Swirld

 

Leemon Baird

J. Horacsek

June 5th, 2018

Hash-graph Consensus

Consensus

Acheive consensus on the order of events over a network.

Consider a network of the following members

A

B

C

D

Alice

Bob

Carl

Dr Dre

We want an immutable history of their interactions (which we call events) and a consistent agreement on the ordering of those events.

Communication

Members communicate through a gossip protocol

A

B

C

D

These nodes represent the member's last (known)  event

This involves "telling" another node about all the events we know. This communication is called synchronization.

D'

Say Carl tells Dre everything it knows. Dre records this by creating a new event.

Communication

This event contains the hash of Carol's last event, and a hash of Dre's last event. This new event D' is signed by Dre.

A

B

C

D

D'

It can also optionally contain transactions. Events don't record history, members learn of history through gossip.

These dependencies create a directed acyclic graph. A hashgraph.

Communication

Members cannot:

  • Lie about the origin of an event; all events are signed by their creator
  • Retract a message from the network

A

B

C

D

D'

Example

Bob's View

A

B

C

D

Example

A

B

C

D

Alice's View

Bob's View

A

B

C

D

Bob Sends Sync

Example

A

B

C

D

Alice's View

Alice verifies that the events she receives are valid 

She collects whatever transactions she likes, and the hashes of previous transactions and signs it.  

She then randomly syncs with another node, telling them about the new event.

Everyone eventually learns of it via gossip.

Consistency

A

B

C

D

Alice's View

But he can lie about his present actions --- only has control over who he syncs to and his transactions.

Bob always has to send valid events, he can't lie about the past.

Could send no syncs, but then looses the ability to create transactions.

Example

A

B

C

D

Alice's View

A

B

C

D

Carl's View

Bob creates a fork

Example

A

B

C

D

Alice's View

A

B

C

D

Carl's View

But we will eventually find forks.

Hashgraph

A

B

C

D

The past is immutable, but how do we decide order?

You could try timestamps, but you cannot solely trust timestamps.

Have an election, (maybe somehow exclude forks from this election)

Straightforward elections don't work. Waste of bandwidth, potential to mislead members by lying.

Hashgraph

A

B

C

D

Use virtual voting.

Each member calculates the vote of other members.

Provided members are honest, they're always fairly represented and the correct events will get "elected".

The moment a fork is detected, the offending events will be "dealt with".

Hashgraph

A

B

C

D

To facilitate this, we divide the process into rounds. And define specific events as being witnesses.

The division of incoming events into rounds allows us to (eventually) cement the ordering of events in a given round

Witnesses are events that "touch enough events to sorta be trust worthy".

Hashgraph

A

B

C

D

Before we can talk about this, we need to define what it means for an event to see and strongly see another.

An event \(x\) can see one of its ancestors \(y\) if there is an entirely downward path from \(x\) to \(y\)

\(x\)

\(y\)

Hashgraph

A

B

C

D

Before we can talk about this, we need to define what it means for an event to see and strongly see another.

An event \(x\) can strongly see one of its ancestors \(y\) if there are possibly many entirely downward paths from \(x\) to \(y\) that cross through \(\frac{2}{3}n\) different members

\(x\)

\(y\)

Hashgraph Citizenship

A

B

C

D

An event is a witness if it is the first event created by a node (in which case it has round \(r=0\)), or if it can strongly see more than \(\frac{2}{3}n\) witnesses that share its parent's round \(r\). In the second case it belongs to round \(r+1\).

Round 0 witnesses

A

B

C

D

An event is a witness if it is the first event created by a node (in which case it has round \(r=0\)), or if it can strongly see more than \(\frac{2}{3}n\) witnesses that share its parent round \(r\). In the second case it belongs to round \(r+1\).

Round 0 witnesses

\(r=1\)

Hashgraph Citizenship

Hashgraph Citizenship

A famous witness is a witness that is seen by the super-majority of the witnesses in the next round

The witnesses for round \(r+1\) 'vote' on which witnesses for round \(r\) should be famous. They vote 'yes' for a witness in round \(r\) if they can simply see that witness. 

The witnesses for round \(r+2\) collect the votes from the previous round and tally them.

If any witness in round \(r+2\)  can strongly see a super majority of 'yes' votes in round \(r+1\), then it concludes that the original witness is a famous witness. 

Hashgraph Citizenship

If these each witness in round \(r+2\) cannot decide whether a node should be famous or not, they vote in accordance to majority of votes they strongly see.

The owness is then on round \(r+3\) to tally votes, and so on.

If it can't be decided after a certain amount of rounds, then a coin is flipped based on the signature of the event. I.e. a coin round

This is a bit technical, so let's walk through an example

As it turns out, this can be done without sending any votes

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

Let's see if \(B_1\) should be famous

Yes

Yes

Yes

Yes

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

\(B_3\) can tally the votes

Yes

Yes

Yes

Yes

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

What about \(C_1\)?

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

What about \(C_1\)?

No

No

Yes

No

\(A_1\)

\(A_2\)

\(B_1\)

\(B_2\)

\(B_3\)

\(C_2\)

\(C_1\)

\(D_1\)

\(D_2\)

\(D_3\)

\(C_1\) not famous.

Hashgraph Citizenship

Note that a node must tally a super-majority, so a 51% Yes, 49% No split doesn't lead to a decision

This is why it may take multiple rounds.

All of this technicality is to ensure that famous witnesses are "seen by enough" events in the future to be considered "trustworthy".

(There is also a technicality here that if a member has two famous witnesses in a round due to forking, one will eventually wither away by Lemma 5.12, one fork will eventually become unseeable by famous witnesses, and will never be included in the consensus order)

Event Ordering

We still haven't ordered events. We've decided on witnesses, and as members synchronise with each other consensus will be reached on witness fame via virtual voting.

 

Now we use the famous witnesses to determine the order of events.

Event Ordering

Events that are seen by all famous witnesses of round \(r\) (where \(r\) is the minimum round where this happens) are said to have a round received of \(r\)

When an event \(x\) has a round received, we look at each famous witness, and find the time stamp of the earliest event that is an ancestor of the famous witness and a descendent of \(x\). The median of these is the consensus timestamp.

Event Ordering

\(A_1\)

\(B_1\)

\(C_1\)

\(D_1\)

\(D_2\)

\(C_2\)

\(B_2\)

\(A_2\)

Round 1

Round 2

Which are seen by all

famous witnesses?

Event Ordering

\(A_1\)

\(B_1\)

\(C_1\)

\(D_1\)

\(D_2\)

\(C_2\)

\(B_2\)

\(A_2\)

Round 1

Round 2

Event Ordering

\(A_1\)

\(B_1\)

\(C_1\)

\(D_1\)

\(D_2\)

\(C_2\)

\(B_2\)

\(A_2\)

Round 1

Round 2

Event Ordering

\(A_1\)

\(B_1\)

\(C_1\)

\(D_1\)

\(D_2\)

\(C_2\)

\(B_2\)

\(A_2\)

Round 1

Round 2

Median Timestamp

Event Ordering

Events are ordered by

  • Round received
  • Consensus timestamp
  • Pseudo random combination of witness' signatures

Event Ordering

An event created by an honest user will eventually be assigned a consensus order (provided secure communication channels) 

A choice will eventually be made for forks, and events on the competing branch will never be given a consensus date, because they will never be seen by a famous node when all members' hash graphs become consistent enough.

Questions?

References:

  • THE SWIRLDS HASHGRAPH CONSENSUS ALGORITHM: FAIR, FAST, BYZANTINE FAULT TOLERANCE, Leemon Baird [link]
  •  HASHGRAPH CONSENSUS: DETAILED EXAMPLES, Leemon Baird [link]

Swirld

By Joshua Horacsek

Swirld

Hashgraph

  • 954