1. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 1 Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine Consensus (Continued) Spring 2009 Idit Keidar

2. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 2 Today’s Material Attiya and Welch, Distributed Computing, –Ch. 5 Nancy Lynch, Distributed Algorithms, –Ch. 6

3. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 3 The Byzantine Generals Problem First formulation of the consensus problem [Pease, Shostak, Lamport 80] Let’s attack Let’s not attack

4. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 4 Byzantine Faults Faulty process can behave arbitrarily, i.e., they don’t have to follow the protocol. E.g., –can suffer benign failures – crash, timing; –can send bogus values in messages; –can send messages at the wrong time; –can send different messages to different processes; etc. Captures software bugs, hacker intrusions

5. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 5 Byzantine Nodes can Lead Correct Nodes to Conflicting Decisions Correct nodes cannot know whom to believe נדיח את מרינה נדיח את גיא

6. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 6 2 Byzantine Models 1.Authenticated –Uses digital signatures –Assumes PKI – Public Key Infrastructure 2.Un-authenticated –No digital signatures –Secure point-to-point communication –Over the Internet – implemented with symmetric keys

7. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 7 Validity: Take II Strong unanimity: If the input of all the correct processes is v then no correct process decides a value other than v

8. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 8 Validity: Take III Weak unanimity: If the input of all the correct processes is v and no process fails then no correct process decides a value other than v

9. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 9 Summary of Known Results Synchronous, Byzantine Fault-Tolerant, t-resilient consensus algorithms – –Strong unanimity with authentication iff t < n/2 Last week –Weak unanimity with authentication: iff t < n Last week recitation –Without authentication: iff t < n/3 Up next

10. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 10 Model 2: Unauthenticated Byzantine Round-based synchronous Static set P = {p 1, …, p n } of processes t-out-of-n Byzantine (arbitrary) failures –t < n/3 or t < n/4 No signatures (no authentication) –But secure point-to-point channels –Model of [Lamport, Pease, Shostak 80]

11. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 11 Secure Point-to-Point Channels Authentication: The receiver of a message can ascertain its origin –An intruder cannot masquerade as someone else Integrity: The receiver of a message can verify that it has not been modified in transit –An intruder cannot substitute a false message for a legitimate one Do NOT provide Nonrepudiation – no way to prove to others that the message was received

12. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 12 EIG: Reminder round 1: send  v i, p i  to all in every round 2 ≤ k ≤ t+1: for every received message m: if (m has k-1 different ids and not mine) then send  m, p i  to all Forward all received messages in every round t+1 rounds Exponential messages

13. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 13 Information Gathering Tree v1v1 v2v2 vnvn … v 1 p 2 v 1 p 3 … v 2 p 1 v 2 p 3 v n p 1 v n p 2 …… Round 1 Round 2 v n p 1 p 2..p t … v 1 p 2 p 3 …p t+1 … Round t+1

14. EIG Decision W/Out Signatures Each node collects information from received messages in a tree Trees might be different at different nodes –Why?

15. After t+1 Rounds Use the tree to choose a decision value Assign values to leaves –round t+1 messages Resolve tree from leaves upward –assigning values to all nodes Decide on root’s value –a predefined default value if it is  (nil)

16. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 16 Resolving Internal Nodes Take strict majority of child values –nil  if none exists Each node has at least n-t children (t+1 levels) –At least n-2t  3t+1-2t = t+1 correct ones –Correct children are a majority –If node does not lie – all correct children are the same ???  ?  

17. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 17 Validity At a correct p i, for a correct p j –in the resolved information gathering tree –level 1 node j holds correct v j Strong Unanimity: If the input of all correct processes is v then all correct processes decide v v1v1 v2v2 vnvn …Round 1

18. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 18 Agreement Lemma Common node: resolved value agreed upon by all correct processes Lemma: in every sub-tree, if there is a common node in every path from a leaf to the root, then the root is common ……

19. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 19 Proving Agreement The depth of the tree is t+1 So there is a correct process on the path to the root from every leaf in the tree All correct processes are common –Proven where we showed Validity From the lemma, the root is common

20. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 20 EIG Algorithm: Summary Optimal worst-case number of rounds –t+1 –Not early-deciding Optimal resilience –t<n/3 Exponential messages –Send all round k messages in one big message –Size O(n t )

21. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 21 Polynomial Algorithm: Berman & Garay 2(t+1) rounds –Twice the optimal –Not early-deciding n/4-resilient –Not optimal O(1) message size –Optimal

22. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 22 Algorithm Structure Every process has a preference –Initialized to its input –After t+1 phases becomes a decision t+1 phases, 2 rounds each –Process p k is the king of phase k

23. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 23 The Algorithm’s Rounds Odd round –Processes exchange preference values –Compute the majority (default value if none) Even round –King broadcasts its majority value –Each process updates its preference (see next slide) After t+1 phases, decide on preference Phase

24. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 24 Preference Update Rule # votes for majority > n/2+t ? –preference  majority Otherwise –preference  king’s majority Note: king is ignored if majority has > n/2+t votes

25. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 25 Lemma 1 If all correct processes prefer v at the beginning of phase k, then they prefer v at the end of phase k. Note: n > 4t  n-t > n/2+t

26. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 26 Validity Validity (Strong Unanimity) –If the input of all the correct processes is v then no correct process decides a value other than v. Proof: –By induction, using Lemma 1.

27. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 27 Agreement Observation: There is at least one phase whose king is correct. Lemma 2: Let k be a phase whose king p k is correct. Then all the correct processes finish this phase with the same preference.

28. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 28 Termination Immediate

29. Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring 2009 29 Optimal Synchronous Byzantine Agreement in all Regards? Solved in 1993 Garay & Moses algorithm –n/3-resilient –t+1 rounds –Polynomial messages