Dahlia Malkhi,Maofan Yin

2023-05-23

Abstract:This article will take you on a journey to the core of blockchains, their Byzantine consensus engine, where HotStuff emerged as a new algorithmic foundation for the classical Byzantine generals consensus problem. The first part of the article underscores the theoretical advances HotStuff enabled, including several models in which HotStuff-based solutions closed problems which were opened for decades. The second part focuses on HotStuff performance in real life setting, where its simplicity drove adoption of HotStuff as the golden standard for blockchain design, and many variants and improvements built on top of it. Both parts of this document are meant to describe lessons drawn from HotStuff as well as dispel certain myths.

Distributed, Parallel, and Cluster Computing

Jérémie Decouchant,Burcu Kulahcioglu Ozkan,Yanzhuo Zhou

2023-10-13

Abstract:Byzantine consensus protocols aim at maintaining safety guarantees under any network synchrony model and at providing liveness in partially or fully synchronous networks. However, several Byzantine consensus protocols have been shown to violate liveness properties under certain scenarios. Existing testing methods for checking the liveness of consensus protocols check for time-bounded liveness violations, which generate a large number of false positives. In this work, for the first time, we check the liveness of Byzantine consensus protocols using the temperature and lasso detection methods, which require the definition of ad-hoc system state abstractions. We focus on the HotStuff protocol family that has been recently developed for blockchain consensus. In this family, the HotStuff protocol is both safe and live under the partial synchrony assumption, while the 2-Phase Hotstuff and Sync HotStuff protocols are known to violate liveness in subtle fault scenarios. We implemented our liveness checking methods on top of the Twins automated unit test generator to test the HotStuff protocol family. Our results indicate that our methods successfully detect all known liveness violations and produce fewer false positives than the traditional time-bounded liveness checks.

Distributed, Parallel, and Cluster Computing,Software Engineering

Dakai Kang,Suyash Gupta,Dahlia Malkhi,Mohammad Sadoghi

2024-08-09

Abstract:This paper introduces HotStuff-1, a BFT consensus protocol that improves the latency of HotStuff-2 by two network-hops while maintaining linear communication complexity against faults. Additionally, HotStuff-1 incorporates an incentive-compatible leader rotation regime that motivates leaders to commit consensus decisions promptly. HotStuff-1 achieves a reduction by two network hops by sending clients early finality confirmations speculatively, after one phase of the protocol. Unlike previous speculation regimes, the early finality confirmation path of HotStuff-1 is fault-tolerant and the latency improvement does not rely on optimism. An important consideration for speculation regimes in general, which is referred to as the prefix speculation dilemma, is exposed and resolved. HotStuff-1 embodies an additional mechanism, slotting, that thwarts real-world delays caused by rationally-incentivized leaders. Leaders may also be inclined to sabotage each other's progress. The slotting mechanism allows leaders to drive multiple decisions, thus mitigating both threats, while dynamically adapting the number of allowed decisions per leader to network transmission delays.

Databases

Nathalie Bertrand,Pranav Ghorpade,Sasha Rubin,Bernhard Scholz,Pavle Subotic

2024-07-02

Abstract:DAG-based consensus protocols are being adoption by blockchain companies to decrease energy footprints and improve security. A DAG-based consensus protocol collaboratively constructs a partial order of blocks of transactions and produces linearly ordered blocks. The ubiquity and strategic importance of blockchains call for formal proof of the correctness of key components, namely, consensus protocols. This paper presents a safety-proven formal specification of two DAG-based protocols. Our specification highlights several dissemination, DAG construction, and ordering variations that can be combined to express the two protocols. The formalization requires a refinement approach for modeling the consensus. In an abstract model, we first show the safety of DAG-based consensus on leader blocks and then further refine the specification to encompass all blocks for all processes. The TLA+ specification for a given protocol consists of 492-732 lines, and the proof system TLAPS verifies 2025-2294 obligations in 6-8 minutes.

Logic in Computer Science,Distributed, Parallel, and Cluster Computing,Software Engineering

Siyuan Zhao,Yanqi Wu,Zheng Wang

2024-03-27

Abstract:Byzantine consensus protocols are essential in blockchain technology. The widely recognized HotStuff protocol uses cryptographic measures for efficient view changes and reduced communication complexity. Recently, the main authors of HotStuff introduced an advanced iteration named HotStuff-2. This paper aims to compare the principles and analyze the effectiveness of both protocols, hoping to depict their key differences and assess the potential enhancements offered by HotStuff-2.

Cryptography and Security,Distributed, Parallel, and Cluster Computing

Rong Wang,Minfu Yuan,Zhenyu Wang,Yin Li

DOI: https://doi.org/10.3390/s24165417

IF: 3.9

2024-08-23

Sensors

Abstract:Recent Byzantine Fault-Tolerant (BFT) State Machine Replication (SMR) protocols increasingly focus on scalability and security to meet the growing demand for Distributed Ledger Technology (DLT) applications across various domains. Current BFT consensus algorithms typically require a single leader node to receive and validate votes from the majority process and broadcast the results, a design challenging to scale in large systems. We propose a fast-response consensus algorithm based on improvements to HotStuff, aimed at enhancing transaction ordering speed and overall performance of distributed systems, even in the presence of faulty copies. The algorithm introduces an optimistic response assumption, employs a message aggregation tree to collect and validate votes, and uses a dynamically adjusted threshold mechanism to reduce communication delay and improve message delivery reliability. Additionally, a dynamic channel mechanism and an asynchronous leader multi-round mechanism are introduced to address multiple points of failure in the message aggregation tree structure, minimizing dependence on a single leader. This adaptation can be flexibly applied to real-world system conditions to improve performance and responsiveness. We conduct experimental evaluations to verify the algorithm's effectiveness and superiority. Compared to the traditional HotStuff algorithm, the improved algorithm demonstrates higher efficiency and faster response times in handling faulty copies and transaction ordering.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xiao Sui,Sisi Duan,Haibin Zhang

DOI: https://doi.org/10.1109/tifs.2023.3318943

IF: 7.231

2024-01-01

IEEE Transactions on Information Forensics and Security

Abstract:We provide an expressive framework that allows analyzing and generating provably secure, state-of-the-art Byzantine fault-tolerant (BFT) protocols over graph of nodes, a notion formalized in the HotStuff protocol. Our framework is hierarchical, including three layers. The top layer is used to model the message pattern and abstract core functions on which BFT algorithms can be built. The intermediate layer provides the core functions with high-level properties sufficient to prove the security of the top-layer algorithms. The bottom layer presents operational realizations for the core functions. Using our framework, designing a BFT protocol is reduced to instantiating two core functions together with their specific properties. Unlike prior BFT frameworks, our framework can analyze and recast BFT protocols in an exceedingly fine-grained manner. More importantly, our framework can readily generate new BFT protocols. In this paper, we show that the framework allows us to fully specify and formally prove the security for a family of BFT protocols, including known protocols such as HotStuff, Fast-HotStuff, and SBFT. Additionally, we show that our framework can generate four new protocols outperforming existing ones, including 1) two protocols with $5f+1$ replicas achieving optimal message complexity; 2) the first BFT protocol achieving optimal message complexity with $4f+1$ replicas; and 3) a two-phase protocol with $3f+1$ replicas achieving linear authenticator complexity in the fast path.

William Schultz,Ian Dardik,Stavros Tripakis

DOI: https://doi.org/10.1145/3497775.3503688

2021-12-18

Abstract:We present a formal, machine checked TLA+ safety proof of MongoRaftReconfig, a distributed dynamic reconfiguration protocol. MongoRaftReconfig was designed for and implemented in MongoDB, a distributed database whose replication protocol is derived from the Raft consensus algorithm. We present an inductive invariant for MongoRaftReconfig that is formalized in TLA+ and formally proved using the TLA+ proof system (TLAPS). We also present a formal TLAPS proof of two key safety properties of MongoRaftReconfig, LeaderCompleteness and StateMachineSafety. To our knowledge, these are the first machine checked inductive invariant and safety proof of a dynamic reconfiguration protocol for a Raft based replication system.

Distributed, Parallel, and Cluster Computing

Kaiwen Guo,Kexin Hu,Zhenfeng Zhang

DOI: https://doi.org/10.1093/comjnl/bxae027

2024-04-05

The Computer Journal

Abstract:Abstract Byzantine fault-tolerant (BFT) consensus protocols are essential in distributed computing. Most partially synchronous BFT protocols proceed in views and rely on a view synchronizer module to guarantee liveness by synchronizing honest replicas to the same view. HotStuff is a leading BFT consensus protocol known for achieving linear view change and optimistic responsiveness. To achieve these desirable properties, HotStuff relies on a candidate solution for the view synchronizer based on a recomposed timer doubling mechanism. However, a formal analysis of this mechanism is currently lacking. This paper delves into HotStuff with the recomposed timer doubling mechanism. To facilitate accurate analysis, we introduce a new specification for the view synchronizer, incorporating two paths for view switching as in HotStuff’s setting. Surprisingly, we observe that the adversary can disrupt the view synchronization and launch a liveness attack, stalling the confirmation process. Besides, the adversary can further recover or control the confirmation process at will. A repairment that retains the desirable feature of HotStuff is also presented. We simulate the liveness attack and the repairment, demonstrating their effectiveness. Specifically, the liveness attack can cause HotStuff’s throughput to drop and remain at 0. When equipped with our repairment, HotStuff can resist the attack and retain the throughput performance.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Mohit Tekriwal,Avi Tachna-Fram,Jean-Baptiste Jeannin,Manos Kapritsos,Dimitra Panagou

2024-01-31

Abstract:Distributed architectures are used to improve performance and reliability of various systems. Examples include drone swarms and load-balancing servers. An important capability of a distributed architecture is the ability to reach consensus among all its nodes. Several consensus algorithms have been proposed, and many of these algorithms come with intricate proofs of correctness, that are not mechanically checked. In the controls community, algorithms often achieve consensus asymptotically, e.g., for problems such as the design of human control systems, or the analysis of natural systems like bird flocking. This is in contrast to exact consensus algorithm such as Paxos, which have received much more recent attention in the formal methods community. This paper presents the first formal proof of an asymptotic consensus algorithm, and addresses various challenges in its formalization. Using the Coq proof assistant, we verify the correctness of a widely used consensus algorithm in the distributed controls community, the Weighted-Mean Subsequence Reduced (W-MSR) algorithm. We formalize the necessary and sufficient conditions required to achieve resilient asymptotic consensus under the assumed attacker model. During the formalization, we clarify several imprecisions in the paper proof, including an imprecision on quantifiers in the main theorem.

Programming Languages,Optimization and Control

Ittai Abraham,Gilad Stern

DOI: https://doi.org/10.48550/arXiv.2009.12828

2020-11-20

Abstract:This work presents Information Theoretic HotStuff (IT-HS), a new optimally resilient protocol for solving Byzantine Agreement in partial synchrony with information theoretic security guarantees. In particular, IT-HS does not depend on any PKI or common setup assumptions and is resilient to computationally unbounded adversaries. IT-HS is based on the Primary-Backup view-based paradigm. In IT-HS, in each view, and in each view change, each party sends only a constant number of words to every other party. This yields an $O(n^2)$ word and message complexity in each view. In addition, IT-HS requires just $O(1)$ persistent local storage and $O(n)$ transient local storage. Finally, like all Primary-Backup view-based protocols in partial synchrony, after the system becomes synchronous, all nonfaulty parties decide on a value in the first view a nonfaulty leader is chosen. Moreover, like PBFT and HotStuff, IT-HS is optimistically responsive: with a nonfaulty leader, parties decide as quickly as the network allows them to do so, without regard for the known upper bound on network delay. Our work improves in multiple dimensions upon the information theoretic version of PBFT presented by Miguel Castro, and can be seen as an information theoretic variant of the HotStuff paradigm.

Distributed, Parallel, and Cluster Computing

Marco B. Caminati

2023-06-18

Abstract:In a recent paper, new theorems linking apparently unrelated mathematical objects (event structures from concurrency theory and full graphs arising in computational biology) were discovered by cross-site data mining on huge databases, and building on existing Isabelle-verified event structures enumeration algorithms. Given the origin and newness of such theorems, their formal verification is particularly desirable. This paper presents such a verification via Isabelle/HOL definitions and theorems, and exposes the technical challenges found in the process. The introduced formalisation completes the verification of Isabelle-verified event structure enumeration algorithms into a fully verified framework to link event structures to full graphs.

Logic in Computer Science,Artificial Intelligence

Giorgio Delzanno

DOI: https://doi.org/10.48550/arXiv.cs/0601038

2006-01-10

Abstract:We present a technique for the automated verification of abstract models of multithreaded programs providing fresh name generation, name mobility, and unbounded control. As high level specification language we adopt here an extension of communication finite-state machines with local variables ranging over an infinite name domain, called TDL programs. Communication machines have been proved very effective for representing communication protocols as well as for representing abstractions of multithreaded software. The verification method that we propose is based on the encoding of TDL programs into a low level language based on multiset rewriting and constraints that can be viewed as an extension of Petri Nets. By means of this encoding, the symbolic verification procedure developed for the low level language in our previous work can now be applied to TDL programs. Furthermore, the encoding allows us to isolate a decidable class of verification problems for TDL programs that still provide fresh name generation, name mobility, and unbounded control. Our syntactic restrictions are in fact defined on the internal structure of threads: In order to obtain a complete and terminating method, threads are only allowed to have at most one local variable (ranging over an infinite domain of names).

Logic in Computer Science,Programming Languages

Giorgio Delzanno

DOI: https://doi.org/10.48550/arXiv.cs/0601037

2006-01-10

Abstract:We present a technique for the automated verification of abstract models of multithreaded programs providing fresh name generation, name mobility, and unbounded control. As high level specification language we adopt here an extension of communication finite-state machines with local variables ranging over an infinite name domain, called TDL programs. Communication machines have been proved very effective for representing communication protocols as well as for representing abstractions of multithreaded software. The verification method that we propose is based on the encoding of TDL programs into a low level language based on multiset rewriting and constraints that can be viewed as an extension of Petri Nets. By means of this encoding, the symbolic verification procedure developed for the low level language in our previous work can now be applied to TDL programs. Furthermore, the encoding allows us to isolate a decidable class of verification problems for TDL programs that still provide fresh name generation, name mobility, and unbounded control. Our syntactic restrictions are in fact defined on the internal structure of threads: In order to obtain a complete and terminating method, threads are only allowed to have at most one local variable (ranging over an infinite domain of names).

Computation and Language,Programming Languages

Berk Cirisci,Constantin Enea,Suha Orhun Mutluergil

DOI: https://doi.org/10.48550/arXiv.2301.09946

2023-01-24

Abstract:Distributed algorithms solving agreement problems like consensus or state machine replication are essential components of modern fault-tolerant distributed services. They are also notoriously hard to understand and reason about. Their complexity stems from the different assumptions on the environment they operate with, i.e., process or network link failures, Byzantine failures etc. In this paper, we propose a novel abstract representation of the dynamics of such protocols which focuses on quorums of responses (votes) to a request (proposal) that form during a run of the protocol. We show that focusing on such quorums, a run of a protocol can be viewed as working over a tree structure where different branches represent different possible outcomes of the protocol, the goal being to stabilize on the choice of a fixed branch. This abstraction resembles the description of recent protocols used in Blockchain infrastructures, e.g., the protocol supporting Bitcoin or HotStuff. We show that this abstraction supports reasoning about the safety of various algorithms, e.g., Paxos, PBFT, Raft, and HotStuff, in a uniform way. In general, it provides a novel induction based argument for proving that such protocols are safe.

Distributed, Parallel, and Cluster Computing

Mingan Gao,Zhiyuan Wang,Gehao Lu

DOI: https://doi.org/10.3390/electronics12224632

IF: 2.9

2023-11-13

Electronics

Abstract:The paper introduces a novel consensus algorithm named MRPBFT, which is derived from the HotStuff consensus protocol and improved upon to address security deficiencies in traditional consensus algorithms within the domain of digital asset transactions. MRPBFT aims to enhance security and privacy protection while pursuing higher consensus efficiency. It employs a multi-primary-node approach and a ring signature mechanism to reinforce security and privacy preservation features in the consensus system. This algorithm primarily focuses on two main improvements: Firstly, it proposes the ed25519LRS signature algorithm and discusses its anonymity for transaction participants and the non-forgeability of signature information in the identity verification and message verification processes within the consensus algorithm. Secondly, the paper introduces MPBFT asynchronous view changes and a multi-primary-node mechanism to enhance consensus efficiency, allowing for view switching in the absence of global consensus. With the introduction of the multi-primary-node mechanism, nodes can be flexibly added or removed, supporting parallel processing of multiple proposals and transactions. Finally, through comparative experiments, the paper demonstrates that the improved algorithm performs significantly better in terms of throughput and network latency.

engineering, electrical & electronic,computer science, information systems,physics, applied

Horatiu Cirstea,Markus A. Kuppe,Benjamin Loillier,Stephan Merz

2024-09-18

Abstract:TLA+ is a formal language for specifying systems, including distributed algorithms, that is supported by powerful verification tools. In this work we present a framework for relating traces of distributed programs to high-level specifications written in TLA+. The problem is reduced to a constrained model checking problem, realized using the TLC model checker. Our framework consists of an API for instrumenting Java programs in order to record traces of executions, of a collection of TLA+ operators that are used for relating those traces to specifications, and of scripts for running the model checker. Crucially, traces only contain updates to specification variables rather than full values, and developers may choose to trace only certain variables. We have applied our approach to several distributed programs, detecting discrepancies between the specifications and the implementations in all cases. We discuss reasons for these discrepancies, best practices for instrumenting programs, and how to interpret the verdict produced by TLC.

Programming Languages,Software Engineering

Michael Lambert

DOI: https://doi.org/10.48550/arXiv.2111.07461

2021-11-15

Abstract:This paper presents a reformulation in topos logic of a safety result arising in an abstract presentation of blockchain consensus protocols. That is, in a high-level template for "correct-by-construction" consensus protocols, it is shown that a proposition and its negation cannot both be safe in protocol states that have executions to some common state. This is in fact true for any inconsistent propositions and the proof requires only intuitionistic reasoning. This opens the door for work on consensus protocols in the internal language of a topos. As a first pass on such a program, the main contribution of this paper is the formulation of estimate safety in abstract correct-by-construction protocols as a forcing statement in the internal logic of a given topos. This is illustrated first in the setting of copresheaf toposes. It is also seen there that safety can be viewed as a modal statement. For these interpretations, some extensions and adaptations of results in the literature on modal operators in toposes are presented. The final reformulation of estimate safety is a completely elementary version in the language of an arbitrary topos where it is seen that estimate safety is equivalent to a certain forcing statement.

Category Theory

Kaustuv Chaudhuri,Damien Doligez,Leslie Lamport,Stephan Merz

DOI: https://doi.org/10.1007/978-3-642-14203-1_12

2010-11-11

Abstract:TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties.

Logic in Computer Science

Simon Foster,Chung-Kil Hur,Jim Woodcock

2024-10-31

Abstract:Model execution allows us to prototype and analyse software engineering models by stepping through their possible behaviours, using techniques like animation and simulation. On the other hand, deductive verification allows us to construct formal proofs demonstrating satisfaction of certain critical properties in support of high-assurance software engineering. To ensure coherent results between execution and proof, we need unifying semantics and automation. In this paper, we mechanise Interaction Trees (ITrees) in Isabelle/HOL to produce an execution and verification framework. ITrees are coinductive structures that allow us to encode infinite labelled transition systems, yet they are inherently executable. We use ITrees to create verification tools for stateful imperative programs, concurrent programs with message passing in the form of the CSP and \Circus languages, and abstract system models in the style of the Z and B methods. We demonstrate how ITrees can account for diverse semantic presentations, such as structural operational semantics, a relational program model, and CSP's failures-divergences trace model. Finally, we demonstrate how ITrees can be executed using the Isabelle code generator to support the animation of models.

Logic in Computer Science