Frosty: Bringing strong liveness guarantees to the Snow family of consensus protocols (2404.14250v6)

Abstract: Snowman is the consensus protocol implemented by the Avalanche blockchain and is part of the Snow family of protocols, first introduced through the original Avalanche leaderless consensus protocol. A major advantage of Snowman is that each consensus decision only requires an expected constant communication overhead per processor in the common' case that the protocol is not under substantial Byzantine attack, i.e. it provides a solution to the scalability problem which ensures that the expected communication overhead per processor is independent of the total number of processors $n$ during normal operation. This is the key property that would enable a consensus protocol to scale to 10,000 or more independent validators (i.e. processors). On the other hand, the two following concerns have remained: (1) Providing formal proofs of consistency for Snowman has presented a formidable challenge. (2) Liveness attacks exist in the case that a Byzantine adversary controls more than $O(\sqrt{n})$ processors, slowing termination to more than a logarithmic number of steps. In this paper, we address the two issues above. We consider a Byzantine adversary that controls at most $f<n/5$ processors. First, we provide a simple proof of consistency for Snowman. Then we supplement Snowman with aliveness module' that can be triggered in the case that a substantial adversary launches a liveness attack, and which guarantees liveness in this event by temporarily forgoing the communication complexity advantages of Snowman, but without sacrificing these low communication complexity advantages during normal operation.

• The paper introduces Snowflake+ to rigorously prove Snowman’s consistency even when fewer than n/5 nodes are Byzantine.
• It integrates a liveness module that activates a quorum-based mechanism during hostile attacks to ensure continuous progress.
• Implementations on Avalanche highlight the balance achieved between low communication overhead and enhanced security robustness.

Enhancing Byzantine Fault Tolerance: Insights from the Snowman Consensus Protocol

Overview and Contributions

The paper analyzes and extends the Snowman protocol, which is implemented by the Avalanche blockchain. The original design of Snowman, as part of the Snow family of consensus protocols, emphasizes minimizing communication overhead in large scale networks, scaling effectively as the number of processors increases. The unique challenge addressed here involves formalizing proofs of consistency and handling liveness attacks effectively under Byzantine faults, wherein a subset of nodes could behave arbitrarily to disrupt the protocol.

The central contributions of the paper are twofold:

1. A formalization and proof of the consistency of the Snowman protocol, naming the variant as Snowflake$^+$. This proof demonstrates robustness by showing consistency retains even in the presence of Byzantine processors, specifically when the adversary controls fewer than $n/5$ of the processors.
2. The introduction of the "liveness module," integrated within the Snowman, indicating the ability to handle liveness attacks without sacrificing communication efficiencies during normal protocol operations. This module acts as an emergency protocol switch, transitioning to a traditional quorum-based mechanism when needed to ensure liveness, then reverting to the baseline efficient Snowman approach once the threat subsides.

Protocol Specifications and Security Proofs

• Snowflake$^+$: Innovatively spun from the foundational Snowflake protocol, this variant introduces adaptable parameters adjusting the proofs for 'validity' and 'agreement' to maintain low error probabilities. By modifying Snowflake into Snowflake$^+$, the protocol hones its capacity to efficiently confirm transactions even amidst hostile conditions posed by Byzantine faults.
• Consistency in Snowman: Leveraging Snowflake$^+$, the paper constructs Snowman for implementation on Avalanche, encompassing a detailed security analysis which ensures that the protocol maintains state consistency across the decentralized network. This involves rigorous substantiation that validates the consistency of Snowman by considering various adversarial behaviours and network conditions.
• Frosty Protocol with Liveness Module: Addressing potential stalls from liveness attacks, the Frosty protocol is introduced with a reactive module that temporarily forgoes the low communication complexity in favor of a guaranteed progression (liveness), especially under substantial adversarial conditions. This transitional mechanism mitigates the fallout from concerted Byzantine disruptions, effectively balancing between efficiency and security needs.

Practical Implications and Theoretical Advancements

The exploration and subsequent enhancements in Snowman protocol embody significant theoretical advancements that push the envelope on Byzantine fault tolerance in distributed consensus mechanisms. Practically, implementing these protocols on Avalanche not only promises enhanced security against coordination attacks but also operational resilience ensuring the blockchain's robustness in adversarial environments.

Future Research Directions

While the current work establishes a robust foundation, future explorations are set towards:

• Expanding the analysis to accommodate a larger fraction of Byzantine processors.
• Adapting the protocol proofs and mechanisms to more dynamic, possibly non-synchronous settings, enhancing real-world applicability.
• Exploring mechanisms for integrating slashing conditions which would penalize visibly Byzantine behavior, enhancing network security and stability by deterring adversarial actions through economic disincentives.

In summary, the paper provides a technically rich extension to the Snowman protocol: it not only fortifies the blockchain against Byzantine behaviors through rigorous proofs but also introduces a novel mechanism to salvage network liveness without forsaking communication efficiency.