BYZANTINE AGREEMENT

1
BYZANTINE AGREEMENT
2
The Byzantine generals problem

• Turkish invasion into Byzantium
• Byzantine generals have to agree on attack or
  retreaval
• The enemy works by corrupting the soldiers
• Byzantine generals are notoriously treacherous
  ...
• The loyal generals have to prevent traitors from
  spoiling a coordinated attack
• Messengers are sent to each other camps
• Orders are distributed by exchange of messages,
  corrupt soldiers violate protocol at will
• But corrupt soldiers cant intercept and modify
  messages between loyal troops
• The gong sounds slowly there is ample time for
  loyal soldiers to exchange messages (all to all)

3
Byzantine Agreement

• Commanding General commands other generals
• If all loyal generals attack victory is certain
• If none attack, the Empire survives
• If some attack, Empire is lost
• Gong keeps time
• but they dont need toall attack at once

4
Consensus problem

• With a leader leader gives an order, like
  attack, and non-faulty participants either
  attack or do nothing, despite some limited number
  of failures
• Byzantine Agreement (agreement about a
  value)
• atomic broadcast
• Without a leader participants have an initial
  vote protocol runs and eventually all non-faulty
  participants chose the same outcome, and it is
  one of the initial votes (typically, 0 or 1)
• Fault-tolerant Consensus (distributed
  consensus)
• maintaining replicated data
• monitoring a distributed computation
• detecting failed processor (sensors)

5
The formal setting of the consensus problem

• There are M processors P p1, ..., pM that are
  trying to reach consensus.
• A subset F of the processors are faulty, and the
  remaining processors are nonfaulty.
  Each processor pi ? P stores a
  value Vi.
• During the consensus protocol, the processors
  calculate an consensus value Ai.
• After the protocol ends, the following two
  conditions should hold

6

• 1. For every pair pi and pj of nonfaulty
  processors,
• Ai Aj. This value is the consensus
  value.
• (Every correct node chooses the same
  value)
• 2. The consensus value is a function of the
  initial values
• Vi of the nonfaulty processors (P -
  F).
• ( If all the correct nodes have the
  same input, that
• input must be the value chosen)
• Conditions
• synchronous system
• receivers can reliably identify the sender

7
Byzantine Agreement ( reliable broadcast )

• each general broadcasts reliably its opinion Vj
  to all other generals
• all generals will learn other generals opinions
  and decide for the same action
• BA is equivalent to the consensus
• each loyal general can agree on the opinion Vj
  of every other general pj
• it means, they can agree on the consensus value

8
Single broadcast

• we will consider only a single broadcast in the
  following
• commanding general is broadcasting (can be
  treacherous)
• all others are lieutenant generals
• broadcast is reliable if
  interactive consistency conditions hold
• If sender pS is loyal, the loyal generals will
  agree on VS
• If the sender pS is treacherous, the loyal
  processors will agree on the same value for VS

9
Impossibility Results

• Let t be the maximum number of faulty processes
  that our protocol is supposed to tolerate
• To reach agreement
• At least 3t1 generals must be present.
• At least t1 rounds of communication
• Same result holds for fault-tolerant consensus in
  the Byzantine model
• Byzantine agreement is not possible with fewer
  than 3t1 processes
• No solution exists for 3 generals in the presence
  of a single traitor.

10
Consensus of 3 processes

• Example 3 processes, 1 is faulty (A, B, C)
• Non-faulty processes start with input 0 and 1,
  respectively
• They exchange messages
  each now has a set of
  inputs 0, 1, x, where x comes from C
• C sends 0 to A and 1 to B
• A has 0, 1, 0 and wants to pick 0. B has 0,
  1, 1 and wants to pick 1. What to do?
• Can we prove that consensus is impossible with
  just 3 processes?

11
Scenario A - 3 generals with a single traitor

• 1 commanding general and 2 lieutenants
• one of them is treacherous

A B 1, 0 gt 0 C 0, 1 gt 0
A gt 1 B 1, 0 gt 0 C 1, 1
12
Theorem
If M lt 3t, the system cannot reach
agreement. ---------------------------------------
--------------------------- M generals t
traitors 3 groups of processes one of the groups
contains all treacherous processes

S
U
T
13
scenario 0
the
general broadcasts 0
processes in U send out
the same
messages as in the
1. scenario, to processes in T
gt
assume that the agreement
works and correct processes
in T
decide correctly on 0
S
0
0
0
0
1
U
T
0
0
14
scenario 1
the
general broadcasts 1
processes in T send out
the same messages as
in the
0. scenario, to processes in U
gt processes in U must
decide on
1 to achieve the correct result

S
1
1
1
1
1
U
T
0
1
15
scenario 0, 1
The interaction between T and U is the same in
both 0 and 1 scenario. The difference makes
only S, that changes (defines) an input and
therefore the output
S
0, 1
0, 1
0, 1
0, 1
1
U
T
0
1
0
16
scenario 2
the
commanding general
is treacherous
T
receives the same messages
as in 0. case and decides on
0 U
receives the same messages
as in 1. case and decides on
1 Now U and T see the same messages as in the
previous scenarios gt they make the same
decisions as before, but now the decisions are
contradictory
S
0
1
0
1
1
U
T
1
0
0
17
Scenario B 4 Generals and a single traitor
G

• A B C
• ------------------
• 1 1 1
• 1,0 1,0 1,1
• Output(1,1,1)

1
1
1
1
1
C
B
A
0
1
1
0

• there are enough loyal generals to reach a
  consensus opinion
• a loyal general gets a correct value from the
  commanding general and the other loyal lieutenant
  general one possibly wrong value

18
Scenario B 4 Generals and a single traitor
G

• A B C
• ------------------
• 1 1 0
• 1,0 1,0 1,1
• Output(1,1,1)

0
1
1
1
1
C
B
A
0
1
1
0

• all loyal generals get the same set of values
  from each other and they decide for the same
  output (majority)
• Agreement Protocol works for N 3t 1.

19
BG(k) protocol

• k ... the maximum number of traitors that can be
  tolerated (t . . . the real number of traitors)
• M gt 3k and t lt k
• majority consensus (default value)
• processors communicate with each other to
  determine the majority decision
• all lieutenants become commanding generals after
  receiving the commanders order
• their broadcast does not have to be reliable as
  opinions of disloyal lieutenants may be discarded

20

• BG(k) protocol is recursive
• lieutenants perform BG(k - 1) that tolerates k
  traitors
• time-out -gt default value
• senders of messages are known
• protocol works synchronously in rounds

Majority and default decisions.
Majority(v1,v2, ..., vn) Return the majority
v among v1,v2, ..., vn , or Retreat if no
majority exists
21
Byzantine Generals broadcast
Base case for a Byzantine Generals broadcast
BG_Send(0,v,l) The commander broadcasts v to
every lieutenant in l. BG_Receive(0) Return
the value they sent to you or Retreat if no
message is received.
22
Byzantine Generals broadcast
General case for Byzantine Generals broadcast
BG_Send(k,v,l) send v to every lieutenant
on l BG_Receive(k) let v be the value sent
to you or Retreat if no value is sent let
l be the set of lieutenants who have never
broadcast v BG_Send(k-1,v,l-Self) Use
BG_Receive(k-1) to receive v(i) for every i in
l-Self Return majority(v, v(1), ..., v(l
- 1))
23
An execution of BG(2)
C
The commander broadcasts his order using BG(2)
L1
L2
L3
L4
L5
L6
L1
BG(1)
L1v
L2
L3
L4
L5
L6
L2
BG(0)
L2L1v
L3
L4
L5
L6
24
Lemma 1

• For any t and k, if the commanding general is
  loyal, the BG(k) protocol is correct if there are
  no more that t traitors and at least 2t k
  generals.
• Proof (by induction)
• BG(0) works
• assume BG(k-1) works for M gt 2t k - 1, k
  gt 0, t lt k
• consider BG(k) for M 2t k

25

• commander broadcasts his order
• lieutenants use BG(k-1) for M 2t k -1
  to rebroadcast
• 1. lieutenant is loyal gt BG(k-1) works
  according to the I.H.
• 2. lieutenant is treacherous gt sends
  different orders to different lieutenants
• loyal lieutenants compute majority of orders of
  all other lieutenants
• t k - 1 values are correct t values may be
  incorrect
• t k - 1 gt t as k gt 1

26
Lemma 2

• For any k, the BG(k) protocol is correct if there
  are more than 3k generals and no more that k
  traitors.
• Proof (by induction)
• BG(0) works
• assume BG(k-1) works for M gt 3(k - 1) ,
  t lt k - 1
• consider BG(k) for M 3t 1 t k

27

• 1. commander is loyal and M 3k 2t k gt
  BG(k) works according to Lemma 1
• 2. commander is treacherous
• sends different orders
• lieutenants rebroadcast the orders using BG(k
  -1)
• there is t lt k - 1 traitors and M gt 3k
  generals gt BG(k - 1) works according to I.H.
• even if rebroadcasting lieutenant is treacherous
  all loyal l. will compute the same value for his
  order
• gt they will have the same input for the majority
  function