A Correctness Proof for a Practical Byzantine-Fault-Tolerant Replication Algorithm

We have developed a practical algorithm for state-machine replication [7, 11] that tolerates Byzantine faults. The algorithm is described in [4]. It offers a strong safety property — it implements a linearizable [5] object such that all operations invoked on the object execute atomically despite Byzantine failures and concurrency. Unlike previous algorithms [11, 10, 6], ours works correctly in asynchronous systems like the Internet, and it incorporates important optimizations that enable it to outperform previous systems by more than an order of magnitude [4].

[1]  Michael K. Reiter,et al.  The Rampart Toolkit for Building High-Integrity Services , 1994, Dagstuhl Seminar on Distributed Systems.

[2]  Miguel Oom Temudo de Castro,et al.  Practical Byzantine fault tolerance , 1999, OSDI '99.

[3]  Maurice Herlihy,et al.  Axioms for concurrent objects , 1987, POPL '87.

[4]  Mihir Bellare,et al.  The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin , 1996, EUROCRYPT.

[5]  Sam Toueg,et al.  Asynchronous consensus and broadcast protocols , 1985, JACM.

[6]  Leslie Lamport,et al.  Time, clocks, and the ordering of events in a distributed system , 1978, CACM.

[7]  Fred B. Schneider,et al.  Implementing fault-tolerant services using the state machine approach: a tutorial , 1990, CSUR.

[8]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[9]  Louise E. Moser,et al.  The SecureRing protocols for securing group communication , 1998, Proceedings of the Thirty-First Hawaii International Conference on System Sciences.