The Synchronization Power (Consensus Number) of Access-Control Objects: The Case of AllowList and DenyList

TL;DR

This paper analyzes the synchronization capabilities of AllowList and DenyList objects within Herlihy's consensus hierarchy, revealing their differing requirements for process consensus and applying these insights to privacy-preserving systems.

Contribution

It characterizes the consensus power of AllowList and DenyList objects and demonstrates their distinct synchronization properties and applications in privacy-preserving protocols.

Findings

AllowList does not require synchronization between processes.

DenyList requires processes to reach consensus on a set.

Applications include anonymous voting and money transfer protocols.

Abstract

This article studies the synchronization power of AllowList and DenyList objects under the lens provided by Herlihy's consensus hierarchy. It specifies AllowList and DenyList as distributed objects and shows that while they can both be seen as specializations of a more general object type, they inherently have different synchronization properties. While the AllowList object does not require synchronization between participating processes, a DenyList object requires processes to reach consensus on a specific set of processes. These results are then applied to the analysis of anonymity-preserving systems that use AllowList and DenyList objects. First, a blind-signature-based e-voting is presented. Then DenyList and AllowList objects are used to determine the consensus number of a specific decentralized key management system. Finally, an anonymous money transfer protocol using the association of AllowList and DenyList objects is studied.