Proteus: Append-Only Ledgers for (Mostly) Trusted Execution Environments

TL;DR

Proteus introduces a novel distributed consensus protocol that combines crash-fault-tolerant and Byzantine fault-tolerant mechanisms within trusted execution environments, ensuring integrity even if TEEs are compromised.

Contribution

It presents a new layered consensus protocol that embeds BFT within CFT protocols, enhancing resilience against TEE platform attacks without additional messaging overhead.

Findings

Achieves performance comparable to existing TEE-enabled protocols.

Guarantees data integrity despite TEE platform compromises.

Successfully integrates BFT and CFT protocols through structural refactoring.

Abstract

Distributed ledgers are increasingly relied upon by industry to provide trustworthy accountability, strong integrity protection, and high availability for critical data without centralizing trust. Recently, distributed append-only logs are opting for a layered approach, combining crash-fault-tolerant (CFT) consensus with hardware-based Trusted Execution Environments (TEEs) for greater resiliency. Unfortunately, hardware TEEs can be subject to (rare) attacks, undermining the very guarantees that distributed ledgers are carefully designed to achieve. In response, we present Proteus, a new distributed consensus protocol that cautiously trusts the guarantees of TEEs. Proteus carefully embeds a Byzantine fault-tolerant (BFT) protocol inside of a CFT protocol with no additional messages. This is made possible through careful refactoring of both the CFT and BFT protocols such that their structure aligns. Proteus achieves performance in line with regular TEE-enabled consensus protocols, while guaranteeing integrity in the face of TEE platform compromises.