csce 668 distributed algorithms and systems

CSCE 668DISTRIBUTED ALGORITHMS AND SYSTEMS

Fall 2011Prof. Jennifer WelchCSCE 668

Set 10: Consensus with Byzantine Failures 1

Consensus with Byzantine Failures

CSCE 668Set 10: Consensus with Byzantine Failures

2

How many processors total are needed to solve consensus when f = 1 ?

Suppose n = 2. If p0 has input 0 and p1 has 1, someone has to change, but not both. What if one processor is faulty? How can the other one know?

Suppose n = 3. If p0 has input 0, p1 has input 1, and p2 is faulty, then a tie-breaker is needed, but p2 can act maliciously.

Processor Lower Bound for f = 1


3

Theorem (5.7): Any consensus algorithm for 1 Byzantine failure must have at least 4 processors.

Proof: Suppose in contradiction there is a consensus algorithm A = (A,B,C) for 3 processors and 1 Byzantine failure.

p0 p2

p1

A C

B

Specifying Faulty Behavior


4

Consider a ring of 6 nonfaulty processors running components of A like this:

This execution probably doesn't solve consensus (it doesn't have to).

But the processors do something -- this behavior is used to specify the behavior of faulty processors in executions of A in the triangle.

p0A

p2

Cp1

B

p3 A

p4

Bp5

C

1 1

0

00

1

Getting a Contradiction


5

Let 0 be this execution:

p0 p2

p1

C

B

00

0act like p3to p4 in

act like p0to p5 in

p1 and p2must decide 0

Getting a Contradiction


6

Let 1 be this execution:

p0 p2

p1B

11


act like p5to p0 in

p0 and p1must decide 1

A

The Contradiction


7

Let be this execution:

p0 p2

p1

C01

?

act like p4to p5 in

act like p1to p0 in

What do p0 andp2 decide?

A

view of p0 in = view of p0 in = view of p0 in 1 p0 decides 1

view of p2 in = view of p2 in = view of p2 in 0 p2 decides 0

Views


8

p0A

p2

Cp1

B

p3 A

p4

B

p5

C

p0 p2

p1

C01

?

act like p4to p5 in

act like p1to p0 in

Ap0 p2

p1B

11


act like p5to p0 in

A

0 0

011 1

:1:

β:

Processor Lower Bound for Any f


9

Theorem: Any consensus algorithm for f Byzantine failures must have at least 3f+1 processors.

Proof: Use a reduction to the 3:1 case. Suppose in contradiction there is an

algorithm A for f > 1 failures and n = 3f total processors.

Use A as a subroutine to construct an algorithm for 1 failure and 3 processors, a contradiction to theorem just proved.

The Reduction


10

Partition the n ≤ 3f processors into three sets, P0, P1, and P2, each of size at most f.

In the n = 3 case, let p0 simulate P0

p1 simulate P1

p2 simulate P2

If one processor is faulty in the n = 3 system, then at most f processors are faulty in the simulated system.

Thus the simulated system is correct. Let the processors in the n = 3 system decide the

same as the simulated processors, and their decisions will also be correct.

Exponential Tree Algorithm


11

This algorithm uses f + 1 rounds (optimal) n = 3f + 1 processors (optimal) exponential size messages (sub-optimal)

Each processor keeps a tree data structure in its local state

Values are filled in the tree during the f + 1 rounds

At the end, the values in the tree are used to calculate the decision.

Local Tree Data Structure


12

Each tree node is labeled with a sequence of unique processor indices.

Root's label is empty sequence ; root has level 0

Root has n children, labeled 0 through n - 1

Child node labeled i has n - 1 children, labeled i : 0 through i : n-1 (skipping i : i)

Node at level d labeled v has n - d children, labeled v : 0 through v : n-1 (skipping any index appearing in v)

Nodes at level f + 1 are leaves.

Example of Local Tree


13

The tree when n = 4 and f = 1 :

Filling in the Tree Nodes


14

Initially store your input in the root (level 0) Round 1:

send level 0 of your tree to all store value x received from each pj in tree node

labeled j (level 1); use a default if necessary "pj told me that pj 's input was x"

Round 2: send level 1 of your tree to all store value x received from each pj for each tree

node k in tree node labeled k : j (level 2); use a default if necessary

"pj told me that pk told pj that pk's input was x" Continue for f + 1 rounds

Calculating the Decision


15

In round f + 1, each processor uses the values in its tree to compute its decision.

Recursively compute the "resolved" value for the root of the tree, resolve(), based on the "resolved" values for the other tree nodes:

resolve() =

value in tree node labeled if it is a leaf

majority{resolve( ') : ' is a child of } otherwise (use a default if tied)

Example of Resolving Values


16

The tree when n = 4 and f = 1 :

0 0 1 0 0 0 1 1 1 1 1 0

0 0 1 1

0(assuming 0 is the default)

Resolved Values are Consistent


17

Lemma (5.9): If pi and pj are nonfaulty, then pi 's resolved value for its tree node labeled ' j (what pj tells pi for node ') equals what pj stores in its node '.'

'j

'

part of pi's tree part of pj's tree

resolvedvalue = v

originalvalue = v

Resolved Values are Consistent


18

Proof Ideas: By induction on the height of the tree

node. Uses inductive hypothesis to know

that resolved values for children of the tree node corresponding to nonfaulty procs are consistent.

Uses fact that n > 3f and fact that each tree node has at least n - f children to know that majority of children are nonfaulty.

Validity


19

Suppose all inputs are v. Nonfaulty proc. pi decides resolve(), which is

the majority among resolve(j), 0 ≤ j ≤ n-1, based on pi 's tree.

Since resolved values are consistent, resolve(j) (at pi) is value stored at the root of pj 's tree, which is pj 's input value if pj is nonfaulty.

Since there are a majority of nonfaulty processors, pi decides v.

Common Nodes


20

A tree node is common if all nonfaulty procs. compute the same value of resolve().

part of pi's tree part of pj's tree

same resolved value

Common Frontiers


21

A tree node has a common frontier if every path from to a leaf contains a common node.

pink meanscommon

Common Nodes and Frontiers


22

Lemma (5.10): If has a common frontier, then is common.

Proof Ideas: By induction on height of . Uses fact that resolve is defined using majority.

Agreement


23

The nodes on each path from a child of the root to a leaf correspond to f + 1 different procs.

Since there are at most f faulty processors, at least one such node corresponds to a nonfaulty processor.

This node is common (by the lemma about the consistency of resolved values).

Thus the root has a common frontier. Thus the root is common (by preceding

lemma).

Complexity


24

Exponential tree algorithm uses n > 3f processors f + 1 rounds exponential size messages:

each msg in round r containsn(n-1)(n-2)…(n-(r-2)) values

When r = f + 1, this is exponential if f is more than constant relative to n

A Polynomial Algorithm


25

We can reduce the message size to polynomial with a simple algorithm

The number of processors increases to n > 4f

The number of rounds increases to 2(f + 1)

Uses f + 1 phases, each taking two rounds

Phase King Algorithm


26

Code for each processor pi:pref := my inputfirst round of phase k, 1 ≤ k ≤ f+1:

send pref to allreceive prefs of otherslet maj be value that occurs > n/2 times (0 if none)let mult be number of times maj occurs

second round of phase k:if i = k then send maj to all // I am the phase kingreceive tie-breaker from pk (0 if none)if mult > n/2 + f

then pref := majelse pref := tie-breaker

if k = f + 1 then decide pref

Unanimous Phase Lemma


27

Lemma (5.12): If all nonfaulty processors prefer v at start of phase k, then all do at end of phase k.

Proof: Each nonfaulty proc. receives at least n - f

preferences for v in first round of phase k Since n > 4f, it follows that n - f > n/2 + f So each nonfaulty proc. still prefers v.

Phase King Validity


28

Unanimous phase lemma implies validity: Suppose all procs have input v. Then at start of phase 1, all nf procs prefer

v. So at end of phase 1, all nf procs prefer v. So at start of phase 2, all nf procs prefer v. So at end of phase 2, all nf procs prefer v. … At end of phase f + 1, all nf procs prefer v

and decide v.

Nonfaulty King Lemma


29

Lemma (5.13): If king of phase k is nonfaulty, then all nonfaulty procs have same preference at end of phase k.

Proof: Let pi and pj be nonfaulty.

Case 1: pi and pj both use pk 's tie-breaker. Since pk is nonfaulty, they both have same preference.



30

Case 2: pi uses its majority value v and pj uses king's tie-breaker.

Then pi receives more than n/2 + f preferences for v

So pk receives more than n/2 preferences for v

So pk 's tie-breaker is v



31

Case 3: pi and pj both use their own majority values.

Suppose pi 's majority value is v Then pi receives more than n/2 + f

preferences for v

So pj receives more than n/2 preferences for v

So pj 's majority value is also v

Phase King Agreement


32

Use previous two lemmas to prove agreement:

Since there are f + 1 phases, at least one has a nonfaulty king.

Nonfaulty King Lemma implies at the end of that phase, all nonfaulty processors have same preference

Unanimous Phase Lemma implies that from that phase onward, all nonfaulty processors have same preference

Thus all nonfaulty decisions are same.

Complexities of Phase King


33

number of processors n > 4f 2(f + 1) rounds O(n2f) messages, each of size log|V|

csce 668 distributed algorithms and systems

Documents