Scaling Bitcoin workshop : Stanford 2017
Weak signal radio communications for bitcoin network resilience
Weak signal radio communications for bitcoin network resilience
What is weak-signal HF radio?
These are called high frequency. That's the official name for these frequencies. Short wave is for historical reasons is longer waves and much higher frequency compared to our wireless internet frequencies. The terminology is backwards. I'll talk about the ionosphere and how we're bouncing signals off of it. This is really long-range stuff. This is an old Voice of America broadcast station that broadcasted radio programs across the pacific. The range of these things are long but they are also high power like 100 kW. We are going to be really low power weak signal like 5 GW or less. We want to be good citizens of the air waes because other people are using them also.
To bring us to a motivation and theoretical level, the proofs of secure consensus rely on this thing called broadcast which is this ideal thing which is ... every full node, broadcasting, there's no intermedaries. In the real world, in bitcoin, we have this diffusion process and real world consensus implementations such as bitcoin's fall short of provable security. There are real attacks that are consequences of this attack. The eclipse attack paper describe sthis. Attackers connect to the victim and they can partition the victim, delay things, cause various problems. Internet topology routing attacks paper came out in 2017 and the attacker does not have to be directly connected to. They are using ISP gateways, the great firewall of China, and fun company routers and so on, and these tend to be correlated with national borders and political geogrpahical regions and for historical reasons some phone companies are nationalized and some of them are strongly associated wit hthe former British Empire in the colonies and so on... and they still have that monopoly on telephones and internet routing in those locations, in many cases.
Talking about broadcast and trust there's ery little in ocmmunication infrastructure that is fully trustless. Yo ucan use a clock tower with a bell ringer to tell you what time it is and a pulsar. A pulsar is a rotating neutron star that gies off powerful beams of radiation and it impinges on earth and anyone with a big radio dish is going to pick it up. It's not going to discriminate and send one signal to one person and another to the other. There's nobody that can attack a pulsar. This is actually one of the few things that we can call fully trustless. The clock tower on the other hand has a bell ringer, we can ring the bell at 2:04 or 2:10 instead of on hte hour like he's supposed to, so you're systemically trusting him. But you are not specifically trusting him because broadcasting an abstract time, and it's isotropically broadcast in all directions. He can't ring the bell from one side of the town and the other side at another town or thwateer, it's just one time event with an isotropic broadcast.
The guy at the top- the big smiling guy, has a high bit rate and he is going to broadcast, bia the, still somewhat happy person is in the way of getting less of the bit rate, and the other people are left out and in fact the broadcaster by controlling the direction of the beam he can decide who gets benefit and who dosn't. Whereas an isotropic broadcast will mean everyone in range participates but with low bit rate.
With a narrow beam, a broadcaster can send out different signals and the people on both sides might be obliious if htey don't hae another source of information.
So I bring this back to internet routing attacks and bitcoin. Increase in the diersity of-- the routing attacks paper recommends two things for full nodes. Ensure that they are multi-hop, so hae more than one connection to the internet, and hae this routing aware so that you are adding connections and you don't want the same bottleneck appearing in all your paths. So here is Alice who should not be happy because to get to the internet and the rest of the intenet and the rest of the bitcoin network she has to go through AS1 or AS2 and both of those blocing the bitcoin protocol would make her pretty unusable there and it might be worse than denial of serice, liek specific targeted attacks. Like router controller related attacks.
At the bottom, we're going to use radio to talk oer the heads of the ASes and this is usually going over geographic borders and political boundaries and traditional legal systems because of telephony monopolies.... and you get a bigger choice of AS if you can broadcast your transactions out that way. How do we do that?
Our goals are long-range braodcast, and mesh relay, and you want to allow censorship resistance nad participation in the network. You want to send short messages in particular. To do this, we are going to propose using skywave communication using the ionosphere where the sun hits the uppe ratmosphere of the earth near space with ultraviolet radiation in the f layer it ionizes particles and creates this f layer that acts like a mirror for certain radio wavelengths like the kind we want to use. It also energizes the d layer with x rays and it adds fog in front of the mirror. During the day time, the d layer is energized and you get worse propagation than you can at night. There's also lots of variability like based on sun spot cycle and various unpredictable aspects as well.
The radio community-- the two regimes we are interested in, in the radio community it's near-ertical incidence skywave, this is the 70 degree angle there, it's nearly vertical. You get a range of about 5 or 600 km. The most reliable frequency are 40-80 m. That's what we're targeting. And I'll show you a design for an antenna, and it's nearly horizontal or V shaped. And also medium range, 500 to 2500 km, which is medium range.
The loss of going through the D layer is proportional to the angle through which you go through it. If you are targeting 320 km, you are getting some decibal lost, at 90 km you are getting 28 dB loss, and 1400 km you are getting 40 dB loss. So this is going to be part of the link budget, you look at the decibels to see how much loss you get. If you look at the right-hand side, it adds that up all for you, ad it's the inverse square law and attenuation. To the left is an 80 m antennae, sthis is a voice of america propagation simulation. During the day time, this is kind of a bad case well below average scenario, with sun spots, and from south korea... and on the right hand side, it's 120 decibels is the noise floor, that's where the signal decibels equals the noise decibels, and maybe iyou go down to -128, then you need increasingly fancy signal processing and ... and.. which Elaine will talk about. And your bit rate goes down.
Voice of America propagation map
Now I will switch it over to Elaine to talk about the protocol and signal processing and so forth.
I will talk about digital mode over radio and go over some of the design decisions we made and why we made them. Some of this, since this isn't a signal processing conference I'll proide some background. Any digital data can be transmitted over radio waves. The modem noise for dial up is digital data being modulated and transformed into sound before sending it on telephone wires. A few years ago, a hacker group known as Anonymous setup a radio mesh network for encrypted chat messages and basically they took text messages and broadcasted them over high frequency radio and I don't think their mesh network lasted very long, but a more enduring example is something called PSK mail and it's a set of mail serers being run around the world and they are connected to radio receivers. Anyone can setup a mail client and broadcast email messages oer radio if you are out in the middle of nowhere. Your mail client can send a email message oer HF radio and it's receied by one of thse serers and they relay it to regular email. It's a mail server run over the radio.
Our work focuses on binary phase shift keying. Most people are probably familiar with amplitude modulation and frequency modulation because of AM/FM radio. Phase is the third thing that you can modulate, and it works well with digital data. We chose binary phase shifting because it has narrow bandwidth and you stay out of other people's way and stuff. In ideal conditions in low noise enironments we can use binary phase shift keying without any external error correction we get about 500 bits/sec and in noisier conditions we can apply convolutional coding prior to modulation and the convolutional encoding allows for forward error correction and the code we use has a rate of 50% of the bits are used for error correction and then we get an effective data rate of 250 bits/second with the same bandwidth. With BPSK500R, we also interleave the data to provide some resilience against interference because that way the error bits aren't clumped together.
We can use multi-frequency phase shift keying, but we dind't explore it in depth in this work. It's more resilient to- has better noise immunity at long distances but it's harder to tune an antenna to receive that signal.
This is a gnuradio flow graph showing a simplified version of the modulator we used for transmission. It's fairly straightforward. We take in a stream of bits, we use a simple set of binary phase shift keying we map the symbols to the constellation points and then we pass the signal through a cosine filter and then issue a signal for a pulse and we scale it by the value of the symbol and before it goes to our RF filter it passes through a ... to pad the pulses with 0s. And then the output of the modulator uses a ... train of shaped pulses that look like 1s and 0s. So if you look at the analog waveform, it looks something like this with shaped pulses representing 1s and 0s and you can multiply this with a carrier wave to generate the actual transmission sequence.
On the receiver end, the demodulator does basially the same thing except backwards. For those of you have setup a blockstream satellite receiver have seen something like this. I think the Blockstream satellite uses amplitude modulation and they are not only modulating the phase but also the amplitude to encode 2 bits per smybol. Ours is a little bit simpler, we take the received signal and pass through a poly-phase clock sync, and this matches the filter in the transmitter. And this, we basically, estimate the maximum likelihood times for which to sample a signal and then we get an output sequence of numbers and 1s and -1s and that looks like the symbols originally sent. We equalize the signal to get a constant modulus.. and we pass the symbols through a binary slicer which convers the outputs to 1s and 0s depending on whether the input was greater/less than 0. So you can look at the output of the poly phase clock sync constellation diagram where it should be clustered around -1 and 1 and it was sent into a noisychannel, and it's dsliced into a series of 1s and 0s.
So this.. we setup a simple loopback test using 70 cm antennaes for the transmitter we used a hacker RF one. And we ran the transmitter off of the 21 Inc bitcoin computer. We didn't know that the 21 computer was going to turn into a $400 paperweight but we plan to package bitcoin protocol messages over radio.
We did a loopback test and we added an additional block that injects guassian white noise and we can estimate the expected bit error rate versus the signal-noise ratio. We are measuring ED/N0 which is the energy per bit versus the noise or power density, which is the signal-noise ratio normalized to bandwidth or SNR over bit. So this shows that our binary phase shift modulation without error correction performs about as expected. The red line shows binary phase shifting but we applied convolutional before encoding for error correction. In poor conditions when we hae a high bit error rate, the error corrected results actually underperform the non-error corrected results... the error correction rates sometimes falseyl correct for non-errors. So we need to avoid operating in that region.
So that hsows how the data gets modulated and de-modulated. This alone is not super simple useful. We also hae a messaging protocol that radio stations can actually use to message between each other. It breaks the data up into frames. This is a link layer like TCP/IP on the internet. Each frame takes a payload and has a header and a redundancy check. There's a version byte, frame type, stream id, and a checksum, etc. The payloads hae a callsign destination port, stream id, and max payload size. We're assuming the receiving station recognizes standard IP services.
The payload can vary as a power of 2. For our test we went between 8 and 512 bytes. So what we did is that we took standard bitcoin protocol messages .. both the sender and receier hae a 6 bit counter. The frame count.. it's called block number, but let's call it frame counter. The sender will keep a counter to keep track of the frame number and wrap around, and so the sender will stop sending more frames if the prior 62 o more had not been acknowledged by a receiver.