200 likes | 369 Views
CPSC 668 Distributed Algorithms and Systems. Fall 2006 Prof. Jennifer Welch. Consensus with Byzantine Failures. How many processors total are needed to solve consensus when f = 1 ?
E N D
CPSC 668Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch Set 10: Consensus with Byzantine Failures
Consensus with Byzantine Failures • How many processors total are needed to solve consensus when f = 1 ? • Suppose n = 2. If p0 has input 0 and p1 has 1, someone has to change, but not both. What if one processor is faulty? How can the other one know? • Suppose n = 3. If p0 has input 0, p1 has input 1, and p2 is faulty, then a tie-breaker is needed, but p2 can act maliciously. Set 10: Consensus with Byzantine Failures
B p1 A C p2 p0 Processor Lower Bound for f = 1 Theorem (5.7): Any consensus algorithm for 1 Byzantine failure must have at least 4 processors. Proof: Suppose in contradiction there is a consensus algorithm A = (A,B,C) for 3 processors and 1 Byzantine failure. Set 10: Consensus with Byzantine Failures
1 1 1 0 B C 0 0 p1 p2 A A p0 p3 p5 p4 C B Specifying Faulty Behavior • Consider a ring of 6 nonfaulty processors running components of A like this: • This execution probably doesn't solve consensus (it doesn't have to). • But the processors do something -- this behavior is used to specify the behavior of faulty processors in executions of A in the triangle. Set 10: Consensus with Byzantine Failures
Getting a Contradiction • Let 0 be this execution: B p1 p1 and p2 must decide 0 act like p0 to p1 in 0 0 0 C p2 p0 act like p0 to p5 in Set 10: Consensus with Byzantine Failures
Getting a Contradiction • Let 1 be this execution: B p0 and p1 must decide 1 p1 act like p2 to p1 in 1 1 1 p2 p0 A act like p5 to p0 in Set 10: Consensus with Byzantine Failures
The Contradiction • Let be this execution: What do p0 and p2 decide? act like p1 to p0 in act like p4 to p5 in p1 ? 1 0 p2 p0 A C view of p0 in = view of p0 in = view of p0 in 1 p0 decides 1 view of p2 in = view of p2 in = view of p2 in 0 p2 decides 0 Contradiction! Set 10: Consensus with Byzantine Failures
Processor Lower Bound for Any f Theorem: Any consensus algorithm for f Byzantine failures must have at least 3f+1 processors. Proof: Use a reduction to the 3:1 case. • Suppose in contradiction there is an algorithm A for f > 1 failures and n = 3f total processors. • Use A to construct an algorithm for 1 failure and 3 processors, a contradiction. Set 10: Consensus with Byzantine Failures
The Reduction • Partition the n ≤ 3f processors into three sets, P0, P1, and P2, each of size at most f. • In the n = 3 case, let • p0 simulate P0 • p1simulate P1 • p2simulate P2 • If one processor is faulty in the n = 3 system, then at most f processors are faulty in the simulated system. • Thus the simulated system is correct. • Let the processors in the n = 3 system do the same as the simulated processors, and it will also be correct. Set 10: Consensus with Byzantine Failures
Exponential Tree Algorithm • This algorithm uses • f + 1 rounds (optimal) • n = 3f + 1 processors (optimal) • exponential size messages (sub-optimal) • Each processor keeps a tree data structure in its local state • Values are filled in the tree during the f + 1 rounds • At the end, the values in the tree are used to calculate the decision. Set 10: Consensus with Byzantine Failures
Local Tree Data Structure • Each tree node is labeled with a sequence of unique processor indices. • Root's label is empty sequence ; root has level 0 • root has n children, labeled 0 through n - 1 • Child node labeled i has n - 1 children, labeled i : 0 through i : n-1 (skipping i : i) • Node at level d labeled v has n - d children, labeled v : 0 through v : n-1 (skipping any index appearing in v) • Nodes at level f + 1 are leaves. Set 10: Consensus with Byzantine Failures
Example of Local Tree The tree when n = 4 and f = 1 : Set 10: Consensus with Byzantine Failures
Filling in the Tree Nodes • Initially store your input in the root (level 0) • Round 1: • send level 0 of your tree to all • store value x received from each pj in tree node labeled j (level 1); use a default if necessary • "pj told me that pj 's input was x" • Round 2: • send level 1 of your tree to all • store value x received from each pj for each tree node k in tree node labeled k : j (level 2); use a default if necessary • "pj told me that pk told pj that pk 's input was x" • Continue for f + 1 rounds Set 10: Consensus with Byzantine Failures
Calculating the Decision • In round f + 1, each processor uses the values in its tree to compute its decision. • Recursively compute the "resolved" value for the root of the tree, resolve(), based on the "resolved" values for the other tree nodes: value in tree node labeled if it is a leaf resolve() = majority{resolve( ') : ' is a child of } otherwise (use a default if tied) Set 10: Consensus with Byzantine Failures
Example of Resolving Values The tree when n = 4 and f = 1 : (assuming 0 is the default) 0 0 0 1 1 0 1 0 0 0 1 1 1 1 1 0 0 Set 10: Consensus with Byzantine Failures
Resolved Values are Consistent Lemma (5.9): If pi and pj are nonfaulty, then pi 's resolved value for tree node labeled ' j (what pj tells pifor node ') equals what pj stores in its node '. Proof Ideas: • By induction on the height of the tree node. • Uses inductive hypothesis to know that resolved values for children of the tree node corresponding to nonfaulty procs are consistent. • Uses fact that n > 3f and fact that each tree node has at least n - f children to know that majority of children are nonfaulty. Set 10: Consensus with Byzantine Failures
Validity • Suppose all inputs are v. • Nonfaulty proc. pi decides resolve(), which is the majority among resolve(j), 0 ≤ j ≤ n-1, based on pi 's tree. • Since resolved values are consistent, resolve(j) (at pi) is value stored at the root of pj 's tree, which is pj 's input value if pj is nonfaulty. • Since there are a majority of nonfaulty processors, pi decides v. Set 10: Consensus with Byzantine Failures
Common Nodes and Frontiers • A tree node is common if all nonfaulty procs. compute the same value of resolve(). • A tree node has a common frontier if every path from to a leaf contains a common node. Lemma (5.10): If has a common frontier, then is common. Proof Ideas: By induction on height of . Uses fact that resolve is defined using majority. Set 10: Consensus with Byzantine Failures
Agreement • The nodes on each path from a child of the root to a leaf correspond to f + 1 different processors. • Since there are at most f faulty processors, at least on such node corresponds to a nonfaulty processor. • This node is common (by the lemma about the consistency of resolved values). • Thus the root has a common frontier. • Thus the root is common (by preceding lemma). Set 10: Consensus with Byzantine Failures
Complexity Exponential tree algorithm uses • n > 3f processors • f + 1 rounds • exponential size messages: • each msg in round r contains n(n-1)(n-2)…(n-(r-2)) values • When r = f + 1, this is exponential if f is more than constant relative to n Set 10: Consensus with Byzantine Failures