Byzantine Replication for Trustworthy Systems

This project seeks to reduce the complexity of building systems that are both fault tolerant and secure. Reasoning about such systems is hard and, to compound the challenge, fault-tolerance and security do not integrate nicely---for instance, the very replication that improves data integrity and availability against faults, harms confidentiality because it offers an attacker the opportunity to break into the least protected of the replicas. Because the Byzantine failure model encompasses arbitrarily faulty behavior---and therefore models, as special cases, nodes that misbehave because they are either executing upon faulty hardware, or running buggy software---Byzantine fault tolerance (BFT) has the potential of serving as the single key that opens both the fault-tolerance and security coffers.

To advance this agenda, we have developed solutions that significantly improve the capabilities and reduce the cost of Byzantine fault tolerant techniques by revisiting Byzantine replication protocols from first principles. In particular, we have focused on:

• reducing replication costs, which in BFT may become prohibitive, especially when considering that {\em n}-version programming (or opportunistic {\em n}-version programming) may be required to reduce the possibility of a large number correlated Byzantine faults caused by a single security exploit
• adding confidentiality guarantees to BFT protocols without affecting negatively their performance.

Selected Technical Highlights

In our paper:

• J.P. Martin, L. Alvisi, and M. Dahlin
  Minimal Byzantine Storage
  In Proceedings of the 16th International Symposium on Distributed Computing (DISC 2002),
  Toulouse, France, October 2002, pp. 311-326.

we present a new quorum-based algorithm that provides the abstraction of an atomic register using a provably minimal set of 3f + 1 storage nodes. Prior art achieved this lower bound only when the data being stored was self-verifying, i.e. data that could not be undetectably altered by a faulty server (such as data that have been digitally signed): with generic data, implementing even the much weaker safe register abstraction required 4f + 1 nodes. Our result proves that, surprisingly, generic data can be stored as efficiently as self-verifying data both in terms of consistency guarantees and number of replicas.

• J. Yin, J.P. Martin, A. Venkataramani, L. Alvisi, and M. Dahlin
  Separating Agreement from Execution for Byzantine Fault Tolerant Services
  In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003),
  Lake George, NY, October 2003, pp. 253-268.

a new architecture that separates both logically and physically the responsibility of reaching agreement on the sequence of state machine commands to be executed from the actual execution of these commands. This separation yields two key advantages.

First, it reduces replication costs: by assigning the task of producing a total ordering of commands to a cluster of simple, inexpensive, and application-independent agreement nodes, we can reduce the number of the expensive and application-specific state machines in the execution cluster from 3f + 1 to 2f + 1. Second, it suggests an approach that addresses efficiently, for the first time, the challenge of preventing Byzantine state machines from leaking confidential information to Byzantine clients: inserting a privacy firewall between the agreement and execution clusters lets the state machines in the execution clusters continue to access the service state in the clear, but filters out, before they can reach a client. any responses that could not have been produced by a correct state machine replica.

Because agreement nodes are inexpensive, it becomes possible to use them more liberally. In

• J.P. Martin and L. Alvisi
  Fast Byzantine Consensus.
  In IEEE Transactions on Dependable and Secure Computing , 3(3), July-September 2006, pp. 202-215.

we use this flexibility to derive the first asynchronous Byzantine consensus protocol that, in the common case, achieves consensus in just two communications steps, and prove that our protocol is optimal both in the number of steps, and in the number of agreement nodes it requires (5f+1).

To reduce the cost and simplify th design of Byzantine fault tolerant state machine replication, we propose in

• R. Kotla, L. Alvisi, M. Dahlin, A. Clement, and E. Wong
  Zyzzyva: Specualtive Byzantine Fault Tolerance
  In Proceedings of the 21th ACM Symposium on Operating Systems Principles (SOSP 2007), Skamania Lodge, Stevenson, WA, October 2007, pp. 45-58.

to allow replicas to respond to a client's request without first running an expensive three-phase commit protocol to reach agreement on the order in which the request must be processed. Instead, they optimistically adopt the order proposed by the primary and respond immediately to the client. Replicas can thus become temporarily inconsistent with one another, but clients detect inconsistencies, help correct replicas converge on a single total ordering of requests, and only rely on responses that are consistent with this total order. This approach allows Zyzzyva to reduce replication overheads to near their theoretical minima.

Please see the following list of relevant publications for our latest papers-we will add short descriptions of Zyzzyva and SafeStore in the near future.

Relevant Journal Publications:

• R. Kotla, A. Clement, E.D. Wong, L. Alvisi and M. Dahlin
  Zyzzyva: Speculative Byzantine Fault Tolerance
  ACM Trasactions on Computer Systems 27(4), December 2009, pp. 1-39.
• R. Kotla, A. Clement, E.D. Wong, L. Alvisi and M. Dahlin
  Zyzzyva: Speculative Byzantine Fault Tolerance
  Communications of the ACM 51(11), November 2008, pp. 86-95.
• J.P. Martin and L. Alvisi
  Fast Byzantine Consensus
  In IEEE Transactions on Dependable and Secure Computing , 3(3), July-September 2006, pp. 202-215.
• L. Alvisi, D. Malkhi, E. Pierce, and M. Reiter
  Fault Detection in Byzantine Quorum Systems.
  IEEE Transactions on Parallel and Distributed Systems, 12:9, September 2001, pp. 996-1007.

Relevant Conference Publications:

• A. Clement, M. Kapritsos, S. Lee, Y. Wang, M. Dahlin, and T. Riché)
  UpRight Cluster Services
  In Proceedings of the 22nd ACM Symposium on Operating Systems Principles (SOSP 2009),
  Big Sky, MT, October 2009, pp. 277-290.
• A. Clement, M. Marchetti, E.D. Wong, L. Alvisi, and M. Dahlin
  Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults
  In Proceedings of the 6th USENIX Symposium of Network Systems Design and Impementation (NSDI '09) ,
  Boston, MA, April 2009, pp. 153-168.
• A. S. Aiyer, R. Bazzi. and A. Clement, and L. Alvisi
  Matrix Signatures: From MACs to Digital Signatures in Distributed Systems
  In Proceedings of the 22nd International Symposium on Distributed Computing (DISC 2008) ,
  Arcachon, France, October 2008, pp. 16-31.
• A. Clement, M. Marchetti, E.D. Wong, and M. Dahlin
  BFT: The Time is Now
  In Proceedings of the 2nd Workshop on Large-Scale Distributed Systems and Middleware (LADIS '08) ,
  Yorktown Heights, October 2008, pp. 1-4.
• R. Kotla, A. Clement, E. D. Worg, L. Alvisi, and M. Dahlin
  Zyzzyva: Speculative Byzantine Fault Tolerant Replication
  In Proceedings of the 21th ACM Symposium on Operating Systems Principles (SOSP 2007),
  Skamania Lodge, Stevenson, WA, October 2007, pp. 45-58. Best Paper Award.
• A.S. Aiyer, L. Alvisi, and R. Bazzi
  Bounded Wait-Free Implementation of Optimally Resilient Byzantine Storage without (Unproven) Cryptographic Assumptions.
  In Proceedings of the 21th International Symposium on Distributed Computing (DISC 2007) ,
  Lemesos, Cyprus, October 2007.
• H. Li, A. Clement, A.S. Aiyer, and L. Alvisi
  The Paxos Register
  In Proceedings of the 26th IEEE International Symposium on Reliable Distributed Systems (SRDS 2007),
  Beijing, China, October 2007, pp. 114-126.
• R. Kotla, L. Alvisi, and M. Dahlin
  SafeStore: A Durable and Practical Storage System
  In Proceedings of the 2007 USENIX Annual Technical Conference,
  Santa Clara, CA, June 2007, pp. 129-142. Best Paper Award.
• A.S. Aiyer, L. Alvisi, and R. Bazzi
  Byzantine and Multi-writer k-quorums
  In Proceedings of the 20th International Symposium on Distributed Computing (DISC 2006),
  Stockholm, Sweden, September 2006, pp. 443-458.
• A.S. Aiyer, L. Alvisi, And R. Bazzi
  On the Availability of non-Strict Quorum Systems
  In Proceedings of the 19th International Symposium on Distributed Computing (DISC 2005),
  Cracow, Poland, September 2005, pp. 48-62.
• J.P. Martin and L. Alvisi
  Fast Byzantine Consensus
  In Proceedings of the International Conference on Dependable Systems and Networks (DSN 2005), DCC Symposium,
  Yokohama, Japan, June 2005, pp. 402-411. Award Paper.
• J.P. MArtin and L. Alvisi
  Dynamic Byzantine Storage
  In Proceedings of the International Conference on Dependable Systems and Networks (DSN 2004), DCC Symposium,
  Florence, Italy, June 2004, pp. 325-334.
• J. Yin, J.P. Martin, A. Venkataramani, L. Alvisi and M. Dahlin
  Separating Agreement from Execution in Byzantine Fault-Tolerant Services
  In Proceedings of the 19th ACM Symposium on Operating Systems Principles (SOSP 2003),
  Bolton Landing, NY, October 2003, pp. 253-268.
• J.P. Martin and L. Alvisi
  Minimal Byzantine Storage
  In Proceedings of the 16th International Symposium on Distributed Computing (DISC 2002),
  Toulouse, France, October 2002, pp. 311-326.
• J.P. Martin, L. Alvisi, and M. Dahlin
  Small Byzantine Quorum Systems
  In Proceedings of the International Conference on Dependable Systems and Networks (DSN 2002 and FTCS 32), DCC Symposium,
  Washington, DC, June 2002, pp. 374-383.
  See also the extended technical report.
• E. Pierce and L. Alvisi
  A Framework for Semantic Reasoning about Byzantine Quorum Systems.
  In Brief Announcements, Proceedings of Symposium on Principles of Distributed Computing, August 2001, pp. 317-319.
• L. Alvisi, D. Malkhi, E. Pierce, M. Reiter, and R. Wright
  Dynamic Byzantine Quorum Systems.
  In Proceedings of the International Conference on Dependable Systems and Networks (FTCS 30 and DCCA 8),
  New York, NY, June 2000, pp. 283-292.
• L. Alvisi, D. Malkhi, E. Pierce, and M. Reiter
  Probabilistic Techniques for Fault Detection in Byzantine Quorum Systems.
  In Proceedings of the Seventh IFIP International Working Conference on Dependable Computing for Critical Applications (DCCA-7)
  San Jose, CA, January 1999, pp. 379-394.

Faculty

• Lorenzo Alvisi
• Mike Dahlin

Students

• Amitanand Ayer
• Allen Clement
• Emmanouil (Manos) Kapritsos
• Yang Wang
• Edmund L. Wong

Alumni

• Ramakrishna Kotla (Microsoft Silicon Valley research Lab)
• Harry Li (Facebook)
• Jeff Napper (Vrije University)
• Jean-Philippe Martin (Microsoft Silicon Valley Research Lab)
• Evelyn Tumlin Pierce

External collaborators

• Rida Bazzi (Arizona State University)
• Mirco Marchetti (Università di Modena e Reggio Emilia)

Sponsors

• The Texas Advanced Technology Program
• The National Science Foundation under Grants No. 0720649 and 0430510.
  Any opinions, findings, and conclusions or recommendations expressed in this material are those of the author(s)
  and do not necessarily reflect the views of the National Science Foundation (NSF).