Scalable byzantine fault-tolerant protocol with partial tee support

What is claimed is: 1. A method for preparing a plurality of distributed nodes connected via a data communication network to perform a protocol to establish a consensus on an order of received requests, the plurality of distributed nodes including a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media, the method comprising: preparing a set of random numbers, wherein each of the random numbers is a share of an initial secret, wherein each share of the initial secret corresponds to one of the plurality of active nodes; encrypting, in order to generate encrypted shares of the initial secret, each respective share of the initial secret; binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value; generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret; binding the second secret to a second-to-last counter value and each subsequent secret to a preceding counter value to provide a commitment and a signature for the second-to-last counter value and for each preceding counter value; and transmitting, to each of the plurality of active nodes, the commitments and signatures for each of the counter values along with the encrypted shares of the initial secret and a set of hash values produced by applying the hash function to the shares of the last secret, wherein each of the plurality of active nodes is configured to decrypt a corresponding encrypted share of the initial secret and to generate shares of the remaining secrets by applying the hash function to the decrypted share of the initial secret. 2. The method according to claim 1 , further comprising receiving, by the primary node from others of the plurality of active nodes, a plurality of shares of the last secret; and reconstructing, by the primary node, the last secret based on the plurality of received shares of the last secret. 3. The method according to claim 2 , further comprising receiving, by the primary node, a request from a client, wherein the client, after a certain timeout period, transmits a view-change request to replace the primary node in response to not receiving a reply from the primary node before the end of the timeout period. 4. The method according to claim 3 , wherein the view-change request includes a current counter value and a last opened secret along with a history of executed operations in the last view. 5. The method according to claim 4 , wherein a new primary node candidate broadcasts a new-view message to all nodes. 6. The method according to claim 1 , wherein preparing a set of random numbers, wherein each of the random numbers is a share of an initial secret, wherein each share of the initial secret corresponds to one of the plurality of active nodes comprises preparing n random numbers r 1 , . . . , r n for each active node P i , where the ith share of the initial secret h i 0 =r i . 7. The method according to claim 6 , wherein the encrypting, in order to generate encrypted shares of the initial secret, each respective share of the initial secret is performed with a shared key corresponding to a respective one of the plurality of active nodes to which the respective share corresponds. 8. The method according to claim 7 , wherein the encrypting each respective share of the initial secret comprises encrypting, using a shared key k i corresponding to each active node P i , the random numbers r 1 , . . . , r n to provide the encrypted shares of the initial secret C i =Enc(k i ,r i ). 9. The method according to claim 8 , further comprising applying a bitwise xor function to the set of random numbers to provide the initial secret. 10. The method according to claim 9 , wherein the applying the bitwise xor function to the set of random numbers comprises applying a bit-wise xor to all h i 0 to provide the initial secret s 0 =h 1 0 ⊕h 2 0 . . . ⊕h n 0 . 11. The method according to claim 10 , wherein binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value comprises binding the initial secret s 0 with the last counter value c m to provide the commitment cmt m =H(s 0 ,c m ) and the signature S m =Sign(cmt m ,c m ) for the last counter value, wherein H( ) is a cryptographic hash function. 12. The method according to claim 11 , wherein generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret comprises generating shares and the plurality of subsequent secrets h i j =H(h i j-1 ) for j=1, . . . , m−1. 13. The method according to claim 12 , wherein binding the second secret to a second-to-last counter value and each subsequent secret to a preceding counter value to provide a commitment and a signature for the second-to-last counter value and for each preceding counter value comprises binding the secrets s j with the counter values c m-j to provide the commitments cmt m-j =H(s j ,c m-j ) and the signatures S m-j =Sign(cmt m-j ,c m-j ) for j=m−1. 14. A tangible, non-transitory computer readable medium comprising instructions for carrying out a method for preparing a plurality of distributed nodes connected via a data communication network to perform a protocol to establish a consensus on an order of received requests, the plurality of distributed nodes including a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media, the method comprising: preparing a set of random numbers, wherein each of the random numbers is a share of an initial secret, wherein each share of the initial secret corresponds to one of the plurality of active nodes; encrypting, in order to generate encrypted shares of the initial secret, each respective share of the initial secret; binding the initial secret to a last counter value to provide a commitment and a signature for the last counter value; generating shares of a second and of a plurality of subsequent additional secrets by iteratively applying a hash function to shares of each preceding secret; binding the second secret to a second-to-last counter value and each subsequent secret to a preceding counter value to provide a commitment and a signature for the second-to-last counter value and for each preceding counter value; and transmitting, to each of the plurality of active nodes, the commitments and signatures for each of the counter values along with the encrypted shares of the initial secret and a set of hash values produced by applying the hash function to the shares of the last secret, wherein each of the plurality of active nodes is configured to decrypt a corresponding encrypted share of the initial secret and to generate shares of the remaining secrets by applying the hash function to the decrypted share of the initial secret. 15. A method for establishing consensus, by a plurality of distributed nodes connected via a data communication network, on an order of received requests, the plurality of distributed nodes including a plurality of active nodes, the plurality of active nodes including a primary node, each of the plurality of distributed nodes including a processor and computer readable media, the method comprising: performing a preprocessing protocol, the preprocessing protocol comprising: preparing a set of random numbers, wherein each of