Embed Size (px)
Citation preview
The Byzantine Generals ProblemsLESLIE LAMPORT, ROBERT SHOSTAK, and MARSHALL PEASE
!Present by: Nguyen Thi Mai & Nguyen Van Luong
Motivation
A reliable computer system must be able to cope with a failure of one or more of its components
A failed computer behaviour in this case:
Sending conflicting messages to different parts of the system
Not sending some of the messages
MotivationAll generals must agree upon a common battle plan
Communicate only be messenger
Some of generals are traitors who try to confuse the others
Outline
Motivation
Oral Messages algorithm
Signed Messages algorithm
Conclusion
Formally
1. All loyal lieutenants obey the same order
2. If the commander is loyal, then every loyal lieutenant obeys the order he sends
Oral Message algorithm
Assumptions:
Every message that is sent is delivered correctly
A receiver of a message knows who sent it
The absence of a message can be detected
Oral Message algorithmA recursive definition, with a base case for m=0, and a recursive step for m > 0:
Algorithm OM(0) :
1.The commander sends his value to every lieutenant.
2.Each lieutenant uses the value he receives from the commander.
Algorithm OM(m), m > 0
1.The commander sends his value to each lieutenant.
2.For each i, let vi be the value lieutenant i receives from the commander. Lieutenant i acts as the commander in Algorithm OM(m-1) to send the value vi to each of the n-2 other lieutenants.
3.For each i, and each j ≠ i, let vi be the value lieutenant i received from lieutenant j in step 2 (using Algorithm OM(m-1)). Lieutenant i uses the value Majority(v1, v2, … vn).
Oral Message algorithmLemma 1:
For any m and k, Algorithm OM(m) satisfies (2) if there are more than 2k+m generals and at most k traitors
Theorem 1:
For any m, algorithm OM(m) satisfies conditions 1 and 2 if there are more than 3m generals, and at most m traitors.
Oral Message algorithmExample: Bad Lieutenant
Scenario: m=1, n=4, traitor = L3
C
L1 L3L2
AA
AOM(1):
OM(0):???
C
L1 L3L2A
AR
R
Decision?? L1 = m (A, A, R); L2 = m (A, A, R); Both attack!
Oral Message algorithmExample: Bad Commander
Scenario: m=1, n=4, traitor = C
C
L1 L3L2
AR
AOM(1):
OM(0):???L1 L3L2A
RA
A
Decision?? L1=m(A, R, A); L2=m(A, R, A); L3=m(A,R,A); Attack!
R
A
Signed Message algorithmMore assumptions:
A loyal general’s signature cannot be forged, and any alteration of the contents of his signed message can be detected
Anyone can verify the authenticity of a general’s signature
=> There exists an algorithm that copes with m traitors for any number of generals (n≥m+2)
Signed Message algorithm1. Commander signs v and sends to all as (v:0)
2. Each lieutenant i:
A) If receive (v:0) and no other order
1) Vi = v
2) send (V:0:i) to all
B) If receive (v:0:j:...:k) and v not in Vi
1) Add v to Vi
2) if (k<m) send (v:0:j:...:k:i) to all not in j...k
3. When no more msgs, obey order of choice(Vi)
Signed Message algorithm
choice(V):
• If V={v} then choice(V)= v
• choice(Empty)=Default
Signed Message algorithmSM(1) Example: Bad Commander
Scenario: m=1, n=m+2=3, bad commander
C
L1 L2
A:0 R:0
What next?
L1 L2A:0:L1
R:0:L2V1={A,R} V2={R,A} Both L1 and L2 can trust orders are from C Both apply same decision to {A,R}
Signed Message algorithmSM(2): Bad Commander+
Scenario: m=2, n=m+2=4, bad commander and L3
C
L1 L3L2
A:0A:0
xGoal? L1 and L2 must make same decision
L1 L3L2A:0:L1
A:0:L2A:0:L3
R:0:L3
L1 L2R:0:L3:L1
V1 = V2 = {A,R} ==> Same decision
ConclusionProblem: To implement a fault-tolerant service with coordinated replicas, must agree on inputs
Byzantine failures make agreement challenging: Produce arbitrary output, can’t detect, collude
User different agreement protocol depending on assumptions:
Oral messages:
Need 3f+1 nodes to tolerate f failures
Difficult because traitors can lie about what others said
Signed messages:
Need f+2 nodes
Easier because traitors can only lie about other traitors
“Question???”
