Comment on page

On-demand blame and recovery

Efficient blame, server elimination, and network healing. Trellis is designed so that honest servers can efficiently detect failures and deviations from the protocol, assign blame, and eliminate responsible parties from the network. Our blame protocols handle malicious servers and users without ever deanonymizing honest users. Trellis gracefully handles network changes (e.g., offline or eliminated servers) using proactive secret sharing, which permits on-the-fly state recovery following server churn.
It could be the case that a server goes offline or acts maliciously, both during path establishment and the broadcasting stages. To deal with such failures (intentional and otherwise) we develop on-demand blame and recovery protocols that automatically reassign affected paths. Importantly, failure resolution is handled locally on the link between two layers and does not involve the users.
On-demand blame and recovery protocols are invoked by servers to automatically reassign affected paths and eliminate malicious servers from the network.
Blame and recovery is invoked whenever an error is detected (e.g., wrong signature, dropped envelopes). 1 A server detects an error in the received batch of envelopes in layer (i+2) and proceeds to blame the server in layer (i+1) that sent the batch. 2 Servers evaluate evidence from both parties to decide which of the two is malicious. 3 Servers vote for the honest party by providing their secret share of the eliminated server’s state. The state is used by the replacement server to take the place of the eliminated server.
Incentivized servers in the network are directly subject to blame and elimination in the case of malicious behavior and will face slashing. The network enables enhanced security as slashing guarantees a high and measurable cost-of-corruption.