Pallas and Aegis: Rollback Resilience in TEE-Aided Blockchain Consensus

Several Byzantine Fault-Tolerant (BFT) consensus algorithms leverage trusted components to boost resilience and reduce communication overhead. However, recent findings expose a critical vulnerability to rollback attacks when trusted components crash, lose state, or be cloned. Existing defenses either treat crashed replicas as Byzantine, increasing replica count, or duplicate trusted state across components, incurring substantial performance costs and offering limited crash tolerance.
We propose a robust alternative: a secure state-preservation mechanism for trusted components that eliminates costly duplication of trusted states across replicas. At its core is Aegis, the first efficient view synchronizer specifically designed for BFT protocols that utilize trusted components. Aegis enforces that only one trusted component instance per replica may vote in any view, even when trusted components restart following a crash or are cloned by an adversary. On top of Aegis, we introduce Pallas, the first BFT consensus protocol that preserves safety against a strong adversary that controls a fixed set of Byzantine replicas and can cause a potentially unbounded and varying number of trusted components to crash. We determine the adversarial conditions under which Pallas ensure liveness under partial synchrony.
Extensive geo-distributed evaluations on Amazon AWS show that Pallas delivers high performance with negligible overhead in stable conditions, outperforming existing protocols by up to 41% in throughput and 29% in latency. More importantly, it sustains liveness and graceful degradation under adversarial conditions where other protocols fail.