Flexible Byzantine Fault Tolerance

Abstract

Existing Byzantine fault tolerant (BFT) protocols work in a homogeneous model where a service administrator picks a set of assumptions (timing model and the fraction of Byzantine faults) and imposes these assumptions on all clients using the service. This paper introduces Flexible BFT, a family of BFT protocols that support clients with heterogenous assumptions. In a Flexible BFT protocol, replicas execute a set of instructions while each client decides whether a transaction is committed based on its own assumption. At a technical level, Flexible BFT makes two key contributions. First, it introduces a synchronous BFT protocol in which only the commit step requires to know the network delay bound and thus replicas execute the protocol without any synchrony assumption. Second, it introduces a notion called Flexible Byzantine Quorums by deconstructing the roles of different quorums in existing consensus protocols. This paper also introduces a new type of fault called alive-but-corrupt faults: adversaries that attack safety but maintain liveness. Flexible BFT can tolerate a combination of Byzantine and alive-but-corrupt faults that exceed one-third with partial synchrony or exceeds one-half with synchrony while still respecting Byzantine fault tolerance bounds in respective models.