Domů Procházet Nápověda
Přihlásit se
Delease
/
Blocktree
2
0
Rozštěpit 0
Soubory Úkoly 7 Pull Requesty 0 Wiki
Strom: 3abce1fcc5
Větve Značky
Blocktree
/
doc
/
Paper
/
Paper.tex

Paper.tex 8.7 KB
Historie Surový

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140 
  1. \documentclass{article}
    2. 

  2. \usepackage{amsfonts,amssymb,amsmath}
    3. 

  3. \usepackage[scale=0.75]{geometry}
    4. 

  4. \usepackage{hyperref}
    5. 

  5. 

  6. \title{Blocktree \\
    7. 

  7. \large A platform for distributed computing.}
    8. 

  8. \author{Matthew Carr}
    9. 

  9. \date{May 28, 2022}
    10. 

  10. \begin{document}
    11. 

  11. \maketitle
    12. 

  12. \begin{abstract}
    13. 

  13. Blocktree is a platform which aims to make developing reliable distributed systems easy and safe. 
    14. 

  14. It does this by defining a format for data stored in the system, a mechanism for replicating
    15. 

  15. that data, and a programming interface for accessing it. It aims to solve the difficult problems
    16. 

  16. of cryptographic key management, consensus, and global addressing so that user code can focus on
    17. 

  17. solving problems germane to their application.
    18. 

  18. \end{abstract}
    19. 

  19. 

  20. \section{Introduction}
    21. 

  21. (Do I need this?)
    22. 

  22. 

  23. \section{An Individual Blocktree}
    24. 

  24. The atomic unit of data storage and privacy and authenticity guarantees is called a block. A
    25. 

  25. block contains a payload of data. Confidentiality of this data is achieved by encrypting it using 
    26. 

  26. a symmetric cipher using a random key. This random key is known as the block key.
    27. 

  27. The block key is encapsualated using
    28. 

  28. a public key cipher and the resulting cipher text is stored in the header of the block. Thus
    29. 

  29. only the person possessing the corresponding private key will be able to access the contents of
    30. 

  30. the block. Blocks are arranged into trees, and the parent of the block also has a block key.
    31. 

  31. The child's block key is always encapsulated using the parent's key and stored in the block
    32. 

  32. header. This ensures that if a principal is given access to a block, they automatically have
    33. 

  33. access to every child of that block. The encapsulated block key is known as a read capability,
    34. 

  34. or readcap, as it grants the holder the ability to the block.
    35. 

  35. 

  36. Authenticity guarantees are provided using a digital signature scheme. In order to change the
    37. 

  37. contents of a block a data structure called a write capability, or writecap, is needed. A
    38. 

  38. writecap is approximately an x509 certificate chain. A writecap contains the following data:
    39. 

  39. \begin{itemize}
    40. 

  40. \item The path the writecap can be used under.
    41. 

  41. \item The principal that the writecap was issued to.
    42. 

  42. \item The timestamp when the writecap expires.
    43. 

  43. \item The public key of the principal who issued the writecap.
    44. 

  44. \item A digital signature produced by the private key corresponding to the above public key.
    45. 

  45. \item Optionally, the next writecap in the chain.
    46. 

  46. \end{itemize}
    47. 

  47. The last item is only excluded in the case of a self-signed writecap, i.e. one that was signed by
    48. 

  48. the same principal it was issued to. A writecap is considered valid for use on a block if all
    49. 

  49. of the following conditions are true:
    50. 

  50. \begin{itemize}
    51. 

  51. \item The signature on every writecap in the chain is valid.
    52. 

  52. \item The signing principal matches the principal the next writecap was issued to for every
    53. 

  53. write cap in the chain.
    54. 

  54. \item The path of the block is contained in the path of every writecap in the chain.
    55. 

  55. \item The current timestamp is strictly less than the expiration of all the writecaps in the
    56. 

  56. chain.
    57. 

  57. \item The principal corresponding to public key used to sign the last writecap in the chain,
    58. 

  58. is the owner of the blocktree.
    59. 

  59. \end{itemize}
    60. 

  60. The intiution behind these rules is that a writecap is only valid if there is a chain of trust
    61. 

  61. that leads back to the owner of the block tree. The owner may delegate their trust to any number
    62. 

  62. of intermediaries by issuing them writecaps. These writecaps are scoped based on the path
    63. 

  63. specified when they are issued. These intermediaries can then delegate this trust as well.
    64. 

  64. A block is considered valid if it contains a valid writecap, it was signed using the key
    65. 

  65. corresponding to the first writecap's public key, and this signature is valid.
    66. 

  66. 

  67. Blocks are used for more than just orgnaizing data, they also organize computation. A program
    68. 

  68. participating in the blocktree network is referred to as a node. Multiple nodes may be run on
    69. 

  69. a single computer. Every node is attached to the blocktree at a specific path. This information
    70. 

  70. is recorded in the block where the node is attached. A node is responsible for the storage of
    71. 

  71. the block where it is attached and the blocks that are descended from this block, unless there
    72. 

  72. is another node attached to a descendent block.
    73. 

  73. In this way data storage can be delegated, allowing
    74. 

  74. the system to scale. When more than one node is attached to the same block they form a cluster.
    75. 

  75. Each node in the cluster contains a copy of the data that the cluster is reponsible for. They
    76. 

  76. maintain consistency of this data by running the Raft consensus protocol.
    77. 

  77. 

  78. \section{Connecting Blocktrees}
    79. 

  79. In order to allow nodes to access blocks in other blocktrees, a global ledger of events is used.
    80. 

  80. This ledger is implemented using a proof of work (PoW) blockchain and a corresponding 
    81. 

  81. cryptocurrency known as blockcoin. Nodes mine chain blocks (not to be confused with the tree 
    82. 

  82. blocks we've been discussing up till now) in the same way they do in other PoW blockchain
    83. 

  83. systems such as BitCoin. The node which manages to mine the next chain block receives a reward,
    84. 

  84. which is the sum of the fees for each event in the chain and a variable amount of newly minted
    85. 

  85. blockcoin. The amount of new blockcoin created by a chain block is directly proportional to the
    86. 

  86. amount of data storage events contained in the chain block. Thus the total amount of blockcoin
    87. 

  87. in circulation has a direct relationship to the amount of data stored in the system, reflecting
    88. 

  88. the fact that blockcoin exists to provide and accounting mechanism for data stored in the system.
    89. 

  89. 

  90. When a node writes data to a tree block, and it wishes this block to be globally accessible, then
    91. 

  91. it produces what are called fragments. Fragments are the output symbols from an Erasure Coding
    92. 

  92. algorithm (such as the RaptorQ code). These algorithms are a class of fountain codes which have
    93. 

  93. the property that only $m$ out of $n$ (where $m < n$) symbols are needed to reconstruct the
    94. 

  94. original data. Such a code ensures that even if some of the fragments are lost, as long as $m$
    95. 

  95. remain, the original data can be recovered.
    96. 

  96. 

  97. Once these fragments have been computed an event is created for each one and published to the
    98. 

  98. blockchain. This event indicates to other nodes that this node wishes to store a fragment and
    99. 

  99. states the amount of blockcoin the node will pay to the first node that accepts the offer. When
    100. 

  100. another nodes wishes to accept the offer, it directly contacts the first node, who then sends 
    101. 

  101. it the fragment an publishes and event stating that the fragment is stored with the second 
    102. 

  102. node. This event includes the path of the block the fragment was computed from, the fragment's 
    103. 

  103. ID (the sequence number from the erasure code), and the principal of the node which stored it.
    104. 

  104. Thus any other node in the network can use the information contained in these events to
    105. 

  105. determine the set of nodes which contain the fragments of any given path.
    106. 

  106. 

  107. In order for nodes to be able to conntact other nodes, a mechanism is required for associating
    108. 

  108. an internet protocol (IP) address with a principal. This is done by having nodes publish events
    109. 

  109. to the blockchain when their IP address changes. This event includes their new IP address,
    110. 

  110. their public key, and a digital signature computed using their private key. Other nodes can
    111. 

  111. then verify this signature to ensure that an attacker cannot bind the wrong
    112. 

  112. IP address to a principal in order to receive messages it was not meant to have.
    113. 

  113. 

  114. While this event ledger is useful for appending new events, and ensuring that previous events
    115. 

  115. cannot be changed, another data structure is required to ensure that queries on this data can
    116. 

  116. be performed efficiently. In particular, it's important to be able to quickly perform the
    117. 

  117. following queries:
    118. 

  118. \begin{itemize}
    119. 

  119. \item Find the set of nodes storing the fragments for a given path.
    120. 

  120. \item Find the IP address of a node or owner given a principal.
    121. 

  121. \item Find the public key associated with a principal.
    122. 

  122. \end{itemize}
    123. 

  123. These are enabled by creating a read model from the data in the event ledger. One possible
    124. 

  124. implementation of this read  model is the following SQL database.
    125. 

  125. This database contains two tables:
    126. 

  126. \begin{itemize}
    127. 

  127. \item \emph{Fragments}: one column containing path, one for the fragment ID, and another for the principal. Indexed on the path column.
    128. 

  128. \item \emph{Principals}: one column containing principal, one column for the public key, and
    129. 

  129. 	one column for the IP address, one columns for the amount blockcoin the principal has.
    130. 

  130. 	Indexed on the principal column.
    131. 

  131. \end{itemize}
    132. 

  132. This index is built from the event ledger by iterating over it, and modifying the database
    133. 

  133. appropriately for each event. For instance when a fragment stored event is encountered then
    134. 

  134. a row is added to the \emph{Fragments} table containing the path of the block, the fragment ID,
    135. 

  135. and the principal which were recorded in the event. The reader who is experienced with software
    136. 

  136. patterns will recognize that this is an event sourced architecture.
    137. 

  137. 

  138. \section{Programming Interface}
    139. 

  139. 

  140. \end{document}
    141.