Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.
Próxima SlideShare
Cargando en…5
×

# Byzantine Generals

3.408 visualizaciones

Presentation on Lamport's paper "The Byzantine Generals Problem"

• Full Name
Comment goes here.

Are you sure you want to Yes No
• Sé el primero en comentar

### Byzantine Generals

1. 1. Byzantine Generals Problem Wednesday, August 18, 2010
2. 2. Motivation Wednesday, August 18, 2010
3. 3. Each division is directed by its own general Wednesday, August 18, 2010
4. 4. There are n generals Wednesday, August 18, 2010
5. 5. All armies are camped outside enemy castle, observing enemy Wednesday, August 18, 2010
6. 6. Communicate with each other by messengers Wednesday, August 18, 2010
7. 7. Requirement A: All loyal generals decide upon the same plan of action Wednesday, August 18, 2010
8. 8. Requirement B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
9. 9. Agreemeent G2 V1 General 1 sends his ideas on what to do G1 V1 next G4 V1 G3 Wednesday, August 18, 2010
10. 10. Agreemeent { V1, V2 } V2 G2 { V1 } General 2 sends his ideas on what to do G1 V2 next V2 G4 G3 { V1 } { V1 } Wednesday, August 18, 2010
11. 11. Apply combination method to all values { V1, V2, V3, V4 } G2 { V1, V2, V3, V4 } A: All loyal generals decide upon the same G1 plan of action G4 G3 { V1, V2, V3, V4 } Wednesday, August 18, 2010
12. 12. Beware of the wolves… { V1, V2 } V2 G2 General might be a { V1 } traitor, sabotaging G1 V2' the process. V2' G4 G3 { V1 } { V1 } B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
13. 13. Requirements reworked • From A: Every loyal general must obtain the same information v(1), .... v(n) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) Wednesday, August 18, 2010
14. 14. Rewritten • From A: Any two loyal generals use the same value of v (i) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) 2 ... an d since now both 1 and are conditions on the single al: value of a single gener Wednesday, August 18, 2010
15. 15. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends Wednesday, August 18, 2010
16. 16. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends y Interactive Consistenc Conditions Wednesday, August 18, 2010
17. 17. Assuming oral messages… • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected Wednesday, August 18, 2010
18. 18. No solution for 3 generals, 1 traitor C C ? ? attack attack attack retreat L1 he said 'retreat' L2 L1 he said 'retreat' L2 e From L 1’s perspective, both th s the commanding general a other lieutenant could be the ion. traitor causing confus Wednesday, August 18, 2010
19. 19. General Impossibility (Oral Messages) In general, no solutions with fewer than 3m+1 generals can cope with m traitors. Wednesday, August 18, 2010
20. 20. Assuming Signatures • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected • Signatures • A loyal general’s signature cannot be forged, and any alteration of the contents of his signed messages can be detected. • Anyone can verify the authenticity of a general’s signature Wednesday, August 18, 2010
21. 21. Algorithm SM(m) • Each lieutenant maintains a set V of properly signed orders received so far. • The commander sends a signed order to lieutenants • A lieutenant receives an order from someone (either from commander or other lieutenants), • Veriﬁes authenticity and puts it in V. • If there are less than m distinct signatures on the order • Augments orders with signature • Relays messages to lieutenants who have not seen the order. • When lieutenant receives no new messages, and use choice(V) as the desired action. • If you want to protect against more traitors, increase m Wednesday, August 18, 2010
22. 22. SM(m) and Traitors C V = attack, retreat => ! C ommander is a traitor attack : C retreat : C retreat : C : L2 L1 attack : C : L1 L2 Wednesday, August 18, 2010
23. 23. But what if… not all generals can reach all other generals directly? Wednesday, August 18, 2010
24. 24. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
25. 25. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and *SNAP* 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
26. 26. Samples 3-regular not 3-regular Wednesday, August 18, 2010
27. 27. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
28. 28. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. ssing In other words: in case of messengers pa h oral messages only, if you send enoug an messages, there m ay be a way to come to of agreement on w hat to do, even in face s. (It traitors and missin g communication path hich all depends on ho w many traitors and w paths are missing.) Wednesday, August 18, 2010
29. 29. Missing Communication Paths For any m, SM(m) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
30. 30. Practical Use of BGP General Processor Loyal general Non-faulty processor • IC1: All nonfaulty processors must use the same input value (so they produce the same output) • IC2: If the input unit is nonfaulty, then all nonfaulty processes use the value it provides as input (so they produce the correct output) Wednesday, August 18, 2010
31. 31. Assumption A1 Every message sent by non-faulty process is delivered correctly. • Failure of communication line cannot be distinguished from failure of nodes. • OK because we still are tolerating m failures. Wednesday, August 18, 2010
32. 32. Assumption A2 A processor can determine origin of message • In a ﬁxed line network, this can be assumed. • In a switched network, A2 is not needed since the messages will be signed. Wednesday, August 18, 2010
33. 33. Assumption A3 The absence of a message can be detected • Only by the use of some time-out convention • Fixed maximum time needed for the generation and transmission of a message. • The sender and receiver have clocks that are synchronized to within some maximum error Wednesday, August 18, 2010
34. 34. Assumption A4 Unforgeable signatures. Anyone can verify authenticity of signature • Message signed by i = (M, Si(M)) • If i is not faulty, no one can generate Si(M). (Faulty processor used for generating signatures.) • Given M and X, anyone can verify if X=Si(M) Wednesday, August 18, 2010
35. 35. Conclusions • BGP solutions are expensive (communication overheads and signatures) • Use of redundancy and voting to achieve reliability. What if >1/3 nodes (processors) are faulty? • 3m+1 replicas for m failures. Is that expensive? • Tradeoffs between reliability and performance • How would you determine m in a practical system? Wednesday, August 18, 2010