A Formally Verified Protocol for Log Replication with Byzantine Fault Tolerance

TL;DR

This paper introduces a formally verified Byzantine fault-tolerant protocol for secure logging that guarantees agreement on proposed entries without leader election, emphasizing correctness, simplicity, and practicality.

Contribution

It presents a novel, formally verified consensus protocol tailored for secure logging, with a fully machine-checked security proof and practical implementation.

Findings

Protocol is optimal in rounds and fault tolerance.

Provides a fully machine-checked security proof.

Prototype implementation demonstrates practicality.

Abstract

Byzantine fault tolerant protocols enable state replication in the presence of crashed, malfunctioning, or actively malicious processes. Designing such protocols without the assistance of verification tools, however, is remarkably error-prone. In an adversarial environment, performance and flexibility come at the cost of complexity, making the verification of existing protocols extremely difficult. We take a different approach and propose a formally verified consensus protocol designed for a specific use case: secure logging. Our protocol allows each node to propose entries in a parallel subroutine, and guarantees that correct nodes agree on the set of all proposed entries, without leader election. It is simple yet practical, as it can accommodate the workload of a logging system such as Certificate Transparency. We show that it is optimal in terms of both required rounds and tolerable faults. Using Isabelle/HOL, we provide a fully machine-checked security proof based upon the Heard-Of model, which we extend to support signatures. We also present and evaluate a prototype implementation.