1 / 35

The Byzantine Generals Problem (M . Pease, R. Shostak , and L. Lamport )

The Byzantine Generals Problem (M . Pease, R. Shostak , and L. Lamport ). 236357 - January 2011 Presentation by Avishay Tal. Problem Definition. Neglible Delay Full Graph n independent processors Each has its own private value m “faulty” (or corrupted) processors

marek
Download Presentation

The Byzantine Generals Problem (M . Pease, R. Shostak , and L. Lamport )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Byzantine Generals Problem(M. Pease, R. Shostak, and L. Lamport) 236357 - January 2011 Presentation by Avishay Tal

  2. Problem Definition • Neglible Delay • Full Graph • n independent processors • Each has its own private value • m “faulty” (or corrupted) processors • May lie / act against the rules of the protocol • May be inconsistent – tell different processors inconsistent information • However, the message sender is known to the recipient and can’t be forged. • Goal: achieve agreement (consistency) among the nonfaulty processors • What does this mean?

  3. Goal • Each nonfaulty processor (NFP) will know the right private value of each other non-faulty processor • Each two NFPs p, p’ will think each faulty processor q has the same consistent value (though it may be not true).

  4. Interactive Consistency • We’ll use the following formulation: • Each processor p has a private value Vp • Each processor p computes during the algorithm a vector Fp of n values - one for each processor. • Interactive consistency is achieved if: • For each two NFPs p and q, Fp(q)=Vq • The NFPs computes exactly the same vector

  5. Protocol Guidelines • An NFP sends its own private value • An NFP relays messages sent to them • A faulty processor may mistake / lie / deny transfer of messages.

  6. Results • Denote (m, n) to be a setting with n processors and at most m faulty ones. • Single Fault - (1,4) protocol • Multiple Fault - (m,3m+1) protocol • Lower bound - (m,3m) impossibility result

  7. Dealing with a single Fault

  8. First Round

  9. First Round

  10. First Round

  11. First Round

  12. Second Round - Relaying

  13. Second Round - Relaying

  14. The Protocol • First Round: • In the first round every NFP sends its private value to every other processor • Second Round: • For each three different processors p, q, r, if q is an NFP, then q sends r the value he got from p (we will use the notation: pqr) • In both rounds, if an NFP doesn’t receive a message after some timeout, it assume that message was NIL.

  15. Decision • For each NFP p, and other processor q, p performs a majority vote over the 3 observations of q’s value to determine Fp(q): • qp • qp1p • qp2p • If there is no majority, then Fp(q)=NIL.

  16. For each nonfaulty processor p, and other processor q, p performs a majority vote over the 3 observations of q’s value to determine Fp(q): • qp • qp1p • qp2p • If there is no majority, then Fp(q)=NIL. • Proof of interactive consistency: • For each two NFPs p,q: Fp(q)=Vq. • Since at least two of the observations were true. • There exist a value v, s.t. for each NFP, p, Fp(4)=v. • If F1(4)=F2(4)=F3(4)=NIL then we’re done. • Assume some p has a non-NIL value Fp(4)=v.Let p1 and p2 denote the two other NFPs.Three possible cases: • P got 4p1p:v and 4p2p:v • P got 4p:v, and 4p2p:v • P got 4p:v, and 4p1p:v • In either case, both p1 and p2 will receive at least two messages indicating that 4’s value is v, hence Fp(4)=Fp1(4)=Fp2(4)=v.

  17. Protocol For (m,3m+1) • m+1 rounds: • First round: every NFP, p, will send its value to every other processor: • pq:vp • In the next m rounds every NFP, p, will relay every message he got on the previous rounds. • If he got prpr-1…p2p1p:v • He’ll send prpr-1…p2p1pq:v to every other processor q. • prpr-1…p2p1pq:v is short to: • p2told p1 that • P3 told p2 that • P4 told p3 that … • that pr told pr-1 that its value is v. • As before, if p was supposed to send a message to q and didn’t, q assume that p sent NIL.

  18. Decision – Determining Fp(q) – Post Mortem • If there exist a subset of processors Qp of size >(n+m)/2 and a value v such that for any path: • qp1 p2… pr p starting from q going through in p1, …, pr in Qp and ending in p, the message qp1 p2 … pr p:v was sent to p. • In this case Fp(q)=v. • If there isn’t any such subset, then q is faulty. • Consider only messages said to be originated from q but not passing in it again:qp1 p2 … pr p:v, pi≠ q • Replace it with the message p1 p2… pr p:v as if it was sent from p1. • Perform the decision by recursion with the new set of messages -denote the resulting vector (Fq)p. • Fp(q) = majority((Fq)p), if there’s no majority then Fp(q)=NIL

  19. Correctness • Claim 1:Let pr be an NFP, then a processor p got the message qp1 p2… pr-1pr p:v iff pr got the message qp1 p2… pr-1pr:v and r<m+1. • Claim 2:A faulty processor can’t convince an NFP that a path of NFPs sent him some (made-up) message. • This relies on the assumption that the message sender is known (even if he is faulty)

  20. Protocol without q • In the decision we perform recursion using all the messages originated from q which doesn’t pass it. • We need to show that such a protocol exists with m-1 faulty out of n-1 processors. • Sketch proof: • Every NFP will send the value he got from q as its own • Every NFP will relay messages. • Faulty processor, q’ ≠ q, will look at the run of the original protocol and will send a message iff the message qp1p2p3…prq’p’:v was sent in original protocol (and all pi s are different from q). • This will result in the message set we created during step 2 (in each NFP).

  21. Correctness • Induction on m. • Basis: m=0. • There’s no faulty processors • Only the first round is performed where each processors sends its value and record the other processors true value. • So we achieve interactive consistency • Step: m>0 • We will show two things: • for each NFPs p and p’ , Fp(p’)=Vp’ . • for each NFPs p and p’ and a faulty processors q Fp(q)=Fp’(q).

  22. For each NFPs p and p’, Fp(p’)=Vp’ • We will show that p will determine p’ value in step 1 of the protocol • Consider the set of NFP as N • By the assumption |N|>2m, so |N|>(n+m)/2. • So, for every NFP path: p’ p1p2p3…prpthe message p’ p1p2p3…prp:Vp’was sent to p. • By claim 2, a faulty processor can’t forge a message passing only through NFPs. • There can’t be another set B which will make p choose a different value v’. Because this set will have to be disjoint with N. And thus, |N|+|B|>n. in contradiction.

  23. For each NFPs p and p’, and a faulty processor q:Fp(q)=Fp’(q) • We will consider 3 termination cases: • Case 1:Both p,p’ calculation of q terminates in step 1. • Case 2:The calculation of Fp(q) terminates in step 1, while Fp’(q) is going through recursion. • Case 3:Both calculations are going through recursion.

  24. Case 1:Both p,p’ calculation of q terminates in step 1. • Since the size of Qp and Qp’ >(n+m)/2, there are more than (n+m)-n=m processors in their intersection. • One of them is an NFP, let p’’ denote it. • p’’ got some message from q about q’svalue: • qp’’:v • Since p’’ is an NFP, and m>0, p’’ delivers the messages: • qp’’p:v (to p) • qp’’p’:v (to p’) • Hence, p and p’ record of q must be the same.

  25. Case 2:The calculation of Fp(q) terminates in step 1, while Fp’(q) is going through recursion. • p has a set Qpof size > (n+m)/2 on which for each path from q to p through Qp, p gets a message with value v. • p‘ founds that q is a liar, doing step 2, but have to be consistent with p. • We will show that (Fq)p’(x)=v for every x in Qp-{q}. Thus, by majority (Fq)p’(x)=v • |Qp-{q}| > (n+m)/2 – 1 ≥(n-1)/2

  26. Case 2 (continued):The calculation of Fp(q) terminates in step 1, while Fp’(q) is going through recursion. • We consider our protocol over the set of processors P-{q} with m-1 faults • The secret value of each processor is the value that q told him in the original round. • Using the induction hypothesis, (Fq)p(x)= (Fq) p’(x) for every x in P-{q} • We will show that (Fq)p(x)=v to complete the proof of this case. • For every path xp1p2…prp with pi in Qp-{q} • The message qx p1p2…pr p :v was sent in the original protocol • Hence, the message x p1p2…pr p :v was “sent” in the modified protocol. • Every message x p1p2…pr p:w in the modified protocol corresponds to a message q xp1p2…pr p:w in the original protocol. • hence, w=v. • |Q-{p}|>(n+m)/2 -1 = ((n-1)+(m-1))/2, hence p will decide on step 1 that (Fq)p(x)=v.

  27. Case 3:Both p and p’ are going through recursion. • Using the induction hypothesis, (Fq)p and (Fq)p’ vectors are equal. • Hence, any function (in particular majority) on them must agree.

  28. Complexity • In the i'th round ni+1 messages are sent • The total message complexity is: • n2 +n3+… + nm+2 =Θ(nm+2)

  29. Impossibility result for (m,3m) • Assumptions: • Suppose NFPs can only send their original values, or relay other messages sent to them. • We will show 3 scenarios, such that if all 3 scenarios reach interactive consistency then we’ll get a contradiction. • Divide the processors to 3 disjoint sets of size m: A,B,C • Each set will be faulty in one of the three scenarios. • The faulty processors will only lie about the C’s values. • And only for the first time it reaches the processor they are lying to. • Liars won’t lie about the path of the message, only on the value. • Two values: 0,1.

  30. Scenarios

  31. Scenario alpha

  32. Scenario beta

  33. Scenario sigma

  34. alpha beta sigma

  35. Reaching a contradiction • For any a in A, b in B and c in C: • a receives the same messages in scenario alpha and sigma, and from i.c. of alpha computes 0 as c’s value. • 0=Falphaa(c)=Fsigmaa(c) • breceives the same messages in scenario beta and sigma, and from i.c. of beta computes 1 as c’s value. • 1=Fbetab(c)=Fsigmab(c) • From i.c. of sigma • Fsigmaa(c)=Fsigmab(c), in contradiction.

More Related