Efficient Byzantine-tolerant erasure-coded storage

“…The main result of this paper, that robust access to amnesic storage is possible in optimal time is somewhat surprising given the large body of literature on nonamnesic [4,[10][11][12][13][14] and non-robust [5,8,9,18] algorithms. Moreover, our result is counter-intuitive because so far, only non-amnesic algorithms match the timecomplexity lower bounds.…”

“…While some relax waitfreedom and provide weaker termination guarantees instead [2,8], others relax consistency and implement only the weaker safe semantics [2,5,9,10]. Generally, when it comes to robustly accessing (unauthenticated) data, most algorithms store an unlimited number of values in the base objects [10][11][12]. Also in systems where base objects push messages to subscribed clients [4,13,14], the servers store every update until the corresponding message has been received by every non-faulty subscriber.…”

On the Time-Complexity of Robust and Amnesic Storage

“…The main result of this paper, that robust access to amnesic storage is possible in optimal time is somewhat surprising given the large body of literature on nonamnesic [4,[10][11][12][13][14] and non-robust [5,8,9,18] algorithms. Moreover, our result is counter-intuitive because so far, only non-amnesic algorithms match the timecomplexity lower bounds.…”

“…While some relax waitfreedom and provide weaker termination guarantees instead [2,8], others relax consistency and implement only the weaker safe semantics [2,5,9,10]. Generally, when it comes to robustly accessing (unauthenticated) data, most algorithms store an unlimited number of values in the base objects [10][11][12]. Also in systems where base objects push messages to subscribed clients [4,13,14], the servers store every update until the corresponding message has been received by every non-faulty subscriber.…”

On the Time-Complexity of Robust and Amnesic Storage

“…Thus, in this case, the consistency constraint is equivalent to, However, this is (6), the constraint on probabilistic masking quorum systems without write markers. In effect, a faulty client must either: (i) use a recent access set that is therefore chosen approximately uniformly at random, and be limited by (7); or (ii), use a stale access set and be limited by (6). If quorums are the sizes of access sets, both inequalities have the same upper bound on b (see [15]); otherwise, a faulty client is disadvantaged by using a stale access set because a system that satisfies (6) can tolerate more faults than one that satisfies (7), and is therefore less likely to result in error (see [15]).…”

“…We allow that faulty clients and servers may collude, and so we assume that faulty clients and servers all know the membership of B (although non-faulty clients and servers do not). However, for our implementation of write markers, as is typical for many Byzantine-fault-tolerant protocols (c.f., [4][5][6]9]), we assume that faulty clients and servers are computationally bound such that they cannot subvert standard cryptographic primitives such as digital signatures.…”

“…The load for opaque quorum systems is particularly unfortunate-systems that utilize opaque quorum systems cannot effectively disperse processing load across more servers (i.e., by increasing n) because the load is at least a constant. Such Byzantine quorum systems are used by many modern Byzantine-fault-tolerant protocols, e.g., [4][5][6][7][8][9] in order to tolerate the arbitrary failure of a subset of their replicas. As such, circumventing the bounds is an important topic.…”

Write Markers for Probabilistic Quorum Systems

Vajra: Evaluating Byzantine‐Fault‐Tolerant Distributed Systems