• Top
    • Documentation
    • Books
    • Boolean-reasoning
    • Projects
      • Apt
      • Zfc
      • Acre
      • Milawa
      • Smtlink
      • Abnf
      • Vwsim
      • Isar
      • Wp-gen
      • Dimacs-reader
      • Pfcs
      • Legacy-defrstobj
      • Proof-checker-array
      • Soft
      • C
      • Farray
      • Rp-rewriter
      • Riscv
      • Instant-runoff-voting
      • Imp-language
      • Sidekick
      • Leftist-trees
      • Java
      • Taspi
      • Bitcoin
      • Des
      • Ethereum
      • X86isa
      • Sha-2
      • Yul
      • Zcash
      • Proof-checker-itp13
      • Regex
      • ACL2-programming-language
      • Json
      • Jfkr
      • Equational
      • Cryptography
      • Poseidon
      • Where-do-i-place-my-book
      • Axe
      • Bigmems
      • Builtins
      • Execloader
      • Aleo
        • Aleobft
          • Correctness
          • Definition
          • Library-extensions
        • Leo
      • Solidity
      • Paco
      • Concurrent-programs
      • Bls12-377-curves
    • Debugging
    • Std
    • Community
    • Proof-automation
    • Macro-libraries
    • ACL2
    • Interfacing-tools
    • Hardware-verification
    • Software-verification
    • Math
    • Testing-utilities
  • Aleo

Aleobft

Formal model and correctness proofs of AleoBFT.

AleoBFT is the consensus protocol of the Aleo blockchain. AleoBFT is based on Narwhal and Bullshark, particuarly partially synchronous Bullshark, which AleoBFT extends with dynamic committees, staking, and syncing. AleoBFT is implemented in snarkOS (primarily) and snarkVM (for some functionality).

This directory contains a formal model and correctness proofs of AleoBFT. The model is an abstraction of AleoBFT that mainly captures the Bullshark aspects of the protocol, but with dynamic committees and with stake, which are significant extensions to Bullshark. The Narwhal aspects of AleoBFT are modeled only at an abstract level, similarly to the way that the Bullshark papers model the underlying DAG consensus layer. The level of abstraction of this model is about the same as the Bullshark papers. This model does not capture garbage collection or syncing.

The subdirectory next contains an in-progress extension of the model and proofs, which will replace the current version when completed. (The files in next are not included in the manual, so that they can use names overlapping with the current version.) This extension refines certificate creation, which in the current model is an atomic event, to be a multi-step process, with explicit creation and exchange of proposals, endorsements, and certificates; that is, the extensions models the Narwhal aspects of AleoBFT in more detail. Modeling syncing and garbage collection is not part of this next extension; it is future work, along with other possible refinements of the model.

The proofs of correctness in both the current and next version mainly concern the safety property that blockchains do not fork. Proving other correctness properties is future work.

The current version of the model and proofs is the last one of a series of versions that we have developed. We started with a version with static committees without stake, which was therefore very similar to plain Bullshark. Then we made the significant extension to dynamic committees, initially without stake, and then with stake; adding stake was not a big extension. The next version also has dynamic committees with stake, but has a more refined model of certificate creation (see above). Since each new version subsumes the previous ones as special cases, there is no need to keep the previous versions.

The current version essentially corresponds to the contents of this arXiv paper, but the current version has undergone some improvements since the paper was written.

Subtopics

Correctness
Correctness proofs of the AleoBFT labeled state transition system.
Definition
Definition of the AleoBFT labeled state transition system.
Library-extensions
Library extensions.