Reusable Formal Verification of DAG-based Consensus Protocols

TL;DR

This paper develops a reusable formal verification framework for DAG-based blockchain consensus protocols, enabling safety proofs for multiple protocols with reduced effort, thus supporting their reliable adoption.

Contribution

It introduces a modular, proof-reuse approach for formally verifying multiple DAG-based consensus protocols using TLA+ and TLAPS, reducing verification effort significantly.

Findings

Verified safety specifications for five DAG-based protocols

Proof reuse reduces verification effort by nearly half

Efficient automatic proof checking within minutes

Abstract

Blockchains use consensus protocols to reach agreement, e.g., on the ordering of transactions. DAG-based consensus protocols are increasingly adopted by blockchain companies to reduce energy consumption and enhance security. These protocols collaboratively construct a partial order of blocks (DAG construction) and produce a linear sequence of blocks (DAG ordering). Given the strategic significance of blockchains, formal proofs of the correctness of key components such as consensus protocols are essential. This paper presents safety-verified specifications for five DAG-based consensus protocols. Four of these protocols -- DAG-Rider, Cordial Miners, Hashgraph, and Eventual Synchronous BullShark -- are well-established in the literature. The fifth protocol is a minor variation of Aleph, another well-established protocol. Our framework enables proof reuse, reducing proof efforts by almost half. It achieves this by providing various independent, formally verified, specifications of DAG construction and ordering variations, which can be combined to express all five protocols. We employ TLA+ for specifying the protocols and writing their proofs, and the TLAPS proof system to automatically check the proofs. Each TLA+ specification is relatively compact, and TLAPS efficiently verifies hundreds to thousands of obligations within minutes. The significance of our work is two-fold: first, it supports the adoption of DAG-based systems by providing robust safety assurances; second, it illustrates that DAG-based consensus protocols are amenable to practical, reusable, and compositional formal methods.