Paper 2020/195

Replicated state machines without replicated execution

Jonathan Lee, Kirill Nikitin, and Srinath Setty

Abstract

This paper introduces a new approach to reduce end-to-end costs in large-scale replicated systems built under a Byzantine fault model. Specifically, our approach transforms a given replicated state machine (RSM) to another RSM where nodes incur lower costs by delegating state machine execution: an untrusted prover produces succinct cryptographic proofs of correct state transitions along with state changes, which nodes in the transformed RSM verify and apply respectively. To realize our approach, we build Piperine, a system that makes the proof machinery profitable in the context of RSMs. Specifically, Piperine reduces the costs of both proving and verifying the correctness of state machine execution while retaining liveness—a distinctive requirement in the context of RSMs. Our experimental evaluation demonstrates that, for a payment service, employing Piperine is more pro table than naive reexecution of transactions as long as there are $>10^4$ nodes. When we apply Piperine to ERC-20 transactions in Ethereum (a real-world RSM with up to $10^5$ nodes), it reduces per-transaction costs by $5.4\times$ and network costs by $2.7\times$.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. MINOR revision.IEEE Symposium on Security and Privacy (S&P) 2020
Keywords
verifiable computingzkSNARKsblockchainreplicated state machines
Contact author(s)
srinath @ microsoft com
History
2020-02-18: received
Short URL
https://ia.cr/2020/195
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/195,
      author = {Jonathan Lee and Kirill Nikitin and Srinath Setty},
      title = {Replicated state machines without replicated execution},
      howpublished = {Cryptology ePrint Archive, Paper 2020/195},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/195}},
      url = {https://eprint.iacr.org/2020/195}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.