Abstract
To implement a blockchain, the trend is now to integrate a non-trivial Byzantine fault-tolerant consensus algorithm instead of the seminal idea of waiting to receive blocks to decide upon the longest branch. After a dozen years of existence, blockchains trade now large amounts of valuable assets and a simple disagreement could lead to disastrous losses. Unfortunately, Byzantine consensus solutions used in blockchains are at best proved correct “by hand” as we are not aware of any of them having been automatically verified. We propose two contributions: (i) we illustrate the severity of the problem by listing six vulnerabilities of blockchain consensus including two new counter-examples; (ii) we then formally verify two Byzantine fault-tolerant components of Red Belly Blockchain (Crain et al. in Red belly: a secure, fair and scalable open blockchain, 2021, [32]) using the ByMC model checker. First, we specify its simple broadcast primitive in 116 lines of code that is verified in 40 s on a 2-core Intel machine. Then, we specify its blockchain consensus algorithm in 276 lines of code and assume a round-rigid adversary to verify in 17 minutes on a 64-core AMD machine using MPI. To conclude, we argue that it has now become both possible and crucial to formally verify the correctness of blockchain consensus protocols.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
- 2.
- 3.
“Sufficiently many” processes stand for at least \(\lfloor \frac{2n}{3} \rfloor +1\) among n processes.
References
Abraham, I., Gueta, G.G., Malkhi, D., Alvisi, L., Kotla, R., Martin J.-P.: Revisiting fast practical byzantine fault tolerance. Technical report (Dec 2017). arXiv
Altisen, K., Corbineau, P., Devismes, S.: A framework for certified self-stabilization. In: FORTE, pp. 36–51 (2016)
Alturki, M.A., Chen, J., Luchangco, V., Moore, B.M., Palmskog, K., Peña, L., Rosu, G.: Towards a verified model of the algorand consensus protocol in coq. In: International Workshops on Formal Methods (FM), pp. 362–367 (2019)
Aminof, B., Rubin, S., Stoilkovska, I., Widder, J., Zuleger F.: Parameterized model checking of synchronous distributed algorithms by abstraction. In: Proceedings of the 19th International Conference on Verification, Model Checking, and Abstract Interpretation, VMCAI, pp. 1–24 (2018)
Amoussou-Guenou, Y., Pozzo, A.D., Potop-Butucaru, M., Piergiovanni, S.T.: Correctness and fairness of tendermint-core blockchains. Technical Report (2018). arXiv:1805.08429
Amoussou-Guenou, Y., Pozzo, A.D., Potop-Butucaru, M., Tucci-Piergiovanni, S.: Dissecting tendermint. In: Proceedings of the 7th Edition of The International Conference on Networked Systems (2019)
Armknecht, F., Karame, G.O., Mandal, A., Youssef, F., Zenner, E.: Ripple: overview and outlook. In: International Conference on Trust and Trustworthy Computing, pp. 163–180. Springer (2015)
Aublin, P.-L., Guerraoui, R., Knežević, N., Quéma, V., Vukolić M.: The next 700 BFT protocols. ACM Trans. Comput. Syst. 32(4), 12:1–12:45 (2015). Jan
Balasubramanian, A.R., Esparza, J., Lazic, M.: Complexity of verification and synthesis of threshold automata. In: ATVA, pp. 144–160 (2020)
Berman P., Garay, J.A.: Asymptotically optimal distributed consensus (extended abstract). In: ICALP, pp. 80–94 (1989)
Bertrand, N., Gramoli, V., Konnov, I., Lazic, M., Tholoniat, P., Widder, J.: Compositional verification of byzantine consensus. Technical Report hal-03158911v1 (2021). HAL
Bertrand, N., Konnov, I., Lazic, M., Widder, J.: Verification of randomized consensus algorithms under round-rigid adversaries. In: CONCUR, pp. 33:1–33:15 (2019)
Bertrand, N., Konnov, I., Lazic, M., Widder, J.: Verification of randomized distributed algorithms under round-rigid adversaries. In: CONCUR (2019)
Biely, M., Schmid, U., Weiss, B.: Synchronous consensus under hybrid process and link failures. Theor. Comput. Sci. 412(40), 5602–5630 (2011). Sept
Bracha, G., Toueg, S.: Asynchronous consensus and broadcast protocols. J. ACM 32(4), 824–840 (1985). Oct
Brown, B.: xRapid: everything you need to know about ripple’s crypto service (now live) (Jan 2019). https://blockexplorer.com/news/what-is-xrapid/
Buchman, E., Kwon, J., Milosevic, Z.: The latest gossip on BFT consensus. Technical report, Tendermint (2018)
Buterin, V., Griffith, V.: Casper the friendly finality gadget. Technical Report (Jan 2019). arXiv:1710.09437v4
Cachin, C., Kursawe, K., Shoup, V.: Random oracles in constantipole: practical asynchronous byzantine agreement using cryptography (extended abstract). In: PODC, pp. 123–132 (2000)
Cachin, C., Vukolić, M.: Blockchains consensus protocols in the wild (2017). arXiv:1707.01873
Cachin, C., Zanolini, L.: Asymmetric byzantine consensus. Technical Report (2020). arXiv:2005.08795
Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Trans. Comput. Syst. 20(4), 398–461 (2002). Nov
Charron-Bost, B., Debrat, H., Merz, S.: Formal verification of consensus algorithms tolerating malicious faults. In: Stabilization, Safety, and Security of Distributed Systems-13th International Symposium, SSS 2011, Grenoble, France, October 10-12, 2011. Proceedings, pp. 120–134 (2011)
Chase, B., MacBrough, E.: Analysis of the xrp ledger consensus protocol. Technical Report (2018). arXiv:1802.07242v1. (Feb. 2018)
Chase, J.M.: Quorum whitepaper (Aug 2018). https://github.com/jpmorganchase/quorum/blob/master/docs/Quorum%20Whitepaper%20v0.2.pdf
Civit, P., Gilbert, S., Gramoli, V.: Brief announcement: Polygraph: accountable byzantine agreement. In: DISC (2020)
Civit, P., Gilbert, S., Gramoli, V.: Polygraph: accountable byzantine agreement. In: ICDCS (Jul. 2021)
Civit, P., Gramoli, V., Gilbert, S: Polygraph: accountable byzantine agreement. Technical Report 2019/587, ePrint (2019). https://eprint.iacr.org/2019/587.pdf
Cousineau, D., Doligez, D., Lamport, L., Merz, S., Ricketts, D., Vanzetto, H.: TLA + proofs. In: FM, pp. 147–154 (2012)
Crain, T., Gramoli, V., Larrea, M., Raynal, M.: DBFT: efficient leaderless Byzantine consensus and its applications to blockchains. In NCA, IEEE (2018)
Crain, T., Natoli, C., Gramoli, V.: Evaluating the Red Belly blockchain. Technical Report (2018). arXiv:1812.11747
Crain, T., Natoli, C., Gramoli, V.: Red belly: a secure, fair and scalable open blockchain. In: Proceedings of the 42nd IEEE Symposium on Security and Privacy (S &P’21), pp. 1501–1518 (May 2021)
Downey, R.G., Fellows, M.R.: Parameterized Complexity. Monographs in Computer Science. Springer (1999)
Dragoi, C., Henzinger, T.A., Zufferey, D.: PSync: a partially synchronous language for fault-tolerant distributed algorithms. In: POPL, pp. 400–415 (2016)
Dwork, C., Lynch, N., Stockmeyer, L.: Consensus in the presence of partial synchrony. J. ACM 35(2), 288–323 (1988). Apr
Ekparinya, P., Gramoli, V., Jourjon, G.: The attack of the clones against proof-of authority. In: Community Ethereum Development Conference (EDCON’19) (2019). (Apr. 2019, Presentation)
Ekparinya, P., Gramoli, V., Jourjon G.: The Attack of the clones against proof-of-authority. In: Proceedings of the Network and Distributed Systems Security Symposium (NDSS’20). Internet Society (Feb. 2020)
Ethereum: Ethereum 2.0 (serenity) phases (2019). https://docs.ethhub.io/ethereum-roadmap/ethereum-2.0/eth-2.0-phases/. (23 Aug. 2019)
Golan-Gueta, G., Abraham, I., Grossman, S., Malkhi, D., Pinkas, B., Reiter, M.K., Seredinschi, D., Tamir, O., Tomescu, A.: SBFT: a scalable decentralized trust infrastructure for blockchains. Technical Report (2018). arXiv:1804.01626
Gramoli, V.: On the danger of private blockchains. In: Workshop on Distributed Cryptocurrencies and Consensus Ledgers (2016)
Guerraoui, R., Kuznetsov, P., Monti, M., Pavlovič, M., Seredinschi, D.-A.: The consensus number of a cryptocurrency. In: PODC, pp. 307–316 (2019)
Hawblitzel, C., Howell, J., Kapritsos, M., Lorch, J.R., Parno, B., Roberts, M.L., Setty, S.T.V., Zill, B.: Ironfleet: proving practical distributed systems correct. In: SOSP, pp. 1–17 (2015)
Igor Barinov, P.K.: Viktor Baranov. POA network white paper (Sept. 2018). https://github.com/poanetwork/wiki/wiki/POA-Network-Whitepaper
John, A., Konnov, I., Schmid, U., Veith, H., Widder, J.: Parameterized model checking of fault-tolerant distributed algorithms by abstraction. In: FMCAD, pp. 201–209 (2013)
Konnov, I., Lazić, M., Veith, H., Widder, J.: A short counter example property for safety and liveness verification of fault-tolerant distributed algorithms. In: POPL, pp. 719–734 (2017)
Konnov, I., Veith, H., Widder, J.: SMT and POR beat counter abstraction: parameterized model checking of threshold-based distributed algorithms. In: CAV, vol. 9206. LNCS, pp. 85–102 (2015)
Konnov, I., Widder, J.: ByMC: byzantine model checker. In: ISoLA, pp. 327–342 (2018)
Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.: Zyzzyva: speculative byzantine fault tolerance. ACM Trans. Comput. Syst. 27(4), 7:1–7:39 (2010). Jan
Kwon, J.: Tendermint: consensus without mining-draft v.0.6 (2014)
Lamport, L.: Byzantizing paxos by refinement. In: DISC, pp. 211–224 (2011)
Lazic, M., Konnov, I., Widder, J., Bloem, R.: Synthesis of distributed algorithms with parameterized threshold guards. In: OPODIS, pp. 32:1–32:20 (2017)
Lin, Y.-T.: Istanbul byzantine fault tolerance-eip 650 (2019). https://github.com/ethereum/EIPs/issues/650. (21 Aug. 2019)
Losa, G., Dodds, M.: On the formal verification of the stellar consensus protocol. In: 2nd Workshop on Formal Methods for Blockchains, FMBC@CAV 2020, pp. 9:1–9:9 (2020)
Lynch, N.: Input/output automata: basic, timed, hybrid, probabilistic, dynamic,... In: Amadio R.L.D. (ed.) Proceedings of the Conference on Concurrency Theory (CONCUR), vol. 2761. Lecture Notes in Computer Science (2003)
Maric, O., Sprenger, C., Basin, D.A.: Cutoff bounds for consensus algorithms. In: Proceedings fo the Computer Aided Verification Conference, CAV, pp. 217–237 (2017)
Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of BFT protocols. In: CCS (2016)
Mostéfaoui, A., Moumen, H., Raynal, M.: Signature-free asynchronous Byzantine consensus with \({T {<} N/3}\) and \({O(N^2)}\) messages. In: PODC, pp. 2–9 (2014)
Mostéfaoui, A., Moumen, H., Raynal, M.: Signature-free asynchronous binary Byzantine consensus with \(t{<}n/3, O(n^2)\) messages and \(O(1)\) expected time. J. ACM (2015)
Mostéfaoui, A., Mourgaya, E., Parvédy, P.R., Raynal, M.: Evaluating the condition-based approach to solve consensus. In: DSN, pp. 541–550 (2003)
Mostéfaoui, A., Rajsbaum, S., Raynal, M.: Conditions on input vectors for consensus solvability in asynchronous distributed systems. J. ACM 50(6), 922–954 (2003). Nov
Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2008)
Neu, J., Tas, E.N., Tse, D.: Ebb-and-flow protocols: a resolution of the availability-finality dilemma. In: Proceedings of the 42nd IEEE Symposium on Security and Privacy (S & P’21) (2021). May 2021
Newcombe, C.: Why amazon chose TLA+. In: ABZ, pp. 25–39 (2014)
Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL-A Proof Assistant for Higher-Order Logic, vol. 2283. Lecture Notes in Computer Science. Springer (2002)
Pease, M.C., Shostak, R.E., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (1980)
Rahli, V., Guaspari, D., Bickford, M., Constable, R.L.: Formal specification, verification, and implementation of fault-tolerant systems using EventML. ECEASST, 72, 2015
Ranchal-Pedrosa, A., Gramoli, V.: Blockchain is dead, long live blockchain! accountable state machine replication for longlasting blockchain. Technical Report (2020). arXiv:abs/2007.10541
Saltini, R.: Correctness analysis of IBFT. Technical Report (Jan. 2019). arXiv:1901.07160v1
Schwartz, D., Youngs, N., Britto, A.: The ripple protocol consensus algorithm, vol. 5. Ripple Labs Inc., White Paper (2014)
Sergey, I., Wilcox, J.R., Tatlock, Z.: Programming and proving with distributed protocols. In: PACMPL, 2(POPL), 28:1–28:30 (2018)
Song, Y.J., van Renesse, R.: Bosco: one-step byzantine asynchronous consensus. In: DISC, pp. 438–450 (2008)
Stoilkovska, I., Konnov, I., Widder, J., Zuleger, F.: Verifying safety of synchronous fault-tolerant algorithms by bounded model checking. In: TACAS, pp. 357–374 (2019)
Sutra,P.: On the correctness of egalitarian Paxos. Inf. Proc. Lett. 156 (2020)
Thomas, S., Schwartz, E.: A protocol for interledger payments (2015). https://interledger.org/interledger.pdf
Tsuchiya, T., Schiper, A.: Using bounded model checking to verify consensus algorithms. In: Taubenfeld, G. (ed.) Distributed Computing, pp. 466–480 (2008)
Tsuchiya, T., Schiper, A.: Verification of consensus algorithms using satisfiability solving. Distributed Comput. 23(5–6), 341–358 (2011)
von Gleissenthall, K., Kici, R.G., Bakst, A., Stefan, D., Jhala, R.: Pretend synchrony: synchronous verification of asynchronous distributed programs. In: PACMPL, vol. 3(POPL), pp. 59:1–59:30 (2019)
Wilcox, J.R., Woos, D., Panchekha, P., Tatlock, Z., Wang, X., Ernst, M.D., Anderson, T.E.: Verdi: a framework for implementing and formally verifying distributed systems. In: PLDI, pp. 357–368 (2015)
Yu, Y., Manolios, P., Lamport, L.: Model checking TLA\({}^{\text{+}}\) specifications. In: CHARME, pp. 54–66 (1999)
Zamfir, V., Rush, N., Asgaonkar, A., Piliouras, G.: Introducing the “minimal” cbc casper family of consensus protocols (2018). https://github.com/cbc-casper/cbc-casper-paper/blob/master/cbc-casper-paper-draft.pdf. (21 Aug. 2019)
Acknowledgements
Parts of the content of this chapter have been presented in the non-archiving workshops FRIDA’19 and ConsensusDays’21. We wish to thank Igor Konnov and Josef Widder for helping us understand the syntax and semantics of the threshold automata specification language and for confirming that ByMC verified the agreement1 property of our initial specification. We thank Tyler Crain, Achour Mostéfaoui, and Michel Raynal for discussions of the HoneyBadger counter-example, and Yackolley Amoussou-Guenou, Maria Potop-Butucaru, and Sara Tucci for discussions on the Tendermint counter-example. This research is supported under Australian Research Council Discovery Projects funding scheme (project number 180104030) entitled “Taipan: A Blockchain with Democratic Consensus and Validated Contracts” and Australian Research Council Future Fellowship funding scheme (project number 180100496) entitled “The Red Belly Blockchain: A Scalable Blockchain for Internet of Things”.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Tholoniat, P., Gramoli, V. (2022). Formal Verification of Blockchain Byzantine Fault Tolerance. In: Tran, D.A., Thai, M.T., Krishnamachari, B. (eds) Handbook on Blockchain. Springer Optimization and Its Applications, vol 194. Springer, Cham. https://doi.org/10.1007/978-3-031-07535-3_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-07535-3_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-07534-6
Online ISBN: 978-3-031-07535-3
eBook Packages: Mathematics and StatisticsMathematics and Statistics (R0)