BFT Protocol Forensics

Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for 2t+1 replicas communicating over a synchronous network forensic support is inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).

[1]  Kartik Nayak,et al.  Brief Announcement: Byzantine Agreement, Broadcast and State Machine Replication with Optimal Good-Case Latency , 2020, DISC.

[2]  Andreas Haeberlen,et al.  The Fault Detection Problem , 2009, OPODIS.

[3]  Vincent Gramoli,et al.  Formal Verification of Blockchain Byzantine Fault Tolerance , 2019 .

[4]  Elaine Shi,et al.  Streamlet: Textbook Streamlined Blockchains , 2020, IACR Cryptol. ePrint Arch..

[5]  Nancy A. Lynch,et al.  Consensus in the presence of partial synchrony , 1988, JACM.

[6]  Ittai Abraham,et al.  Asymptotically Optimal Validated Asynchronous Byzantine Agreement , 2019, PODC.

[7]  David Tse,et al.  Ebb-and-Flow Protocols: A Resolution of the Availability-Finality Dilemma , 2020, IACR Cryptol. ePrint Arch..

[8]  Vincent Gramoli,et al.  Polygraph: Accountable Byzantine Agreement , 2021, 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).

[9]  Alistair Stewart,et al.  GRANDPA: a Byzantine Finality Gadget , 2020, ArXiv.

[10]  Silvio Micali,et al.  Verifiable random functions , 1999, 40th Annual Symposium on Foundations of Computer Science (Cat. No.99CB37039).

[11]  Adam Gagol,et al.  Highway: Efficient Consensus with Flexible Finality , 2021, ArXiv.

[12]  Silvio Micali,et al.  Algorand: Scaling Byzantine Agreements for Cryptocurrencies , 2017, IACR Cryptol. ePrint Arch..

[13]  David Mazières,et al.  Beyond One-Third Faulty Replicas in Byzantine Fault Tolerant Systems , 2007, NSDI.

[14]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[15]  Streamlet , 2020, Proceedings of the 2nd ACM Conference on Advances in Financial Technologies.

[16]  Vincent Gramoli,et al.  Blockchain Is Dead, Long Live Blockchain! Accountable State Machine Replication for Longlasting Blockchain , 2020, ArXiv.

[17]  S. Micali Byzantine Agreement , Made Trivial , 2017 .

[18]  Benny Pinkas,et al.  SBFT: A Scalable and Decentralized Trust Infrastructure , 2018, 2019 49th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN).

[19]  Kartik Nayak,et al.  Sync HotStuff: Simple and Practical Synchronous State Machine Replication , 2020, 2020 IEEE Symposium on Security and Privacy (SP).

[20]  Andreas Haeberlen,et al.  PeerReview: practical accountability for distributed systems , 2007, SOSP.

[21]  Dan Boneh,et al.  Compact Multi-Signatures for Smaller Blockchains , 2018, IACR Cryptol. ePrint Arch..

[22]  Ittai Abraham,et al.  HotStuff: BFT Consensus with Linearity and Responsiveness , 2019, PODC.

[23]  Vitalik Buterin,et al.  Casper the Friendly Finality Gadget , 2017, ArXiv.

[24]  Kartik Nayak,et al.  Optimal Good-case Latency for Byzantine Broadcast and State Machine Replication , 2020, ArXiv.

[25]  Dahlia Malkhi,et al.  Twins: White-Glove Approach for BFT Testing , 2020, ArXiv.

[26]  Miguel Castro,et al.  Practical byzantine fault tolerance and proactive recovery , 2002, TOCS.

[27]  Vincent Gramoli,et al.  Certifying Blockchain Byzantine Fault Tolerance , 2019, ArXiv.

[28]  Victor Shoup,et al.  Random Oracles in Constantinople: Practical Asynchronous Byzantine Agreement Using Cryptography , 2000, Journal of Cryptology.

[29]  Kartik Nayak,et al.  Flexible Byzantine Fault Tolerance , 2019, CCS.

[30]  Kartik Nayak,et al.  Strengthened Fault Tolerance in Byzantine Fault Tolerant Replication , 2021, 2021 IEEE 41st International Conference on Distributed Computing Systems (ICDCS).

[31]  Jing Chen,et al.  Algorand: A secure and efficient distributed ledger , 2019, Theor. Comput. Sci..

[32]  Vincent Gramoli,et al.  ComChain: A blockchain with Byzantine fault‐tolerant reconfiguration , 2020, Concurr. Comput. Pract. Exp..

[33]  Silvio Micali,et al.  ALGORAND AGREEMENT: Super Fast and Partition Resilient Byzantine Agreement , 2018, IACR Cryptol. ePrint Arch..

[34]  HariGovind V. Ramasamy,et al.  Parsimonious Asynchronous Byzantine-Fault-Tolerant Atomic Broadcast , 2005, OPODIS.

[35]  Vincent Gramoli,et al.  Platypus: a Partially Synchronous Offchain Protocol for Blockchains , 2019, ArXiv.