1. 1 Principles of Reliable Distributed Systems Recitation 7 Byz. Consensus without Authentication ◊S-based Consensus Spring 2008 Alex Shraer

2. 22 Part I Berman & Garay Algorithm for Unauthenticated Byzantine Consensus ([AW] section 5.2.5)

3. 33 Reminder Synchronous, Byzantine Fault-Tolerant, t-resilient consensus algorithms – –Strong unanimity with authentication iff t < n/2 Lecture 6 –Weak unanimity with authentication: iff t < n Recitation 6 –Without authentication: iff t < n/3 EIG algorithm in Lecture 6, we didn’t go over it AW section 5.2.4

4. 44 Model: Unauthenticated Byzantine Round-based synchronous Static set P = {p 1, …, p n } of processes t-out-of-n Byzantine (arbitrary) failures No signatures (no authentication) –But: a receiver of the message can determine who sent it secure point-to-point channels Messages between correct processes are not lost This model was defined in Lamport, Pease, Shostak: The Byzantine Generals Problem, 1980 The Byzantine Generals Problem

5. 5 Berman & Garay (this tutorial) 2(t+1) rounds –Twice the optimal –Not early-deciding n/4-resilient –Not optimal O(1) message size –Optimal EIG Algorithm (lecture 6, but we didn’t go over this in class) t+1 rounds –Optimal –Not early-deciding t<n/3 –Optimal Exponential messages –Size  (n t+2 )

6. 6 Berman & Garay: Algorithm Structure Every process has a preference –Initialized to its input –After t+1 phases becomes a decision t+1 phases, 2 rounds each –Process p k is the king of phase k

7. 7 The Algorithm’s phases Odd round (round 2k – 1, 1  k  t+1) –Processes exchange preference values –Compute the majority value (┴ if none) –Denote by mult the #votes for majority Even round (round 2k, 1  k  t+1) –King (process p k ) broadcasts its majority value –Receive king’s majority (┴ if none) –Update preference: if (mult > n/2 + t) then preference  majority else preference  king’s majority After t+1 phases, decide on preference Phase Note: king is ignored if majority has > n/2+t votes

8. 8 Correctness Termination: immediate Lemma 1: If all correct processes prefer v at the beginning of phase k, then they prefer v at the end of phase k. Proof: Suppose that all correct processes prefer v at the beginning of phase k Each process receives at least n – t copies of v (including its own) in the first round of phase k Note: n > 4t  n/2 > 2t  n > n/2+ 2t  n – t > n/2+ t Thus, all correct processes will prefer v at the end of phase k

9. 9 Validity Validity (Strong Unanimity) –If the input of all the correct processes is v then no correct process decides a value other than v Proof (by induction, using Lemma 1): If all correct processes start with the same input v They continue to prefer v throughout the phases –by Lemma 1; and –since the preference at the end of one phase is the preference at the beginning of the next Finally, they decide on v at the end of phase k + 1

10. 10 Agreement Observation: There are at most t faulty processes, and t+1 phases. Therefore, there is at least one phase whose king is correct Lemma 2: Let k be a phase whose king p k is correct. Then all the correct processes finish this phase with the same preference Proof: consider phase k Case 1: All correct processes use king’s majority for their preference. Since the king is correct it sends everyone the same value, and we’re done Case 2: Some correct process p i uses its own majority value, maj for its preference Thus, in the first round, p i receives more than n/2 + t votes for v  More than n/2 correct processes sent v Every correct process receives more than n/2 votes for v and sets its majority to be v in the first round. Including the king! Thus, in the second round, all correct processes set the preference to v, whether they adopt the king’s majority or their own

11. 11 Agreement – Cont. Lemma 2: Let k be a phase whose king p k is correct. Then all the correct processes finish this phase with the same preference Thus, at the end of phase k all processes have the same preference –If k=t + 1, they all decide the same –Otherwise, they all have the same preference at the start of phase k+1 and we continue using Lemma 1

12. 12 Optimal Synchronous Byzantine Agreement in all Regards? Garay & Moses algorithm (STOC 1993) –n/3-resilient –t+1 rounds –Polynomial messages

13. 13 Part II ◊S-based Consensus [Mostefaoui, Raynal 99]

14. 14 Reminder: ◊P and ◊S Failure Detectors ◊P - Eventually Perfect: –Strong Completeness: From some point on, every faulty process is suspected by every correct process –Eventual Strong Accuracy: From some point on, no correct process is suspected ◊S - Eventually Strong: –Strong Completeness –Eventual Weak Accuracy: There exists some correct process that is not suspected by any correct process from some point on Processes do not know who this process is

15. 15 Our Model n processes 1,…,n Reliable links between correct processes Asynchronous –Messages can be delayed arbitrarily Non-assumption –Processes take steps at asynchronous times No clocks ◊S failure detector t<n/2 crash failures –Optimal for ◊S (Chandra, Toueg JACM 96)Chandra, Toueg JACM 96 –A process that crashes at any point in a run is faulty in that run

16. 16 ◊S-based Consensus: MR Algorithm [ Mostefaoui, Raynal 99 ] Asynchronous rounds: –Each process locally progresses through rounds r = 1, 2, 3, … –Different processes can progress at different times Rotating coordinator –Process i mod n is the coordinator of round i Each round consists of two phases

17. 17 val  input; est   || for r =1, 2, … do coord  (r-1 mod n)+1 if I am coord, then send (r,val) to all wait for ( (r, v) from coord OR suspect coord (by ◊S)) if receive v from coord then est  v else est   send (r, est) to all wait for (r,e) from n-t processes if any non-  value e received then val  e if all received e’s have same non-  value v then send (“decide”, v) to all return(v) || Upon receive (“decide”, v), forward to all; return(v) 1 2 <>S-based Consensus [ Mostefaoui, Raynal 99 ] [ Mostefaoui, Raynal 99 ] Note: the only values sent are the coord’s val and  Note: return is like decide and halt

18. 18 MR Principles: Phase 1 The purpose of the 1 st phase: –Ensure that for every p i, est i  {val coord,  } Progress: why does the 1 st phase terminate? –By Strong Completeness property of <>S, if the coordinator crashes, then every correct process will eventually either receive a message from the coordinator, or suspect the crashed coordinator Note: Because of asynchrony, and since the failure detector is unreliable, some of the processes may have est = null while others have est = val coord

19. 19 MR Principles: Phase 2 A process p i finishes the 2 nd phase when it has received (r, est) from a majority of processes Why is the majority important? –Every two majority sets intersect –If one process got n-t values of v: if all received e’s have same non-  value v then send (“decide”, v) to all return(v) –then some other process got at least one value of v: if any non-  value e received then val  e –Thus, If process p i decides v during r, and if process p j progresses to r+1, then p j does it with est = v The purpose of the 2 nd phase: –Ensure that the Agreement property is never violated Progress: why does the 2 nd phase terminate? –Since there are at least n-t correct processes

20. 20 Second Phase (cont’d) Notation: –v = val coord –rec i – the set of received est values at the end of phase II. –rec i = {  } or {v} or {v,  } Consider three cases: 1.rec i = {v}  (rec j = {v}) or (rec j = { , v})  decide v 2.rec i = {  }  (rec j = {  }) or (rec j = { , v})  skip to the next round 3.rec i = {v,  }  (rec j = {v}) or (rec j = {  }) or (rec j = { , v})  update est to v (why?)

21. 21 val  input; est   || for r =1, 2, … do coord  (r-1 mod n)+1 if I am coord, then send (r,val) to all wait for ( (r, v) from coord OR suspect coord (by ◊S)) if receive v from coord then est  v else est   send (r, est) to all wait for (r,e) from n-t processes if any non-  value e received then val  e if all received e’s have same non-  value v then send (“decide”, v) to all return(v) || Upon receive (“decide”, v), forward to all; return(v) Do all processes decide at the same time? 1 2 Why do we need “send (“decide”, v) to all”?

22. 22 n=4, t=1 v v v v  v v v v v return(v) Round 1 Round 2 Suspect p1 They are stuck waiting for n – t = 3 messages

23. 23 Disseminating the decision Q: ok, so we need the “ send (“decide”, v) to all ”. But why “forward to all”? –|| Upon receive (“decide”, v), forward to all; return(v) A: to prevent a process from blocking forever. A process that decides uses reliable broadcast to disseminate its decision value.

24. 24 n=4, t=1 v v v v  v v v v v v Round 1 Round 2 Suspect p1 v return(v) The “decide” message reaches only one process since the sender crashes. We need the receiver to forward to all, i.e., reliable broadcast Stuck again…