BFT Protocol Forensics

Peiyao Sheng; Gerui Wang; Kartik Nayak; Sreeram Kannan; Pramod Viswanath

doi:10.1145/3460120.3484566

BFT Protocol Forensics

Peiyao Sheng, Gerui Wang, Kartik Nayak, Sreeram Kannan, Pramod Viswanath

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for 2t+1 replicas communicating over a synchronous network forensic support is inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).

Original language	English (US)
Title of host publication	CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	1722-1743
Number of pages	22
ISBN (Electronic)	9781450384544
DOIs	https://doi.org/10.1145/3460120.3484566
State	Published - Nov 12 2021
Event	27th ACM Annual Conference on Computer and Communication Security, CCS 2021 - Virtual, Online, Korea, Republic of Duration: Nov 15 2021 → Nov 19 2021

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	27th ACM Annual Conference on Computer and Communication Security, CCS 2021
Country/Territory	Korea, Republic of
City	Virtual, Online
Period	11/15/21 → 11/19/21

Keywords

BFT protocols
blockchains
forensics

ASJC Scopus subject areas

Software
Computer Networks and Communications

Online availability

10.1145/3460120.3484566

Library availability

Discover UIUC Full Text

Cite this

BFT Protocol Forensics. / Sheng, Peiyao; Wang, Gerui; Nayak, Kartik et al.
CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2021. p. 1722-1743 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Sheng, P, Wang, G, Nayak, K, Kannan, S & Viswanath, P 2021, BFT Protocol Forensics. in CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 1722-1743, 27th ACM Annual Conference on Computer and Communication Security, CCS 2021, Virtual, Online, Korea, Republic of, 11/15/21. https://doi.org/10.1145/3460120.3484566

@inproceedings{8eefeef1159c4852b104c7132c05a0f5,

title = "BFT Protocol Forensics",

abstract = "Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for 2t+1 replicas communicating over a synchronous network forensic support is inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).",

keywords = "BFT protocols, blockchains, forensics",

author = "Peiyao Sheng and Gerui Wang and Kartik Nayak and Sreeram Kannan and Pramod Viswanath",

note = "Publisher Copyright: {\textcopyright} 2021 ACM.; 27th ACM Annual Conference on Computer and Communication Security, CCS 2021 ; Conference date: 15-11-2021 Through 19-11-2021",

year = "2021",

month = nov,

day = "12",

doi = "10.1145/3460120.3484566",

language = "English (US)",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "1722--1743",

booktitle = "CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security",

address = "United States",

}

TY - GEN

T1 - BFT Protocol Forensics

AU - Sheng, Peiyao

AU - Wang, Gerui

AU - Nayak, Kartik

AU - Kannan, Sreeram

AU - Viswanath, Pramod

PY - 2021/11/12

Y1 - 2021/11/12

N2 - Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for 2t+1 replicas communicating over a synchronous network forensic support is inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).

AB - Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. In this paper we mathematically formalize the study of forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible and in as distributed manner as possible. Our main result is that forensic support of BFT protocols depends heavily on minor implementation details that do not affect the protocol's security or complexity. Focusing on popular BFT protocols (PBFT, HotStuff, Algorand) we exactly characterize their forensic support, showing that there exist minor variants of each protocol for which the forensic supports vary widely. We show strong forensic support capability of LibraBFT, the consensus protocol of Diem cryptocurrency; our lightweight forensic module implemented on a Diem client is open-sourced and is under active consideration for deployment in Diem. Finally, we show that all secure BFT protocols designed for 2t+1 replicas communicating over a synchronous network forensic support is inherently nonexistent; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).

KW - BFT protocols

KW - blockchains

KW - forensics

UR - http://www.scopus.com/inward/record.url?scp=85119131469&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85119131469&partnerID=8YFLogxK

U2 - 10.1145/3460120.3484566

DO - 10.1145/3460120.3484566

M3 - Conference contribution

AN - SCOPUS:85119131469

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 1722

EP - 1743

BT - CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 27th ACM Annual Conference on Computer and Communication Security, CCS 2021

Y2 - 15 November 2021 through 19 November 2021

ER -

BFT Protocol Forensics

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this