Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to a consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults $t$ under different network settings. However, if the number of faults $f$ exceeds $t$ then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as a distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for $2t+1$ replicas communicating over a synchronous network forensic support are inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).
翻译:拜占庭过错( BFT) 协议允许一组复制品达成共识, 即使有些复制品是拜占庭错误的。 存在多个BFT协议可以安全地容忍不同网络设置下最优数目的故障。 但是, 如果错误数量超过美元美元, 那么安全就会受到侵犯。 在本文中, 我们数学地正式确定BFT协议的法医支持研究: 我们的目标是( 以加密完整性) 尽可能多地识别恶意复制品。 我们的主要结果是, BFT协议的法医支持在很大程度上取决于不影响协议安全或复杂性的细小执行细节。 聚焦受欢迎的BFT协议( PBFT、 HotStuff、 Algorand), 我们确切地描述他们的法医支持, 表明每项协议中存在一些小变体, 而法医支持则各有差异。 我们展示了强大的法医支持能力, 所有的Diem Clopptofal协议的协商一致协议; 我们的轻度法医支持, 包括Diem Excalt 协议的软件模块, 我们所执行的轻度法医模块, 如果Die+CFTFT网络的客户是开放的, 最后显示, 我们所有安全的版本的版本的版本, 将显示所有访问结果都在BRFPLFPRFPRFPRFPRFPS的运行的版本。