Blockchain and Distributed Ledger Technology (DLT) adoption is growing rapidly. DLTs allow us to trust a system of data, or money, or software, even if we don’t trust any particular participant in it. But are these blockchain and ledger technologies secure? Can we trust that the network will deliver the expected results?
In a DLT such as blockchain, all participants in the network need to come to a consensus on the value and ordering of transactions. Different DLTs achieve consensus in different ways, but all rely on some combination of transactions flowing between nodes, and those nodes then determining in what order they should be processed, and so what the resulting consensus state should be.
The difficulty of achieving that consensus depends on the assumptions made about the sorts of things that can go wrong. As a simple example, if the only fault you are concerned
about is the possibility of nodes crashing randomly, then consensus will be fairly easy to achieve.
But when you factor in the possibility that nodes may be intentionally malicious in their actions, or that messages may be delayed or even cancelled, consensus becomes a harder problem.
For over three decades, Byzantine fault tolerance (BFT) has become the gold standard for security in distributed systems. As the name suggest, Byzantine fault tolerance means that a system can tolerate (i.e. still achieve consensus in the presence of) Byzantine faults – the category of faults where nodes may be malicious. A system is BFT if it can guarantee that there will come a moment in time when all nodes agree on consensus, and they know they’ve reached consensus, and it is always the same consensus.
Critically, BFT means achieving this even while allowing for a wide range of faults that result in different nodes having different views. Byzantine faults include behaviours like lying, collusion with other participants, and selective non-participation.
Clearly it will be harder for a set of nodes to come to the valid consensus under these sorts of errors, compared to simpler scenarios where nodes may just crash. Indeed, it can be proven mathematically that to achieve consensus under byzantine faults, you need more nodes in the network (effectively damping the effect of the malicious nodes or other faults).
Even within BFT systems, we can make different assumptions about the sorts of things that can happen to messages sent between nodes. The strongest form of BFT is asynchronous – we allow for the possibility of some messages between honest members being delayed arbitrarily long, or even not making it through to their intended recipients at all. Some DLTs are unable to achieve consensus under this assumption.
They may claim to support ‘partially’ asynchronous BFT, where messages are never delayed by more than a certain period of time, and always get through by that deadline. But today’s reality is that many kinds of attackers can prey on exactly this assumption, to either bring a network to its knees, or disrupt the order of transactions. The reality is that there can be botnets, Distributed Denial of Service (DDoS) attacks, and malicious firewalls interfering with messages.
These are issues that many real world deployments of BFTs will face. Just this week, a Bitcoin website was taken down by a DDoS attack, and so we see attackers already thinking about ways to compromise distributed systems. So we can see that in this world, ‘partially’ asynchronous BFT will not provide for reliable systems in the long run.
Consensus is difficult. Some are trying to make it easier by making simplifying assumptions about the types of faults they are trying to prevent. But that approach is like the ostrich sticking his head in the sand – it doesn’t account for the real world requirement to allow for real world faults – asynchronous Byzantine faults.
The good news is that we as an industry can and should mathematically prove asynchronous BFT for distributed consensus systems. Our ledgers should be able to guarantee consensus will be achieved, that we will know it when it happens, and that we will all reach the same consensus, and do so even under realistic assumptions about malicious nodes and network errors.
Only when we begin to provide this level of transparency and security to users will these systems deliver on their promise to provide a more trustworthy system of distributed consensus.
Sourced by Dr. Leemon Baird, founder and CTO of Swirlds
The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate