-
Notifications
You must be signed in to change notification settings - Fork 84
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug in ABA protocol's use of Common Coin #59
Comments
As an optimization, after we've received N - f I.e. if we sent I wonder if it would be safe to use Edit: …or would that actually make termination less likely, because we would be less likely to switch to the coin value, like possibly all the other good nodes? Edit 2: And would it be worth doing the If we go with the first rule — always use |
Addresses amiller#59
There is a bug in the CONF Phase implement The message broadcast on line 40 should be values, which is the output of AUX Phase, instead of bin_values. Otherwise, the security guarantees of the AUX round would not take effect! |
Thanks to Ethan MacBrough (from Ripple Research) for reporting a protocol design error in HoneyBadgerBFT. The error has to do with the use of Threshold-Signature-based Common Coin to instantiate the Common Coin dependency of the ABA routine. MacBrough correctly points out that a flaw in the proof is that the ABA protocol we use relies on a stronger common coin than the one we instantiate (in fact it relies on a common coin that is so strong it cannot be implemented), and in fact provides a concrete attack. Fortunately, the ABA protocol can be readily modified to accommodate our weaker common coin, and hence fix the protocol. The fix suggested by MacBrough is posted at the end of the message.
To close this issue, we need to deploy the following fixes:
Ethan's note is below:
Ethan MacBrough suggests the following fix, which is also used in Cobalt
The text was updated successfully, but these errors were encountered: