410 likes | 596 Views
In Byzantium. Presented by: Hossein Ahmadi CS 525, Spring 2008. The Byzantine Generals Problem. Leslie Lamport, Robert Shostak, and Marshall Pease. Byzantine Generals. Byzantine army is camped outside an enemy city. Byzantine Generals. Generals communicate with messengers. Messenger.
E N D
In Byzantium Presented by: Hossein Ahmadi CS 525, Spring 2008
The Byzantine Generals Problem Leslie Lamport, Robert Shostak, and Marshall Pease
Byzantine Generals • Byzantine army is camped outside an enemy city
Byzantine Generals • Generals communicate with messengers Messenger Attack
Byzantine Generals • They want to reach a common decision Attack Attack Attack Attack Attack
Byzantine Generals • Some generals can be traitors The war is over, What are you doing here? Attack Retreat Surrender!
Byzantine Generals Problem • The problem is how loyal generals can reach an agreement • Small number of traitors can’t make them adopt a bad plan • Each general receives v(i) from general i and decides based on values v(1), …, v(n) • It is solved if we guarantee: • Any two loyal general use the same v(i) • For every loyal general i, the same v(i) should be used for all generals.
Byzantine Generals Problem • Rephrase the problem: A commanding general and n – 1 lieutenants. • A commanding general must send order to all lieutenants: • All loyal lieutenants obey the same order • If the commanding general is loyal, then every lieutenant obeys his order. • Assumptions? • Oral messages • Signed messages
Oral Messages • Assumptions: • Every message that is sent is delivered correctly. • The receiver of a message knows who sent it. • The absence of a message can be detected. • With m traitors we need at least 3m+1 or more generals.
Impossible Agreement Attack Attack ? General says “Retreat”
Impossible Agreement Attack Retreat ? General says “Retreat”
Oral Messages Algorithm • Assume every two generals can communicate directly. • With m traitors we can solve the problem if we have 3m + 1 generals: • Define OM(m) recursively: Oral Messages algorithm for 3m+1 or more generals when m traitors are present • AlgorithmOM(0): • The commander sends his value to every lieutenant. • Each lieutenant uses the value he receives from the commander, or uses the value RETREAT if he receives no value.
Oral Messages Algorithm • OM(m): (1) The commander sends his value to every lieutenant. v1 vn-1 … v2 … {v1} {v2} {vn-1}
Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) Commanding General for OM(m-1) vn-1 … v1 {v1} {v1, v2} {v1, vn-1}
Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) Commanding General for OM(m-1) v2 … v2 {v1,v2} {v1, v2} {v1, v2, vn-1}
Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) vn-1 OM(m-1) General vn-1 … {v1,v2,…,vn-1} {v1, v2,…, vn-1} {v1, v2,…, vn-1}
Oral Messages • OM(m): (3) Each lieutenant uses value majority(v1,…,vn-1) … majority(v1,…,vn-1) majority(v1,…, vn-1) majority(v1,…, vn-1)
Oral Messages - Correctness • Two cases: • General is loyal: All lieutenants obey general’s order • General is traitor: we have m-1traitors and 3mlieutenants left • OM(m-1) successfully delivers correct values • Any two loyal lieutenants get the same vj • All loyal lieutenants have the same {v1, … , vn} • Exponential message complexity in terms of m
Oral Messages - Example • Example: General is traitor x z y y y x z x {x,y,z} {x,y,z} {x,y,z} z
Oral Messages • Example: A lieutenant is traitor v v v v v v y v {v,v,z} {v,v,y} z
Signed messages • New assumption: • A loyal general's signature cannot be forged, and any alteration of the contents of his signed messages can be detected. • Anyone can verify the authenticity of a general's signature. • No assumptions about a traitorous general's signature. • His signature to be forged by another traitor permitting collusion among the traitors.
Signed messages • The problem can be solved with any number of generals and traitors • Define SM(m) : Signed Message algorithm for at most m traitors • x:i, value x signed by i • Vi the set of orders received by i • At any step, lieutenants ignore messages with inconsistent signatures.
SM Algorithm • SM(m): 1. The commander signs and sends his value to every lieutenant. v1:0 vn-1:0 … v2:0 …
SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v1:0:1 v1:0:1 … V1={v1}
SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v2:0:2 v2:0:2 … V2={v2}
SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v1:0:1:2 … V2={v1,v2}
SM Algorithm • (3) For each i: When Lieutenant i will receive no more messages, he obeys the order choice(Vi). • If the set V consists of the single element v, then choice(V) = v. … choice(V1) choice(V2) choice(Vn-1)
Signed Messages - Example • Example: General is traitor x:0 y:0 y:0:2 x:0:1 {x,y} {x,y}
Signed Messages - Correctness • General is loyal: • All nodes have the same “v:0” • General is traitor: • If a loyal lieutenant have a value v, then after m retransmission of the message, all loyal lieutenants have v • All loyal lieutenants have the same set Vi • Still exponential message complexity
Indirect Communication • What happens if some generals can not directly communicate? • A set of nodes {i1, . . . , ip} is said to be a regular set of neighbors of a node if • each ij is a neighbor of i, and • for any general k different from i, there exist paths yj,kfrom ijto k not passing through i such that any two different paths yi,k have no node in common other than k. • The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes.
Indirect Communication Algorithms • OM(m): • Solution to m traitors exists if generals form a 3m-regular graph • For 3m+1, 3m-regular graph is fully connected graph • SM(m): • SM(m) can’t work if the set of loyal lieutenants is not connected • For any m and d, if there are at most m traitors and the subgraph of loyal generals has diameter d, then Algorithm SM(m + d - 1) solves the Byzantine Generals Problem.
Discussion • Can we implement OM and SM in real systems? • If we find m then the message complexity can be reduced, but how we can know what is m? • Can we find the traitor? • What we can do with link failures?
Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov
System Model • n Replica of a state machine serving clients. • Tolerate f simultaneous Byzantine failures, if n is greater than 3f+1 • One replica is primary replica and the others are called backups. • The primary replica changes when its failure is detected • For each view there is a Assumptions: • State machines are deterministic: given the same input, the same output is produced by non faulty nodes • All start at the same state.
Algorithm • A client sends a request to invoke a service operation to the primary • The primary multicasts the request to the backups • Replicas execute the request and send a reply to the client • The client waits for f+1 replies from different replicas with the same result; this is the result of the operation. • All non-faulty nodes agree on a total order of execution of requests
Algorithm • Done in three phases • Pre-prepare • Prepare • Commit Total order of requests Total order of replies
PeerReview: Practical Accountability forDistributed Systems Andreas Haeberlen, Petr Kuznetsov, and Peter Druschel
PeerReview • Each node consists of an application, detection module, and state machine. • exposed(j) : i has obtained proof of j’s misbehavior • suspected(j) : i suspects that j does not send a message that it is supposed to send • trusted(j) is issued otherwise.
Assumptions • The state machines Si are deterministic. • A message sent from one correct node to another is eventually received, if retransmitted sufficiently often. • Each node has a public/private keypair bound to a unique node identifier. Nodes can sign messages, and faulty nodes cannot forge the signature of a correct node. • Each node has access to a reference implementation of all Sj . • There is a function w that maps each node to its set of witnesses
PeerReview System A's witnesses • Nodes log their input & output messages. Logs can not be tampered with. • A set of witnesses audit logs periodically using trusted copy of reference machine. • The witness informs others of the evidence. • Other nodes check evi-dence, report fault C D E M M A M B A's log B's log *Images and animations from authors SOSP’07 presentation