change their estimate thereafter.
Proof sketch. Assume all correct have the same
estimate v at round r. BV-Obligation and BV-
Justification => bin_values[r] = {v}. Hence, at every
correct we have values = {v}, so that est becomes v.

34
Safe DBFT (con’t)
Lemma 2: Let pi and pj be correct. If their values
are singletons, then they are the same.
Proof sketch. If a correct process has values = {v}
then it received AUX[r]{v} from n-t distinct processes
and t+1 correct. For two correct processes to have w
and v as this singleton, it would mean they received
these distinct values from n-t processes each. As (n-
t)+(t+1) > n, one correct process must have sent the
same value to both, and we have v=w.

35
Safe DBFT (con’t)
Theorem [Agreement]: No two correct processes
decide different values.
Proof sketch. Let r be the 1st round where a correct
process decides, hence values[r] = {v=r mod 2}. If
another correct process decides w in the same round,
then v=w by Lemma 2. Let pj be a correct that does
not decide in round r. By Lemma 2, values
j
≠
{w} so
values
j
= {0,1}. Thus est
j
= v. All correct have thus the
same estimate in round r+1, and stick to it (Lemma 1).

36
Safe DBFT (con’t)
BC, binary consensus instance
mv-propose(v) {
// similar to
[PODC'94]
RB-bcast VAL(v)
// reliable broadcast
[Bra’87]
repeat
if (
∃
k : proposals[k]
≠
⊥
∧
BC[k].binpropose() not invoked)
BC[k].binpropose(1)
until
(
∃
l: bin-decisions[l]=1)
for each
k such that BC[k].binpropose() not invoked:
BC[k].binpropose(0)
wait until
(
∧
1
≤
x
≤
n bin-decisions[x]
≠
⊥
)
j = min{x : bin-decisions[j] = 1}
wait until
proposals[j]
≠
⊥
decide(
∪
∀
j:bin-decisions[j]=1
proposals[j])
}
when
val(v) is RB-delivered from pj do
// reliable broadcast delivery
if
valid(v)
then
proposals
i
[j] <- v;
BV-deliver b-val[1](1) to BC[j]
when
BC[k].binpropose() returns b
do
bin-decisions[k] <- b

37
Safe DBFT (con’t)
BC, binary consensus instance
mv-propose(v) {
// similar to
[PODC'94]
RB-bcast VAL(v)
// reliable broadcast
[Bra’87]
repeat
if (
∃
k : proposals[k]
≠
∧
BC[k].binpropose(1)
until
(
∃
l: bin-decisions[l]=1)
for each
k such that BC[k].binpropose() not invoked:
BC[k].binpropose(0)
wait until
(
∧
1
≤
x
≤
n bin-decisions[x]
≠
⊥
)
j = min{x : bin-decisions[j] = 1}
wait until
proposals[j]
≠
⊥
decide(
∪
∀
j:bin-decisions[j]=1
proposals[j])
}
when
val(v) is RB-delivered from pj do
if
valid(v)
then
proposals
i
[j] <- v;
BV-deliver b-val[1](1) to BC[j]
when
BC[k].binpropose() returns b
do
bin-decisions[k] <- b
Spawn multiple
binary cons.
instances
Use binary
decisions as a
bitmask

Red Belly Blockchain
38

The Red Belly Blockchain
39
All nodes communicate through TCP + SSL
Certificates are given in blocks
genesis

The Red Belly Blockchain
40
The genesis block also contains a list of n participants
genesis

A tx is committed if t+1 participants say so.
The Red Belly Blockchain
41
External nodes (clients) access the blockchain
through these participants

are regularly changed: n, n’, n’’… but t’<n’/3, t’’<n’’/3…
The Red Belly Blockchain
42
The n nodes running the consensus…

The Red Belly Blockchain
43
And encoded in the next block
genesis
if the correct n participants agree (consensus)

The Red Belly Blockchain
44
Signature verification uses ECDSA and is
sharded
…each transaction is verified by t+1
≤
k
≤
2t+1 nodes

How does it perform?

#### You've reached the end of your free preview.

Want to read all 60 pages?

- '19
- Cryptography, Binary numeral system, Byzantine fault tolerance, Quantum Byzantine agreement, Barbara Liskov, blockchain