Manu Drijvers,Tim Gretler,Yotam Harchol,Tobias Klenze,Ognjen Maric,Stefan Neamtu,Yvonne-Anne Pignolet,Rostislav Rumenov,Daniel Sharifi,Victor Shoup

2024-10-31

Abstract:Byzantine fault tolerant (BFT) protocol descriptions often assume application-layer networking primitives, such as best-effort and reliable broadcast, which are impossible to implement in practice in a Byzantine environment as they require either unbounded buffering of messages or giving up liveness, under certain circumstances. However, many of these protocols do not (or can be modified to not) need such strong networking primitives. In this paper, we define a new, slightly weaker networking primitive that we call abortable broadcast. We describe an implementation of this new primitive and show that it (1) still provides strong delivery guarantees, even in the case of network congestion, link or peer failure, and backpressure, (2) preserves bandwidth, and (3) enforces all data structures to be bounded even in the presence of malicious peers. The latter prevents out-of-memory DoS attacks by malicious peers, an issue often overlooked in the literature. The new primitive and its implementation are not just theoretical. We use them to implement the BFT protocols in the IC (Internet Computer), a publicly available blockchain network that enables replicated execution of general-purpose computation, serving hundreds of thousands of applications and their users.

Networking and Internet Architecture,Distributed, Parallel, and Cluster Computing

Liu Duan-yang,Pan Xue-zeng,Ping Ling-di

DOI: https://doi.org/10.1631/jzus.2003.0555

2003-01-01

Abstract:Distributed certification via threshold cryptography is much more secure than other ways to protect certification authority (CA)'s private key, and can tolerate some intrusions. As the original system such as ITTC, etc., is unsafe, inefficient and impracitcal in actual network environment, this paper brings up a new distributed certification scheme, which although it generates key shares concentratively, it updates key shares distributedly, and so, avoids single-point failure like ITTC. It not only enhances robustness with Feldman verification and SSL protocol, but can also change the threshold (t, k) flexibly and robustly, and so, is much more practical. In this work, the authors implement the prototype system of the new scheme and test and analyze its performance.

Leila NamvariTazehkand,Saied Pashazadeh,Ali Ebnenasir

2024-01-30

Abstract:This paper presents an algorithm, called BCM-Broadcast, for the implementation of causal broadcast in distributed mobile systems in the presence of Byzantine failures. The BCM-Broadcast algorithm simultaneously focuses on three critical challenges in distributed systems: Byzantine failures, Causality, and Mobility. We first present a hierarchical architecture for BCM-Broadcast. Then, we define twelve properties for BCM-Broadcast, including validity, integrity, termination, and causality. We then show that BCM-Broadcast satisfies all these properties. We also prove the safety of BCM-Broadcast; i.e., no healthy process delivers a message from any Byzantine process, assuming that the number of Byzantine processes is less than a third of the total number of mobile nodes. Subsequently, we show that the message complexity of BCM-Broadcast is linear. Finally, using the Poisson process, we analyze the probability of the violation of the safety condition under different mobility scenarios.

Distributed, Parallel, and Cluster Computing

Lewis Tseng,Nitin Vaidya,Vartika Bhandari

DOI: https://doi.org/10.48550/arXiv.1209.4620

2013-10-24

Abstract:We explore the correctness of the Certified Propagation Algorithm (CPA) [6, 1, 8, 5] in solving broadcast with locally bounded Byzantine faults. CPA allows the nodes to use only local information regarding the network topology. We provide a tight necessary and sufficient condition on the network topology for the correctness of CPA. To the best of our knowledge, this work is the first to solve the open problem in [8]. We also present some simple extensions of this result

Distributed, Parallel, and Cluster Computing

Jian Liu,Wenting Li,Ghassan O. Karame,N. Asokan

DOI: https://doi.org/10.1109/tc.2018.2860009

IF: 3.183

2019-01-01

IEEE Transactions on Computers

Abstract:The surging interest in blockchain technology has revitalized the search for effective Byzantine consensus schemes. In particular, the blockchain community has been looking for ways to effectively integrate traditional Byzantine fault-tolerant (BFT) protocols into a blockchain consensus layer allowing various financial institutions to securely agree on the order of transactions. However, existing BFT protocols can only scale to tens of nodes due to their $O(n^2)$ message complexity. In this paper, we propose FastBFT, a fast and scalable BFT protocol. At the heart of FastBFT is a novel message aggregation technique that combines hardware-based trusted execution environments (TEEs) with lightweight secret sharing. Combining this technique with several other optimizations (i.e., optimistic execution, tree topology and failure detection), FastBFT achieves low latency and high throughput even for large scale networks. Via systematic analysis and experiments, we demonstrate that FastBFT has better scalability and performance than previous BFT protocols.

Tian Qin,Jian Liu,Peng Gao

2020-01-01

Abstract:In this work, we propose Leaderless Byzantine Fault Tolerance (LBFT), a novel consensus algorithm that combines Snowball algorithm and Practical Byzantine Fault Tolerance (pBFT) algorithm, two existing consensus algorithms. Achieving consensus in decentralized systems has been dicult as they lack certain properties that many algorithms assume. Our approach looks to take advantage of the decentralized aspect of Snowball and the deterministic property of pBFT so that the weaknesses of Snowball’s probabilistic property and pBFT’s reliance on "leader" are eliminated. The algorithm we propose is applicable to decentralized systems such as blockchain systems even though Snowball and pBFT both make stronger assumptions than decentralized systems allow. By simulating real-world environments and comparing with pBFT performances, we show that LBFT is feasible in the context of real-world decentralized systems and has sucient performances that are close to those of pBFT.

Anshuman Misra,Ajay D. Kshemkalyani

DOI: https://doi.org/10.1109/tpds.2024.3368280

IF: 5.3

2024-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Byzantine fault-tolerant causal ordering of messages is useful to many applications. Causal ordering requires a property that we term strong safety, and liveness. In this paper, we use execution histories to prove that it is impossible to solve causal ordering – strong safety and liveness – in a deterministic manner for unicasts, multicasts, and broadcasts in an asynchronous system with one or more Byzantine processes. We also define a weaker version of strong safety termed weak safety. We prove that it is impossible to solve causal ordering – weak safety and liveness – in a deterministic manner for unicasts and multicasts, in an asynchronous system with one or more Byzantine processes. In view of these impossibility results, we propose the Sender-Inhibition algorithm and the Channel Sync algorithm to provide causal ordering – weak safety and liveness – of unicasts under the Byzantine failure model in synchronous systems, which have a known upper bound on message latency. The algorithms operate under the synchronous system model, but are inherently asynchronous and offer a high degree of concurrency as lock-step communication is not assumed. The two algorithms provide different trade-offs. We also indicate how the algorithms can be extended to multicasts.

computer science, theory & methods,engineering, electrical & electronic

Sisi Duan,Lucas Nicely,Haibin Zhang

DOI: https://doi.org/10.1109/nca.2016.7778614

2016-01-01

Abstract:Modern large-scale networks require the ability to withstand arbitrary failures (i.e., Byzantine failures). Byzantine reliable broadcast algorithms can be used to reliably disseminate information in the presence of Byzantine failures.We design a novel Byzantine reliable broadcast protocol for loosely connected and synchronous networks. While previous such protocols all assume correct senders, our protocol is the first to handle Byzantine senders. To achieve this goal, we have developed new techniques for fault detection and fault tolerance. Our protocol is efficient, and under normal circumstances, no expensive public-key cryptographic operations are used. We implement and evaluate our protocol, demonstrating that our protocol has high throughput and is superior to the existing protocols in uncivil executions.

Nicolas Alhaddad,Sisi Duan,Mayank Varia,Haibin Zhang

2022-01-01

Abstract:This paper improves upon two fundamental and closely related primitives in fault-tolerant distributed computing—Byzantine reliable broadcast (BRB) and asynchronous verifiable information dispersal (AVID). We make improvements asymptotically (for our AVID construction), concretely (much lower hidden constants), and practically (having 3 steps, using hash functions only, and avoiding using online error correction on the bulk data). The state of the art BRB protocol of Das, Xiang, and Ren (DXR BRB, CCS 2021) uses hash functions only and achieves a communication overhead of O(nL+kn), where n, L, and k are the number of replicas, the message length, and the security parameter, respectively. More precisely, DXR BRB incurs a concrete communication of 7nL + 2kn, with a large constant 7 for the bulk data term (i.e., the nL term). Das, Xiang, and Ren asked an open question if it is possible ”from a practical point of view to make the hidden constants small.” Two other limitations of DXR BRB that authors emphasized are that ”higher computation costs due to encoding and decoding of the message” due to applying error correcting codes on bulk data and the fact that ”in the presence of malicious nodes, each honest node may have to try decoding f times” due to the use of an online error correcting algorithm. Meanwhile, the state of the art AVID protocols achieve O(L+kn) communication assuming trusted setup. Apparently, there is a mismatch between BRB and AVID protocols: another natural open problem is whether it is possible to build a setup-free AVID protocol with O(L + kn) communication. In this work, we answer all these open questions in the affirmative. We first provide a hash-based BRB protocol that improves concretely on DXR BRB, having low constants and avoiding using online error correction on bulk data. Our key insight is to encode the consistency proof, not just the message. Our technique allows disseminating the message and proof together. Then we provide the first setup-free AVID protocol achieving O(L+ kn) communication. Both our BRB and AVID protocols are practical because they have 3 steps, a multiplicative factor of 3 for the bulk data term, use hash functions only, and they avoid applying online error correction on bulk data.

Dahlia Malkhi,Kartik Nayak,Ling Ren

DOI: https://doi.org/10.48550/arXiv.1904.10067

2019-05-31

Abstract:This paper introduces Flexible BFT, a new approach for BFT consensus solution design revolving around two pillars, stronger resilience and diversity. The first pillar, stronger resilience, involves a new fault model called alive-but-corrupt faults. Alive-but-corrupt replicas may arbitrarily deviate from the protocol in an attempt to break safety of the protocol. However, if they cannot break safety, they will not try to prevent liveness of the protocol. Combining alive-but-corrupt faults into the model, Flexible BFT is resilient to higher corruption levels than possible in a pure Byzantine fault model. The second pillar, diversity, designs consensus solutions whose protocol transcript is used to draw different commit decisions under diverse beliefs. With this separation, the same Flexible BFT solution supports synchronous and asynchronous beliefs, as well as varying resilience threshold combinations of Byzantine and alive-but-corrupt faults. At a technical level, Flexible BFT achieves the above results using two new ideas. First, it introduces a synchronous BFT protocol in which only the commit step requires to know the network delay bound and thus replicas execute the protocol without any synchrony assumption. Second, it introduces a notion called Flexible Byzantine Quorums by dissecting the roles of different quorums in existing consensus protocols.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Jeffrey Considine,Leonid A. Levin,David Metcalf

DOI: https://doi.org/10.48550/arXiv.cs/0012024

2003-12-26

Abstract:Byzantine Agreement introduced in [Pease, Shostak, Lamport, 80] is a widely used building block of reliable distributed protocols. It simulates broadcast despite the presence of faulty parties within the network, traditionally using only private unicast links. Under such conditions, Byzantine Agreement requires more than 2/3 of the parties to be compliant. [Fitzi, Maurer, 00], constructed a Byzantine Agreement protocol for any compliant majority based on an additional primitive allowing transmission to any two parties simultaneously. They proposed a problem of generalizing these results to wider channels and fewer compliant parties. We prove that 2f < kh condition is necessary and sufficient for implementing broadcast with h compliant and f faulty parties using k-cast channels.

Distributed, Parallel, and Cluster Computing

Xiao Sui,Sisi Duan,Haibin Zhang

DOI: https://doi.org/10.1109/tifs.2023.3318943

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:We provide an expressive framework that allows analyzing and generating provably secure, state-of-the-art Byzantine fault-tolerant (BFT) protocols over graph of nodes, a notion formalized in the HotStuff protocol. Our framework is hierarchical, including three layers. The top layer is used to model the message pattern and abstract core functions on which BFT algorithms can be built. The intermediate layer provides the core functions with high-level properties sufficient to prove the security of the top-layer algorithms. The bottom layer presents operational realizations for the core functions. Using our framework, designing a BFT protocol is reduced to instantiating two core functions together with their specific properties. Unlike prior BFT frameworks, our framework can analyze and recast BFT protocols in an exceedingly fine-grained manner. More importantly, our framework can readily generate new BFT protocols. In this paper, we show that the framework allows us to fully specify and formally prove the security for a family of BFT protocols, including known protocols such as HotStuff, Fast-HotStuff, and SBFT. Additionally, we show that our framework can generate four new protocols outperforming existing ones, including 1) two protocols with $5f+1$ replicas achieving optimal message complexity; 2) the first BFT protocol achieving optimal message complexity with $4f+1$ replicas; and 3) a two-phase protocol with $3f+1$ replicas achieving linear authenticator complexity in the fast path.

Yongge Wang

DOI: https://doi.org/10.1145/3538227

2022-09-09

Abstract:The problem of Byzantine Fault Tolerance (BFT) has received a lot of attention in the last 30 years. Due to the popularity of Proof of Stake (PoS) blockchains in recent years, several BFT protocols have been deployed in the large scale of Internet environment. We analyze several popular BFT protocols such as Capser FFG/CBC-FBC for Ethereum 2.0 and GRANDPA for Polkadot. Our analysis shows that the security models for these BFT protocols are slightly different from the models commonly accepted in the academic literature. For example, we show that, if the adversary has a full control of the message delivery order in the underlying network, then none of the BFT protocols for Ethereum blockchain 2.0 and Polkadot blockchain could achieve liveness even in a synchronized network. Though it is not clear whether a practical adversary could

Sisi Duan,Haibin Zhang,Boxin Zhao

2022-01-01

Abstract:This paper refutes the conventional wisdom that information-theoretic BFT is impractical. We design and implement WaterBear, the first practical information-theoretic asynchronous Byzantine fault-tolerant (BFT) protocol. We also present a more efficient, quantum-secure asynchronous BFT protocol, WaterBear-QS, which, compared to WaterBear, additionally uses a collision-resistant hash function. We show that WaterBear and WaterBear-QS are efficient under both failure-free and failure scenarios, achieving comparable performance to the state-of-the-art asynchronous BFT protocols. In particular, our failure case evaluation is thus far the most comprehensive evaluation for asynchronous BFT settings.

Yi Luo,Hao-Kun Mao,Qiong Li

DOI: https://doi.org/10.48550/arXiv.2204.09832

2022-04-21

Abstract:Quantum key distribution (QKD) networks is expected to provide information-theoretical secured (ITS) communication over long distances. QKD networks based trusted relay architecture are now the most widely used scheme in practice. However, it is an unrealistic assumption that all relays are fully trustable in complex networks. In the past, only a few studies have theoretically analyzed the case of passive eavesdropping attack by dishonest relays and corresponding defense method. However, we have found that active attacks by dishonest relays can be more threatening. With the consideration of passive and active attacks, we treat dishonest relays as Byzantine nodes and analyzes the upper limit of Byzantine nodes that the QKD network can accommodate. In this paper, we propose an ITS Byzantine-fault tolerance (BFT) QKD network scheme to achieve end-to-end key distribution based on point-to-point QKD links. To ensure consistency and provide BFT ability in the QKD network, we design an ITSBFT-consensus protocol for this network scheme. To ensure the information-theoretic security of consensus, we design a temporary signature scheme based on point-to-point QKD link keys. To prevent Byzantine nodes from disrupting the execution process of key distribution, we design an end-to-end key distribution scheme combined with consensus. We theoretically analyze proposed ITSBFT-QKD network scheme from four aspects: QKD key distribution security, temporary signature security, consensus security, and leader election fairness. The simulation result proved the feasibility and demonstrate the performance.

Quantum Physics,Networking and Internet Architecture

Shaolin Yu,Jihong Zhu,Jiali Yang,Yue Ma

DOI: https://doi.org/10.48550/arXiv.2203.03314

2022-03-07

Abstract:The authenticated broadcast is simulated in the bounded-degree networks to provide efficient broadcast primitives for building efficient higher-layer Byzantine protocols. A general abstraction of the relay-based broadcast system is introduced, in which the properties of the relay-based broadcast primitives are generalized. With this, fault-tolerant propagation is proposed as a building block of the broadcast primitives. Meanwhile, complementary systems are proposed in complementing fault-tolerant propagation and localized communication. Analysis shows that efficient fault-tolerant propagation can be built with sufficient initiation areas. Meanwhile, by integrating fault-tolerant propagation and localized communication, efficient broadcast primitives can be built in bounded-degree networks.

Distributed, Parallel, and Cluster Computing

Manuel Bravo,Gregory Chockler,Alexey Gotsman,Alejandro Naser-Pastoriza,Christian Roldán

2024-08-16

Abstract:Atomic broadcast is a reliable communication abstraction ensuring that all processes deliver the same set of messages in a common global order. It is a fundamental building block for implementing fault-tolerant services using either active (aka state-machine) or passive (aka primary-backup) replication. We consider the problem of implementing reconfigurable atomic broadcast, which further allows users to dynamically alter the set of participating processes, e.g., in response to failures or changes in the load. We give a complete safety and liveness specification of this communication abstraction and propose a new protocol implementing it, called Vertical Atomic Broadcast, which uses an auxiliary service to facilitate reconfiguration. In contrast to prior proposals, our protocol significantly reduces system downtime when reconfiguring from a functional configuration by allowing it to continue processing messages while agreement on the next configuration is in progress. Furthermore, we show that this advantage can be maintained even when our protocol is modified to support a stronger variant of atomic broadcast required for passive replication.

Distributed, Parallel, and Cluster Computing

Diogo Avelãs,Hasan Heydari,Eduardo Alchieri,Tobias Distler,Alysson Bessani

2024-06-12

Abstract:Consensus is a fundamental building block for constructing reliable and fault-tolerant distributed services. Many Byzantine fault-tolerant consensus protocols designed for partially synchronous systems adopt a pessimistic approach when dealing with adversaries, ensuring safety in a deterministic way even under the worst-case scenarios that adversaries can create. Following this approach typically results in either an increase in the message complexity (e.g., PBFT) or an increase in the number of communication steps (e.g., HotStuff). In practice, however, adversaries are not as powerful as the ones assumed by these protocols. Furthermore, it might suffice to ensure safety and liveness properties with high probability. In order to accommodate more realistic and optimistic adversaries and improve the scalability of the BFT consensus, we propose ProBFT (Probabilistic Byzantine Fault Tolerance). ProBFT is a leader-based probabilistic consensus protocol with a message complexity of $O(n\sqrt{n})$ and an optimal number of communication steps that tolerates Byzantine faults in permissioned partially synchronous systems. It is built on top of well-known primitives, such as probabilistic Byzantine quorums and verifiable random functions. ProBFT guarantees safety and liveness with high probabilities even with faulty leaders, as long as a supermajority of replicas is correct, and using only a fraction of messages employed in PBFT (e.g., $20\%$). We provide a detailed description of ProBFT's protocol and its analysis.

Distributed, Parallel, and Cluster Computing

Yin Yang

DOI: https://doi.org/10.48550/arXiv.1807.01829

2018-07-05

Abstract:This paper presents LinBFT, a novel Byzantine fault tolerance (BFT) protocol for blockchain systems that achieves amortized O(n) communication volume per block under reasonable conditions (where n is the number of participants), while satisfying determinist guarantees on safety and liveness. This significantly improves previous results, which either incurs quadratic communication complexity, or only satisfies safety in a probabilistic sense. LinBFT is based on the popular PBFT protocol, and cuts down its $O(n^4)$ complexity with three tricks, each by $O(n)$: linear view change, threshold signatures, and verifiable random functions. All three are known, i.e., the solutions are right in front of our eyes, and yet LinBFT is the first $O(n)$ solution with deterministic security guarantees. Further, LinBFT also addresses issues that are specific to permission-less, public blockchain systems, such as anonymous participants without a public-key infrastructure, proof-of-stake with slashing, rotating leader, and a dynamic participant set. In addition, LinBFT contains no proof-of-work module, reaches consensus for every block, and tolerates changing honesty of the participants for different blocks.

Cryptography and Security

Silvia Bonomi,Giovanni Farina,Sébastien Tixeuil

DOI: https://doi.org/10.48550/arXiv.1811.01770

2018-11-05

Distributed, Parallel, and Cluster Computing

Abstract:Ensuring reliable communication despite possibly malicious participants is a primary objective in any distributed system or network. In this paper, we investigate the possibility of reliable broadcast in a dynamic network whose topology may evolve while the broadcast is in progress. In particular, we adapt the Certified Propagation Algorithm (CPA) to make it work on dynamic networks and we present conditions (on the underlying dynamic graph) to enable safety and liveness properties of the reliable broadcast. We furthermore explore the complexity of assessing these conditions for various classes of dynamic networks.