Radix - Tempo · PDF fileRadix - Tempo Monday 25th September ... , by providing the ability to...
Transcript of Radix - Tempo · PDF fileRadix - Tempo Monday 25th September ... , by providing the ability to...
1
Radix-Tempo
Monday25thSeptember,2017
DanHughes
www.radix.global
Abstract
In this paperwe present a novelmethod for implementing aDistributedLedger that preserves total order of events allowing for the trust-lesstransfer of value, timestamping andother functionality. It is suitable forbothpublicandprivatedeployments,withoutmodification,andrequiresnospecialhardwareorequipment.
IntroductionInJanuary2009,SatoshiNakamotointroducedthefirstsuccessfulimplementationofapermission-lessandtrust-lessDistributedLedgerTechnology(DLT),theBlockchain.Itprovidedasecure,reliableand decentralized method to timestamp events, providing total order, without the need foroverarching3rdpartyregulationortrustedentities.TheabilitytotimestampeventsinsuchamannerallowedSatoshitosolvethe“doublespend”problemandimplementtheconceptofadigitalcurrency.ThismanifestedasthedigitalcurrencyBitcoin[1].
Bitcoin,anditssuccess,hasinspiredotherstotakeSatoshi’sblockchainandapplyitinmanyinnovativeways. Ethereum is a notable example, first proposedbyVitalik Buterin [2] in late 2013, it allowsarbitrary Turing-complete logic to be executed upon a blockchain, facilitating smart applications,contracts,andevenautonomousorganizationstoexistandfunctioninadecentralizedenvironment.
However, blockchain implementations have several challenges, including scalability, efficiency andsecurity. These are now beginning to hinder its progression into the mainstream. Alternativearchitectureshavebeendeveloped,themostnotableofwhichbeingaDAG(DirectedAcyclicGraph),andwhileaDAGprovidessomeimprovements,atsufficientscaletheytoosuccumbtomanyofthesameproblemsasBlockchain.
Amethodisneededforreachingtrust-lessconsensus,acrossadistributedledger,thatcanscaleinanefficient, unbounded linear fashion. In this paper, we propose a solution to the double-spendingproblemusingapeer-to-peernetworkofnodeswithlogicalclockstogenerateatemporalproofofthechronologicalorderofevents.Thesystemissecureprovidingnodeswithahistoricalrecordofthegeneratedtemporalproofscanparticipate.
Further,byprovidingtheabilitytoexecutearbitraryscripts,afullyexpressive,Turingcomplete,statechangesystemmaybebuiltonthenewconsensusparadigm.However,thispaperdoesnotdealwiththedeveloperenvironmentfordecentralisedapplicationsonRadix,whichwillbeexploredindetailinalaterpaper.
2
RadixTempoTheTempoLedgerconsistsofthreefundamentalcomponents:
• Anetworkedclusterofnodes• Agloballedgerdatabasedistributedacrossthenodes• Analgorithmforgeneratingacryptographicallysecurerecordoftemporallyorderedevents.
An instanceofTempo is calledaUniverse andanyeventwithinaUniverse, suchasamessageortransaction,isrepresentedbyanobjectcalledanAtom.
AllAtomscontainatleastoneend-pointdestination,representedbyanend-pointaddress.End-pointaddresses are derived from an identity, such as a user’s public key and are used to route eventsthroughthenetwork.
AtomsgenerallytaketheformofeitherPayloadAtomsorTransferAtoms.AnexampleofaPayloadAtomisacommunication,senttooneormoreparties,likeanemailoraninstantmessage.TransferAtomsareusedtotransfertheownershipofanitem,suchascurrency,toanotherparty.
AtomsmayalsocontainotherAtoms,aswellasvariousotherdata,dependingontheirpurpose.Thisextradatamightincludeconditionaldestinations,owners,participants,associationsandapplicationmeta-data.ExoticAtomvariantscanbecreatedforspecificapplicationpurposesifrequired.
Figure1:StandardAtomtypes&basicstructure
ClientsmaycreateandsubmitAtomstothenetworkviaanynodeit isconnectedto. AsubmittedAtom is then processed by the network and, if valid, a Temporal Proof is constructed for, andassociatedwith,thatAtomfromthatpointforward.
Temporeliesheavilyoneventualconsistencytoachieveatotalorderingofevents.
LedgerArchitectureThe Tempo ledger is a distributed databasewhich stores all Atoms that exist in aUniverse. It isdesignedtobehorizontallyscalable,supportssemi-structureddata,andcanupdateentries.
Alocalledgerinstanceoperatingonanodecanbeconfiguredtostoreall,orpart,ofthegloballedger.Asub-setofthegloballedgerisknownasashard.Thetotalshardspaceisconfigurableper
3
Universe,butisimmutableoncedeployed.Nodescanre-configuretosupportanysub-setoftheshardspace,helpingtoensurethattheUniversecanhandlelargeloadrequirementswithoutrequiringexpensivehardwaretooperateanode.Critically,thisenablesperformanceconstrainedIoTdevicestoparticipateasfirst-classcitizensinaUniverse. ShardingisafundamentaldesignfeatureofRadix,whichimpliesarobustapproachforguaranteeingthatAtomsareinthecorrectshards,andanefficientmethodfordeterminingwhichnodeswillretaincopiesofwhichAtoms.
ConsideringthatallAtomsmusthaveat leastoneend-point in theirdestinations,wecanderiveashardIDusingthedestination,truncatedtotheshardspacedimensionsviaamodulooperator.SomeAtoms, such as Transfer Atoms, may havemultiple destinations and therefore will be present inmultipleshards.
This is by design, as an Atom that is present in multiple shards increases the redundancy andavailabilityofthatAtom.AfurtherbenefitisthatanyAtomthatperformsaninter-shardtransferispresentinboththepreviousowner’sandnewowner’sshards.This,inpart,eliminatestheneedforaglobalstateandmitigatesanyexpensiveinter-shardstateverificationoperationsneededtoprevent“doublespends”.
TransfersWhilePayloadAtomsare relatively simple, comprisingof somearbitrarydata,destination/sandasignature,TransferAtomsaremorecomplex.
AnowneditemisrepresentedbyaConsumable.OwnershipisdefinedasasequenceofConsumables,whichprovideanauditablehistoryofownersovertime.Consumablesareasub-classofAtom.
TotransferownershipofanItem(α)containedinAtom(αn)toBob,AlicecreatesaConsumer(αX),whichreferencestheConsumable(αn)thatspecifiesherasthecurrentownerandsignsitwithheridentity.Consumersarealsoasub-classofAtom,andidentifyaConsumablethatistobe“consumed”.
ShealsocreatesanewConsumable(αX),whichcontainstheItem(α)beingtransferred,alongwiththeidentityofthenewowner:Bob.
TheConsumerandConsumablearepackagedintoanewAtom(αX)andsubmittedtothenetworkforverification.
Figure2:OwnershipTransfer
4
Anynode that receivesAlice’sAtom(αX) cannow trivially validate thatAlice is indeed the currentownerofItem(α).ThisisperformedbyvalidatingthesignatureofthesubmittedConsumer(αX)againsttheownerinformationpresentinthelastconsumableforItem(α)heldinthenode’slocalledger.Ifthe signature successfully validates, then Alicemust be the current owner. The transferwill thenexecuteandBobbecomesthenewowner.
SometransferoperationsmayrequirethatItem(α)isnottransferredinitsentirety,suchascurrency.Consumablescanbeconfiguredtoallowpartialtransfersofanitem,iftheitemspecificationallowsit.InthisinstanceAlicewouldcreatetwoConsumables,onetoBobfortheprinciple,andanotherbacktoherselffortheremainder.
Similarly, multiple Consumersmay be used to referencemany Consumables owned by Alice andtransferthemalltoBobinoneexecution,thusguaranteeingatomicityandreducingnetworkload.
InformationDeliveryTo ensure swift delivery of events to all nodes in a shard, Tempo employs a Gossip protocol tocommunicateinformationaroundthenetwork.Gossipprotocolshaveproventobeanefficientandreliablemeansofachievingmasspropagationofinformationinapeer-to-peernetwork.
Nodesbroadcastinformationabouttheirconfiguration,suchasasetofshardstheywishtoreceiveevents and state information for, and any network services they may offer (such as relay anddiscovery)allowingfurtheroptimizationofinformationdelivery.Theymayalsobroadcastmetadataabout the other peers they are connected to, further assisting in the routing of information andevents.
Nodeswithinthenetworkadopta“besteffort”approachtokeepingtheirlocalledgersuptodateviatheactivesynchronizationandgossipprotocols.WhenreceivinganAtomviaanyofthesemeans,anode will perform validation of the Atom against its local ledger. If a provable discrepancy isdiscovered,anodecancommunicatethisinformationtoitsneighbouringnodesallowingthemtoactandresolvethediscrepancy.
Thoughreliable,thisapproachwillundoubtedlyleadtooccasionswhereeventsaremissedandthestateofanitemmaybeincorrect insomelocal ledgerinstances. Toresolvetheseinconsistencies,nodesrelyondetectablecausalhistoryanomaliestriggeredbyevents. Theycanthenqueryothernodestoobtainmissinginformationandachieveeventualconsistencywiththerestofthenetworkregardinganeventanditssubsequentstate.
For example, Node(N) receives an Atom(αn) that results in an inconclusive validation procedure,perhapsduetoareferencetoConsumable(αn)thatNode(N)doesnothave.Node(N)canthenqueryits neighbouring nodes to return any dependency Atom/s that reference Consumable(αn) andrevalidate.Node(N)nowhasconsistentstateforConsumable(αn).
EventAvailabilityForAtomstobevalidatedcorrectly,theyneedtoberoutedtothenodesthatcontaintheassociatedshardsallowingthecausalhistoryofanyConsumables,stateandotherinformationtobeverified.
End-pointdestinationsprovidetherequiredroutinginformationtoensurethatAtomsarereceivedbyappropriatenodesviathegossipcommunicationslayer.
5
ConsidertheexampleofAlicetransferringItem(α)toBob.Aliceincludedherend-pointdestination,which indicates she is transferring from Shard(1), and includedBob’s end-point destinationwhichindicatessheistransferringtoShard(3).
NodesstoringShard(1||3)needtobeawareoftheeventof;Alice’sspend;Bob’sreceipt;andofthestateofItem(α)ineachshard.Posttheevent,nodesstoringShard(1)nolongerneedtobeawareofanyfuturechangestothestateofItem(α)(unlessitissentagaintoShard(1)).TheresponsibilityofItem(α)’sstatehastransferredtoanynodesstoringShard(3).IfBobshouldthenspendItem(α)toanownerinanothershard,theresponsibilityofmaintainingthestateofItem(α)willonceagainchange.
Figure3:GossipofAtom(αX)targetingShards(1,3)
Processingonlyeventsthataffectstatewithinanode’ssub-setofthegloballedger,andtheshiftingresponsibilityofstatemaintenance,greatlyreducestotalstateprocessingoverhead.ThisiskeytothescalingperformanceofTempo.
LogicalClocksThe foundation of Tempo consensus is based around Logical Clockswhich are a simplemeans ofprovidingarelative,partialorderingofeventswithinadistributedsystem[3].
WithinTempo,allnodeshavealocallogicalclock;anever-increasingintegervaluerepresentingthenumberofeventswitnessedbythatnode.Nodesincrementtheirlocallogicalclockwhenwitnessinganeventwhichhasnotbeenseenpreviously.Uponstoringaneventthenodealsostoresitscurrentlogicalclockvaluewithit.Thisrecordcanthenbeusedtohelpvalidatethetemporalorderofpasteventsifrequired.
OnlythereceiptofanAtomthathasnotbeenpreviouslywitnessedbythatnodemaybeclassedasan“event”foranygivennodewithinTempo.
6
TemporalProofProvisioningAUniverseissplitintoShards,wherenodesarenotrequiredtostoreacompletecopyofthegloballedgerorstate. However,withoutasuitableconsensusalgorithmthatallowsnodestoverifystatechanges across the shards theymaintain, “double spending”would be a trivial exercise,where adishonestactorcouldspendthesameitemontwodifferentshards.
TemporalProofsprovideacheap,tamperresistant,solutiontotheaboveproblem.
Beforeaneventcanbepresentedtotheentirenetworkforglobalacceptance,aninitialvalidationoftheeventisperformedbyasub-setofnodeswhich,ifsuccessful,resultsin:ATemporalProofbeingconstructed and associated with the Atom, and a network wide broadcast of the Atom and itsTemporalProof.
UsingAlice’stransferofItem(α)toBobasanexample,theprocessstartswithAliceselectinganodesheisconnectedto,Node(N),andsubmittingAtom(αX)requestingthataTemporalProofofaspecificlengthbecreated.
Upon receiving the request, Node(N) will, if it is storing either Alice’s or Bob’s shard, perform avalidationof theAtom(αX). Inthecaseof ithavingacopyofShard(1) forAlice, itwillensurethatItem(α)hasn’tbeenalreadyspentbyAlice.
Ifanyprovablediscrepancyisfound,suchasItem(α)beingalreadyspentbyAlice,ortheAtomisbadlyconstructed,processingoftheAtomwillfail.
Otherwise,Node(N)willdetermineasetofdirectlyconnectednodeswhicharestoringeitherShard(1||3),selectoneatrandom,andforwarditthesubmissionrequest.
Ifasuitablenodeisnotfound,Node(N)willsearchthroughitsnodegraphandassociatedmetadatatodiscoverviablerelay/swithconnectionstonodesmaintainingShard(1||3).
AfterNode(N)discoversasuitablecandidate,Node(P),itwillappendaspace-timecoordinate(l,e,o,n)andasignatureofHash(l,e,o,n)totheTemporalProof(creatinganewoneifnoneisyetpresent).WherelisNode(N)’slogicalclockvaluefortheevent,oistheIDoftheobserverNode(N),nistheIDofNode(P),andeistheeventHash(Atom).Node(N)willthentransmittheAtom(αX)andthecurrentTemporalProoftoNode(P).
Figure4:TemporalProof
7
UponreceivingthesubmissionfromNode(N),Node(P)willalsovalidateAtom(αX),andifsuccessful,will select a subsequentnode to forward the submission to, append its (l, e, o, n) coordinateandsignaturetotheTemporalProofandtransmitAtom(αX)andtheProoftothenextnode.
TheprocessrepeatsuntiltherequirednumberofnodeshaveparticipatedintheTemporalProoforaprovablediscrepancyisdiscoveredbyanynodeinvolvedintheprocess.
Figure5:TemporalProofprovisioningandgossipofAtom(αX)
TemporalProvisioningofAtom(αX)intheaboveexamplewillproducethefollowingcoordinates:
LogicalClock Event Observer NextObserver25 Hash(Atom(αX)) Node(N1) Node(N2)84 Hash(Atom(αX)) Node(N2) Node(N5)13 Hash(Atom(αX)) Node(N5) Node(N4)105 Hash(Atom(αX)) Node(N4) ---
ProvisioningEfficiencyThelengthofaTemporalProofdefineshowmanynodesshouldbepartoftheprovisioningprocess.A length that is tooshort reduces theefficiencyof resolvingconflictsbetweenAtomsshould theyarise,andmayresultinanAtomnotbeingcorrectlyverified,requiringittoundergotemporalorderdeterminismateachnode. Lengths thatarevery longunnecessarily increase thebandwidth loadwithinthenetwork,aswellasthetimetakenforanAtomtobecomefinal.
Once the Temporal Proof length has been determined, if the Atom being transmitted has anydependenciesorConsumables,thenetworkcanalsooptimisenodeselectiontoimprovethefuturespeedofverifyingthattransfer.Thisisbecauseanauditablecausalhistorycaneasilybecreatedifa
8
node thatwas involved in validating a previous transaction, uponwhich this transaction relies, isincludedinthenewtemporalproof.
In simple terms, if Alice sends Item(α) to Bob, and Bob then sends Item(α) to Carol, it is highlybeneficialfornetworkefficiencyifoneofthenodesthatwereinvolvedincreatingtheTemporalProoffortheAlice->BobtransferisalsopartoftheTemporalProoffortheBob->Caroltransfer.
Achieving Temporal Proof causal history is relatively simple: if, when taking part in TemporalProvisioning,anycandidatenodesavailabletoNode(N)arealsopartoftheTemporalProofofanydependenciesofAtom(αn),Node(N)willselectatrandomoneofthoseasapriorityifnotalreadypartoftheTemporalProvisioningforAtom(αX).
ToincreasethelikelihoodofcreatingaTemporalProofwiththeseproperties,thelengthisagainanimportantfactor.Formostpurposes,log(n)*3orMax(3,sqrt(n))shouldbesufficient,wherenisanestimatedsizeofthenodespresentinthenetworkatthattime.
VectorClocksIntheeventofaconflict(e.gdoublespend)oranomalybetweentwoevents,the(l,e,o,n)coordinatesofaTemporalProofmaybeusedtoconstructavectorclock[4]usingtheLogicalClock(l)componentofeach.OneormorevectorclockscanthenbeusedtodeterminethepartialorderoftheassociatedAtoms.
Giventwovectorclocks,fortwoAtomsαXandαY,oftheformVC(αX)andVC(αY),wherethelogicalclockvalueforthecorrespondingeventofeachNode{A,B,D,F,G,L,P}islaidoutinthearraybelow:
VC(αX) VC(αY)A 5 B 10D 12 G 7F 34 L 47P 17 P 24
ItistrivialtodeterminethattheAtomassociatedwithVC(αX)waspresentedfirsttothenetwork,asbothvectorclockshaveacommonNode(P)whoselogicalclockvalueinVC(αX)islessthaninVC(αY).
Vectorclocksfollowasimplerulesettodetermineorder,where;VC(αX)islessthan(orbefore)VC(αY)ifVC(αX)ZislessthanorequaltoVC(αY)ZandwhereatleastoneVC(αX)ZisstrictlysmallerthanVC(αY)Z
Vectorclockcomparisonsprovideasimpleandefficientmethodtodetermineorderinmanycasesofconflictwithoutrequiringtheuseofmoreexpensivemeans.However,shouldapairofvectorclocksnot contain a common node between them, they are said to be “concurrent”, and an additionalmechanismisrequiredforthesesituations.
TemporalProofPathforeachtransferofItem(α) Alice->Bob Bob->Carol Carol->Dan Dan->Frank
Nod
eID A F J N
B G K JC B L OD H M PE I F Q
9
GiventwoconcurrentvectorclockswhichNode(N)hasreceived:
VC(αX) VC(αY)A 5 B 10D 12 G 7F 34 L 47S 17 V 24
TodeterminewhichistheearlierTemporalProof,Node(N)hastwomechanismsavailabletoit.
Thefirstmechanismreferencesthenodeslocalledger,whichitcantrusttoreturnhonestinformationregardingtheeventsithasseenthusfarandnotsubvertthetruth.
ThenodesearchesforeventsafterVC(αX)which{A,D,F,S}wereinvolvedinandattemptstodiscovernodes{B,G,L,V}fromVC(αY)thatarepartofthoseTemporalProofsandcomparethelogicalclockvalues.
Shouldthenodediscoverwithinitslocalledgeraneventwhichhasavectorclockoftheform:
VC(αZ)J 60S 19T 20V 22
ThetemporalorderofVC(αX)andVC(αY)canberesolvedduetoSandVbeingpresent.ThelogicalclockforNode(S)inVC(αZ)isgreaterthaninVC(αX),thereforeVC(αZ)wascreatedafterVC(αX).Thelogicalclock forNode(V) inVC(αZ) is less than inVC(αY), thereforeVC(αX)andVC(αZ)werecreatedbeforeVC(αY).
Should the initial search not provide any results, event vector clocks can be linked together in asequencetoincreasethelikelihoodofdiscoveringthesolution.IfVC(αZ)containedonlyNode(S)butnonodesfromVC(αY),thenodecouldextendthesearchtoincludetheothernodespresentinVC(αz).
VC(αZ) VC(αn)J 60 J 62S 19 Q 32T 20 S 21W 84 V 22
Resolvingconcurrenteventsinthismannerissimple,fast,efficientandindependentofanyfurtherexternal information being required at the time of validation. It is sufficient to resolve a largepercentageofconcurrenteventsprovidingthatthenodeisanactiveparticipantandisstoringoneormoreshardsrelevanttotheconflict.
Ifaresolutionisnotavailableatthetimeofconflict,Node(N)willstorebothAtom(αX)andAtom(αY)initslocalledger,markingthemaccordingtowhichitsawfirst,andemployasecondeventorderingmechanism:CommitmentOrderDetermination.
Forlightnodesstoringonlytheirownevents,suchasIoTdevices,commitmentsaretheonlywayinwhichtheycandetermineorder.
10
CommitmentsTo assist with total order determination of events, nodes declare to the network a periodiccommitmentofalleventstheyhaveseen.
ThiscommitmentisproducedeitherwhenanodetakespartinTemporalProvisioningforanevent,oratwilloveranarbitraryinterval.AcommitmentisaMerkleHash[5]constructedfromtheeventsanode has witnessed since submitting a previous commitment, with the first leaf being the lastcommitmentanodesubmitted,producingalinkedsequenceofcommitmentsovertime.
Figure6:CommitmentSequence
IfthenodeistakingpartinaTemporalProvisioningprocess,thecommitmentisincludedinanode’sTemporal Coordinate as c, resulting in the extended space-time coordinate (l, e, o, n, c). Thecommitmentistamperproofasthecoordinatesaresignedbytheproducingnodes.
Figure7:TemporalProofwithcommitment
Anodemayberequestedtoprovideinformationtoenableverificationofanycommitments ithasproduced at any time. They should deliver all the relevant Atomhashes to the requesting node,allowing it to reconstruct the commitment hash and verify. Requesting nodes can then takeappropriateactionintheeventofafraudulentcommitmentbeingdetected.
This uncertainty ofwhen a commitment verificationmay be requested also prevents nodes fromtamperingwiththeirlogicalclockvalues,asallcommitmentshavealogicalclockvalueassociatedwiththemandsotamperingiseasilydetectable.
11
Forexample,ifthevalueoflforCommitment(1)was100andthevalueoflforCommitment(2)was200,thenCommitment(1)shouldcontain100items.Ifarequestingnodeisnotreturned100hasheswhenverifying,tamperingofthelogicalclockmayhaveoccurred.
Commitments are also used to provide a secondary mechanism to determine temporal order ofevents;Node(N)hasreceivedAtom(αY)thatconflictswithanAtom(αX).Node(N)contactsoneofitsneighbours, Node(P), and queries it for any commitment information corresponding to Atom(αX).Node(P)respondswith:itscommitmentforAtom(αX);asetofAtoms(βS)whichwerewitnessedafterAtom(αX)withinthesamecommitment;itslogicalclockvaluesforAtom(αX)andAtoms(βS);andtheleavesoftheMerkleHash.WiththisinformationNode(N)canverifythelogicalclockvaluesofthereturnedAtoms,theintegrityofthecommitment,andthatthereturnedAtomsarepartofit.
Figure8:CommitmentValidation
OncethisinformationhasbeenobtainedfromNode(P),Node(N)canqueryNode(Q)whichdeliveredAtom(αY). ItrequeststhatNode(Q)returncommitmentand logicalclock informationforAtom(αY)andanyoftheAtoms(βS),aswellastheleavesoftheMerkleHashallowingNode(N)toverify.
Node(P)LogicalClock Node(Q)LogicalClockAtom(αX) 45 Atom(αY) 465Atom(βS1) 46 Atom(βS2) 47 441Atom(βS3) 48
Therefore,αxhappenedbeforeαY
Aswenowhave commitment and logical clock values, resolution is simple: Atom(αX)wasbeforeAtom(αY) if any Atoms(βS) returned by Node(P) are present within a commitment delivered byNode(Q),wherethe logicalclockvalueofanyAtom(βS) fromNode(Q) is less thanthe logicalclockvalueofAtom(αY)forNode(Q).
IfAtom(αX)was the lastwithinacommitment,Node(P)mayreturnasubsequentcommitment,orNode(N) can contact another neighbour. The likelihood of Atom(αX) being the last within allcommitmentsforallnodesisinfinitesimal.
ShouldNode(Q)nothaveanyoftheAtoms(βS)availableinitslocalledger,Node(P)canqueryotherneighbouringnodesaboutAtom(αY)viathesameprocess.
12
Ifaresolutionisnotavailableatthatthetimeoftheconflict,Node(N)willstoreAtom(αX)andAtom(αY)in its local ledger,markingthemaccordingtowhichitsawfirst,untilaresolutionisdeterminedordiscovered.
ConclusionThispaperhasproposedamethodfordeterminingtotalorderofeventswithinadistributedsystem,without relying on trust, that is scalable, efficient and agnostic to its operating environment. Toreduceoverheadandincreaseperformance,oursolutiondefinesastructured,shardablearchitecturethatlimitsstatetransferinformationtoonlymembersofthenetworkthatneedit.Apeer-topeernetworkprovides themeans for communicationand information routingviaa reliableand robustgossipprotocol. Nodesmaintainalogicalclockwhenwitnessingeventsandperiodicallyproduceatamper-proofcommitmentrepresentingthoseevents.Whenwitnessingevents,nodescollaboratetocreateTemporalProofswhichcontainverifiablespace-timecoordinateswhichareusedtoconstructvectorclocksanddeterminewhenaneventwasfirstseenbythenetwork.Nodescanjoinandleavethenetworkatwillandrelyondetectableconsistencyanomaliestosynchronizeandbringthemuptodate.
References
[1]S.Nakamoto,“Bitcoin:APeer-to-PeerElectronicCashSystem,”2008.[Online].Available:https://bitcoin.org/bitcoin.pdf.
[2]V.Buterin,2014.[Online].Available:https://ethereum.org/pdfs/EthereumWhitePaper.pdf.
[3]L.Lamport,“Time,Clocks,andtheOrderingofEventsinaDistributedSystem,”1978.[Online].Available:http://lamport.azurewebsites.net/pubs/time-clocks.pdf.
[4]C.J.Fidge,“TimestampsinMessage-PassingSystemsthatpreservethePartialOrdering,”1988.[Online].Available:http://zoo.cs.yale.edu/classes/cs426/2012/lab/bib/fidge88timestamps.pdf.
[5]R.C.Merkle,“MerkleTree,”1979.[Online].Available:https://en.wikipedia.org/wiki/Merkle_tree.