Protecting Byzantine Fault Tolerance with Trusted Execution

You might be familiar with non-BFT consensus protocols like Paxos and Raft. These protocols can tolerate crash failures in up to 1/2 of the nodes, but these failures do not include malicious behavior. Zookeeper, Consul and etcd are examples of applications that use Paxos and Raft.
Byzantine Fault Tolerance (BFT) is a property of distributed protocols that guarantees that honest parties are “on the same page” (see that same state) despite the presence of attackers in the peer-to-peer (P2P) network. Compared to non-BFT consensus protocols, state of the art BFT protocols are secure when less than 1/3 of the nodes are dishonest or malicious.
Tendermint is a state replication software that uses a Byzantine Fault-Tolerant (BFT) replication protocol based on PBFT. It integrates with applications requiring Byzantine Fault-Tolerant state replication via its Application BlockChain Interface (ABCI).

Given past experience with cryptocurrency and blockchain protocols, where we have seen a single miner obtaining more than half of the hashing power — it is a pretty strong assumption to rely on. The concern regarding the possibility of an attacker controlling more than 1/3 of the nodes is more severe when the network does not have many nodes, which is likely to happen when bootstrapping a new P2P network. Ensuring the integrity and authenticity of each node is important. The Anjuna Runtime enables running Tendermint nodes inside a Trusted Execution Environment such as Intel® SGX or AMD SEV, making it extremely hard for an attacker to take over a validator node to propose, pre-vote, pre-commit or commit illegitimate transactions.

TEE diversification

While Tendermint can be used to replicate state between applications written in different languages, it can also be used to synchronize applications executed using different Trusted Execution Environments. It is a natural extension of Tendermint’s vision of bridging between different programming languages to the diversification of Trusted Execution Environments.

Integration with Anjuna

Anjuna integrates attestation into standard TLS authentication, enabling running a network of nodes without modifying Tendermint source code. It can be easily applied to existing Tendermint deployments to boost security.