1

Principles of Reliable Distributed Systems

Lecture 6: Synchronous Uniform

Consensus

Spring 2005

Dr. Idit Keidar

2

Today’s Material

• Nancy Lynch, Distributed Algorithms, – Ch. 6

• Attiya and Welch, Distributed Computing,– Ch. 5

3

Today’s Problem: Uniform Consensus

Each process has an input, should on decide an output

• Uniform Agreement: all decisions are the same

• Validity: decision is input of one process

• Termination: eventually all correct processes decide

4

Today’s Model

• Round-based synchronous

• Static set P = {p1, …, pn} of processes

• Crash failures

5

Round

Synchronous Model

• Synchronous rounds:

– send messages to any set of processes, – receive messages from this round, – do local processing (possibly decide, halt)

• If process pi crashes in a round, then any subset of the messages pi sends in this round can be lost

6

Round-Based Failstop Model

• If no message from pj is received, then pj is suspected• If pi fails in round r, then any subset of the messages pi

sends in r may arrive• If pi is suspected in round r, pi fails in round r or r-1

– no further messages from pi will arrive

round 1 round 2

p1

p2

p3

p1 crashes in round 2;

p2 receives p1’s round 2 message

p3 suspects p1 in round 2

7

t-Resilient Algorithm

• t is a threshold on the number of potential failures– the algorithm is correct as long as no more than t

processes fail

• In the following algorithm, 0 ≤ t < n• We denote by f the number of actual failures that

occur in a given run, 0 ≤ f ≤ t• We’d like t to be big (robust algorithm)

– but f will usually be small (failures are rare)

8

Notation

• P = {p1, …, pn} is the set of processes

• initi is pi’s initial value

• Local variables of pi are denoted: vi, Alivei

9

t-Resilient Failstop Uniform Consensus Algorithm

vi=initi; Alivei = P in every round 1 ≤ k ≤ t+2:

send vi to allreceive round k messagesfor all pj

if (received vj) then vi = min(vi, vj)otherwise pj is suspected

if ( (pj Alivei : received vj = vi) && !decided ) then decide vi.

for all pj if (suspect pj) then Alivei=Alivei {pj}

10

Proof: Validity

• Lemma: for every process pi, vi always includes the initial value initj of some process pj.

11

Proof: Uniform Agreement

• Lemma: – if exist value v, round r, and process pi s.t.

– all processes that are in Alivei at the beginning of round r send v in round r,

– then v is the only possible decision value from r onward.

12

Proof: Uniform Agreement (Cont’d)

• From the Lemma, we get that if some process decides v in round r, then v is the only possible decision value from r onward.

• Now look at the first round in which some process decides.

13

Proof: Termination

• After a round r in which no process fails, all processes have the same vi forever. – Because all receive the same messages in r,– By induction…

• Consider a run where f processes fail. Then for a correct process pi, Alivei changes in at most f rounds of this run.

• Thus, after at most f+2 rounds, there is a round in which Alivei does not change and all received values are the same.

14

How Long Does it Take?

• Early-deciding: in a run with f failures, decision is reached by the end of round f+2

• We will prove that this is optimal – for Uniform Consensus, but not for Consensus– as long as f < t-1

15

Deciding vs. Stopping (Halting)

• The algorithm is not early-stopping: – it continues running for t+2 rounds– even after reaching a decision

• Homework question: can you change the algorithm to be early-stopping?– stop (halt) after f+k rounds in runs with t≥f≥0 failures

for some constant k

16

Synchronous Authenticated Byzantine-Tolerant Consensus

17

Byzantine Faults

• Faulty process can behave arbitrarily, i.e., they don’t have to follow the protocol. E.g.,– can suffer benign failures – crash, timing;– can send bogus values in messages;– can send messages at the wrong time; – can send different messages to different

processes; etc.

• Captures software bugs, hacker intrusions.

18

Authenticated (Byzantine) Model

• Authentication: The receiver of a message can ascertain its origin;– an intruder cannot masquerade as someone else.

• Integrity: The receiver of a message can verify that it has not been modified in transit;– an intruder cannot substitute a false message for a

legitimate one.

• Nonrepudiation: A sender cannot falsely deny later that he sent a message.

19

Implementing Authentication

• Uses a Cryptographic Public Key Infrastructure (PKI).

• Each process has a well-know public key and a matching private key. Mp is message M signed by p’s private key.

– Only p can generate Mp .

– Every process can verify p’s signature on Mp using p’s public key.

20

Exploiting Authentication

• All messages are signed by their source.• Every receiver can verify that the message

was indeed sent by the source as is.• Signed messages can be forwarded as proof.

“I can prove that Idit said that I don’t have to submit this homework assignment” – Yossy does not have to submit homework assignment 2Idit

21

Consensus with Byzantine Failures

• Recall, we defined consensus as follows:– Agreement: correct processes’ decisions are

the same– Termination: eventually all correct processes

decide – Validity: decision is input of one process

• Problem?

22

Validity: Take II

• Strong unanimity: If the input of all the correct processes is v then no correct process decides a value other than v– When does this imply that the decision is an

input value of some correct process?

• How resilient can an algorithm satisfying this property be?

23

Exponential Information Gathering (EIG) for t <n/2

send vi pi to allin every round 2 ≤ k ≤ t+1:

for every received message m:

if (m has k-1 different valid signatures) then send mpi to all the processes that did not sign it

Validi = {vjpj | all messages with t+1 valid signatures beginning with pj’s have same initial value vj }

decide on most common value in Validi (break ties)

24

Validity: Take III

• Weak unanimity: If the input of all the correct processes is v and no process fails then no correct process decides a value other than v

• Does this prevent a trivial solution?

25

Summary of Known Results

• Synchronous, Byzantine fault-tolerant, t-resilient consensus algorithms – – weak unanimity with authentication: iff t < n

• recitation

– strong unanimity with authentication: iff t < n/2– without authentication: iff t < n/3