Sam Kleinman 048f6a32f9 | 4 years ago | |
---|---|---|
.. | ||
output | 4 years ago | |
Dockerfile | 4 years ago | |
README.md | 4 years ago | |
abstract_tendermint.ivy | 4 years ago | |
accountable_safety_1.ivy | 4 years ago | |
accountable_safety_2.ivy | 4 years ago | |
check_proofs.sh | 4 years ago | |
classic_safety.ivy | 4 years ago | |
count_lines.sh | 4 years ago | |
docker-compose.yml | 4 years ago | |
domain_model.ivy | 4 years ago | |
network_shim.ivy | 4 years ago | |
tendermint.ivy | 4 years ago |
Copyright (c) 2020 Galois, Inc.
SPDX-License-Identifier: Apache-2.0
This folder contains:
tendermint.ivy
, a specification of Tendermint algorithm as described in The latest gossip on BFT consensus by E. Buchman, J. Kwon, Z. Milosevic.abstract_tendermint.ivy
, a more abstract specification of Tendermint that is more verification-friendly.classic_safety.ivy
, a proof that Tendermint satisfies the classic safety property of BFT consensus: if every two quorums have a well-behaved node in common, then no two well-behaved nodes ever disagree.accountable_safety_1.ivy
, a proof that, assuming every quorum contains at least one well-behaved node, if two well-behaved nodes disagree, then there is evidence demonstrating at least f+1 nodes misbehaved.accountable_safety_2.ivy
, a proof that, regardless of any assumption about quorums, well-behaved nodes cannot be framed by malicious nodes. In other words, malicious nodes can never construct evidence that incriminates a well-behaved node.network_shim.ivy
, the network model and a convenience shim
object to interface with the Tendermint specification.domain_model.ivy
, a specification of the domain model underlying the Tendermint specification, i.e. rounds, value, quorums, etc.All specifications and proofs are written in Ivy.
The license above applies to all files in this folder.
The easiest way to check the proofs is to use Docker.
docker-compose build
docker-compose run tendermint-proof
. This will check all the proofs with the ivy_check
command and write the output of ivy_check
to a subdirectory of `./output/'