Paper 2023/1164

Swiper: a new paradigm for efficient weighted distributed protocols

Andrei Tonkikh, Télécom Paris
Luciano Freitas, Télécom Paris
Abstract

The majority of fault-tolerant distributed algorithms are designed assuming a nominal corruption model, in which at most a fraction $f_n$ of parties can be corrupted by the adversary. However, due to the infamous Sybil attack, nominal models are not sufficient to express the trust assumptions in open (i.e., permissionless) settings. Instead, permissionless systems typically operate in a weighted model, where each participant is associated with a weight and the adversary can corrupt a set of parties holding at most a fraction $f_w$ of the total weight. In this paper, we suggest a simple way to transform a large class of protocols designed for the nominal model into the weighted model. To this end, we formalize and solve three novel optimization problems, which we collectively call the weight reduction problems, that allow us to map large real weights into small integer weights while preserving the properties necessary for the correctness of the protocols. In all cases, we manage to keep the sum of the integer weights to be at most linear in the number of parties, resulting in extremely efficient protocols for the weighted model. Moreover, we demonstrate that, on weight distributions that emerge in practice, the sum of the integer weights tends to be far from the theoretical worst case and, sometimes, even smaller than the number of participants. While, for some protocols, our transformation requires an arbitrarily small reduction in resilience (i.e., $f_w = f_n - \epsilon$), surprisingly, for many important problems, we manage to obtain weighted solutions with the same resilience ($f_w = f_n$) as nominal ones. Notable examples include erasure-coded distributed storage and broadcast protocols, verifiable secret sharing, and asynchronous consensus. Although there are ad-hoc weighted solutions to some of these problems, the protocols yielded by our transformations enjoy all the benefits of nominal solutions, including simplicity, efficiency, and a wider range of possible cryptographic assumptions.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Minor revision. PODC '24: Proceedings of the 43rd ACM Symposium on Principles of Distributed Computing
DOI
10.1145/3662158.3662799
Keywords
weight reductiondistributed protocolsweighted cryptographythreshold cryptographyconsensusrandom oraclesbroadcast
Contact author(s)
andrei tonkikh @ gmail com
lfreitas @ telecom-paris fr
History
2024-11-04: last of 2 revisions
2023-07-28: received
See all versions
Short URL
https://ia.cr/2023/1164
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1164,
      author = {Andrei Tonkikh and Luciano Freitas},
      title = {Swiper: a new paradigm for efficient weighted distributed protocols},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1164},
      year = {2023},
      doi = {10.1145/3662158.3662799},
      url = {https://eprint.iacr.org/2023/1164}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.