Understanding Byzantine Agreement in Distributed Systems

cs6410 byzantine agreement n.w
1 / 49
Embed
Share

Explore the concept of Byzantine Agreement in distributed systems through a series of informative slides featuring key topics such as the Byzantine Generals Problem, interactive consistency conditions, and the challenges faced by Byzantine soldiers. Learn how this agreement protocol addresses scenarios where processors may collude or fail, ensuring system reliability and consensus.

  • Distributed Systems
  • Byzantine Agreement
  • Consensus Protocol
  • Leslie Lamport
  • Fault Tolerance
rayaanacharya
kaithlyn Follow

Uploaded on | 1 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C. Arpaci- Dusseau, Eleanor Birrell, Zhiyuan Teo, and Indranil Gupta

  2. So Far Weve Talked About State machine replication Paxos

  3. So Far Weve Talked About Assumption Processors do not collude, lie, or otherwise attempt to subvert the protocol But what if the assumption does not hold?

  4. The Byzantine Generals Problem Leslie Lamport PhD Brandeis 1972 LaTeX, Clocks, Paxos, Robert Shostak PhD Harvard 1974 Staff scientist for SRI International Founder and vice president of software for Ansa Software Founder and CTO for Portera Founder and CTO for Vocera Marshall Pease

  5. The Byzantine Generals Problem I have long felt that, because it was posed as a cute problem about philosophers seated around a table, Dijkstra's dining philosopher's problem received much more attention than it deserves. * Leslie Lamport *http://research.microsoft.com/en-us/um/people/lamport/pubs/pubs.html

  6. Byzantine Agreement General commands soldiers If all loyal soldiers attack victory is certain If none attack, the Empire survives If some attack, the Empire is lost Gong keeps time But they don t need to all attack at once Curses! I m surrounded! Attack!

  7. Byzantine Soldiers The enemy works by corrupting the soldiers Orders are distributed by exchange of messages Corrupt soldiers violate protocol at will Corrupt soldiers can t intercept and modify messages between loyal troops The gong sounds slowly There is ample time for loyal soldiers to exchange messages (all to all)

  8. More Formal A commander must send an order to his ? 1 lieutenants such that IC1. All loyal lieutenants obey the same order IC2. If the commander is loyal, then every loyal lieutenant obeys the order he sends IC1 and IC2 are called the interactive consistency conditions.

  9. Impossibility Results Let?be the maximum number of faulty processes that our protocol is supposed to tolerate Byzantine agreement is not possible with fewer than 3? + 1processes

  10. Impossibility Result With only 3 generals, no solution can work with even 1 traitor (given oral messages) commander attack L1 L2 retreat What should lieutenant 1 (L1) do? Is commander or lieutenant 2 (L2) the traitor?

  11. Option 1: Loyal Commander commander attack attack L1 L2 retreat What must L1 do? By IC2: L1 must obey commander and attack

  12. Option 2: Loyal L2 commander retreat attack L1 L2 retreat What must L1 do? By IC1: L1 and L2 must obey same order --> L1 must retreat

  13. Two Options commander commander attack retreat attack attack L1 L1 L2 L2 retreat retreat Problem: L1 can t distinguish between 2 scenarios

  14. General Impossibility Result No solution with fewer than 3m+1 generals can cope with m traitors < see paper for details >

  15. Oral Messages Assumptions A1) Every message sent is delivered correctly No message loss A2) Receiver knows who sent message Completely connected network with reliable links A3) Absence of message can be detected Synchronous system only

  16. Oral Message Algorithm OM(0) Commander sends his value to every lieutenant Each lieutenant uses the value received from the commander, or uses the value RETREAT if he receives no value

  17. Oral Message Algorithm OM(m), m>0 Commander sends his value to every lieutenant For each ?, let ?? be value Lieutenant ? receives from commander (or RETREAT if he receives no value) Act as commander for OM(m-1) and send ?? to n-2 other lieutenants For each ? and each ? ?, let ?? be value Li. ? received from Li. ? in the above step (or RETREAT if he received no such value). Li. ? computes majority(?1,...,?? 1)

  18. Example: Bad Lieutenant Scenario: m=1, n=4, traitor = L3 C Round 0 A A A L2 L3 L1 C A A A A Round 1 A A L2 L3 L1 R A R Decision L1 = majority(A, A, R); L2 = majority(A, A, R); Both attack!

  19. Example: Bad Commander Scenario: m=1, n=4, traitor = C C A A Round 0 R L2 L3 L1 C A A R A Round 1 R A L2 L3 L1 A R A Decision L1=majority(A, R, A); L2=majority(A, R, A); L3=majority(A,R,A); Attack!

  20. Bigger Example: Bad Lieutenants Scenario: m=2, n=3m+1=7, traitors=L5, L6 C A A A A A A L3 L6 L1 L2 L4 L5 Messages? L3 L6 L1 L2 L4 L5 A R A A A R majority(A,A,A,A,R,R) ==> All loyal lieutenants attack! Decision?

  21. Bigger Example: Bad Commander+Lieutenant Scenario: m=2, n=7, traitors=C, L6 C A x A R R A L3 L6 L1 L2 L4 L5 Messages? L3 L6 L1 L2 L4 L5 A A R R A A,R,A,R,A Decision?

  22. Decision with Bad Commander+Lieutenant L1: majority(A,R,A,R,A,A) ==> Attack L2: majority(A,R,A,R,A,R) ==> Retreat L3: majority(A,R,A,R,A,A) ==> Attack L4: majority(A,R,A,R,A,R) ==> Retreat L5: majority(A,R,A,R,A,A) ==> Attack Problem: All loyal lieutenants do NOT choose the same action

  23. Next Step of Algorithm Verify that lieutenants tell each other the same thing Requires ? + 1 rounds What messages does L1 receive in this example? Round 0: A Round 1: 2R, 3A, 4R, 5A, 6A (doesn t know 6 is traitor) Round 2: 2 { 3A, 4R, 5A, 6R} 3 {2R, 4R, 5A, 6A} 4 {2R, 3A, 5A, 6R} 5 {2R, 3A, 4R, 6A} 6 { ?, ?, ?, ? } All see same messages in round 2 from L1, L2, L3, L4, and L5 majority(A,R,A,R,A,-) ==> All attack C A x A R R A L3 L6 L1 L2 L4 L5 Messages? L3 L6 L1 L2 L4 L5 A A R R A A,R,A,R,A

  24. Algorithm Complexity What s the cost? OM(m) invokes (n-1) OM(m-1). OM(m-1) invokes (n-2) OM(n-2). OM(m-k) will be called (n-1)(n-2) (n-k) times. Algorithm complexity is O(nm). (note: m = number of failures)

  25. Signed Messages Problem Traitors can lie about what others said How can we remove that ability?

  26. Signed Messages New assumption (A4) -- Signed messages (Cryptography) Loyal general s signature cannot be forged and contents cannot be altered Anyone can verify authenticity of signature Simplifies problem: When Li. ? passes on signed message from ?, receiver knows that ?didn t lie about what j said Lieutenants cannot do any harm alone (cannot forge loyal general s orders) Only have to check for traitor commander With cryptographic primitives, can implement Byzantine Agreement with m+2 nodes, using SM(m)

  27. Signed Messages Algorithm: SM(m) Initially ??= Commander signs ? and sends to all as (?:0) Each Li. ?: A) If receive (?:0) and no other order 1) ?? = {?} 2) Send (?:0:?) to all B) If receive (?:0:?1:...:??) and ? not in ?? 1) Add ? to ?? 2) If (?<m) send (?:0:?1:...:??:?) to all not in ?1 ?? 4. When no more messages, obey order of choice(??) 1. 2. 3.

  28. Signed Messages Algorithm: SM(m) ? ????(?) If the set ? consists of the single element ?, then ? ????(?) = ? ? ???? =RETREAT One possible definition is to let ? ????(?) be the median element of ?

  29. SM(1) Example: Bad Commander Scenario: m=1, n=m+2=3, bad commander C A:0 R:0 L2 L1 What next? A:0:L1 L2 L1 R:0:L2 ?1={A,R} ?2={R,A} Both apply same decision to {A,R}

  30. SM(2): Bad Commander+Lieutenant Scenario: m=2, n=m+2=4, bad commander and L3 Goal? L1 and L2 must make same decision C A:0 x A:0 L2 L3 L1 A:0:L1 A:0:L3 R:0:L3:L1 L3 L2 L1 A:0:L2 L2 L1 R:0:L3 ?1 = ?2 = {A,R} ==> Same decision

  31. Other Variations How to handle missing communication paths < see paper for details >

  32. Compared with Asynchronous Scenarios m = traitors n = total Synchronous Asynchronous n <= 3m m >=1 * Oral messages: fails if n >= 3m+1 no guarantee works if m >= 1 * won t fail unless no correct processes Signed messages: fails if n >= 1 no guarantee works if *Fischer, Michael J., Nancy A. Lynch, and Michael S. Paterson. "Impossibility of distributed consensus with one faulty process." Journal of the ACM (JACM) 32.2 (1985): 374-382.

  33. Thought?

  34. Easy Impossibility Proofs for Distributed Consensus Problems Michael J. Fischer PhD from Harvard (applied mathematics) Professor at Yale ACM Fellow Nancy A. Lynch PhD from MIT Professor at MIT ACM Fellow, Dijkstra Prize, Knuth Prize, Michael Merritt PhD from GeTech President, Brookside Engine Company No. 1. Vice-Chair, Advancement Committee, Patriots' Path Council

  35. Easy Impossibility Proofs for Distributed Consensus Problems A process is regarded as a machine processing a tape of inputs Called an agreement device They build a communications graph. The messages that pass over an edge from a source to a destination node are a behavior of the device on that edge Behavior of the system is a set of node and edge behaviors In their proofs, faulty devices often exhibit different and inconsistent behaviors with respect to different participants

  36. Locality An axiom of this model Basically says that the way a node will behave is completely determined by the inputs it starts with and that it receives on incoming edges Fault axiom: a faulty device can mimic behavior of any correct device in any run. At the receiving end of an edge from it, the receiver can t distinguish the faulty device from the device it mimics.

  37. How They Prove the 3t+1 Bound Start by assuming that the consensus problem can be solved; for 3 processes the system looks like this: A B C

  38. Now Build a Covering Graph Looks like the original graph G each node is attached to two others by edges Also assign initial input values as shown A0 C1 A B0 B1 C0 A1 B C

  39. Now Focus on a First Scenario Consider B0 and C0 in a run where A is faulty A0 F C1 B0 B1 C0 A1 B0 C0

  40. By Assumption They Reach Agreement In particular, they reach agreement if F mimics what A0 would have done on the edge (A,B) and what A1 would have done on the edge (A,C) By the validity requirement, B and C must chose 0 So A0 and A1 both pick 0 too, with these inputs

  41. Consider a Second Scenario Consider A1 and C0 in a run where B is faulty A0 A1 C1 B0 B1 C0 A1 F C0

  42. Causing Trouble Suppose that F mimics B0 when talking to C This is indistinguishable to C from the initial scenario So C will need to decide 0 By agreement, A also decides 0

  43. Consider a Final Scenario Consider A1 and B1 in a run where C is faulty A0 A1 C1 B0 B1 C0 A1 B1 F

  44. Force a Contradiction Now we have the original setup with inputs 1 Validity requirements force a decision value of 1 But the edge behaviors for A are actually identical in the 2nd and 3rd scenarios! We ve shown that a single device, presented with identical inputs, would pick different values A contradiction

  45. Generalize to Arbitrary Number of Nodes They partition the nodes into three groups, A, B and C, with at least 1 and at most 1/3 of the nodes in each group They treat all the nodes in group A the way that we treated device A in our 3-node case, and similarly for B and C Same argument again leads to contradiction

  46. Other Byzantine Impossibility Result Connectivity: 2t+1 connectivity required to achieve Byzantine agreement

  47. Thought?

  48. The End

Related


Overview of Distributed Systems: Characteristics, Classification, Computation, Communication, and Fault Models

Overview of Distributed Systems: Characteristics, Classification, Computation, Communication, and Fault Models

paulina
Byzantine Fault Tolerance in Distributed Systems

Byzantine Fault Tolerance in Distributed Systems

sigourney
Byzantine Fault Tolerance: A Comprehensive Overview

Byzantine Fault Tolerance: A Comprehensive Overview

flavia
Round-Efficient Byzantine Broadcast Under Strongly Adaptive and Majority Corruptions

Round-Efficient Byzantine Broadcast Under Strongly Adaptive and Majority Corruptions

aeriv
Economic Models of Consensus on Distributed Ledgers in Blockchain Technology

Economic Models of Consensus on Distributed Ledgers in Blockchain Technology

schnelle_l
Byzantine Failures and CAP Theorem Overview

Byzantine Failures and CAP Theorem Overview

koen_144
Distributed Consensus Models in Blockchain Networks

Distributed Consensus Models in Blockchain Networks

bre_b
Geometric Routing Concepts and Byzantine Fault Tolerance

Geometric Routing Concepts and Byzantine Fault Tolerance

korilynnp
Exact Byzantine Consensus on Undirected Graphs: Local Broadcast Model

Exact Byzantine Consensus on Undirected Graphs: Local Broadcast Model

lisset
Byzantine Generals Problem in Distributed Systems

Byzantine Generals Problem in Distributed Systems

calh_4
Byzantine Faults and Consensus on Unknown Torus

Byzantine Faults and Consensus on Unknown Torus

riaz_nin
Distributed Computing Systems Project: Distributed Shell Implementation

Distributed Computing Systems Project: Distributed Shell Implementation

nian164
Byzantine Fault Tolerance: Protocols, Forensics, and Research

Byzantine Fault Tolerance: Protocols, Forensics, and Research

oaut
The Contributions of the Byzantine Empire to Civilization

The Contributions of the Byzantine Empire to Civilization

mcki_yon
Optimally Resilient Asynchronous Multi-Valued Byzantine Agreement

Optimally Resilient Asynchronous Multi-Valued Byzantine Agreement

melai
Quantum Distributed Proofs for Replicated Data

Quantum Distributed Proofs for Replicated Data

mkam
Secure Append-Only Memory for Byzantine Fault Tolerance

Secure Append-Only Memory for Byzantine Fault Tolerance

crea_la
Communication Complexity in Byzantine Agreement Research

Communication Complexity in Byzantine Agreement Research

mshof
Consensus and Fault Tolerance on an Unknown Torus with Dense Byzantine Faults

Consensus and Fault Tolerance on an Unknown Torus with Dense Byzantine Faults

orri_5
Byzantine Generals in the Permissionless Setting

Byzantine Generals in the Permissionless Setting

acunn
Distributed System Architectures: Software for Multiple Processors

Distributed System Architectures: Software for Multiple Processors

apain
Asynchronous Byzantine Agreement in Incomplete Networks

Asynchronous Byzantine Agreement in Incomplete Networks

shawley_r

More Related Content