Making Reads in BFT State Machine Replication Fast, Linearizable, and Live

TL;DR

This paper reveals a liveness vulnerability in PBFT's read-only request optimization, demonstrates an attack exploiting it, and proposes two solutions that restore correctness and performance in BFT systems.

Contribution

It identifies a previously unknown liveness issue in PBFT's read-only optimization and provides two practical solutions implemented in BFT-SMaRt.

Findings

The read-only optimization can violate liveness under certain attacks.

The authors demonstrate an attack that blocks correct clients.

Two solutions effectively prevent the attack and maintain performance.

Abstract

Practical Byzantine Fault Tolerance (PBFT) is a seminal state machine replication protocol that achieves a performance comparable to non-replicated systems in realistic environments. A reason for such high performance is the set of optimizations introduced in the protocol. One of these optimizations is read-only requests, a particular type of client request which avoids running the three-step agreement protocol and allows replicas to respond directly, thus reducing the latency of reads from five to two communication steps. Given PBFT's broad influence, its design and optimizations influenced many BFT protocols and systems that followed, e.g., BFT-SMaRt. We show, for the first time, that the read-only request optimization introduced in PBFT more than 20 years ago can violate its liveness. Notably, the problem affects not only the optimized read-only operations but also standard, totally-ordered operations. We show this weakness by presenting an attack in which a malicious leader blocks correct clients and present two solutions for patching the protocol, making read-only operations fast and correct. The two solutions were implemented on BFT-SMaRt and evaluated in different scenarios, showing their effectiveness in preventing the identified attack.