A Formally Verified Protocol for Log Replication with Byzantine Fault Tolerance
This addresses the need for reliable and verified secure logging systems, such as in Certificate Transparency, with incremental improvements in verification and optimization.
The paper tackles the problem of designing a Byzantine fault tolerant protocol for secure logging by proposing a formally verified consensus protocol that guarantees agreement on all proposed entries without leader election, showing it is optimal in rounds and fault tolerance and providing a machine-checked proof and prototype evaluation.
Byzantine fault tolerant protocols enable state replication in the presence of crashed, malfunctioning, or actively malicious processes. Designing such protocols without the assistance of verification tools, however, is remarkably error-prone. In an adversarial environment, performance and flexibility come at the cost of complexity, making the verification of existing protocols extremely difficult. We take a different approach and propose a formally verified consensus protocol designed for a specific use case: secure logging. Our protocol allows each node to propose entries in a parallel subroutine, and guarantees that correct nodes agree on the set of all proposed entries, without leader election. It is simple yet practical, as it can accommodate the workload of a logging system such as Certificate Transparency. We show that it is optimal in terms of both required rounds and tolerable faults. Using Isabelle/HOL, we provide a fully machine-checked security proof based upon the Heard-Of model, which we extend to support signatures. We also present and evaluate a prototype implementation.