Recipe: Hardware-Accelerated Replication Protocols
Dimitra Giantsidi, Emmanouil Giortamis, Julian Pritzi, Maurice Bailleu, Manos Kapritsos, Pramod Bhatotia
TL;DR
The paper tackles the challenge of running Byzantine Fault Tolerant (BFT) protocols in untrusted cloud environments by transforming Crash Fault Tolerant (CFT) protocols without changing their core logic. It introduces Recipe, a hardware-assisted library that leverages Trusted Execution Environments (TEEs) and high-performance networking (RDMA/DPDK) to realize two core properties—transferable authentication and non-equivocation—thereby enabling CFT protocols to tolerate Byzantine faults with improved performance and confidentiality. The approach formalizes correctness with the Tamarin prover and applies the transformation to four well-known CFT protocols (ABD, Raft, Chain Replication, AllConcur), achieving up to 24x throughput gains over PBFT and 5.9x over Damysus while using $2f+1$ replicas and offering confidentiality not present in traditional BFT. The work contributes a generic API, a formal verification framework, and an open-source Recipe library, providing a practical, scalable path to secure replication in modern cloud infrastructures.
Abstract
Replication protocols are essential for distributed systems, ensuring consistency, reliability, and fault tolerance. Traditional Crash Fault Tolerant (CFT) protocols, which assume a fail-stop model, are inadequate for untrusted cloud environments where adversaries or software bugs can cause Byzantine behavior. Byzantine Fault Tolerant (BFT) protocols address these threats but face significant performance, resource overheads, and scalability challenges. This paper introduces Recipe, a novel approach to transforming CFT protocols to operate securely in Byzantine settings without altering their core logic. Recipe rethinks CFT protocols in the context of modern cloud hardware, including many-core servers, RDMA-capable networks, and Trusted Execution Environments (TEEs). The approach leverages these advancements to enhance the security and performance of replication protocols in untrusted cloud environments. Recipe implements two practical security mechanisms, i.e., transferable authentication and non-equivocation, using TEEs and high-performance networking stacks (e.g., RDMA, DPDK). These mechanisms ensure that any CFT protocol can be transformed into a BFT protocol, guaranteeing authenticity and non-equivocation. The Recipe protocol consists of five key components: transferable authentication, initialization, normal operation, view change, and recovery phases. The protocol's correctness is formally verified using Tamarin, a symbolic model checker. Recipe is implemented as a library and applied to transform four widely used CFT protocols-Raft, Chain Replication, ABD, and AllConcur-into Byzantine settings. The results demonstrate up to 24x higher throughput compared to PBFT and 5.9x better performance than state-of-the-art BFT protocols. Additionally, Recipe requires fewer replicas and offers confidentiality, a feature absent in traditional BFT protocols.