Non-determinism in Byzantine Fault-Tolerant Replication

Service replication distributes an application over many processes for tolerating faults, attacks, and misbehavior among a subset of the processes. The established state-machine replication paradigm inherently requires the application to be deterministic. This paper distinguishes three models for dealing with non-determinism in replicated services, where some processes are subject to faults and arbitrary behavior (so-called Byzantine faults): first, a modular approach that does not require any changes to the potentially non-deterministic application (and neither access to its internal data); second, a master-slave approach, in which ties are broken by a leader and the other processes validate the choices of the leader; and finally, a treatment of applications that use cryptography and secret keys. Cryptographic operations and secrets must be treated specially because they require strong randomness to satisfy their goals. The paper also introduces two new protocols. The first uses the modular approach for filtering out non-de\-ter\-min\-istic operations in an application. It ensures that all correct processes produce the same outputs and that their internal states do not diverge. The second protocol implements cryptographically secure randomness generation with a verifiable random function and is appropriate for certain security models. All protocols are described in a generic way and do not assume a particular implementation of the underlying consensus primitive.

[1]  Christian Cachin,et al.  Secure distributed DNS , 2004, International Conference on Dependable Systems and Networks, 2004.

[2]  Sam Toueg,et al.  Unreliable failure detectors for reliable distributed systems , 1996, JACM.

[3]  Andrew J. Blumberg,et al.  Verifying computations without reexecuting them , 2015, Commun. ACM.

[4]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, Journal of Cryptology.

[5]  André Schiper,et al.  Replication: Theory and Practice , 2010, Replication.

[6]  Fred B. Schneider,et al.  Hypervisor-based fault tolerance , 1996, TOCS.

[7]  Marko Vukolic,et al.  The Quest for Scalable Blockchain Fabric: Proof-of-Work vs. BFT Replication , 2015, iNetSeC.

[8]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[9]  Fred B. Schneider,et al.  The primary-backup approach , 1993 .

[10]  Dong Zhou,et al.  Rex: replication at the speed of multi-core , 2014, EuroSys '14.

[11]  Christian Cachin,et al.  Distributing trust on the Internet , 2001, 2001 International Conference on Dependable Systems and Networks.

[12]  Elaine Shi,et al.  The Honey Badger of BFT Protocols , 2016, CCS.

[13]  Tibor Jager,et al.  Verifiable Random Functions from Weaker Assumptions , 2015, TCC.

[14]  Rachid Guerraoui,et al.  Introduction to Reliable and Secure Distributed Programming , 2011 .

[15]  Christian Cachin,et al.  Secure INtrusion-Tolerant Replication on the Internet , 2002, Proceedings International Conference on Dependable Systems and Networks.

[16]  Yvo Desmedt,et al.  Threshold cryptography , 1994, Eur. Trans. Telecommun..

[17]  Barbara Liskov,et al.  From Viewstamped Replication to Byzantine Fault Tolerance , 2010, Replication.

[18]  Hugo Krawczyk,et al.  Secure Distributed Key Generation for Discrete-Log Based Cryptosystems , 1999, Journal of Cryptology.

[19]  Michael K. Reiter,et al.  How to securely replicate services , 1992, TOPL.

[20]  Leslie Lamport,et al.  Reaching Agreement in the Presence of Faults , 1980, JACM.

[21]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[22]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[23]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[24]  Sangmin Lee,et al.  Upright cluster services , 2009, SOSP '09.

[25]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[26]  B SchneiderFred Implementing fault-tolerant services using the state machine approach: a tutorial , 1990 .

[27]  Anna Lysyanskaya,et al.  Unique Signatures and Verifiable Random Functions from the DH-DDH Separation , 2002, CRYPTO.

[28]  Rachid Guerraoui,et al.  Muteness Failure Detectors: Specification and Implementation , 1999, EDCC.

[29]  Sam Toueg,et al.  Fault-tolerant broadcasts and related problems , 1993 .

[30]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[31]  Miguel Castro,et al.  Using abstraction to improve fault tolerance , 2001, Proceedings Eighth Workshop on Hot Topics in Operating Systems.

[32]  Miguel Castro,et al.  BASE: using abstraction to improve fault tolerance , 2001, SOSP.

[33]  Robbert van Renesse,et al.  COCA: a secure distributed online certification authority , 2002, Foundations of Intrusion Tolerant Systems, 2003 [Organically Assured and Survivable Information Systems].

[34]  Jeremy Clark,et al.  SoK: Research Perspectives and Challenges for Bitcoin and Cryptocurrencies , 2015, 2015 IEEE Symposium on Security and Privacy.

[35]  Victor Shoup,et al.  Practical Threshold Signatures , 2000, EUROCRYPT.

[36]  Victor Shoup,et al.  Secure and efficient asynchronous broadcast protocols : (Extended abstract) , 2001, CRYPTO 2001.

[37]  Yang Wang,et al.  All about Eve: Execute-Verify Replication for Multi-Core Servers , 2012, OSDI.

[38]  Tobias Distler,et al.  Storyboard: Optimistic Deterministic Multithreading , 2010, HotDep.

[39]  LiskovBarbara,et al.  Practical byzantine fault tolerance and proactive recovery , 2002 .

[40]  Ramakrishna Kotla,et al.  High throughput Byzantine fault tolerance , 2004, International Conference on Dependable Systems and Networks, 2004.

[41]  Rosario Gennaro,et al.  Securing Threshold Cryptosystems against Chosen Ciphertext Attack , 1998, EUROCRYPT.

[42]  Nancy A. Lynch,et al.  Impossibility of distributed consensus with one faulty process , 1983, PODS '83.