It has recently been shown that executions of authenticated Byzantine Agreement protocols in which more than a third of the parties are corrupted, cannot be composed concurrently, in parallel, or even sequentially (where the latter is true for deterministic protocols). This result puts into question any usage of authenticated Byzantine agreement in a setting where many executions take place. In...

Distributed systems are subject to a variety of failures and attacks. In this paper, we consider general (Byzantine) failures [11], in which a failed node may exhibit arbitrary behavior. In particular, a failed node may corrupt its local state, send random messages, or even send specific messages aimed at subverting the system. Many security attacks can be modeled as Byzantine failures, such as...

This paper argues for a new approach to building Byzantine fault tolerant systems. We observe that although recently developed BFT state machine replication protocols are quite fast, they don’t actually tolerate Byzantine faults very well: a single faulty client or server is capable of rendering PBFT, Q/U, HQ, and Zyzzyva virtually unusable. In this paper, we (1) demonstrate that existing proto...

Fault-tolerant consensus has been studied extensively in the literature, because it is one of the most important distributed primitives and has wide applications in practice. This paper surveys important results on fault-tolerant consensus in message-passing networks, and the focus is on results from the past decade. Particularly, we categorize the results into two groups: new problem formulati...

We introduce a novel hybrid failure model, which facilitates an accurate and detailed analysis of round-based synchronous, partially synchronous and asynchronous distributed algorithms under both process and link failures. Granting every process in the system up to send and receive link failures (with arbitrary faulty ones among those) in every round, without being considered faulty, we show th...

Byzantine agreement is a fundamental issue in fault-tolerant and secure distributed computing. Protocols solving Byzantine agreement guarantee that a sender can transmit a value to a group of receivers consistently, even if some of the nodes, including the sender, are arbitrarily faulty. In the past, protocols for Byzantine agreement were generally either authenticated or non-authenticated. Non...

Our research on the texts of the Byzantine historians and chroniclers revealed an apparently curious phenomenon, namely, the abandonment of terminally ill emperors by their physicians when the latter realised that they could not offer any further treatment. This attitude tallies with the mentality of the ancient Greek physicians, who even in Hippocratic times thought the treatment and care of t...

Enclaves is a group-oriented intrusion-tolerant protocol. Intrusion-tolerant protocols are cryptographic protocols that implement fault-tolerance techniques to achieve security despite possible intrusions at some parts of the system. Among the most tedious faults to handle in security are the so-called Byzantine faults, where insiders maliciously exhibit an arbitrary (possibly dishonest) behavi...

Agreement problems are a fundamental building block for constructing reliable distributed systems. While robust and eÆcient protocols exist in the crash-failure setting, protocols resilient against a Byzantine adversary tend to have problems with either eÆciency or security. This paper proposes an optimistic approach to the Byzantine agreement problem, combining the eÆciency of fully synchronou...

In a previous lecture, we defined the Byzantine agreement/broadcast problems and showed that there is no protocol solving these problems when the fraction of corrupted players is 1/3 or larger. Today, we prove the converse by showing a protocol for broadcast (and hence Byzantine agreement; cf. the previous lecture) when the fraction of corrupted players is less than 1/3. The protocol we will sh...