Every chain is only as strong as its weakest link
A blockchain is a vast distributed database in which transactions are recorded in a kind of logbook. Many researchers and tech enthusiasts hope that it offers the potential to make financial transactions, elections, and other sensitive data transfer processes more forgery-proof than before because the data in a blockchain cannot be changed retroactively. A trusted authority such as a bank or credit company can be foregone in a blockchain. This is replaced by the users in the network, who use a consensus protocol to agree on who has how much money.
"This so-called consensus problem is at the heart of every cryptocurrency," explains Julian Loss. But what is so problematic about it? "Some parties might lie about their view of past transactions, leading the other parties to disagree about the financial state of the system." A reliable system must work even if parts of the network fail or individual participants send false or delayed messages.
Leslie Lamport, an American computer scientist, once vividly described the consensus problem using a thought experiment called the "Byzantine Generals." Imagine the following dilemma: Several Byzantine generals have surrounded a city and must agree on a battle plan. To successfully attack the city, they must all strike simultaneously. If some generals order a retreat and the others attack, the entire enterprise fails. The difficulty: cell phones do not yet exist, and the generals communicate via messengers. There is a risk that messages will be lost or delayed en route. In addition, not all generals can be trusted. There are traitors among them who try to manipulate others and do not report the same thing to everyone. "The questions that arise in the battle scenario as well as in the world of blockchain systems are: How can a decision still be made collectively, even with such error-prone communication? And how many corrupted generals can be tolerated?" explains Julian Loss.
"The answers to these questions turn out differently, depending on the level of synchronicity of the network," Loss says. In synchronous environments, messages are transmitted within a known period of time, and the parties have synchronized clocks. In asynchronous environments, on the other hand, messages can be delayed for a very long time. Consensus protocols or algorithms govern how the agreement process works in the networks.
"However, because an overall asynchronous network may look synchronous from the perspective of some parties, choosing the right consensus algorithm is often difficult," Loss says, explaining further, "There are consensus algorithms for both environments, but they have different advantages and disadvantages." Synchronous consensus algorithms are slow but robust, according to Loss: They tolerate comparatively many parties getting it wrong. But they run slowly to ensure that parties with poor network availability can participate in the consensus process. Synchronous consensus algorithms also only work as long as the network behaves as expected. "Asynchronous consensus algorithms have none of these limitations. They run as fast as the network allows, and they don't have to be synchronous either. These advantages come at a high price, however: asynchronous consensus algorithms tolerate a much smaller fraction of fallible parties than their synchronous counterparts, so they're easier to manipulate."
And this is where Loss' research comes in: "I'm focusing on making the consensus mechanisms more robust and scalable while improving their performance," explains the 31-year-old. The consensus protocol he developed, Tardigrade, which Loss presented at ASIACRYPT (International Conference on the Theory and Application of Cryptology and Information Security) in 2021, aims to produce the best compromise between security and performance for both environments at present.
The consensus problem is just one of Julian Loss's research topics. "Once you've agreed on who owns how many crypto coins, they also need to be protected from theft," Loss says. To transfer money from one user to another, the owner of the money signs the transaction with a secret key. These keys are an attractive target for attackers. A widely used approach to protect against attacks is so-called wallets, in which the secret keys are stored. In his papers "A Formal Treatment of Deterministic Wallets" and "The Exact Security of BIP32 Wallets", which he presented at the renowned IT security conference CCS, Loss researched the security of such methods used in practice and showed how their security can be improved.
Julian Loss is a computer scientist and applied mathematician who conducted postdoctoral research at the University of Maryland and Carnegie Mellon University before joining CISPA. Previously, he studied at ETH Zurich and earned his doctorate at Ruhr University Bochum. "I feel very comfortable at CISPA and have already started working on research projects here with many nice people. What makes the environment very special for me is that you can easily start collaborations with people from all kinds of fields."
translated by Oliver Schedler