BFT Protocol Forensics

Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults $t$ under different network settings. However, if the number of faults $f$ exceeds $t$ then security could be violated. Motivated by blockchain applications, we systematically study the forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible, by as many participating replicas as possible and in as distributed manner as possible. Our main (positive) result is that well-known BFT protocols such as PBFT, HotStuff, and VABA have strong forensic support; we show that when $f$ exceeds $t$, at least $t+1$ of culpable replicas can be identified by at least $2t+1-f$ honest replicas. On the other hand, when $t$ is as much as half the number of replicas (e.g. in a synchronous network), then all but one of the malicious replicas must go undetected; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).

[1]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[2]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[3]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[4]  Vincent Gramoli,et al.  Polygraph: Accountable Byzantine Agreement , 2021, 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).

[5]  Ittai Abraham,et al.  Asymptotically Optimal Validated Asynchronous Byzantine Agreement , 2019, PODC.

[6]  Kartik Nayak,et al.  Brief Announcement: Byzantine Agreement, Broadcast and State Machine Replication with Optimal Good-Case Latency , 2020, DISC.

[7]  Kartik Nayak,et al.  Optimal Good-case Latency for Byzantine Broadcast and State Machine Replication , 2020, ArXiv.

[8]  Vincent Gramoli,et al.  Platypus: a Partially Synchronous Offchain Protocol for Blockchains , 2019, ArXiv.

[9]  Alistair Stewart,et al.  GRANDPA: a Byzantine Finality Gadget , 2020, ArXiv.

[10]  Benny Pinkas,et al.  SBFT: A Scalable and Decentralized Trust Infrastructure , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[11]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[12]  Elaine Shi,et al.  Streamlet: Textbook Streamlined Blockchains , 2020, IACR Cryptol. ePrint Arch..

[13]  Vincent Gramoli,et al.  Certifying Blockchain Byzantine Fault Tolerance , 2019, ArXiv.

[14]  Vincent Gramoli,et al.  ZLB: A Blockchain to Tolerate Colluding Majorities , 2020, 2007.10541.

[15]  Vincent Gramoli,et al.  Formal Verification of Blockchain Byzantine Fault Tolerance , 2019 .

[16]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[17]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[18]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[19]  David Tse,et al.  Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma , 2020, IACR Cryptol. ePrint Arch..

[20]  Kartik Nayak,et al.  Sync HotStuff: Simple and Practical Synchronous State Machine Replication , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[21]  Vincent Gramoli,et al.  ComChain: A blockchain with Byzantine fault‐tolerant reconfiguration , 2020, Concurr. Comput. Pract. Exp..

[22]  Kartik Nayak,et al.  Flexible Byzantine Fault Tolerance , 2019, CCS.