🚧 | B2 (Pikachu): Securing membership and state checkpoints of BFT and PoS blockchains by anchoring into the Bitcoin blockchain

[jsoares]

Description

Long range attacks on PoS blockchains and the related “I still work here” attack in BFT-based blockchains are some of the major security issues in these systems.

In short, these attacks rely on the inability of a client, or another participant in the system, Alice, who disconnects from the system at time T1 and reconnects at time T2>T1 to tell that validators who have been legitimate validators at time T1 and leave the system (or transfer their stake) at time T1’, where T2>T1’>T1, are not to be trusted anymore. These validators can fork Alice, without her being able to recognize the attack even if she is presented by a “valid” chain fork. See the illustration below:

These attacks have attracted the attention of the research community for a long time and have been a topic of a recent survey paper. Protocol Labs has also looked at addressing this problem in previous work (Winkle).

Resources

• Project spec (WIP / living document)
• Code stable version
• Code WIP

Talks

2021-10-07 ConsensusDays 21 / S2.2 / Securing Membership and State Checkpoints

2022-02-07 ConsensusLab Team Week 22Q1: B2 update

Demos

2021-09-23 B2 design (Sarah)

2021-12-20 B2 small-scale PoC (Sarah)

2022-03-11 B2 checkpointing onto BTC testnet (Sarah)

2022-04-08 BTC checkpointing capstone demo with failure and KVS

[jsoares]

2022-02-21 meeting notes

• Top concerns
  1. Code:
     1. Fix bug found with Alfonso
        1. MV: list of github issues being fixed?
     2. Fix libp2p communication issue
     3. Start integrating with Bitcoin testnet
  2. Pikachu Open discussion:
     4. Started a draft

[jsoares]

2022-02-28

✋ Attendees

• @jsoares
• @matejpavlovic
• @sa8
• @vukolic

📣 Updates

• Bitcoin testnet integration started
  • Code written, currently fixing errors
  • tedious initialisation (need to get funds using bitcoin testnet faucet which is limited)
• Can't remove participants from configuration due to mocked power actor bug (in touch with Alfonso for some help)

🧵 Discussion

• Pikachu full paper submission
  • AFT April 21
  • Check if DINPS has proceedings/compatible with long version submission
  • Delta: short paper has design, full paper has implementation and benchmark
  • Will try fitting into paper format and make a decision

🎯 Up next

• Finish bitcoin testnet integration
• Pikachu short paper
• Revise demo instructions
• Jorge to set up EC2 accounts

[jsoares]

2022-03-07

✋ Attendees

• @jsoares
• @sa8
• @vukolic

📣 Updates

• Bitcoin testnet integration more or less working for small scale network, working on integrating it with bigger network.

🧵 Discussion

• Issue with bigger network: getting the past checkpoints takes a lot of time because it needs to re-scan the whole blockchain
  • For the demo, will try to hack it by instead writing the relevant transactions to a file locally that nodes can read and write from (since I'm launching them all from the same machine).
• B2 open discussion
  • Let's get RFP out
  • Draft
  • Timeline: finalise draft by EOW
• Paper
  • Draft a sketch of evaluation/structure for next week
  • Previous submission feedback around validator model
  • Timeline: plan by EOW
• TBTC balance for the demo?
  • Still need more

🎯 Up next

• Get demo ready (optimistic: 20-nodes, less optimisitic: 3-4 nodes)
• Start working on a better model for paper
• Implementation, either start with:
  • Move storage to KVS
  • Deal with failure

[jsoares]

2022-03-14

✋ Attendees

• @jsoares
• @sa8
• @vukolic

📣 Updates

• Rebasing bug fixed 🎉
• Mocked power actor bug mostly fixed 🎉

🧵 Discussion

• Update on Pikachu open discussion?
  • Marko and Jorge to review by Wed
• Funding the wallet
  • Initial funding "easy" to coordinate out-of-band
  • How do we replenish the funds over time?
    • We don't currently have a non-centralised answer
    • Start discussion around possible solutions
      • HTLC?
        • We don't know the future pubkey at the time of contracting
• Implementation
  • Should we revisit dev help?
    • Working reasonably well, but unexpected bugs may delay timeline.
• AI: Let's have a plan until May 5, AFT 2022 submission deadline for next mtg. Items to plan for
  • Eudico KVS
  • Bad path of the protocol proper
  • theory behind funding Bitcoin wallet

🎯 Up next

• Implementation: KVS
• Paper: modelisation

[jsoares]

2022-03-21

✋ Attendees

• @jsoares
• @sa8
• @vukolic

📣 Updates

• KVS implemented, issue with pubsub (no communication between nodes)

🧵 Discussion

• Optimistic plan for submission:

Dates	Task
March 23	Finish KVS integration
April 1	Gennaro DKG // start no failure experiment
April 13	Handle failures when signing
April 22	Run Experiments
April 29	Write down Experiments in paper
May 5	Polish paper

• Pessimitic (e.g. if bugs delay implementation too much): no failures when signing (since based on a timeout less relevant for experiments).
• Code review
  • Ask Alfonso, ideally in time for paper

🎯 Up next

• Fix issue with KVS communication
• Start Gennaro DKG
• Write down ideas about funding initial fees
• Try out k8s fix
• Drafting paper

[jsoares]

2022-03-28

✋ Attendees

• @jsoares
• @sa8
• @vukolic

📣 Updates

• AFT submission started here
  • polished the model using some inspiration from Winkle
• Funding transaction made some edits following feedback (thanks 🙏)
• Started implementing new DKG

🧵 Discussion

• Put funding transaction in the paper?
  • Yes. Rewards still an open question but not critical to include.
• DKG: at the moment changing the Taurus library (that Leon was working on).
  • The code was waiting for all messages to be received before going to the next round of the protocol. I implemented a timeout (not tested yet) to handle failures.
  • Alternative: drand library but not sure how easy it will be to integrate it with eudico.
    • Ask Nicolas for input if things harder than expected
• EC selfish mining

🎯 Up next

• Start writting slightly more formal proof in paper.
• Start some measurements in non-failure case (probably with regtest as I don't think testnet impacts our measures?)
• DKG implementation to be continued.

[sa8]

2022-04-11

✋ Attendees

• @sa8
• @vukolic

📣 Updates

• new DKG implemented and integrated with Eudico
  • Now working well on k8s (thanks @jsoares)
• Started measurements
• Minor paper updates

🧵 Discussion

• Elegant way to test for failures (right now, ugly "if" condition)
  • configuration file
  • leave it as it is even if a bit ugly
• DKG: execution time depends mostly on the timeout (waiting to receive for complaints). Any other meaningful measurements?
  • no timeout but recover the key
  • put the shares in the blockchain
  • for the deadline assume the timeout and figure it out later
• Variance of measurements
  • confidence interval
  • investigate if differences are big
• Related work: advantage compared to Babylon
  • add that thanks to taproot we are "invisible"
  • add more details about babylon

🎯 Up next

• Start putting good case experiments in paper
• Start implementing failure case with signing
• Reviews MARBLE, FC talk
• @sa8 to send everything on EC to Marko

[sa8]

2022-04-25

✋ Attendees

• @sa8

📣 Updates

• Signing resilient to failures.

🧵 Discussion

🎯 Up next

• Finish measurements.
• Include measurements in paper.
• Polish paper.

[sa8]

2022-05-09

✋ Attendees

• @sa8
• @vukolic

📣 Updates

• First Pikachu submission to AFT

🧵 Discussion

• AFT deadline extended: failure measurements?
  • SA started taking some measurements - not very interesting (cf timeout discussion between 48.002sec and 48.19sec)
  • probably won't fit in paper but could be in appendix (if useful)
• Y4 Kick-off:
  • Engage with Kunyao Academy?

🎯 Up next

• Perf reviews
• Last AFT edits

[jsoares]

@sa8 is it safe to close the pending issues in M5 and M6? Even if with a no-fix note at this time, when appropriate?

[sa8]

I'm fine with closing them with a no-fix note although they would be easier to differentiate from other issues if we keep them open, so I don't have strong preferences!

[jsoares]

I left the relevant issues open for now; just tagged and descoped them from the milestones. We're just missing the RFP here so that we can wrap up officially.

[jsoares]

RFP live on Apply and going up in protocol/research-grants#18. I'm closing B2 now, though we might open a follow-up project later on.