BFT Protocol Forensics
share
Byzantine fault-tolerant (BFT) protocols allow a group of replicas to come to consensus even when some of the replicas are Byzantine faulty. There exist multiple BFT protocols to securely tolerate an optimal number of faults t under different network settings. However, if the number of faults f exceeds t then security could be violated. Motivated by blockchain applications, we systematically study the forensic support of BFT protocols: we aim to identify (with cryptographic integrity) as many of the malicious replicas as possible, by as many participating replicas as possible and in as distributed manner as possible. Our main (positive) result is that well-known BFT protocols such as PBFT, HotStuff, and VABA have strong forensic support; we show that when f exceeds t, at least t+1 of culpable replicas can be identified by at least 2t+1-f honest replicas. On the other hand, when t is as much as half the number of replicas (e.g. in a synchronous network), then all but one of the malicious replicas must go undetected; this impossibility result holds for all BFT protocols and even if one has access to the states of all replicas (including Byzantine ones).
READ FULL TEXT
