Complexity of the quorum intersection property of the Federated Byzantine Agreement System

02/18/2019
by   Łukasz Lachowski, et al.
Jagiellonian University
0

A Federated Byzantine Agreement System is defined as a pair (V, Q) comprising a set of nodes V and a quorum function Q: V 2^2^V∖{∅} specifying for each node a set of subsets of nodes, called quorum slices. A subset of nodes is a quorum if and only if for each of its nodes it also contains at least one of its quorum slices. The Disjoint Quorums Problem answers the question whether a given instance of fbas contains two quorums that have no nodes in common. We show that this problem is NP-complete. We also study the problem of finding a quorum of minimal size and show it is NP-hard. Further, we consider the problem of checking whether a given subset of nodes contains a quorum for some selected node. We show this problem is P-complete and describe a method that solves it in linear time with respect to number of nodes and the total size of all quorum slices. Moreover, we analyze the complexity of some of these problems using the parametrized point of view.

READ FULL TEXT VIEW PDF

Authors

page 1

page 2

page 3

page 4

12/03/2019

Mathematical Analysis and Algorithms for Federated Byzantine Agreement Systems

We give an introduction to federated Byzantine agreement systems (FBAS) ...
04/29/2019

Is Stellar As Secure As You Think?

Stellar is one of the top ten cryptocurrencies in terms of market capita...
12/07/2020

Centrality of nodes in Federated Byzantine Agreement Systems

The federated Byzantine agreement system (FBAS) is a consensus model int...
04/09/2020

Solutions for Subset Sum Problems with Special Digraph Constraints

The subset sum problem is one of the simplest and most fundamental NP-ha...
05/22/2019

The Computational Complexity of Understanding Network Decisions

For a Boolean function Φ{0,1}^d→{0,1} and an assignment to its variables...
02/19/2020

The Sum of Its Parts: Analysis of Federated Byzantine Agreement Systems

Federated Byzantine Agreement Systems (FBASs) are a fascinating new para...
09/27/2018

Being Corrupt Requires Being Clever, But Detecting Corruption Doesn't

We consider a variation of the problem of corruption detection on networ...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

The problem of reaching consensus among remote process is at the core of many distributed algorithms like distributed file systems, database management systems and fault tolerant distributed applications. Researchers studied this problem in many different settings and network models. One of the well-known form of this problem is the Byzantine fault tolerant state machine replication problem in asynchronous networks. In this problem one assumes that some subset of nodes might be unreachable and can even arbitrary lie during a protocol’s run. One of the best known variants of Byzantine agreement is the pbft protocol [CL99], which was a major milestone in making Byzantine agreement practical. One disadvantage of this approach is the closed membership of peers taking part in achieving consensus, making it rather impractical for open membership network models like the p2p network model. A solution which tries to tackle this issue is a protocol called scp, presented in [Maz16]. Author introduces in it a model called fbas, of which the scp protocol is one possible realization, and proves its basic properties and correctness. The main goal of that work was to create a fast, reliable and secure distributed system for financial interactions. The model of fbas consists of a pair , where is a set of nodes and is a function, called quorum function, of type specifying for each node one or more subsets of nodes, called quorum slices, where a node belongs to all of its quorum slices. Further, author defines a quorum of an fbas as a nonempty subset of its nodes which contains a quorum slice for each of its members, i.e. . For purpose of proving safety and correctness properties of this model, author uses the assumption that all quorums of a given fbas are intersecting. Therefore, devising an algorithm which can verify this property is crucial. Using the definition of a quorum we can introduce notions of minimal and minimum quorums. We call a quorum minimal if none of its proper subsets is also a quorum. A minimum quorum is the smallest cardinality quorum of a given instance of fbas. Notice, that every minimum quorum is minimal, but not all minimal quorums must also be minimum. In this work we consider computational complexity of several problems concerning properties of quorums of fbas, namely the problem of checking whether all quorums intersect, problem of finding a minimal quorum and verifying if a given set of nodes contains a quorum.

We present these problems in two slightly different settings, that is one where all quorum slices are given explicitly, by some enumeration of their elements, and another where multiple quorum slices are encoded by definitions of the form “ out of ”, where can be some enumeration of nodes or further definition of this form. Naturally, we assume that every such definition is finite. We call them plainFbas and xyFbas respectively. Obviously, this two different approaches affects the way we measure the size of an instance. Using the “ out of ” type of definition we are able to encode exponential number of quorum slices relative to the amount of space used.

Definition 1.
  1. A plain- is an instance of fbas where for every node its definition of quorum slices is given by explicit enumeration of subsets of nodes of , e.g. . Size of an instance of plain- is equal to .

  2. x-y- is an instance of fbas where for every node its corresponding definition of quorum slices is given by enumeration of declarations of the form “ elements of ”, e.g.

    one element of

    Size of an instance of x-y- is is equal to . Notice that notion of size of is defined recursively, depending on whether it is an enumeration of nodes or further definition of the form “x of y”. In case is of the form , its size is equal to its cardinality. Otherwise, if it is a collection of definitions of the form “x of y”, we define its size recursively as the sum of sizes of its elements.

Problems which we study in this work are formally defined below.

dqp

Instance: An instance of plainFbas.
Goal: Determine if the given instance of plainFbas has two disjoint quorums.

mqpk

Instance: An instance of plainFbas and an nonnegative integer .
Goal: Determine if the given instance contains a quorum of size .

qsp

Instance: An instance of plainFbas together with a node and a subset of nodes .
Goal: Determine if the subset contains a quorum that includes node .

We also consider each of these problems assuming that the given instance of fbas is declared using the “ out of ” type of definition. We call these versions xyDqp, xyMqpk and xyQsp respectively.

We study complexity aspects of these problems both from classical and parameterized point of view ([FG06]). The remainder of this work is organized as follows. In Section 2 we consider the problem of searching for disjoint quorums and prove that it is . Since this problem does not depend on any numerical value we can conclude it is strong . Further, we show that it remains hard for a very restricted family of fbas instances, where each node can have at most two quorum slices and every quorum slice has at most two elements. We conclude this part providing characterization of family of fbas instances for which the dqp can be solved in polynomial time. Next, we show that problem of finding minimum quorum is and that it remains hard for same family of fbas instances as we used in previous result. Further, we focus on solving the qsp. We present a solution that runs in linear time and also prove that it is . In Section 3 we describe the parameterized complexity of some of these problems. We try to find parameterizations of dqp and present a simple randomized algorithm solving it. We also show that xyMqpk is . The problem of finding an fpt algorithm for mqpk remains open.

2 Hardness results

The first problem which we consider in this section is the complexity of verifying whether a given instance of fbas contains two disjoint quorums. We show that this problem is and try to limit the type of configurations for which it remains hard. We also provide a characterization of family of fbas configurations that seems to be consistent with the intuition of how new nodes should be declared when they are attached to some already existing instance of fbas. Moreover, the way we define this family of configurations ensures that all of its quorums are intersecting. Membership for that class of configurations can be verified in polynomial time. Next, we analyze the problem of finding a quorum of minimal cardinality and prove that it is . Lastly, we provide an efficient algorithm for the qsp and show that it is .

Theorem 1.

The dqp is .

Proof.

dqp is in , since we can verify in polynomial time if a certificate consisting of two subsets of nodes defines two separate quorums. For proving it is we present a reduction from the ssp, which is one of Garey&Johnson’s classical problems [GJ79]. The input of the ssp consist of a family of subsets of a finite set . A solution to this problem should answer if and only if it is possible to partition the set into two subsets , , such that all elements of are split by this partition. Given an instance of this problem, our reduction builds in polynomial time an instance of dqp, such that the answer for the ssp is if and only if the corresponding answer to dqp is also . Our reduction constructs an instance of dqp as follows. First, we create a new node of fbas for every element of the given set . For each we denote such node by . For every subset we create multiple instances of fbas nodes, one for each element of the set . We denote these nodes by . Every node defines exactly one quorum slice, which consists of nodes indexed by the same corresponding element , i.e. . Every node , which corresponds to a subset , defines a separate quorum slice for each element of this subset. Such slice points at the corresponding node for the element in fbas, i.e. . Now we prove that this is a valid polynomial time reduction. Obviously, our reduction is computable in polynomial time with respect to the size of the ssp instance. Let’s assume we can partition the set into two subsets and and that each element of the set is split by these sets. We argue that we can find two separate quorums using this partition. Each quorum consists of all corresponding nodes of fbas, i.e. if , then , for equal or . As every such element requires a quorum slice consisting of all nodes that are denoted by , we also need to include them in our quorums. Set of these nodes is disjoint for every node . Each of these nodes corresponds to one of the elements of and we know we can split each of these sets by and . Hence, we can find at least one element which will be part of the same quorum as the corresponding node and fulfill requirements of one of the quorum slices for every node . We see that we get this way two separate quorums. Now assume we can find two separate quorums in our reduced instance. Since we have two types of nodes, denoted by and respectively, and each of the nodes denoted by requires at least one node that corresponds to some element contained in the set , we can conclude that every quorum must consist of some node that is denoted by . We can ignore all nodes that corresponds to some subset and are denoted by for building our splitting sets, cause they do not correspond to elements of the set . We select one of the quorums and choose one of the elements from it. We put the associated element into the splitting set . The way we constructed its quorum slice requires to pick at least one quorum slice for each of its corresponding nodes . For every subset each of these nodes requires at least one of the elements associated with the subset . We select one such node for each of the nodes and put its associated element from the set into . This can be translated as choosing at least one element for each member of the set , which proves that we can properly split our set . As we assumed that we have two separate quorums, we can be sure that one of the nodes corresponding to elements of the subset belongs to that other quorum. This is due the fact that the other quorum consist of some element , among others, that requires a node , which also requires one of the nodes corresponding to elements of the subset . Following these construction, we can select at least one element from each element of set and at the same time be sure there is at least one element which we did not select from each of these subsets. From this, we see that if we put all remaining elements into the set , we receive a correct splitting of the set . ∎

As an immediate consequence of this theorem we obtain the following result.

Corollary 1.

xyDqp is .

We can derive a stronger result restricting the class of configurations for which this problem remains .

Corollary 2.

dqp remains for fbas configurations in which each node has at most two quorum slices and each quorum slice contains at most two nodes.

Proof.

First, we show that every node declared in the proof of Theorem 1 that has more than two quorum slices can be remapped onto polynomial number of new nodes, each having at most two quorum slices. Consider a node that has exectly three distinct quorum slices, i.e. equals . We can redefine its set of quorum slices onto , where is a new node such that . Similarly, if for some node one of its quorum slices has exactly three nodes, that is for some quorum slice it is equal to , then we can redefine such onto , where is a new node for which is equal to . We observe that for such remapped instance the answer of dqp is if and only if the answer for the initial instance of dqp is . The size of this new instance is no bigger than twice the size of the original instance. ∎

We can also easily derive some result regarding the problem of finding quorums that intersect with some specified number of nodes.

Corollary 3.

The problem of finding two quorums that share at most nodes is .

Now, we try to find some useful properties of minimal quorums which we can exploit in order to find disjoint quorums. For an instance of fbas , let denote a representation of by a directed graph. We build such representation by creating a vertex for every node of and by setting a directed edge between vertices and if and only if the corresponding node for vertex is contained within one of the quorum slices of node mapped from the vertex . We can observer that every minimal quorum is a strongly connected component of such graph representation.

Proposition 1.

Every minimal quorum of an fbas is a strongly connected component of its graph representation , that is for a minimal quorum its corresponding induced subgraph is a strongly connected component.

Proof.

It easy to notice that for two nodes , such that is not reachable from in , a set of all nodes reachable from in contains a quorum . ∎

For an instance of fbas , by we denote the relation defined between strongly connected components of that corresponds with the reachability relation of such components. Using Proposition 1 we can derive the following result.

Corollary 4.

If for a given instance of fbas all of its quorums are pairwise intersecting, then its corresponding relation has the greatest element (some strongly connected component of ) that contains all minimal quorums.

Our next goal is to introduce some method for enumerating all quorums. A simple way to achieve this goal would be a procedure that enumerates all subsets of a given set of nodes and verifies if such subset is a quorum. Unfortunately, this method requires time proportional to regardless of number of quorums of a given instance of fbas, which makes it impractical for even small values of . Instead, we can devise a method that while it is enumerating such candidates simply filters out subsets that does not contain a quorum.

Input: An instance of fbas .
      Output: YES if there exists two disjoint quorums of , or NO if all quorums of intersect.

1:
2:
3:
4:for all  do
5:     if  contains a quorum then
6:         return YES
7:     end if
8:end for
9:for all  do
10:     if  contains a quorum then
11:         return YES
12:     end if
13:end for
14:return NO
Algorithm 1 Disjoint Quorums
Proposition 2.

Quorums of an fbas can be enumerated with polynomial-time delay.

Proof.

We use classical branching strategy. For a given instance of fbas let be an arbitrary ordering of nodes . We start with two sets and . The set contains nodes which we are going to consider and the set represents nodes we require to be part of some quorum. Then, we consider vertices in order and we branch into two subcases: a node is removed from the set or is removed from the set and put into the set

. The moment we discover that the set

is a quorum we output it and continue our strategy. We terminate a branch if we discover the set is not contained within any quorum contained in the set . We can verify it by using a simple iterative fix-point strategy that filters out nodes that do not have any quorum slice within a given set of nodes, i.e. we search for a fix-point of the function given by . Since every quorum is a fixed-point of and is a monotonic function defined on a complete lattice, we see, using the Kleene Fixed-Point Theorem, that if we start our iteration using the set we obtain a fixed-point of that is the maximal quorum contained within this set. Using this method we only consider branches that produce some unique quorum and each quorum is returned within polynomial waiting time, proportional to the depth of the branching tree times the time required for computations at each node of the branching tree. ∎

Using this enumeration procedure together with Corollary 4, we can define a simple algorithm solving dqp. Our method is displayed as Algorithm 1. Based on this algorithm we can also think of some guideline for defining node’s quorum slices that ensures the quorum intersection property and that is also easy to verify. To this point, one way to achieve this goal is to configure each node using the following rules:

  • there should be exactly one strongly connected component of that is the greatest element of the relation

  • declaration of node’s quorum slices should be of the form: more than half of the nodes from its strongly connected component in and any node from some other strongly connected component of

It is easy to see that if an instance of fbas is defined using these rules then all of its quorums are intersecting and that verifying such properties can be achieved in polynomial time.

Now we consider the problem of finding some smallest cardinality quorum. We show that this problem is and that it remains hard for the class of configurations where each node has at most two quorum slices and each quorum slice contains at most two nodes.

Theorem 2.

The Minimal Quorum Problem is .

Proof.

The proof uses reduction from the Vertex Cover Problem, shown to be by Karp in [Kar72]. For a given graph we construct an instance of fbas as follows. We create a new node of fbas for every vertex and edge of the graph. For each node that was mapped from some edge of the given graph, we create two quorum slices, each pointing at a node corresponding to one of the endpoints of that edge. For every node corresponding to some of the graph’s vertices, we create a single quorum slice containing all of the nodes mapped from the graph’s edges. It is easy to prove that a given instance of the Vertex Cover Problem has a solution of size if and only if the corresponding instance of fbas has a quorum of size . ∎

We can use similar technique as we used in Corollary 2 to prove slightly stronger result.

Corollary 5.

mqp remains for configurations in which each node has at most two quorum slices and each quorum slice contains at most two nodes.

Corollary 6.

xyMqp is .

To conclude this section, we show that the qsp is and devise an algorithm that solves it in linear time.

Theorem 3.

The qsp is . Moreover, it can be solved in linear time with respect to the total size of all quorum slices.

Proof.

We present a log space reduction from the mcvp, which was proved by Goldschlager in [Gol77]. The input of the mcvp is composed of a set of logical gates where each is an gate , an gate ( and are smaller than ) or a constant value or . Using these definitions we wish to compute the value of the gate . Our reduction outputs a new element of the set in the definition of fbas for every declared gate. Next, we define the set and all quorum slices for all created nodes. Our reduction transforms each gate by including its corresponding element of fbas in the definition of the set and outputting a single quorum slice for it of the form . Similarly, we map each gate into a new element of the set and two of its quorum slices of the form and . For all gates defined as we create an element of the set together with a quorum slice containing just the corresponding node . For all gates we create a single quorum slice containing the corresponding element of fbas as the only element and do not modify the set . Obviously, this a log space reduction. We now prove that a solution for the qsp answers for a given instance if and only if the mapped node of the gate has a quorum in our reduced instance of qsp. We will prove it by induction on the size of the circuit. We obtain the base case of the induction immediately, since for each constant gate with value we put all elements of its only quorum slice into the set for a corresponding node of fbas. In case of a constant we see that its only quorum slice is not included in the set and so this instance has no quorum. Now assume we have a list of gates . In case the output gate is of type, namely , we see it is evaluated to if and only if both and are also evaluated to . Using the inductive hypothesis, we see that this is the case if and only if their corresponding nodes have quorums in our reduced instance. In case of an gate our reduction adds a new node and a single quorum slice containing corresponding nodes for and . Since we also add a node corresponding to gate to the set , we see that we can find a quorum for it. Similarly, if the gate is an gate, namely , then the circuit is evaluated to if and only if at least one of the gates or is evaluated to . Without loss of generality, we can assume this is gate . Using the inductive hypothesis we can deduce that is evaluated to if and only if the corresponding node of fbas has a quorum. Following the reduction for the gate, we deduce that gate is evaluated to if and only if its corresponding node has a quorum in the set .

Now, we argue that qsp can be solved in linear time. The main idea of behind our method is to exploit more carefully the fix-point strategy described in the proof of Theorem 1. At each step of this algorithm we need to remove all nodes not containing a quorum slice in currently processed subset of nodes. We observer that it can be realized efficiently by simple bookkeeping and by storing at every node a list of references to all quorum slices containing it. Then, after we remove a node from currently considered subset, we can follow this links to build a list of all nodes that needs to be removed in next iteration of the fix-point strategy. Since the overall number of links between nodes and quorum slices containing them equals the total size of all quorum slices and every such link is visited at most once, we conclude that this method requires time linear in the size of a given instance. ∎

Using similar technique we can devise an algorithm solving xyQsp in linear time.

Corollary 7.

xyQsp is and can be solved in linear time.

3 Parameterized complexity results

The Parametrized Complexity Theory was proposed by Downey and Fellows in [FG06]. It was presented as a promising alternative to deal with problems. The general form of problems considered by this theory is as follows: given an object and a nonnegative integer , does have some property that depends only on ? For problems studied by the parametrized complexity theory, is fixed as the parameter and assumed to be small in comparison with size of . For many problems, finding a deterministic parametrized algorithm whose running time is exponential with respect to , but polynomial with respect to size of , might be very desirable, as it provides an efficient method of deterministically solving such problems when the parameter is reasonably small.

Definition 2.

A problem is fpt, if for any instance and parameter it can be decided whether is a yes-instance of in running time , where is an arbitrary computable function on nonnegative integers. The corresponding complexity class is called fpt.

We also use the notion of fpt-reducability between problems, which is defined as follows.

Definition 3.

Let and be two parametrized problems over alphabets and , respectively. We define an fpt-reduction from to as a mapping , that given an instance of outputs an instance of such that:

  1. is a yes-instance of if and only if is a yes-instance of ,

  2. for some computable function ,

  3. is computable by an fpt algorithm with respect to .

Additionally to the fpt class, parametrized problems are organized in a hierarchy, called -hierarchy (, that groups them according to their parametrized intractability level. It is conjectured that each of the containments is proper ([FG06]). It is also known that if then this hierarchy collapses ([FG06]). For each element from these hierarchy we also define a notion of -hardness and completeness as follows: a problem is under fpt-reductions if every problem in is fpt-reducible to ; a problem is under fpt-reductions if and is .

Our next goal is to find some parameterizations and fpt algorithms for dqp and mqp problems. In Section 2 we provided a solution for qsp, that is verifying if a given set of nodes contains a quorum. Presented algorithm runs in polynomial time, regardless of whether quorum slices are encoded using explicit enumeration of their elements or by using the “x of y” type of definitions. We can use this solution to find a minimal quorum of a given subset of nodes, by simply trying to greedily remove nodes from it and checking whether such reduced subset still contains a quorum. We output a subset when we realize that there is no quorum after removal of any of its nodes. As a result of this procedure we obtain some minimal quorum. If we are lucky, it can be also of minimal size, but this procedure does not guarantee it. As we showed in Section 2, problem of finding a quorum of minimum size is more complicated.

A possible certificate for dqp can simply consist of some enumeration of two disjoint subsets, each being a quorum. We can parameterize this problem by the size of such certificate, that is we define the problem dqpk as of finding two disjoint quorums for which their combined size is equal to

. Now, we present an easy probabilistic algorithm based on the technique of random seperation that solves this problem with constant probability and with time complexity of order

. Our algorithm consists of two subroutines: first that randomly colors each node by one of two colors, lets say red and green, and second that verifies if each subset induced by each color contains some quorum.

Proposition 3.

Let be an instance of fbas for which size of the set equals , and let and be two disjoint subsets of nodes of combined size equal to . Let be a coloring of nodes, chosen uniformly at random (i.e. each element of is colored with one of two colors uniformly and independently at random). Then the probability that elements of are all colored red and elements of are all colored green is at least .

Proof.

There are different colorings of sets and , and exactly one of them colors all nodes of by red and of by green. ∎

Hence, by our color coding procedure we are able to distinguish two disjoint quorums with probability at least . Repeating this procedure times gives a constant probability of success. Combined with the linear-time solution for the qsp we obtain a method that solves the dqpk with constant probability in time proportional to . Further, we can derandomize this algorithm using the method of constructing -universal sets, see [NSS95] for details.

Next, we show that the xyMqpk is . To this end, we show an fpt-reduction of the cliquek problem, that is a problem of finding a clique of size at least in a given graph.

Theorem 4.

cliquek is fpt-reducable to xyMqpk.

Proof.

Given an instance of cliquek, we construct an instance of xyMqpk as follows. We create a node of fbas for every vertex of . We also create some additional node of fbas denoted by . If the degree of a vertex is smaller than , we create a single quorum slice for its associated node in fbas requiring only node . Otherwise, if a vertex has or more neighbors, we create a single quorum slice for its associated node of fbas of the form . Lastly, we create a quorum slice for the node that is of the form . It is clear that using this reduction, graph has a clique of size if and only if the corresponding instance of fbas has a quorum of size . Hence, cliquek is fpt-reducable to xyMqpk. ∎

Corollary 8.

xyMqpk is .

By Corollary 2, mqp remains for the class of fbas configurations, where each node has at most two distinct quorum slices and every quorum slice has at most two members. Let mqpkr stands for the parametrized version of mqpk where every node of fbas has at most quorum slices with the same number of nodes. Our next goal is to show that this problem is in fpt for parameters and .

Theorem 5.

mqpkr can be solved in time proportional to , hence it is in fpt.

Proof.

We show that mqpkr can be solved in fpt time using the bounded search technique. Given an instance of fbas , we invoke the following search method for every node . During the execution of the algorithm we keep a set of nodes that contains all nodes selected in particular branch. At every step of the algorithm we pick a node from the set that has no quorum slice in set and recursively branch by choosing one of its quorum slices no bigger than and including it in the set . We stop the algorithm whenever the set contains more than elements or we realize it is a quorum. Clearly, no branch is longer than and there is at most quorum slices to consider at each node. Therefore, our algorithm requires time bounded by to process all nodes. ∎

4 Conclusions

In this work we have proved that the dqp is . It remains for simple class of configurations where each node has at most two quorum slices and each quorum slice has at most two elements. We also have showed that the problem of finding a minimal quorum is for same class of configurations. Additionally, we have proved that the qsp is and can be solved efficiently. We have also studied these problems in the context of the theory of fixed parameter tractability. To this end, we have proved that the xyMqpk is and that it is in fpt assuming that each node declares no more than

quorum slices of each size. The question of classifying the parametrized problem of mqpk and also of finding quorums that intersect with at most

nodes remains open.

References

  • [CL99] Miguel Castro and Barbara Liskov. Practical byzantine fault tolerance. In Proceedings of the Third Symposium on Operating Systems Design and Implementation, OSDI ’99, pages 173–186, Berkeley, CA, USA, 1999. USENIX Association.
  • [FG06] Jörg Flum and Martin Grohe. Parameterized complexity theory. Springer Science & Business Media, 2006.
  • [GJ79] Michael R Garey and David S Johnson. Computers and intractability: A Guide to the Theory of -Completeness. 1979.
  • [Gol77] Leslie M. Goldschlager. The monotone and planar circuit value problems are log space complete for p. SIGACT News, 9(2):25–29, July 1977.
  • [Kar72] Richard M. Karp. Reducibility among Combinatorial Problems, pages 85–103. Springer US, Boston, MA, 1972.
  • [Maz16] David Mazieres. The stellar consensus protocol: a federated model for internet-level consensus. https://www.stellar.org/papers/stellar-consensus-protocol.pdf, 2016.
  • [NSS95] M. Naor, L. J. Schulman, and A. Srinivasan. Splitters and near-optimal derandomization. In Proceedings of the 36th Annual Symposium on Foundations of Computer Science, FOCS ’95, pages 182–, Washington, DC, USA, 1995. IEEE Computer Society.