Hashgraph : An over view with example

SwirldsTechnicalReportSWIRLDS-TR-2016-02 1

HASHGRAPHCONSENSUS:[email protected]

DECEMBER11,2016

SWIRLDSTECHREPORTSWIRLDS-TR-2016-02

ABSTRACT: The Swirlds hashgraph consensus algorithm is explained through a seriesof examples on a hashgraph. Each page shows the hashgraph with annotationsexplaining a step of the algorithm. This covers the core algorithm, from creatingtransactions, through finding their consensus order and timestamps. Theimportant terms are defined and illustrated on the following pages:

April7,2017:thisversionincludescorrections.

8 Round created9 Witness10 Famous witness10 Election10 Vote11 See15 Strongly see15 Supermajority19 Decide19 Round created24 Round received24 Consensus timestamp28 Consensus order

2 Hashgraph2 Member2 Event2 Transaction2 Consensus2 Order2 Timestamp3 Gossip protocol4 Self-parent4 Other-parent7 Graph7 Hash7 Hashgraph

SwirldsTechnicalReportSWIRLDS-TR-2016-02 2A B C D=

Thisfigureisahashgraph.Itgrowsupwardovertime.Everyparticipantkeepsacopyofitinmemory.

Inthisexample,therearefourmembers (fullnodes)inthenetwork.ThemembersareAlice,Bob,Carol,Dave,andarerepresentedbythe4lineslabeledA,B,C,D.

Eachmemberstartsbycreatinganevent,whichisasmalldatastructureinmemory,andwhichisrepresentedherebyagraycircle.

Eacheventisacontainerforzeroormoretransactions.ThegoaloftheSwirldshashgraphconsensusalgorithmisforthemembersofthecommunitytocometoaconsensus(agreement)ontheorder oftheevents(andthustheorderoftransactionsinsidetheevents),andtoagreeonatimestampforeachevent(andsoforeachtransaction).Itshouldbehardforattackerstopreventconsensus,ortoforcedifferentmemberstocometoadifferent“consensus”,ortounfairlyinfluencetheorderandtimestampsthatareagreed.


Thecommunityrunsagossipprotocol,whichmeansthateachmemberrepeatedlycallsothersatrandomtosyncwiththem.

Inthiscase,BobrandomlychosetocallDave.Whentheyconnectedovertheinternet,BobsentDavealltheeventsheknewthatDavedidnotyetknow.Inthiscase,itwasjustoneevent:theonethatBobhadcreatedatthestart.

Daverecordsthefactthatthissynchappenedbycreatinganewevent.Thisisthenewcircle,whichhaslinesgoingstraightdowntohisownlastevent,anddiagonallydowntoBob’slastevent.Thus,thegraphofeventsformsarecordofhowthemembershavecommunicated.

TECHNICALDETAIL:BobcanavoidsendingDaveeventshealreadyknows.BobfirsttellsDavehowmanyeventsheknowsaboutthatwerecreatedbyeachmember(i.e.,4integers).DavetellsBobthesame.Thentheywillbothknowexactlywhicheventseachshouldsendtheother.IfBobhas13eventsbyAliceandDavehas10,thenBobsendsAlice’slast3events.


hashhash

timestamp

transactions

Event(signedbycreator):

Dave’sneweventisillustratedhere.

Aneventisadatastructurecontainingthetwohashesofthetwoeventsbelowitself(itsself-parentanditsother-parent).Inthiscase,theself-parentisDave’sfirstevent,andtheother-parentisBob’sfirstevent.

TheeventcanoptionallycontainzeroormoretransactionsthatDavewantstosendtothenetwork.Soaneventisacontainerfortransactions.Davealsoputsatimestampofwhenhecreatedtheevent.Hethendigitallysignsit.Whenthiseventisgossiped,thesignaturewillbesentalongwithit.


DavethensendsBoballhisevents(includingthenewonehejustcreated).Bobthencreatesaneweventrecordingthefacttheysynced,andincludingthehashesofthemostrecenteventbyhimselfandthemostrecenteventbyDave.


BobthenrandomlychoosesAlice,andsendsherall4eventsheknowsabout.Shecreatesanewone.


Thiscontinuesforever,growingadirectedacyclicgraphupwardsforever.

Thisisagraph connectedbycryptographichashes,soitiscalledahashgraph.

Eacheventcontainsthehashesoftheeventsbelowitandisdigitallysignedbyitscreator.Sotheentiregraphofhashesiscryptographicallysecure.Itcanalwaysgrow,buttheolderpartsareimmutable,asstrongasthecryptographichashandsignaturesystemused.


4

3

2

1

RoundCreated:

Itisusefultodefinearoundcreatedforeachevent.Achildneverhasaroundcreatedbeforeoneofitsparents.Soastimeflowsupwardinthediagram,theroundcreatedcanonlystaythesameorincrease.

Alaterslidewilldescribehowtheroundcreatediscalculated.Theimportantpointisthatassoonasyoureceiveaneventinasync,youcanimmediatelycalculateitsroundcreated.Andanyoneelsereceivingitwillcalculatethesamenumber.Guaranteed.

TECHNICALDETAIL:Thedefinitionis:theroundcreatedforaneventisRorR+1,whereRisthemaxoftheroundcreatedofitsparents.ItisR+1ifandonlyifitcanstronglyseeasupermajorityofroundRwitnesses.Thisisexplainedingreaterdetailinlaterslides.

SwirldsTechnicalReportSWIRLDS-TR-2016-02 9A B C D

A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

4

3

2

1

RoundCreated:

ThefirsteventthatAlicecreatesineachroundiscalledawitness.HerwitnessesarelabeledA1,A2,andA3here.Theothermemberscreatewitnessessimilarly.

Itispossibleforamembertohavenowitnessesinagivenround.

TECHNICALDETAIL:Itispossibleforamembertocheatbyforking,orcreatingtwoeventswiththesameselfparent.Inthatcase,theremightbetwowitnessesinthesameroundbythesamemember.Therearetheoremsprovingthatthiswon’tmatter.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Foreachwitness,weneedtodetermineifitisafamouswitness.Forexample,wewilldetermineifthewitnessB2isafamouswitness.

Thisisdonebyconsideringthewitnessesinthenextround.SothefameofB2willbedeterminedbyfirstconsideringthewitnessesA3,B3,C3,andD3.TheideaisforB2tocountasfamousifitisseenbymanyofthewitnessesinthenextround.

Thereisnowanelection,inwhicheachofthosewitnesseswillvote onwhetherB2isfamous.Therewillbeaseparateelectionforeverywitness,todetermineitsfame.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YES

ThewitnessA3cansee B2.Thatmeansthatthereisanentirely-downwardpathfromA3toB2.Inotherwords,B2isanancestorofA3.AndA3isadescendentofB2

A3canseeB2,soA3willvoteYESintheelectionforwhetherB2isfamous.

TECHNICALDETAIL:A3seesallitsancestorsexceptforthosecreatedbyamemberwhocreatedaforkthatisanancestorofA3.Inotherwords,A3canseeB2ifB2isanancestorofA3,andthecreatorofB2(whoisBob)didnotcreatetwoeventsXandYthatbothhavethesameself-parentandarebothancestorsofA3.So“seeing”isthesameas“ancestor”,exceptyoucan’t“see”cheaters.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

B3seesB2,soitvotesYES.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

C3seesB2,soitvotesYES.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

YES

D3seesB2,soitvotesYES.

AllfourwitnessesvotedYES,sowewouldexpectthatB2willbedeclaredtobefamous.Buttheelectionisn’toveryet!Anelectionisn’toveruntilthevotesarecounted.

Thevoteswillbecountedbythewitnessesinthefollowinground.SoB4willcountthevotes.AndD4willalsocountthevotes.

Thehashgraphdoesn’tyethaveanA4orC4.Butastimegoesonandmoregossipingoccurs,theremayeventuallybeanA4andC4,andthentheywillcountthevotes,too.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

YES

B4stronglysees:YES

B4willcollectthevotesfromeveryround-3witnessthatitstronglysees.Tostronglyseeawitness,itisn’tenoughfortheretobeasingledownwardpathtoit.Theremustbeenoughdifferentpathstoitsothattogether,thepathsgothroughasupermajorityofthepopulation.

Asupermajority isanynumberthatismorethantwothirdsofthepopulation.Inthisexample,thereare4membersinthepopulation,soany3ofthemconstituteasupermajority.

Inthisexample,B4isabletostronglyseeA3.TheredpathgoesfromB4toA3throughAliceandBob.ThegreenpathgoesthroughAlice,Bob,andDave.TherearenopathsfromB4thatgothroughCaroltogettoA3.Butthat’sOK,becauseAlice,Bob,andDavemakeupasupermajority.SoCarolisn’tneeded.Infact,thegreenpathalonewouldhavebeenenough.Theredpathwasn’tneeded.

So,B4canstronglyseeA3.Therefore,B4collectsthevotefromA3(whichisYES).


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

YES

B4stronglysees:YES,YES,

B4stronglyseesB3,becausetheredpathgoesthroughAliceandBob,andthegreenpathgoesthroughBobandDave.Inthiscase,bothpathswereneededtoreachthesupermajority.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

YES

B4stronglysees:YES,YES,YES,

B4stronglyseesC3,andsocollectsanotherYESvote.

TECHNICALDETAIL:ifapathstartsatBobandendsatCarol,thenitautomaticallycountsasgoingthroughBobandCarol.Inotherwords,theendpointsofthepatharecounted,too.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

YESYES

YES

YES

B4stronglysees:YES,YES,YES,YES

B4stronglyseesD3,andsocollectsanotherYESvote.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Atthispoint,B4hasreceivedYESnotesfromasupermajority,soB4decides thattheelectionresultisYES.ColorB2greentoshowthatitisnowfamous.Thatistheconsensusdecision.

IfB4hadseen3YESand1NO,itwouldstilldecideYES,becausethat’sasupermajority.

IfB4hadseen3YESvotesandnoothervotes(becauseitcouldn’tstronglyseeoneofthewitnesses),itwouldstilldecideYES,becausethat’sasupermajority.

WeneedforB4tostronglyseeasupermajorityofwitnesses,inordertoevenhaveachanceatdeciding.Therefore,weusethistodefinetheroundcreated.IfaneventXhasparentswithamaximumroundcreatedofR,thenthateventwillusuallyberoundR,too.ButifthateventcanstronglyseeasupermajorityofroundRwitnesses,thenthateventisdefinedtoberoundR+1,andsoisawitness.Inotherwords,aneventispromotedtothenextroundwhenitcanstronglyseeasupermajorityofwitnessesinthecurrentround.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

NONO

YES

NO

NowwerunanelectionforwhetherC2isfamous.

TheyellowpathshowsthatC3canseeC2,andsoC3votesyes.

TherearenodownwardpathsfromA3,B3,orD3toC2,sotheyallvoteNO.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

B4stronglysees:NO,NO,YES,NO

NONO

YES

NO

SinceB4stronglyseesallofA3,B3,C3,andD3,itwillthereforecollectvotesfromallofthem.

ThevotesareNO,NO,YES,NO.SoasupermajorityisNO.SoitdecidesNO.

Theelectionisover.C2isnotfamous.Coloritbluetoshowthatitisnotfamous.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Thereisatheoremthatifanywitnessisableto“decide”yesorno,thenthatistheresultoftheelection,anditisguaranteedthatallotherwitnessesthatdecidearegoingtodecidethesameway.

Inthisexample,B4wasabletodecidetheelection.IfithadcollectedvotesthatweremoreevenlysplitbetweenYESandNO,thenitwouldhavefailedtodecide.Inthatcase,wecanconsiderD4.IfD4alsofailstodecide,thenperhapsA4orC4mightdecide.

Ifnoneoftheround-4witnessescandecide,theneachofthemwillsimplyvoteinaccordancewiththemajorityofthevotestheycollected(votingYESincaseofatie).Inthatcase,itwillbeuptotheround-5witnessestocollectvotesfromtheround-4witnesses.Perhapstheround-5witnesseswillbeabletodecide.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Thevotingcontinuesuntiliteventuallyreachesaroundwheresomewitnesscandecidetheelection.

Thereisatheoremsayingthattheelectionwilleventuallyend(withprobabilityone)aslongasweaddinacoinroundevery10th roundofvoting.

Inacoinround,collectingasupermajoritycausesawitnesstomerelyvote(notdecide).Andanon-supermajoritycausesittovotepseudorandomly,byusingthemiddlebitofitsownsignatureasitsvote.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

6moreelectionsarerun.TheydecidethatA2,D2,A1,B1,C1,andD1areallfamous.

Innormaloperation,mosteventsarenotwitnesses,sothereisnoelectionformostevents.Andmostwitnessesaredeclaredfamouswithanalmost-unanimousvoteinthefirstroundofvoting.Somostelectionsdonotlastverylong.

Noticethatinthisexample,wehavenowdecidedthefameofeverywitnessinround2.Oncearoundhasthefamedecidedforallofitswitnesses,itispossibletofindtheroundreceivedandfindtheconsensustimestamp foranewsetofevents.

StartbyconsideringthegrayeventimmediatelybelowA2.

TECHNICALDETAIL:Ifamemberforks,theymighthavetwofamouswitnessesinthesameround.Inthatcase,neitherofthemareusedfurther.Onlytheremainingones(the“uniquefamouswitnesses”)areusedtodetermineroundreceivedandconsensustimestamp.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Thiseventcanbeseenbyeveryfamouswitnessinround2.Thered,green,andbluepathsshowhowA2,B2,andD2,respectively,canallseetheblackevent.

Thismerelyrequiresseeing,notstronglyseeing.

Thisonlyrequiresseeingbythefamouswitnesses.Itdoesn’tmatterwhetherC2canseetheblackevent,becauseC2isnotfamous.

Sincetheblackeventisseenbyallofthefamouswitnessesinround2(butnotinanyearlierround),itissaidtohavearoundreceived of2.

TECHNICALDETAIL:wedon’tneedtolimitourselvesto“seeing”.Itissufficienttousethe“ancestor”relationshipinstead.Inotherwords,atthisstep,wedon’tworryaboutforking.


A2

A3

B1

B2

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

Theconsensustimestampoftheblackeventcanbefoundasfollows.

FindtheearliesteventXbyAlicethatisanancestorofA2andadescendentoftheblackevent.

Similarly,findtheearliesteventYbyBobthatisanancestorofB2anddescendentoftheblackevent.AndsimilarlyforeventZbyDave.

TakethetimestampsontheeventsX,Y,Zthatwereputinthoseeventsbytheircreators.Sortallofthetimestampsinorder.Takethemiddleonefromthelist(orthesecondofthetwomiddleones,ifthereareanevennumberofthem).Thismediantimestampistheconsensustimestampfortheblackevent.


A2

A3

B1

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

B2

NowconsiderthegrayeventbelowB2.ItisseenbyB2,butnotseenbyA2orD2.Soitwasnotseenbyallthefamouswitnessesinround2.Soitsreceivedroundwillbelaterthanround2.Leaveitcoloredgraytoindicatethatitdoesn’tyethaveareceivedround.


Continuing,wefindconsensusforthe6blackeventsandthe4darkgreenevents.Thesearethe10eventsthathavearoundreceivedof2.Weneedtosortthese10eventsintoanorderthatallmemberswillagreeon.Thisagreedorderistheconsensusorder.

Thisisdonebysortingthembyroundreceived.

Tiesarebrokenbysortingbythemediantimestamp(whichistheconsensustimestamp).

Furthertiesarebrokenbysortingbytheextendedmedian(whichlooksatmorethanjustthemiddleelementofeachlist).

Furthertiesarebrokenbysortingthembytheirsignatures,afterallthesignatureshavebeenXORedwithapseudorandomnumber.ThepseudorandomnumberforagivenroundreceivedisfoundbyXORingthesignaturesofallthefamouswitnessesinthatround.

A B C D

A2

A3

B1

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

B2


ThispictureisascreenshotfromtheHashgraphDemoappthatispartoftheSwirldsSDKthatcanbedownloadedfromSwirlds.com.

Thisscreenshotcamefromrunningitinslowmodewith4members,withthecheckboxcheckedtoshowtheroundcreated.

Thisscreenshotshowsthepartofthehashgraphfromaboutround100to105.Theexampleisaslightly-modifiedversionofthetophalfofthisscreenshot.

A B C D

A2

A3

B1

B3

B4

C1

C2

C3

D1

D2

D3

D4

A1

B2

Hashgraph : An over view with example

Technology

Transcript of Hashgraph : An over view with example