1

Assume in a distributed network, where the nodes are not trusted and are identified by their public keys, we intend to select one of them in a random process. In such a situation, all of the nodes have the same chances to be elected.

Since the system is not centralized and there is no trusted server performing the election process, how to select one of the nodes truly randomly (where each of the nodes is able to manipulate the client code such that they would be elected in all the rounds)?

Complementary explanation: I mean that as there is no trusted and centralized server to perform the randomness process, thus it is performed locally in each node by a client code, such that each node can be able to manipulate the client code to be always elected. Assume there are 10 nodes, each of which has a client code to perform a decentralized randomness process. What happens if one of them manipulate the code to be elected in all the rounds? And how to prevent such malicious behavior?

Questioner
  • 1,277
  • 2
  • 10
  • 14
  • Easy answer: don't trust the untrustworthy... – schroeder Sep 17 '20 at 14:32
  • Can you please clarify further? Are you concerned that a random process won't elect a clear winner? Are you wondering how to prove and agree on a winner? "Such that they would be elected in all rounds" - are you describing a node having their code changed to something non-standard? There are many parameters possible here with different implications. – Kind Contributor Sep 18 '20 at 11:00
  • @Todd , I mean that as there is no trusted and centralized server to perform the randomness process, thus it is performed locally in each node by a client code, such that each node can be able to manipulate the client code to be always elected. Assume there are 10 nodes, each of which has a client code to perform a decentralized randomness process. What happens if one of them manipulate the code to be elected in all the rounds? And how to prevent such malicious behavior? – Questioner Sep 18 '20 at 11:08
  • Cross-posted: https://security.stackexchange.com/q/238437/971, https://cs.stackexchange.com/q/152140/755. Please [do not post the same question on multiple sites](https://meta.stackexchange.com/q/64068). – D.W. Aug 04 '22 at 02:56
  • https://en.wikipedia.org/wiki/Secure_multi-party_computation, https://en.wikipedia.org/wiki/Coin_flipping#Telecommunications, https://crypto.stackexchange.com/q/767/351, https://crypto.stackexchange.com/q/15136/351, https://crypto.stackexchange.com/q/3705/351, https://crypto.stackexchange.com/q/86870/351, https://en.wikipedia.org/wiki/Leader_election – D.W. Aug 04 '22 at 02:57

2 Answers2

1

If you have anonymous nodes, then you have the problem of spawning fake nodes under your control. That is, you have worse problems than a node voting for itself.

So some kind of reputation is needed for each node. I am a fan of "bartering exchanges", where transactions happen within a local group. Trust grows from that small group succeeding to add value equally for each other. That group can form a group identity for performing larger transactions with larger groups, but initially starting small between those groups.

It's important that fair trade is used as the basis for gaining trust. Therefore if a relationship is asymmetric, then it won't last

I don't know what your network is doing so I can't help more without knowing what "value" is exchanged. But I want to assure readers that this value need not mean "money". In the digital world, computing resources may be exchanged, disk storage may be rented, and human laboured services can be rendered anonymously. With a "bartering" model you don't track a currency, but rather trust and equality.

When it comes to vote that occurs within a trusted group, then that groups outcome is signed by group members and shared onward to other peer groups, and so on. Barter trade value is the reputation that either validates the vote or multiplies the weighting of the group vote.

Kind Contributor
  • 461
  • 2
  • 7
0

That's one (and one of the few) use cases that a blockchain will easily solve.

You first generate one block of information (it can be anything, but it must have a strong hash of the information on it), and you hard-code this hash on the client code. Every new client joins the network and synchronizes itself with all the other nodes, downloading every single block and validating the hash of each one.

After one block (or more), all the clients have the same image of the blockchain, and you can start the election. You can make all clients put themselves to vote by submitting one token to the blockchain and the clients have to sign that token with their own public key, and submit the results to a block.

Now you have a special block with an array [userID -> hashed challenge], those are in the blockchain and cannot be changed. Your client code now just need a reproducible but not easily deduced way to turn that array into a new elected leader.

One crypto currency that I looked into the code would take that hash and calculate the distance between the hashes of the clients and the hash of the block. Since nobody can deduce the hash of the block before the block is generated, you can be sure that the nodes cannot influence the network to be elected. And no client code can be changed to make itself the leader because the other clients will calculate the leader and it won't be the cheating node.

ThoriumBR
  • 50,648
  • 13
  • 127
  • 142
  • 1/2. The scenario that you explained seems to be similar to the [Merkle tree](https://en.wikipedia.org/wiki/Merkle_tree) and it can be implemented without use of the blockchain structure. Isn't it? Or am I wrong? – Questioner Jun 08 '22 at 15:22
  • 2/2. Another point that I can add is that if in general a PoW with enough difficulty level is not used in a blockchain-based system, the whole of blockchain can be replaced by a new one (from the first block till the last one) through one or a group of nodes, as we assume that the nodes are not trusted. I mean the thing making Bitcoin blockchain secure against altering is a sufficiently difficult PoW used in a blockchain structure and blockchain alone cannot be secure against altering by (untrusted) nodes. – Questioner Jun 08 '22 at 15:22
  • You can use a centralized block generation instead of a distributed one, but all nodes share the same ledger. And a Merkle Tree is one of the possible way to do blockchain data encoding. So you are the trusted entity, and you decide what can be stored on the blockchain, limiting the power of untrusted nodes and making impossible to nodes to replace the blockchain. – ThoriumBR Jun 08 '22 at 16:50
  • 1/3. From my point of view Bitcoin uses blockchain structure because at the same time it uses a sufficiently difficult PoW. And there is a logical reason for that: the nodes are not trusted. That is, if the nodes are trusted/verified you no longer need chaining data/transactions (Blockchain), as the administrator of the network will be able to easily prevent the nodes from modifying data/sending transactions, the administrator will be also able to remove malicious nodes easily. – Questioner Jun 08 '22 at 17:49
  • 2/3. Hence, in a network when the nodes are trusted, or where we don't use PoW, using blockchain is no longer meaningful, as it is not blockchain causing impossibility of data altering, but it is difficult PoW making it so difficult to alter the Bitcoin blockchain, because in that specific case (such as Bitcoin network) altering data will be too much costly (for the hardware, for the consumed electricity and for the spent time). – Questioner Jun 08 '22 at 17:49
  • 3/3. But Merkle tree use case is completely different with the blockchain, as Merkle tree is only used to securely data verification on a large scale log due to better time complexity compared to a non-tree structure. Consequently, to be honest, I believe that blockchain can do nothing with random selection of untrusted nodes. – Questioner Jun 08 '22 at 17:49
  • 1
    Good points... and yet another problem not solved by the blockchain. – ThoriumBR Jun 08 '22 at 18:03