Abstract
We study how to enable arbitrary randomized algorithms in Byzantine fault-tolerant (BFT) settings. We formalize a randomized BFT protocol and provide a simple and efficient construction that can be built on any existing BFT protocols while adding practically no overhead.
We go one step further to revisit a confidential BFT protocol (Yin et al., SOSP '03). We show that their scheme is potentially susceptible to safety and confidentiality attacks. We then present a new protocol that is secure in the stronger model we formalize, by extending the idea of a randomized BFT protocol. Our protocol uses only efficient symmetric cryptography, while Yin et al.'s uses costly threshold signatures.
We implemented and evaluated our protocols on microbenchmarks and real-world use cases. We show that our randomized BFT protocol is as efficient as conventional BFT protocols, and our confidential BFT protocol is two to three orders of magnitude faster than Yin et al.'s, which is less secure than ours.