A computer executes a causal total order broadcast (CTOB) protocol, in a Byzantine fault-tolerant, distributed computerized system comprising a set of nodes acting as servers for clients of the system. The nodes host a trusted proxy client (TPC) process that executes in a trusted execution environment of the nodes. The TPC process includes for each client request (which include encrypted contents) received from any of the clients, signing the client request. The TPC process invokes a total order broadcast (TOB) protocol to obtain a sequence number for the signed request, whereby the nodes establish a total order in which the signed request is processed by the nodes. Upon determining that the signed request is assigned this sequence number, the TPC process reveals a decrypted version of the encrypted contents of the client request to the set of nodes, and the decrypted version is processed according to the TOB protocol.