On Choosing Server- or Client-Side Solutions for BFT

Abstract

Byzantine Fault Tolerant (BFT) protocols have the ability to work correctly even when up to a threshold f of system servers are compromised. This makes them appealing for the construction of critical systems connected to the Internet, which are constantly a target for cyber attacks. BFT protocols differ based on the kind of application, deployment settings, performance, access control mechanisms, number of servers in the system, and protocol implementation. The large number of protocols present in the literature and their differences make it difficult for a system builder to choose the solution that best satisfies the requirements of the system that he wants to build. In particular, the main difference among BFT protocols lies in their system models: server-side versus client-side. In the server-side model each client relies on the system to consistently order and replicate updates, while in the client-side model each client actively participates in the protocol. In this article, we classify BFT protocols as server-side or client-side. We analyze the trade-offs between the two models, describe systems that use these models and the trade-offs they choose, highlight the research gaps, and provide guidelines to system builders in order to choose the solution that best satisfies their needs.