to not take any votes from the known- malicious nodes, while having to wait 2*T6 before accepting any vote from a non-known-malicious node. The benefit is that this would limit unnecessary recursion (that is, the number of times the two protocols could end up recursively calling each other before any of them can be successfully completed) - any recursion would happen only if another node becomes known-malicious shortly after the initial one that triggered voting in the first place. To clarify the above, the recursion happens whenever the consensus ordering protocol calls the consensus broadcast reception protocol in step 3(ii), since that would in turn call the consensus ordering protocol. [00074] Once the two above optimizations are taken, the final optimization is to batch the votes that the consensus ordering protocol takes in service of a consensus broadcast reception protocol, which results in the following optimized consensus broadcast protocol as shown in FIG. 5 :
1. 500: When a new network broadcast is received, and the sender is not known malicious, consensus-receive it right away;
2. 502: Once a sender becomes known malicious, start a timer that proceeds until the uncertainty period (the period of time that starts when a sender becomes known malicious and ends 2><T6 after than) ends 2><T6 later;
3. 504: When a new network broadcast is received, and the sender is in the uncertainty period, queue the message for later voting;
4. 506: When the uncertainty period ends with respect to a particular sender, call for a vote for all queued messages for that sender (a single request for vote message could be used to call for votes for a range of messages), and follow the remainder of the consensus ordering protocol (Steps 3-4), and then the remainder of the consensus broadcast reception protocol (Steps l(i)-l(ii)).
5. 508: When a new network broadcast is received, and the sender was known malicious for longer than the uncertainty period, consensus-receive a value of 0. (For example, if the message is a vote,“0”,“1”, and“2” are legitimate values, and in this case the vote from a known-malicious sender will be replaced with“0” regardless of what it actually was). [00075] (4.6) Example Implementations
[00076] As can be understood by those skilled in the art, there are several applications in which the protocols described herein can be implemented. For example, if there are multiple redundant electronic control units in a vehicle (e.g., a car or in an airplane that receive data from the sensors), it is important for the control units to have a consistent view of the sensor data, so that their own state is consistent. In this example, the control units can use this protocol to create a consensus ordering of sensor data, of decisions to consider a particular sensor faulty, and of decisions to consider one of the redundant controllers faulty. This allows the multiple control units to maintain the same view of the state of the overall system. In this example, if the control units have a consistent view that one of the sensors is faulty, the system could then isolate or otherwise stop receiving data from the relevant sensor (as it is deemed“malicious” in this context). As yet another example, if the control units have a consistent view that one of the redundant controllers is faulty, that particular faulty controller can be isolated or otherwise removed from communications with the remaining control units.
[00077] Finally, while this invention has been described in terms of several
embodiments, one of ordinary skill in the art will readily recognize that the invention may have other applications in other environments. It should be noted that many embodiments and implementations are possible. Further, the following claims are in no way intended to limit the scope of the present invention to the specific embodiments described above. In addition, any recitation of“means for” is intended to evoke a means-plus-function reading of an element and a claim, whereas, any elements that do not specifically use the recitation“means for”, are not intended to be read as means-plus-function elements, even if the claim otherwise includes the word“means”. Further, while particular method steps have been recited in a particular order, the method steps may occur in any desired order and fall within the scope of the present invention.

Claims

CLAIMS What is claimed is:
1. A system for consensus ordering of broadcast messages, the system comprising:
a plurality of nodes in a network, each node having one or more processors and a memory, the memory being a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions, one or more nodes in the plurality of nodes perform operations of:
agreeing on an order of two or more broadcast message derived events A and B on one or more networks;
wherein if a node sees event A longer than a predetermined time period (T6) before seeing event B, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees the event A and not the event B after waiting at least T6, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees both events A and event B within T6, then:
broadcasting a request for a vote on message ordering;
executing a consensus broadcast reception protocol for the votes; and
making an ordering decision based on the votes received.
2. The system as set forth in Claim 1, further comprising an operation of observing, by each node in the network, one or more broadcast message derived events, A and B, in some order, such that upon receipt, the system proceeds to perform the operation of agreeing on an order of two or more message derived events A and B.
3. The system as set forth in Claim 2, further comprising an operation of
broadcasting a dispute message, such that the dispute message is transmitted by a first node to indicate that the first node accuses the second node of failing to follow protocol.
4. The system as set forth in Claim 3, further comprising an operation of designating a node in the network as a known malicious node, based on a number of other nodes with which the given node has disputes.
5. The system as set forth in Claim 4, wherein the known malicious node is a sensor in a network, where the sensor is isolated from the network such that signals from the sensor are discarded by honest nodes in the network.
6. The system as set forth in Claim 4, wherein the consensus broadcast reception protocol is based on a consensus ordering between a time message derived event A is received and between either the time the sender of the message derived event A became known malicious, or an offset from such time, such that:
if the message derived event A is received“consensus-before” the sender became known malicious, or an offset from such time, then consensus-receive amongst honest nodes an actual value of the message derived event A; or
if the sender node becomes known malicious, or an offset from such time is“consensus-before” its network broadcast is received, then consensus-receive amongst the honest nodes a value of zero of the message derived event A.
7. The system as set forth in Claim 1, wherein ordering of the two or more broadcast message derived events A and B modify a shared state, such that a consensus ordering protocols is used to maintain a consistent view of the shared state to ensure that whenever ordering of modifications could result in different end states, honest nodes are notified of which order to use.
8. A computer implemented method for consensus ordering of broadcast messages, the method comprising an act of causing one or more of a plurality of nodes in a network to execute instructions stored on a non-transitory computer readable medium, such that upon execution of the instructions, one or more nodes in the plurality of nodes perform operations of:
agreeing on an order of two or more broadcast message derived events A and B on one or more networks;
wherein if a node sees event A longer than a predetermined time period (T6) before seeing event B, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees the event A and not the event B after waiting at least T6, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees both events A and event B within T6, then:
broadcasting a request for a vote on message ordering;
executing a consensus broadcast reception protocol for the votes; and
making an ordering decision based on the votes received.
9. The method as set forth in Claim 8, further comprising an operation of observing, by each node in the network, one or more broadcast message derived events, A and B, in some order, such that upon receipt, The method proceeds to perform the operation of agreeing on an order of two or more message derived events A and B.
10. The method as set forth in Claim 9, further comprising an operation of
broadcasting a dispute message, such that the dispute message is transmitted by a first node to indicate that the first node accuses the second node of failing to follow protocol.
11. The method as set forth in Claim 10, further comprising an operation of
designating a node in the network as a known malicious node, based on a number of other nodes with which the given node has disputes.
12. The method as set forth in Claim 11, wherein the known malicious node is a sensor in a network, where the sensor is isolated from the network such that signals from the sensor are discarded by honest nodes in the network.
13. The method as set forth in Claim 11, wherein the consensus broadcast reception protocol is based on a consensus ordering between a time message derived event A is received and between either the time the sender of the message derived event A became known malicious, or an offset from such time, such that:
if the message derived event A is received“consensus-before” the sender became known malicious, or an offset from such time, then consensus-receive amongst honest nodes an actual value of the message derived event A; or
if the sender node becomes known malicious, or an offset from such time is“consensus-before” its network broadcast is received, then consensus-receive amongst the honest nodes a value of zero of the message derived event A.
14. The method as set forth in Claim 8, wherein ordering of the two or more
broadcast message derived events A and B modify a shared state, such that a consensus ordering protocols is used to maintain a consistent view of the shared state to ensure that whenever ordering of modifications could result in different end states, honest nodes are notified of which order to use.
15. A computer program product for consensus ordering of broadcast messages, the system comprising:
a non-transitory computer-readable medium having executable instructions encoded thereon, such that upon execution of the instructions by one or more processors, the one or more processors cause one or more of a plurality of nodes in a network to perform operations of:
agreeing on an order of two or more broadcast message derived events A and B on one or more networks;
wherein if a node sees event A longer than a predetermined time period (T6) before seeing event B, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees the event A and not the event B after waiting at least T6, then outputting“A consensus-before B” as a consensus broadcast ordering;
wherein if the node sees both events A and event B within T6, then:
broadcasting a request for a vote on message ordering;
executing a consensus broadcast reception protocol for the votes; and
making an ordering decision based on the votes received.
16. The computer program product as set forth in Claim 15, further comprising
instructions for causing an operation of observing, by each node in the network, one or more broadcast message derived events, A and B, in some order, such that upon receipt, The computer program product proceeds to perform the operation of agreeing on an order of two or more message derived events A and B.
17. The computer program product as set forth in Claim 16, further comprising
instructions for causing an operation of broadcasting a dispute message, such that the dispute message is transmitted by a first node to indicate that the first node accuses the second node of failing to follow protocol.
18. The computer program product as set forth in Claim 17, further comprising
instructions for causing an operation of designating a node in the network as a known malicious node, based on a number of other nodes with which the given node has disputes.
19. The computer program product as set forth in Claim 18, wherein the known
malicious node is a sensor in a network, where the sensor is isolated from the network such that signals from the sensor are discarded by honest nodes in the network.
20. The computer program product as set forth in Claim 18, wherein the consensus broadcast reception protocol is based on a consensus ordering between a time message derived event A is received and between either the time the sender of the message derived event A became known malicious, or an offset from such time, such that:
if the message derived event A is received“consensus-before” the sender became known malicious, or an offset from such time, then consensus-receive amongst honest nodes an actual value of the message derived event A; or
if the sender node becomes known malicious, or an offset from such time is“consensus-before” its network broadcast is received, then consensus-receive amongst the honest nodes a value of zero of the message derived event A.
21. The computer program product as set forth in Claim 15, wherein ordering of the two or more broadcast message derived events A and B modify a shared state, such that a consensus ordering protocols is used to maintain a consistent view of the shared state to ensure that whenever ordering of modifications could result in different end states, honest nodes are notified of which order to use.
EP19847544.4A 2018-08-09 2019-06-24 System and method for consensus ordering of broadcast messages Pending EP3834366A4 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201862716680P 2018-08-09 2018-08-09
US201862722754P 2018-08-24 2018-08-24
US16/433,928 US10887092B2 (en) 2018-08-09 2019-06-06 Anonymous allocation and majority voting in a compromised environment
PCT/US2019/038724 WO2020033048A1 (en) 2018-08-09 2019-06-24 System and method for consensus ordering of broadcast messages

Publications (2)

Publication Number Publication Date
EP3834366A1 true EP3834366A1 (en) 2021-06-16
EP3834366A4 EP3834366A4 (en) 2022-04-27

Family

ID=69415574

Family Applications (1)

Application Number Title Priority Date Filing Date
EP19847544.4A Pending EP3834366A4 (en) 2018-08-09 2019-06-24 System and method for consensus ordering of broadcast messages

Country Status (3)

Country Link
EP (1) EP3834366A4 (en)
CN (1) CN112425120B (en)
WO (1) WO2020033048A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113794566B (en) * 2021-08-25 2022-06-03 清华大学 Re-voting binary consensus method, device and storage medium
CN114710374B (en) * 2022-03-14 2023-04-18 中国科学院软件研究所 Asynchronous block chain consensus method and system for data broadcasting and consensus decoupling
CN116170153B (en) * 2023-01-19 2024-06-21 清华大学 Asynchronous public subset consensus method and device

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6356857B1 (en) * 1998-08-17 2002-03-12 Aspen Technology, Inc. Sensor validation apparatus and method
US7031308B2 (en) * 2000-10-30 2006-04-18 The Regents Of The University Of California Tree-based ordered multicasting method
US6931431B2 (en) * 2001-01-13 2005-08-16 International Business Machines Corporation Agreement and atomic broadcast in asynchronous networks
US7957355B1 (en) * 2005-05-27 2011-06-07 Heiferling Mark J Swarm autonomous routing algorithm for mobile ad hoc network communications
US8521078B2 (en) * 2008-03-21 2013-08-27 Qualcomm Incorporated Common interface protocol for sending FR-RDS messages in wireless communication systems
GB2474074A (en) * 2009-10-05 2011-04-06 Your View Ltd Electronic voting
US9032466B2 (en) * 2010-01-13 2015-05-12 Qualcomm Incorporated Optimized delivery of interactivity event assets in a mobile broadcast communication system
US9569253B1 (en) * 2012-06-04 2017-02-14 Google Inc. Ensuring globally consistent transactions
FR3026911B1 (en) * 2014-10-01 2017-11-03 B<>Com METHOD FOR PROCESSING INTRUSION IN A WIRELESS COMMUNICATION NETWORK, DEVICE, AND COMPUTER PROGRAM
US9875510B1 (en) * 2015-02-03 2018-01-23 Lance Kasper Consensus system for tracking peer-to-peer digital records
US9568943B1 (en) * 2015-04-27 2017-02-14 Amazon Technologies, Inc. Clock-based distributed data resolution
US9390154B1 (en) * 2015-08-28 2016-07-12 Swirlds, Inc. Methods and apparatus for a distributed database within a network
CN106529951A (en) * 2016-12-30 2017-03-22 杭州云象网络技术有限公司 Node consensus verification method under league chain network through asynchronous mode
CN107196772B (en) * 2017-03-24 2020-03-13 创新先进技术有限公司 Method and device for broadcasting message
CN110430064B (en) * 2017-03-30 2020-12-04 腾讯科技(深圳)有限公司 Block chain system, message processing method and storage medium
CN107341660B (en) * 2017-05-27 2021-06-29 唐盛(北京)物联技术有限公司 Block chain bottom layer consensus mechanism and block chain system based on same

Also Published As

Publication number Publication date
CN112425120B (en) 2023-05-23
EP3834366A4 (en) 2022-04-27
WO2020033048A1 (en) 2020-02-13
CN112425120A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
US11321303B2 (en) Conflict resolution for multi-master distributed databases
US8769536B2 (en) Processing a batched unit of work
WO2020033048A1 (en) System and method for consensus ordering of broadcast messages
US11604811B2 (en) Systems and methods for adaptive data replication
US8984530B2 (en) Queued message dispatch
Townend et al. Fault tolerance within a grid environment
US20120102355A1 (en) Consistent messaging with replication
EP2639759A1 (en) Aggregation and semantic modeling of tagged content
EP3674909A1 (en) Data transaction processing method, device, and electronic device
EP2921974A1 (en) Data restoration method and system
US20180167475A1 (en) Dynamic distribution of persistent data
CN110968586A (en) Distributed transaction processing method and device
EP4030314A1 (en) Blockchain-based data processing method, apparatus and device, and readable storage medium
CN110727507B (en) Message processing method and device, computer equipment and storage medium
US10862908B2 (en) System and method for consensus ordering of broadcast messages
EP4198861A1 (en) Information processing method and apparatus for blockchain network, and device and storage medium
CN105373563B (en) Database switching method and device
CN111282263A (en) Event message processing method and device, electronic equipment and readable storage medium
Shen et al. Achieving data consistency by contextualization in web-based collaborative applications
CN112825525B (en) Method and apparatus for processing transactions
CN112202724A (en) Data aggregation method and device of all-in-one arrangement mode
CN109062642B (en) Control message notification method and device
CN107949856B (en) Email parking lot
US9904724B1 (en) Method and apparatus for message based security audit logging
US20240311807A1 (en) Blockchain-based transaction processing method, apparatus, and device, computer-readable storage medium, and computer program product

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20201211

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
A4 Supplementary search report drawn up and despatched

Effective date: 20220325

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 12/18 20060101AFI20220321BHEP

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230525

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20240131