|Ruomu Hou||National University of Singapore, Singapore|
|Irvan Jahja||National University of Singapore, Singapore|
|Loi Luu||National University of Singapore, Singapore|
|Prateek Saxena||National University of Singapore, Singapore|
|Haifeng Yu||National University of Singapore, Singapore|
In a sybil attack, an adversary creates a large number of fake identities/nodes and have them join the system. Computational puzzles have long been investigated as a possible sybil defense: If a node fails to solve the puzzle in a timely fashion, it will no longer be accepted by other nodes. However, it is still possible for a malicious node to behave in such a way that it is accepted by some honest nodes but not other honest nodes. This results in different honest nodes having different views on which set of nodes should form the system. Such view divergence, unfortunately, breaks the overarching assumption required by many existing security protocols. Partly spurred by the growing popularity of Bitcoin, researchers have recently formalized the above view divergence problem and proposed interesting solutions (which we call view reconciliation protocols). For example, in CRYPTO 2015, Andrychowicz and Dziembowski proposed a view reconciliation protocol with Θ(N) time complexity, with N being the number of honest nodes in the system. All existing view reconciliation protocols so far have a similar Θ(N) time complexity. As this paper's main contribution, we propose a novel view reconciliation protocol with a time complexity of only Θ(ln N ln ln N). To achieve such an exponential improvement, we aggressively exploit ran-domization.