|Our growing reliance on online services accessible on the Internet demands highly-available systemsthat provide correct service without interruptions. Byzantine faults such as software bugs, operatormistakes, and malicious attacks are the major cause of service interruptions. This thesis describesa new replication algorithm, BFT, that can be used to build highly-available systems that tolerateByzantine faults. It shows, for the first time, how to build Byzantine-fault-tolerant systems that canbe used in practice to implement real services because they do not rely on unrealistic assumptionsand they perform well. BFT works in asynchronous environments like the Internet, it incorporatesmechanisms to defend against Byzantine-faulty clients, and it recovers replicas proactively. Therecovery mechanism allows the algorithm to tolerate any number of faults over the lifetime of thesystem provided fewer than 1=3 of the replicas become faulty within a small windowof vulnerability.The window may increase under a denial-of-service attack but the algorithm can detect and respondto such attacks and it can also detect when the state of a replica is corrupted by an attacker.BFT has been implemented as a generic program library with a simple interface. The BFTlibrary provides a complete solution to the problem of building real services that tolerate Byzantinefaults. We used the library to implement the first Byzantine-fault-tolerant NFS file system, BFS. TheBFT library and BFS perform well because the library incorporates several important optimizations.The most important optimization is the use of symmetric cryptography to authenticate messages.Public-key cryptography, which was the major bottleneck in previous systems, is used only toexchange the symmetric keys. The performance results show that BFS performs 2% faster to 24%slower than production implementations of the NFS protocol that are not replicated. Therefore, webelieve that the BFT library can be used to build practical systems that tolerate Byzantine faults.