Download - The Byzantine Generals Problem
![Page 1: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/1.jpg)
1
The Byzantine Generals Problem
Leslie Lamport, Robert Shostak, Marshall Pease
Presented by Radu Handorean
![Page 2: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/2.jpg)
2
Byzantine Generals Problem (metaphor)
![Page 3: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/3.jpg)
3
GBP – the Generals
Loyal Generals Behave according to THE algorithm
which should ensure that They decide upon the same plan (A) A small number of traitors shouldn’t
be able to force a bad decision (B)
Traitorous Generals Try to mess the final decision Send any info they want
![Page 4: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/4.jpg)
4
GBP – the Generals
(A) => Every loyal general must obtain the same v(1)…v(n)
(B) => If the ith general is loyal => v(i) must be used by all (loyal) generals
![Page 5: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/5.jpg)
5
Byzantine Generals Problem (formal)
0 .. N-1 processes in a complete graph
Process 0 needs to send a value v to all others such that (IC1) If process 0 is non faulty then any
non faulty process i receives v (IC2) If processes i and j are non faulty,
they receive the same value Note: 0 is non faulty, then IC1=>IC2
![Page 6: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/6.jpg)
6
Impossibility Results – Oral Msg
Oral message – the content is entirely under the control of the sender
No solution if more than 1/3 of the generals are traitorous
![Page 7: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/7.jpg)
7
Traitorous Lieutenant
attackattack
he said “retreat”
![Page 8: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/8.jpg)
8
Traitorous General
retreatattack
he said “retreat”
![Page 9: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/9.jpg)
9
Impossibility Results – Generalization
No solution with fewer than 3m+1 generals for m traitors
Proof by contradiction: reduce the problem to the 3 generals problem Assume 3m (let’s call them Albanians) or
fewer generals can cope with m traitors Build the solution with Byzantine
generals
![Page 10: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/10.jpg)
10
Proof
1 Byzantine simulates ~1/3 Albanians 1 Byzantine simulates 1 Albanian general
& m-1 Albanian lieutenants (m, m, respectively)
Max m traitor Albanians IC1 & IC2 hold for Albanians (assumed) IC1 & IC2 hold for Byzantine (implied)
IMPOSSIBLE SOLUTION
![Page 11: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/11.jpg)
11
Solution with Oral Messages
A1. Every msg. is delivered correctly A2. The receiver knows where the
msg. comes from A3.The absence of a msg. can be
detected A1&A2 – a traitor cannot interfere with a
msg. between others A3 – a traitor cannot drop msg.
![Page 12: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/12.jpg)
12
Oral Messages – Cont.
No order from a traitorous commander => RETREAT by default
OM(m) – alg. for 3m+1 generals with at most m traitors
Use the majority function for decision Majority value if exists or RETREAT Median value if they are an ordered set
![Page 13: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/13.jpg)
13
OM(0)
(1) The commander sends his value to each lieutenant
(2) Each lieutenant uses the value from the commander or RETREAT if the commander is silent
![Page 14: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/14.jpg)
14
OM(m)
(1) The commander sends his value to each lieutenant (vi)
(2) Each L acts as commander for OM(m-1) and sends Vi to the other n-2 (or RETREAT)
(3) For each i and j!=i, Li receives vj from Lj in (2) (or RETREAT); Li uses majority(v1..vn-1)
![Page 15: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/15.jpg)
15
Example m=1, n=4, L traitor
v
v
v
v x
![Page 16: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/16.jpg)
16
Example m=1, n=4, L traitor
x
y
z
x z
y y
x
z
![Page 17: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/17.jpg)
17
OM(m) - Proof of Correctness
Lemma1: for any m, k, OM(m) has IC2 for more than 2k+m generals and at most k traitors IC2: if the commander is loyal, every
loyal general obeys commander’s order Proof: induction on m
OM(0) – trivial m>0
Commander sends v to n-1 lieutenants
![Page 18: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/18.jpg)
18
OM(m) – Proof - Cont.
Each loyal general applies OM(m-1) with n-1 generals
(*) n>2k+m => n-1>2k+(m-1)
>each loyal Li gets vj=v from each loyal Lj
At most k traitors and (*) =>a majotiry of n-1 lieutenants are loyal
![Page 19: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/19.jpg)
19
OM(m) – Proof – Cont.
Theorem: OM(m) satisfies IC1 and IC2 if there are more than 3m generals and at most m traitors
Proof: induction on m OM(0) satisfies IC1 and IC2 (no traitors) Commander = loyal & k=m in Lemma
=> IC2 => IC1 Commander = traitor => at most m-1
traitorous lieutenants
![Page 20: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/20.jpg)
20
OM(m) – Proof – Cont. There are more than 3m generals =>
more than 3m-1 lieutenants 3m-1>3(m-1) & apply induction
(OM(m-1) satisfies IC1 & IC2) => for each j, any 2 loyal Ls get the
same value for vj in step 3 => any 2 loyal Ls get the same array
(v1...vn-1) in step 3 => the same majority(…) => IC1
![Page 21: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/21.jpg)
21
Solution with Written Messages Generals send unforgeable signed
messages Add A4 to A1-A3:
A loyal G’s signature cannot be forged and any alteration can be detected
Anyone can verify the auth of a G’s signature
NO assumptions about a traitorous G’s signature
![Page 22: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/22.jpg)
22
New Solution C sends signed orders to Ls Each L adds its signature and
forwards the message, etc… Use a function choice(…) to obtain a
single order choice(V) = v if v if the only elem. in V choice(V) = RETREAT if V is empty Any choice() function must have these
properties
![Page 23: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/23.jpg)
23
Notations x:i = msg. x signed by G i v:j:i = msg. v signed by Gs j and I G0 = commander (C) Vi = set of properly signed orders
received by Li Loyal C => Vi has only 1 element Do NOT confuse with the set of msg. !!!
(many different msg can carry the same order)
![Page 24: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/24.jpg)
24
SM(m) Initially Vi = empty for each I (1) C signs and send v to each L (2) For each i:
(A) if Li receives v:0 and Vi=empty (i) Vi={v} (ii) Send v:0:i to all other Ls
(B) if Li receives v:j1…:jk and v not in Vi (i) Add v to Vi (ii) if k<m send v:j1…:jk:I to all other agents
(3) When Li receives no more msg., he obeys choice(Vi)
![Page 25: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/25.jpg)
25
SM(1) - Example
Attack:0 Retreat:0
Attack:0:1
Retreat:0:2
0
1 2
![Page 26: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/26.jpg)
26
SM(1) – Proof
Theorem2: SM(m) solves GBP for at most m traitors C = loyal => sends v:0 to all Ls
Every loyal L receives v in (2) No loyal L can receive v’:0 in (2B) Vi = {v} for all i Loyal Ls obey choice() in (3) => IC2 => IC1
C = traitorous
![Page 27: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/27.jpg)
27
SM(m) – Proof – Cont. C = traitorous
Loyal Li and Lj obey the same order in (3) if Vi = Vj from (2)
If Li receives v in (2A), it sends it to Lj in (2Aii)
If Li adds v to Vi in (2B) => must receive a first message v:j1…:jk
![Page 28: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/28.jpg)
28
SM(m) – Proof – Cont. If j is one of the jr, v must have already been
added to Vi If not
(1) k<m : i sends v:j1…jk:i to j (2) k=m : since C=traitor= > max m-1
traitor Ls => at least 1 of j1…jm is loyal This loyal L must have sent v to j so j has
that order
![Page 29: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/29.jpg)
29
Missing Communication Paths The Generals’ graph is no longer complete
3-regular graph not 3-regular
![Page 30: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/30.jpg)
30
Definitions (a) {i1,…,ip} is a regular set of neighbors of
I if Each ij is a neighbor of I For any k!=i there are paths gj,k from ij to k not
passing through i s.t. any 2 such path only have k in common
A graph G is p-regular if any node has a set of p regular neighbors
Note: a 3m-regular graph has min 3m+1 nodes
![Page 31: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/31.jpg)
31
OM(m,p)
G must be p-regular (0) N = p-regular set of C’s neighbors C sends the order to every L in N For each i in N, Li receives vi from C
or RETREAT; Li sends vi to every other Lk as follows:
![Page 32: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/32.jpg)
32
OM(m,p) – Cont. (A) if m=1, it sends along gj,k
(B) if m>1, it acts as commander for OM(m-1, p-1), after removing C
For each k and i in N, k!=i, Lk receives vi from Li, or vi=RETREAT; Lk uses majority(vi1,…, vip), where N = {i1,…ip}
![Page 33: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/33.jpg)
33
OM(m, 3m) – GBP O(m,3m) solves GBP for at most m traitors
(proof below) Lemma1: for any m>0 and any p>=2k+m,
OM(m,p) satisfies IC2 for at most m traitors m=1
L obtains majority(v1..vp) At most k traitors and p>=2k+1 => more than
half of the p paths –> loyal Ls -> if C is loyal then the majority() if his command
m>1
![Page 34: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/34.jpg)
34
Lemma2 – Cont. m>1
Assume for m-1 If C = loyal, each of the p Ls in N has the
correct order p>2k -> a majority are loyal & each sends
the correct order Each loyal L gets a majority of correct orders
![Page 35: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/35.jpg)
35
GBP – Cont. Theorem 3: for any m>0 and any
p>=3m, OM(m,p) solves GBP for max. m traitors Lemma 2 & k=m => IC2 C = loyal then IC2 implies IC1 C = traitorous
m=1 => all Ls = loyal and gj,k do not pass through C
m>1: induction since p>=3m implies p-1>=3(m-1)
![Page 36: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/36.jpg)
36
Comments
For 3m+1 generals, 3m-regularity = complete connectivity
IC2 cannot be satisfied if a message C->L is “routed” by traitors
IC1 cannot be satisfied if L1 and L2 can only communicate via traitors
These assumptions are too strong
![Page 37: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/37.jpg)
37
SM(m)
If the subgraph of loyal Ls is connected =>SM(n-2) is a solution (n=# of Gs) regardless of # of traitors
Definition: the diameter of a graph is the smallest # of edges to connect any 2 nodes
![Page 38: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/38.jpg)
38
GBP - SM
Theorem 4: If there are at most m traitors, and d=the diameter of loyal Ls subgraph, SM(m-d+1) solves GBP
Proof: similar to Theorem 2
![Page 39: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/39.jpg)
39
SO WHAT ??? Use of redundancy and voting to
achieve reliability Majority voting
All non faulty processes produce the same result (from the same input - e.g. 2 non faulty processors read a clock)
If the input unit (G) is non faulty, all non faulty (loyal) processes (Ls) use the provided value
![Page 40: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/40.jpg)
40
SO WHAT – Cont. A1..A3(A4)
A1 – every msg. sent by a non faulty proc. Is delivered correctly The failure of a communication line
cannot be distinguished from the failure of a component => max m failures
Real life effect: lowers connectivity, does not forge information
![Page 41: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/41.jpg)
41
SO WHAT – Cont. A1..A3(A4)
A2 – a processor can determine the origin of a msg. Most important is that a faulty proc.
cannot impersonate a non faulty one In practice we should use IPC over fixed
lines rather than fancy network switching A4 obsoletes A2, is satisfied
![Page 42: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/42.jpg)
42
SO WHAT – Cont. A1..A3(A4)
A3 – the absence of a message can be detected Use of time-outs:
Fixed maximum time to produce and deliver a message
Sender’s and receiver’s clock’s are reasonably synchronized
![Page 43: The Byzantine Generals Problem](https://reader030.vdocuments.us/reader030/viewer/2022032607/56812fcd550346895d954d27/html5/thumbnails/43.jpg)
43
SO WHAT – Cont. A1..A3(A4) A4 – processors sign messages s.t. a
non faulty processor cannot forged Signature = redundant info. Message signed by i = (M, Si(M))
Si must satisfy If I is non faulty, no other processor can
generate Si(M) – cannot be guaranteed Random multiplication Malicious intelligence
Given M and X, any processor can verify X=Si(M)