distributed ledgers: how, why, and why not? · distributed ledgers: how, why, and why not? sarah...
TRANSCRIPT
![Page 1: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/1.jpg)
Distributed ledgers: how, why, and why not?
Sarah Meiklejohn (University College London)
![Page 2: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/2.jpg)
2
data consumers data producers
company
(icons by parkjisun from noun project)
company
company
company
![Page 3: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/3.jpg)
3
data consumers data producers
(icons by parkjisun from noun project)
![Page 4: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/4.jpg)
4
10 usability9 governance8 comparisons7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy1 scalability
top ten obstacles for blockchains
![Page 5: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/5.jpg)
5
1 scalability
10 usability9 governance8 comparisons7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy
![Page 6: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/6.jpg)
6
Bitcoin / blockchains / distributed ledgers
“mining”
![Page 7: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/7.jpg)
7
over 4 EH/s (4 × 1018 H/s) to achieve 7 tx/s!
![Page 8: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/8.jpg)
8
full state replication
![Page 9: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/9.jpg)
9
120 GB and (always) rising
![Page 10: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/10.jpg)
10
full state replication
↑ computational power ⇒ ↓ throughput
![Page 11: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/11.jpg)
11
monetary supplyledger centraldistributedecentral
decentral centralcentral
transparent? y y (or n) n
pseudonyms? y y (or n) n
computation high! low low
RSCoin
RSCoin [DM NDSS’16]
![Page 12: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/12.jpg)
12
mintettemintette
mintette mintette
bank
user
mintettes already reachconsensus before sending info to bank
mintettes store info onlywithin a given shard
![Page 13: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/13.jpg)
13
RSCoin consensus
mintette1
mintette1
user
1 2tx:
✓
3
4 service
mintette1
✓
1
21
mintette2
mintette2
mintette2
1tx ✓✓2
tx
tx
simple adaptation of Two-Phase Commit (2PC)
![Page 14: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/14.jpg)
14
user
1 2tx:
service1
21
t r a n s a c t i o n smintettemintettemintette
mintettemintettemintettemintettemintettemintette
mintettemintettemintettemintettemintettemintette
mintettemintettemintette
1 : 2 :
![Page 15: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/15.jpg)
15
mintette1
mintette1
user
1 2tx:
mintette1
1
service1
21
mintettes check for double spending…
…using lists of unspent transaction outputs (utxo)
![Page 16: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/16.jpg)
16
mintette1
mintette1
user
1 2tx:
✓ mintette1
✓
12
service1
21
signed ‘yes’ vote
![Page 17: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/17.jpg)
17
mintette1
mintette1
user
1 2tx:
✓
3
service
mintette1
✓
1
21
mintette2
mintette2
mintette2
1tx ✓✓2
“bundle of evidence” contains ‘yes’ votes from majority of mintettes in shard
mintettes check validity of bundle by checkingfor signatures from authorized mintettes…
![Page 18: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/18.jpg)
18
mintette1
mintette1
user
1 2tx:
✓
3
4 service
mintette1
✓
1
21
mintette2
mintette2
mintette2
1tx ✓✓2
tx
tx
…and if satisfied they add transaction to be committed and send back receipt
![Page 19: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/19.jpg)
19
security properties
no double spending (if honest majority per shard)non-repudiationauditability (if mintettes log their behavior)
![Page 20: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/20.jpg)
20
consensus features
conceptually simpleno broadcastmintettes communicate only with usersno expensive hashing!scalable
↑ computational power ⇒ ↑ throughput
![Page 21: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/21.jpg)
21
T = set of txs generated per second Q = # mintettes per shard
M = # mintettes
comm. per mintette per sec = ∑tx∈T 2(mtx+1)Q
scales infinitely as more mintettes are added!
M
consensus features
![Page 22: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/22.jpg)
22
each new mintette adds≈ 75 tx/sec
compared to Bitcoin’s 7
![Page 23: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/23.jpg)
23
mintettemintette
mintette mintette
bank
user
![Page 24: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/24.jpg)
24
Elastico [LNZBGS CCS’16]
committee member
consensus committee
directory committee
committee member
committee member
committee member
run PBFT
run PBFT
![Page 25: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/25.jpg)
25
Elastico [LNZBGS CCS’16]
![Page 26: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/26.jpg)
26
1 scalability
10 usability9 governance8 comparisons7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy
![Page 27: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/27.jpg)
27
8 comparisons
1 scalability
10 usability9 governance
7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy
![Page 28: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/28.jpg)
28
mintettemintette
mintette mintette
bank
RSCoin [DM NDSS’16]user
![Page 29: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/29.jpg)
29
mintettemintette
mintette mintette
user
![Page 30: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/30.jpg)
30
user
log server log
log server log log server log
log server log
no unified log ⇒ no need for consensuscan (retroactively) detect inconsistencies between logs
![Page 31: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/31.jpg)
31
system
Log
CheckEntry
GenEventSet
Inspect
Gossip evidence
log server log
monitor snapBEE auditor snap
CheckEvidence
transparency overlays [CM CCS’16]
![Page 32: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/32.jpg)
32
system
LogGenEventSetGenEventSet
log server log
log server log log server log
log server log
![Page 33: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/33.jpg)
33
auditors (efficiently) determine if events are in the log
system
Log
CheckEntry
GenEventSet
(meaning |snap| ≪ |log|)
auditor snap
log server log
![Page 34: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/34.jpg)
34
monitors (inefficiently) detect bad events in the log
system
Log
CheckEntry
GenEventSet
Inspect
log server log
auditor snap monitor snapBEE
(meaning |E| ≈ |log|)
![Page 35: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/35.jpg)
35
auditors and monitors ensure consistent view of log
system
Log
CheckEntry
GenEventSet
Inspect
Gossip evidence
log server log
monitor snapBEE auditor snap
CheckEvidence
(can output evidence of inconsistencies)
![Page 36: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/36.jpg)
36
security properties
consistency: log server can’t offer different views of lognon-frameability: auditor and monitor can’t frame the logaccountability: log server is held to its promises
![Page 37: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/37.jpg)
37
log server log
monitor snapBEE auditor snap
prover verifier
? ?
![Page 38: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/38.jpg)
38
log server log
monitor snapBEE auditor snap
prover verifier
? ?
![Page 39: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/39.jpg)
39
Log
CheckEntry
Inspect
Gossip evidence
log server log
monitor snapBEE auditor snap
CheckEvidence
Bitcoin
sender receiverminer blockchain
sender and receiver don’t need to store blockchaingives rise to hybrid system (≈RSCoin) with no mining
![Page 40: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/40.jpg)
40
Log
CheckEntry
Inspect
Gossip evidence
log server log
monitor snapBEE auditor snap
CheckEvidence
Certificate Transparency [LL13]CA clientwebsite
bad certificate issuance is exposed⇒ clients are less likely to accept bad certificates
(icon by parkjisun from noun project)
![Page 41: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/41.jpg)
41
Log
CheckEntry
id provider log
auditor snap
CONIKS [MBBFF USENIX Sec’16]client client
(icon by parkjisun from noun project)
Inspect
![Page 42: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/42.jpg)
42
Log
CheckEntry
ILS log
validator snap
ARPKI [BCKPSS CCS’13]CA clientwebsite
(icon by parkjisun from noun project)
ILS log
![Page 43: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/43.jpg)
43
RSCoin
opaque centralized
transparent decentralized
what is this distance?
CONIKSARPKI
![Page 44: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/44.jpg)
44
security properties
consistencynon-frameabilityaccountability
no double spendingnon-repudiationauditability
⇔⇔⇔
privacy (of what)?privacy (of what)?
(transparency overlays) (RSCoin)
![Page 45: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/45.jpg)
45
RSCoin
opaque centralized
transparent decentralized
what is this distance?
what security properties to look for?
CONIKSARPKI
![Page 46: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/46.jpg)
46
8 comparisons
1 scalability
10 usability9 governance
7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy
![Page 47: Distributed ledgers: how, why, and why not? · Distributed ledgers: how, why, and why not? Sarah Meiklejohn (University College London) 2 data consumers data producers company (icons](https://reader030.vdocuments.site/reader030/viewer/2022040205/5f1cb83898055e4f6f22e94d/html5/thumbnails/47.jpg)
47
1 scalability
10 usability9 governance
7 key management6 agility5 interoperability4 scalability3 cost-effectiveness2 privacy
Thanks! Any questions?
8 comparisons