This work proposes Proteus, a novel protocol that seamlessly integrates Byzantine fault tolerance (BFT) into crash fault-tolerant (CFT) consensus without incurring additional communication overhead. While hardware-based trusted execution environments (TEEs) offer performance benefits for distributed ledgers, their potential vulnerabilities can compromise ledger integrity. Proteus addresses this challenge by aligning protocol structures such that, under normal operation, the system leverages the high performance of TEEs, yet retains strong ledger integrity even if the TEE is compromised. By embedding BFT guarantees directly within the CFT framework, Proteus achieves a synergistic optimization of security and performance without sacrificing availability.

Distributed ledgers are increasingly relied upon by industry to provide trustworthy accountability, strong integrity protection, and high availability for critical data without centralizing trust. Recently, distributed append-only logs are opting for a layered approach, combining crash-fault-tolerant (CFT) consensus with hardware-based Trusted Execution Environments (TEEs) for greater resiliency. Unfortunately, hardware TEEs can be subject to (rare) attacks, undermining the very guarantees that distributed ledgers are carefully designed to achieve. In response, we present Proteus, a new distributed consensus protocol that cautiously trusts the guarantees of TEEs. Proteus carefully embeds a Byzantine fault-tolerant (BFT) protocol inside of a CFT protocol with no additional messages. This is made possible through careful refactoring of both the CFT and BFT protocols such that their structure aligns. Proteus achieves performance in line with regular TEE-enabled consensus protocols, while guaranteeing integrity in the face of TEE platform compromises.