Distributed ledgers are increasingly relied upon by industry to provide trustworthy accountability, strong integrity protection, and high availability for critical data without centralizing trust. Recently, distributed append-only logs are opting for a layered approach, combining crash-fault-tolerant (CFT) consensus with hardware-based Trusted Execution Environments (TEEs) for greater resiliency. Unfortunately, hardware TEEs can be subject to (rare) attacks, undermining the very guarantees that distributed ledgers are carefully designed to achieve. In response, we present Proteus, a new distributed consensus protocol that cautiously trusts the guarantees of TEEs. Proteus carefully embeds a Byzantine fault-tolerant (BFT) protocol inside of a CFT protocol with no additional messages. This is made possible through careful refactoring of both the CFT and BFT protocols such that their structure aligns. Proteus achieves performance in line with regular TEE-enabled consensus protocols, while guaranteeing integrity in the face of TEE platform compromises.
翻译:分布式账本日益受到工业界依赖,旨在为关键数据提供可信的问责机制、强完整性保护与高可用性,同时避免信任集中化。近年来,分布式仅追加日志系统倾向于采用分层架构,将崩溃容错(CFT)共识与基于硬件的可信执行环境(TEE)相结合以提升系统弹性。然而,硬件TEE可能遭受(罕见)攻击,这会破坏分布式账本精心设计所要达成的保障机制。为此,我们提出Proteus——一种对TEE保障机制持审慎信任态度的新型分布式共识协议。Proteus通过将拜占庭容错(BFT)协议精巧地嵌入CFT协议内部,且无需额外通信开销。这一设计通过重构CFT与BFT协议使其结构对齐而得以实现。Proteus在保持与常规支持TEE的共识协议相当性能的同时,确保在TEE平台遭受破坏时仍能维持数据完整性。