Randomized Algorithms for Distributed Agreement Problems Peter Robinson

Distributed System a a c c d d b b network consists of n distributed nodes sending/receiving messages over links nodes have local view good nodes execute algorithm Adversary controls behavior of t bad (Byzantine, malicious) nodes 0 1

Round-Based Computation round 1round 2round 3 space-time diagram visualizes run of algorithm round: send – receive – compute a a c c b b

Agreement Problems Nodes start with input value (e.g. {0, 1} or ids) Goal: after R rounds, all nodes decide on same value Easy without Byzantine nodes a a c c d d b b dec 1

Simple Algorithm - no Byzantine nodes round 1 a a c c b b node decides on majority value dec 1

Simple Algorithm – foiled by Adversary round 1 a a c c node decides on majority value dec 1 dec 0 Adversary knows starting values! Byzantine nodes know current network state

Important Agreement Problems Byzantine Agreement Nodes start with 0, 1 Eventually, all good nodes decide on same value v. If every node started with w, then decision value must be w. Leader Election Set A of Byzantine nodes Eventually, all good nodes elect same node as the leader. Requirement: bound on probability that leader is bad.

Byzantine Agreement (BA) Theorem. Any deterministic BA protocol takes at least t + 1 rounds. Theorem. There is a Las Vegas BA protocol that reaches agreement in O(1) rounds.

Assumptions Global coin: Every node can read outcome of global coin toss in every round. # of bad nodes bad nodes cannot fake other nodes’ identity when sending messages In every round, adversary knows entire state of network. BUT: it doesn’t know outcome of future coin flips!

Randomized BA - Code for Node i Input: value b i vote = b i For each round do 1. broadcast vote 2. receive votes from all other nodes 3. maj := majority value among rcvd votes (incl. vote) 4. tally := # of occurrences of maj among rcvd votes 5. if global-coin = HEADS then threshold := 5n/ else threshold := 6n/ if tally ≥ threshold then vote := maj 8. else vote := 0 9. if tally ≥ 7n/8 then decide on maj

Lemma 1. If all good nodes have same vote = b in some round, then all decide in O(1) rounds. Lemma 2. Suppose 2 good nodes compute different values for maj in round r. Then, all nodes have tally < threshold in r and decide on 0 in r+1. ⇒ we can focus on case where maj values are the same!

Lemma 4. Suppose all good nodes compute same values for maj in round r. The expected number of rounds before reaching an unfoiled round is 2. Round r is foiled if 2 good nodes compute different values for vote in r. Lemma 3. If round r is unfoiled, then all good nodes decide by round r+1. Theorem. There is a Las Vegas BA protocol that reaches agreement in O(1) rounds.

Leader Election Set of t bad nodes chosen by adversary Eventually, all good nodes elect the same node as the leader. Requirement: bound on probability that leader is bad. Every node has private coin.

Baton Passing Protocol Works for Byzantine nodes O(n) rounds for election Initially node 1 has baton. For rounds do: 1.Let U be set of nodes that have not yet held baton 2.Let node p be the current baton-holder 3.Node p passes baton to a randomly chosen node in U. In round n: current baton holder becomes leader

Theorem. The baton passing protocol elects a good leader with probability if, for some constant c, for any. Good node chooses next nodes at random Bad nodes will try to pass baton to good nodes. Adversary will not choose initial node to be Byzantine.

f(s,t) = prob of electing bad node, given s unselected good nodes, t unselected bad nodes, and current baton holder is good. g(s,t) = prob of electing bad node, given s unselected good nodes, t unselected bad nodes, and current baton holder is bad.

Lemma 1 (adversary strategy). For all s, t, it holds that. Lemma 2.

Lemma 1 (recurrence bound) For all s ≥0, t ≥ 1: Consider some and. We get, i.e. success probability of. Drawbacks of baton passing: “sequential” - election time O(n) rounds cannot tolerate linear # of bad nodes

Lightest Bin Protocol Uses balls-into-bins model to foil adversary Tolerates bad nodes Running time O(log * n) rounds Requires atomic broadcast – restricts adversary.

Subroutine: Simple 2-Bin Protocol Let X := set of nodes In every round do, while |X| > 1: 1.Nodes in X broadcast private random bit. 2.Let X i be set of nodes that send value i. Atomic broadcast provides consistent views. 3.if |X 0 | ≥ |X|/2 then X := X 1 else X := X 0 Elect remaining element of X. k = 2 h good nodes, for some h ≥ 1 k > n/2

Lemma 1. The simple protocol elects a good leader with probability ≥ in O(log n) rounds.

The Lightest Bin Protocol Let be number of bins. In every round do, while |X| > C, for fixed constant C: 1.Every node in X randomly chooses one of m bins. 2. X := lightest bin, i.e., chosen by fewest nodes Run Simple 2-bin protocol on nodes in X. Elect remaining node to be leader.

Lemma 1. At the end of every round, set X contains a majority of good nodes with high probability. Lemma 2. The lightest bin protocol has a round complexity of O(log * n) rounds.

Leader Election - Success Probability Lower Bound Consider run of A without bad nodes. p i = probability of node i to become leader: Set T of t largest p i ’s add up to. Adversary can choose T to be bad. Theorem. The failure probability of any leader election protocol A is at least t/n.