independent node failures: nodes don’t depend on each other, host different implementations of the service
to detect corrupted messages signature m signed by node i digests produced by hash-function, we sign just a digest replicas know all pub key to verify
Linearizability: service behaves like a centralized implementation, executes operations atomically one at the time.
Client waits for f+1 replies form different replicas with the same result, this is the result of the operation. Replicas:- Deterministic- Start in the same state=> total order for the execution on all non-faulty replicas
2nd case: if replica hasn’t processed the request yet, it relays the request to the primary. If the primary doesn’t multicast the request, it will eventually be suspected by replicas, then view change.
Non-deterministic case : additional phase:- primary obtains proposed authenticated values, concat. 2f+1 of them with the request, start 3phase for this message;- replicas choose the value deterministically (for example, median).
Requests are not included in pre-prepare message to keep them small. Pre-prepare message are used as a proof that the request was assigned sequence number n in view v in view changes. The last condition prevents a faulty primary from exhausting the space of sequence numbers by selecting a very large one. If doesn’t accept — does nothing. Otherwise enters next phase.
n — seq number of last request whose execution reflected in the state d — digest of the state The checkpoint protocol is used to advance the low and high water marks (which limit what messages will be accepted). k is big enough so that replicas do not stall waiting for a checkpoint to become stable. For example, if checkpoints are taken every 100 requests, might be 200.
n is the sequence number of the last stable checkpoint known to i C is a set of (2f+1) valid checkpoint messages proving the correctness of s P_m for each request m that prepared at i with a sequence number higher than n new_view starts when 2f view-changes received