Byzantine Generals

Byzantine Generals Problem

Wednesday, August 18, 2010

Motivation


Each division is directed by its own
general


There are n
generals


All armies are camped outside enemy
castle, observing enemy


Communicate
with each
other by
messengers


Requirement
A: All loyal generals
decide upon the same
plan of action


Requirement
B: A small number of traitors
cannot cause the loyal
generals to adopt a bad plan


Agreemeent
G2
V1

General 1 sends his
ideas on what to do
G1 V1
next

G4
V1

G3


Agreemeent
{ V1, V2 }
V2
G2
{ V1 } General 2 sends his
ideas on what to do
G1 V2
next
V2

G4
G3 { V1 }

{ V1 }


Apply combination method
to all values
{ V1, V2, V3, V4 }

G2
{ V1, V2, V3, V4 } A: All loyal generals
decide upon the same
G1
plan of action

G4
G3 { V1, V2, V3, V4 }


Beware of the wolves…
{ V1, V2 }
V2
G2 General might be a
{ V1 }
traitor, sabotaging
G1 V2'
the process.
V2'

G4
G3 { V1 }

{ V1 }

B: A small number of traitors
cannot cause the loyal generals
to adopt a bad plan


Requirements reworked

• From A: Every loyal general must obtain the same
information v(1), .... v(n)

• From B: If the ith general is loyal, then the value that
he sends must be used by every loyal general as the
value of v(i)


Rewritten

• From A: Any two loyal generals use the same value of v
(i)

• From B: If the ith general is loyal, then the value that
he sends must be used by every loyal general as the
value of v(i)
2
... an d since now both 1 and
are conditions on the single
al:
value of a single gener


Byzantine Generals
Problem
A commanding general must
send an order to his n - 1 C
lieutenant generals such that

IC1: All loyal lieutenants
obey the same order

IC2: If the commanding L1 L2 L3
general is loyal, then every
loyal general obeys the order
he sends


Byzantine Generals
Problem
A commanding general must
send an order to his n - 1 C
lieutenant generals such that

IC1: All loyal lieutenants
obey the same order

IC2: If the commanding L1 L2 L3
general is loyal, then every
loyal general obeys the order
he sends
y
Interactive Consistenc
Conditions


Assuming oral messages…

• Every message that is sent is delivered correctly
• The receiver of a message knows who sent it
• The absence of a message can be detected


No solution for 3 generals,
1 traitor
C C

? ?
attack attack attack retreat

L1 he said 'retreat'
L2 L1 he said 'retreat'
L2

e
From L 1’s perspective, both th
s the
commanding general a
other lieutenant could be the
ion.
traitor causing confus


General
Impossibility
(Oral Messages)

In general, no solutions with
fewer than 3m+1 generals can
cope with m traitors.


Assuming
Signatures
• Every message that is sent is delivered correctly

• The receiver of a message knows who sent it

• The absence of a message can be detected

• Signatures

• A loyal general’s signature cannot be forged, and any
alteration of the contents of his signed messages can be
detected.

• Anyone can verify the authenticity of a general’s signature


Algorithm SM(m)
• Each lieutenant maintains a set V of properly signed orders received so
far.

• The commander sends a signed order to lieutenants

• A lieutenant receives an order from someone (either from commander
or other lieutenants),

• Veriﬁes authenticity and puts it in V.

• If there are less than m distinct signatures on the order

• Augments orders with signature

• Relays messages to lieutenants who have not seen the order.

• When lieutenant receives no new messages, and use choice(V) as the
desired action.

• If you want to protect against more traitors, increase m


SM(m) and Traitors

C
V = attack, retreat =>
!
C ommander is a traitor
attack : C retreat : C

retreat : C : L2

L1 attack : C : L1
L2


But what if…
not all generals can reach all
other generals directly?


p-Regular Graphs
1. A set of nodes { i1, …, ip } is said to be a regular set of
neighbors of a node i if:

1. each ij is a neighbor of i, and

2. for any general k different from i, there exists paths γj,k
from ij to k not passing through i such that any two
different paths γj,k have no node in common other than k.

2. The graph G is said to be p-regular if every node has a
regular set of neighbors consisting of p distinct nodes.


p-Regular Graphs
1. A set of nodes { i1, …, ip } is said to be a regular set of
neighbors of a node i if:

1. each ij is a neighbor of i, and

*SNAP*
2. for any general k different from i, there exists paths γj,k
from ij to k not passing through i such that any two
different paths γj,k have no node in common other than k.

2. The graph G is said to be p-regular if every node has a
regular set of neighbors consisting of p distinct nodes.


Samples
3-regular not 3-regular


Missing communication
paths
For any m and any p ≥ 3m, algorithm OM(m, p) solves the
Byzantine Generals Problem if there are at most m
traitors.


Missing communication
paths
For any m and any p ≥ 3m, algorithm OM(m, p) solves the
Byzantine Generals Problem if there are at most m
traitors.
ssing
In other words: in case of messengers pa
h
oral messages only, if you send enoug
an
messages, there m ay be a way to come to
of
agreement on w hat to do, even in face
s. (It
traitors and missin g communication path
hich
all depends on ho w many traitors and w
paths are missing.)


Missing
Communication Paths

For any m, SM(m) solves the Byzantine Generals
Problem if there are at most m traitors.


Practical Use of BGP
General Processor
Loyal general Non-faulty processor

• IC1: All nonfaulty processors must use the same input
value (so they produce the same output)

• IC2: If the input unit is nonfaulty, then all nonfaulty
processes use the value it provides as input (so they
produce the correct output)


Assumption A1

Every message sent by non-faulty process is delivered
correctly.

• Failure of communication line cannot be distinguished
from failure of nodes.

• OK because we still are tolerating m failures.


Assumption A2

A processor can determine origin of message

• In a ﬁxed line network, this can be assumed.
• In a switched network, A2 is not needed since the
messages will be signed.


Assumption A3

The absence of a message can be detected

• Only by the use of some time-out convention
• Fixed maximum time needed for the generation and
transmission of a message.

• The sender and receiver have clocks that are synchronized to
within some maximum error


Assumption A4

Unforgeable signatures. Anyone can verify authenticity
of signature

• Message signed by i = (M, Si(M))
• If i is not faulty, no one can generate Si(M). (Faulty
processor used for generating signatures.)

• Given M and X, anyone can verify if X=Si(M)


Conclusions
• BGP solutions are expensive (communication
overheads and signatures)

• Use of redundancy and voting to achieve reliability.
What if >1/3 nodes (processors) are faulty?

• 3m+1 replicas for m failures. Is that expensive?
• Tradeoffs between reliability and performance
• How would you determine m in a practical system?


Byzantine Generals

Recomendados

Recomendados

Más contenido relacionado

Más de Wilfred Springer

Más de Wilfred Springer (10)

Último

Último (20)

Byzantine Generals