Paper 2023/1164

Swiper: a new paradigm for efficient weighted distributed protocols

Andrei Tonkikh, Télécom Paris
Luciano Freitas, Télécom Paris
Abstract

The majority of fault-tolerant distributed algorithms are designed assuming a nominal corruption model, in which at most a fraction $f_n$ of parties can be corrupted by the adversary. However, due to the infamous Sybil attack, nominal models are not sufficient to express the trust assumptions in open (i.e., permissionless) settings. Instead, permissionless systems typically operate in a weighted model, where each participant is associated with a weight and the adversary can corrupt a set of parties holding at most a fraction $f_w$ of total weight. In this paper, we suggest a simple way to transform a large class of protocols designed for the nominal model into the weighted model. To this end, we formalize and solve three novel optimization problems, which we collectively call the weight reduction problems, that allow us to map large real weights into small integer weights while preserving the properties necessary for the correctness of the protocols. In all cases, we manage to keep the sum of the integer weights to be at most linear in the number of parties, resulting in extremely efficient protocols for the weighted model. Moreover, we demonstrate that, on weight distributions that emerge in practice, the sum of the integer weights tends to be far from the theoretical worst-case and, sometimes, even smaller than the number of participants. While, for some protocols, our transformation requires an arbitrarily small reduction in resilience (i.e., $f_w = f_n - \epsilon$), surprisingly, for many important problems we manage to obtain weighted solutions with the same resilience ($f_w = f_n$) as nominal ones. Notable examples include erasure-coded distributed storage and broadcast protocols, verifiable secret sharing, and asynchronous consensus. Although there are ad-hoc weighted solutions to some of these problems, the protocols yielded by our transformations enjoy all the benefits of nominal solutions, including simplicity, efficiency, and a wider range of possible cryptographic assumptions. Since the release of the first version of this paper online, a version of the weight reduction approach has been integrated into a major layer-1 blockchain system for implementing a randomness beacon.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
weight reductiondistributed protocolsweighted cryptographythreshold cryptographyconsensusrandom oraclesbroadcast
Contact author(s)
andrei tonkikh @ gmail com
lfreitas @ telecom-paris fr
History
2024-04-30: revised
2023-07-28: received
See all versions
Short URL
https://ia.cr/2023/1164
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1164,
      author = {Andrei Tonkikh and Luciano Freitas},
      title = {Swiper: a new paradigm for efficient weighted distributed protocols},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1164},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1164}},
      url = {https://eprint.iacr.org/2023/1164}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.