On the below link, there is a paragraph that says:
http://www.coindesk.com/stellar-ripple-hyperledger-rivals-bitcoin-proof-work/
“Each node publishes a public key. Any message coming through the node is signed by the node to verify its format. Once enough responses that are identical are reached, then you can agree that is a valid transaction.”
My Understanding:
Once a transaction
Consensus is a mechanism by which the nodes in the blockchain decide that a transaction block can be appended to the blockchain. There are many consensus mechanisms - for example, Bitcoin uses a consensus mechanism called Proof of work, ethereum uses a consensus mechanism called Proof of stake. The consensus can be at a ledger level (all nodes have to agree) or transaction level (only the transacting nodes have to agree) In case of Hyperledger, consensus is at transaction level, meaning not all nodes need to engage in the consensus mechanism. Only the two transacting parties can engage and arrive at a consensus. Detailed technical explanation of PBFT (practical byzantine fault tolerance) based Hyperledger Fabric consensus is explained in this link:
http://hyperledger-fabric.readthedocs.io/en/release/txflow.html
A less technical explanation can be found here: this also talks about the different roles the nodes take in Hyperledger Fabric
https://medium.com/#philippsandner/comparison-of-ethereum-hyperledger-fabric-and-corda-21c1bb9442f6
Hyperledger is an umbralla project aims at creating a modulus approach for assembling the blockchain solutions. It has a layered architecture including a separate consensus layer. The goal is you should be able to switch in-and-out the consensus policy of your business need
This table from Hyperledger
Architecture, Volume 1
gives you examples of its consensus approaches in various child projects.
In this type of consensus:
A transaction is performed, i.e. someone buys something from someone
else.
The person who desires for this transaction to become a legitimate
block on the blockchain will send out a cryptographic hash.
The hash is a function which scrambles its inputs and creates an
output.
There is no easy way to solve for the original inputs so peers will
put random numbers into the function in an attempt to find the inputs that created the hash.
After enough of these peers have independently solved the problem
then the transaction is considered legitimate and the transaction
goes on the ledger.
In the bitcoin model, this means the bitcoins are immediately moved to the other party's account.
The number of peers needed to validate the transaction is often calculated by a Byzantine fault tolerance algorithm. You can read the full paper at the link below but it basically means that the system needs:
n = 2f + 1 peers to agree where n is the total number of peers
and f is the number of failing peers.
For example, if you have 4 peers then according to the algorithm three of them must agree before consensus can be achieved.
Here is the example with 4 peers:
n = 4
4 = 2f + 1
3 = 2f
1.5 = f
total failures can only be 1
n - 1 = 4 - 1 = 3 peers must agree
Included with the paper on the algorithm are another slideshow that may be helpful to understand it and a link to a video that should be helpful about the bitcoin model in general.
http://pmg.csail.mit.edu/papers/osdi99.pdf
http://www.cs.utah.edu/~stutsman/cs6963/public/pbft.pdf
https://www.youtube.com/watch?v=GMKgB3zZ1so
Related
I am getting up to speed on distributed systems (studying for an upcoming interview), and specifically on the basics for how a distributed system works for a distributed, consistent key-value storage system managed in memory.
My specific questions I am stuck on that I would love just a high level answer on if it's no trouble:
#1
Let's say we have 5 servers that are responsible to act as readers, and I have one writer. When I write the value 'foo' to the key 'k1', I understand it has to propagate to all of those servers so they all store the value 'foo' for the key k1. Is this correct, or does the writer only write to the majority (quorum) for this to work?
#2
After #1 above takes place, let's say concurrently a read comes in for k1, and a write comes in to replace 'foo' with 'bar', however not all of the servers are updated with 'bar. This means some are 'foo' and some are 'bar'. If I had lots of concurrent reads, it's conceivable some would return 'foo' and some 'bar' since it's not updated everywhere yet.
When we're talking about eventual consistency, this is expected, but if we're talking about strong consistency, how do you avoid #2 above? I keep seeing content about quorum and timestamps but on a high level, is there some sort of intermediary that sorts out what the correct value is? Just wanted to get a basic idea first before I dive in more.
Thank you so much for any help!
In doing more research, I found that "consensus algorithms" such as Paxos or Raft is the correct solution here. The idea is that your nodes need to arrive at a consensus of what the value is. If you read up on Paxos or Raft you'll learn everything you need to - it's quite complex to explain here, but there are videos/resources out there that cover this well.
Another thing I found helpful was learning more about Dynamo and DynamoDB. They handle the subject as well, although not strongly consistent/distributed.
Hope this helps someone, and message me if you'd like more details!
Read the CAP theorem will help you solve your problem. You are looking for consistence and network partition in this question, so you have to sacrifice the availability. The system needs to block and wait until all nodes finish writing. In other word, the change can not be read before all nodes have updated it.
In theoretical computer science, the CAP theorem, also named Brewer's
theorem after computer scientist Eric Brewer, states that any
distributed data store can only provide two of the following three
guarantees:
Consistency Every read receives the most recent write or an error.
Availability Every request receives a (non-error) response, without
the guarantee that it contains the most recent write.
Partition tolerance The system continues to operate despite an arbitrary number
of messages being dropped (or delayed) by the network between nodes.
I am trying to figure out how PBFT consensus algorithm deals with the problem of double spending. I've read lots of literature but cannot seem to find an answer
pbft is a consensus algorithm given by Barbara Liskov and Miguel Castro in 1999 in order to prevent malicious attacks as malicious attacks and
software errors can cause faulty nodes to exhibit Byzantine (i.e., arbitrary) behavior. pBFT was designed to work efficiently in asynchronous systems as compared to previous bft algorithms which only worked on synchronous systems.
here is the research paper which states that
Practical algorithm for state machine replication that tolerates
Byzantine faults. The algorithm offers both liveness and safety
provided at most ⌊n-1 / 3⌋ out of a total of replicas are
simultaneously faulty. This means that clients eventually receive
replies to their requests and those replies are correct according to
linearizability. The algorithm works in asynchronous systems like the
Internet and it incorporates important optimizations that enable it to
perform efficiently
Double-spending is a potential flaw in a digital or electronic cash scheme in which the same single digital token can be spent more than once. Unlike physical cash, a digital token consists of a digital file that can be duplicated or falsified.
A double-spending attack is a potential attack against cryptocurrencies that has happened to several cryptocurrencies, e.g. due to the 51% attack.
But this problem can be prevented using consensus algorithms and blockchain
If two transactions attempt to spend the same tokens, each node will consider the first transaction it sees to be valid, and the other invalid. Once the
nodes disagree, there is no way to determine true balances, as each node's observations are considered equally valid , a way to bring the nodes back in sync is using consensus algorithms and with blockchain the transactions in this system are never technically "final" as a conflicting chain of blocks can always outgrow the current canonical chain, however as blocks are built on top of a transactions, it becomes increasingly unlikely/costly for another chain to overtake it and hence preventing the double spending problem.
The first step in PBFT is to get 2f + 1 nodes to agree to execute available transactions in the same order. This is done by routing all transactions through a Primary node which assigns a sequence number. All nodes that execute the transactions in the same order will reject the second spend. Since, at most f nodes can be faulty, this means that at least 2f + 1 - f = f + 1 nodes will accept the 1st spend and reject the second. When the client learns that f + 1 nodes have accepted the first spend, it can be certain that is the consensus, since at least 1 of those nodes is non-faulty.
Substrate supports "pluggable consensus" so a developer can choose from among several consensus algorithms. It comes standard with four algorithms:
Aura
Babe
Proof of Work
Grandpa
Some of these (eg babe and grandpa) can even be used together in a single node. What are the differences between each consensus algorithm, and which ones can or should be used together?
For a blockchain to be live (continue growing and adding new transactions), two things must happen to solve the problem of distributed consensus. Typically, these jobs are performed by full nodes as is the case with the default Substrate node.
Block Authoring. Nodes create new blocks. Each new block contains a reference to a parent block.
Block Finalization. When forks appear in the chain, Nodes must choose which side of the fork to consider the real or "canonical" one. Once a block is Finalized, the canonical chain will always contain it.
Let's look at each of the algorithms mentioned individually, and see how they accomplish those tasks.
Block Authoring
Aura
Aura primarily provides block authoring. In aura a known set of authorities are allowed to produce blocks. The authorities must be chosen before block production begins and all authorities must know the entire authority set. Time is divided up into "slots" of a fixed length. During each slot one block is produced, and the authorities take turns producing blocks in order forever.
In Aura, forks only happen when it takes longer than the slot duration for a block to traverse the network. Thus forks are uncommon in good network conditions.
Babe
Babe also primarily provides block authoring. Like, Aura, it is a slot-based consensus algorithm with a known set of validators. In addition, each validator is assigned a weight which must be assigned before block production begins. Unlike Aura, the authorities don't take turns in order. Instead, during each round, each authority generates a pseudorandom number using a VRF. If the random number is lower than their weight, they are allowed to produce a block.
Because multiple validators may be able to produce a block during the same slot, forks are more common in Babe than they are in Aura, and are common even in good network conditions.
Substrate's implementation of Babe also has a fallback mechanism for when no authorities are chosen in a given slot.
Proof of Work
Proof of Work also provides block authoring. Unlike Babe and Aura, it is not slot-based, and does not have a known authority set. In proof of Work, anyone can produce a block at any time, so long as they can solve a computationally challenging problem (typically a hash preimage search). The difficulty of this problem can be tuned to provide a statistical target block time.
Block Finalization
Probabilistic methods
Each of the block authoring mechanisms we've discussed previously needs to know where on the chain is should build the next block. Methods such as the "longest chain rule" "heaviest observed subtree" often work in practice and provide probabilistic finality. That is, with each new block that is added to a chain, the probability that it will be reverted decreases, approaching zero. When true certainty that a block is final is desired, a more sophisticated game can be used.
Grandpa
Grandpa provides block finalization. It has a known weighted authority set like Babe. However, Grandpa does not author blocks; it just listens to gossip about blocks that have been produced by some authoring engine like the three discussed above. Each authority participates in two rounds of voting on blocks. The details of the voting are beyond the scope of this post. Once 2/3 of the grandpa authorities have voted for a particular block, it is considered finalized.
Hybrid Consensus
In general a block authoring engine and a finality gadget can be used together in a single chain, as Babe and Grandpa are in the code linked in the question. When such a system is used, block authoring engines must be made aware of blocks that are finalized so that they don't waste time building on top of blocks that will never be in the canonical chain.
Note on weights: Babe, Grandpa, and many other algorithms that do not come bundled with Substrate rely on weights. Consensus algorithms themselves typically do not dictate how the weights are assigned, but rather assume that they are assigned somehow leaving the assignment to an external mechanism. In public networks, it is common to assign weights based on how many tokens are staked. In the default Substrate node, all weights are set to 1 because the phragmen algorithm keeps all validators close to equally staked.
I have a basic blockchain I wrote to explore and learn more about the technology. The only real world experience I have with them is in a one-to-one transaction from client to server, as a record of transactions. I'm interested in distributed blockchains now.
In its simplest, most theoretical form, how is consensus managed? How do peers know to begin writing transactions on the next block? You have to know when >50% of the entire pool has accepted some last block written. But p2p systems can be essentially unbounded, and you can't trust a third party to handle surety, so how is this accomplished?
edit: I now know roughly how bitcoin handles consensus:
The consensus determines the accepted blockchain. The typical rule of "longest valid chain first" ensures that only one variant is accepted. People may accept a blockchain after any number of confirmations, typically 6 is sufficient to ensure a clear winner.
However, this seems like a slow and least-deliberate method. It ensures that there is a certain amount of wasted work on the part of nodes that happen to be in a part of the network that had a local valid solution at roughly the same time as a generally accepted solution.
Are there better alternatives?
Interesting question. I would say the blockchain technology solves only probabilistic consensus. With a certain confidence, the blockchain-network agrees on something.
Viewing blockchain as a distributed system we can say that the state of blockchain is distributed: the blockchain is kept as a whole but there are many distributed replicas of local copies. More interestingly, the operations are distributed: Writes or reads can happen at different nodes concurrently. Read operations can be done locally at the local copy of the blockchain, but this read can of course be stale if your local copy is not up-to-date, however there is always an incentive for nodes in the blockchain network to keep their local copy up-to-date so that they can complete new transactions when necessary.
Write operations is the tricky part here, that blockchain must solve. As writes happen concurrently in a distributed fashion, blockchain must ensure to avoid inconsistencies such as double spending and somehow reach consensus on the current state. The way blockchain does this is probabilistic, first of all they made it expensive to write to the chain by adding the "puzzle" to be solved, reducing the probability that different distributed writes happen concurrently, but they can still happen, but with lower probability. In addition, as there is an incentive for nodes in the network to keep their state up to date, nodes that received the flooded write operation will validate it and accept that operation into their chain. I think the incentive to always keep the chain up-to-date is key here because that ensures that the chain will make progress. I.e a writer has a clear incentive to keep its chain up-to-date since it will be competing with the "longest-chain-first" principle against other concurrent writers. For non-adversarial miners there is also an incentive to interrupt the current mining, accept a new write-block and restart the mining process, ensuring a sort of liveness in the system.
So blockchain relies on probabilistic consensus, what is the probability then? The probability that two exactly equal branches growing in parallel at the same time is close to 0 assuming that there are not any large group of adversarial nodes taking over the network. With very high probability one branch will be longer than the other and be accepted and the network reach consensus on that branch and write operations in the shorter branch have to be re-tried. The big concern is of course big adversarial miner groups who might deliberately try to create forks in the blockchain to perform double spending attacks.. but that is only likely to succeed if they get close to 50% of the computational power in the network.
So to conclude: natural branching in blockchain that can happen due to probabilistic reasons of concurrent writes (probability reduced due to the puzzle-solving) will with almost 100% probability converge to a single branch as write operations continue to happen, and the network reaches consensus on a single branch.
However, this seems like a slow and least-deliberate method. It
ensures that there is a certain amount of wasted work on the part of
nodes that happen to be in a part of the network that had a local
valid solution at roughly the same time as a generally accepted
solution.
Are there better alternatives?
Not that I can think of, there would be many more efficient solutions if all peers in the system "were under control" and you could make them follow some protocol and perhaps have a designated leader to tell the order of writes and ensure consensus, but that is not possible in a decentralized open system.
In the permissioned blockchain environment, where the participants are known in advance, client can get cryptographic proof of the consensus (e.g. that it was signed at least by 2/3 of the participants) and to verify it. Usually it can be achieved using threshold signatures.
In the public blockchains, AFAIK, there is no way to do this since the number of participants is unknown/changes all the time.
As to the question of how many nodes can be in an erlang system on a practical (not theoretical) level, I've seen answers ranging from 100 in most cases, to one answer which stated "150-200 max."
I was surprised on seeing this, because wasn't erlang designed for massive concurrency and distribution in order to implement telecom networks, phone switches, etc? If so, wouldn't you assume (I know I did) that this would entail more than 100 nodes in a system (I always assumed in the hundreds, possibly thousands)?
I guess my question is: What was considered "massive concurrency/distribution" back when these old telecoms used erlang? How many machines would they typically have connected together, running erlang and doing concurrency?
Just curious, and thanks for any answers.
you got the answer, for a cluster of node, with current technology, a practical limit is from 100 to 200 nodes: because we are speaking of almost transparent distribution. The reason for this limitation are explained in the documentation and in few words are due to the mutual survey of each nodes, so the bandwidth and resources available for your application are decreasing faster and faster.
To have more nodes, you must program the cooperation between cluster and/or single nodes. The libraries offer some facilities to do that but of course it is not transparent, and not erlang specific.
It is also recommended for security reason to avoid huge cluster: today in an erlang cluster you can do what you want in any other node without restriction.
It depends. It depends on lots of things you didn't specify or define, and I suspect that if you specified enough that a "real" answer was possible you would be disappointed because it wouldn't be useful. That's why these sorts of questions are generally discouraged.
You don't say what date range you mean by "when these old telecoms used Erlang". They still use it (it's never had traction outside of Ericsson and there was never a time when Ericsson used it significantly more than the present). Here's a video of them talking about using Erlang on their SGSN-MME: http://vimeo.com/44718243
You don't say what you mean by "an Erlang system". Is that a single machine? Erlang did not have SMP support when it started (is that the time frame you're asking about?). Do you mean concurrent processes?
Is that a single cluster using net_kernel:connect_node/1? How are you defining a cluster? Erlang clusters, by default, are a complete mesh. That limits the maximum size based on the performance limits of the network and the machine's interfaces. But you can connect nodes in a chain and then there's no limit. But if you count that as a cluster, why not count it when you use your own TCP connections instead of just net_kernel's. There are lots of Ericsson routers in use on the Internet, so we could think of the Internet as one "system" where many of its component routers are using Erlang.
In the video I linked, you can see that in the early 2000s, Ericsson's SGSN product was a single box (containing multiple machines) that could serve maybe a few thousand mobile phones simultaneously. We might assume that each connected phone had one Erlang process managing it, plus a negligible number of system processes.