IA-CCF: Individual Accountability for Permissioned Ledgers


Alex Shamis and Peter Pietzuch, Microsoft Research and Imperial College London; Burcu Canakci, Cornell University; Miguel Castro, Cédric Fournet, Edward Ashton, Amaury Chamayou, Sylvan Clebsch, and Antoine Delignat-Lavaud, Microsoft Research; Matthew Kerner, Microsoft Azure; Julien Maffre, Olga Vrousgou, Christoph M. Wintersteiger, and Manuel Costa, Microsoft Research; Mark Russinovich, Microsoft Azure


Permissioned ledger systems allow a consortium of members that do not trust one another to execute transactions safely on a set of replicas. Such systems typically use Byzantine fault tolerance (BFT) protocols to distribute trust, which only ensures safety when fewer than 1/3 of the replicas misbehave. Providing guarantees beyond this threshold is a challenge: current systems assume that the ledger is corrupt and fail to identify misbehaving replicas or hold the members that operate them accountable—instead all members share the blame.

We describe IA-CCF, a new permissioned ledger system that provides individual accountability. It can assign blame to the individual members that operate misbehaving replicas regardless of the number of misbehaving replicas or members. IA-CCF achieves this by signing and logging BFT protocol messages in the ledger, and by using Merkle trees to provide clients with succinct, universally-verifiable receipts as evidence of successful transaction execution. Anyone can audit the ledger against a set of receipts to discover inconsistencies and identify replicas that signed contradictory statements. IA-CCF also supports changes to consortium membership and replicas by tracking signing keys using a sub-ledger of governance transactions. IA-CCF provides strong disincentives to misbehavior with low overhead: it executes 47,000 tx/s while providing clients with receipts in two network round trips.

NSDI '22 Open Access Sponsored by
King Abdullah University of Science and Technology (KAUST)

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

@inproceedings {278332,
author = {Alex Shamis and Peter Pietzuch and Burcu Canakci and Miguel Castro and Cedric Fournet and Edward Ashton and Amaury Chamayou and Sylvan Clebsch and Antoine Delignat-Lavaud and Matthew Kerner and Julien Maffre and Olga Vrousgou and Christoph M. Wintersteiger and Manuel Costa and Mark Russinovich},
title = {{IA-CCF}: Individual Accountability for Permissioned Ledgers},
booktitle = {19th USENIX Symposium on Networked Systems Design and Implementation (NSDI 22)},
year = {2022},
isbn = {978-1-939133-27-4},
address = {Renton, WA},
pages = {467--491},
url = {https://www.usenix.org/conference/nsdi22/presentation/shamis},
publisher = {USENIX Association},
month = apr

Presentation Video