CPSC 668Set 10: Consensus with Byzantine Failures1 CPSC 668 Distributed Algorithms and Systems Fall 2006 Prof. Jennifer Welch

CPSC 668Set 10: Consensus with Byzantine Failures2 Consensus with Byzantine Failures How many processors total are needed to solve consensus when f = 1 ? Suppose n = 2. If p 0 has input 0 and p 1 has 1, someone has to change, but not both. What if one processor is faulty? How can the other one know? Suppose n = 3. If p 0 has input 0, p 1 has input 1, and p 2 is faulty, then a tie-breaker is needed, but p 2 can act maliciously.

CPSC 668Set 10: Consensus with Byzantine Failures3 Processor Lower Bound for f = 1 Theorem (5.7): Any consensus algorithm for 1 Byzantine failure must have at least 4 processors. Proof: Suppose in contradiction there is a consensus algorithm A = (A,B,C) for 3 processors and 1 Byzantine failure. p0p0 p2p2 p1p1 A C B

CPSC 668Set 10: Consensus with Byzantine Failures4 Specifying Faulty Behavior Consider a ring of 6 nonfaulty processors running components of A like this: This execution  probably doesn't solve consensus (it doesn't have to). But the processors do something -- this behavior is used to specify the behavior of faulty processors in executions of A in the triangle. p0p0 A p2p2 C p1p1 B p3p3 A p4p4 B p5p5 C

CPSC 668Set 10: Consensus with Byzantine Failures5 Getting a Contradiction Let  0 be this execution: p0p0 p2p2 p1p1 C B 00 0 act like p 0 to p 1 in  act like p 0 to p 5 in  p 1 and p 2 must decide 0

CPSC 668Set 10: Consensus with Byzantine Failures6 Getting a Contradiction Let  1 be this execution: p0p0 p2p2 p1p1 B 11 1 act like p 2 to p 1 in  act like p 5 to p 0 in  p 0 and p 1 must decide 1 A

CPSC 668Set 10: Consensus with Byzantine Failures7 The Contradiction Let  be this execution: p0p0 p2p2 p1p1 C 01 ? act like p 4 to p 5 in  act like p 1 to p 0 in  What do p 0 and p 2 decide? A view of p 0 in  = view of p 0 in  = view of p 0 in  1  p 0 decides 1 view of p 2 in  = view of p 2 in  = view of p 2 in  0  p 2 decides 0

CPSC 668Set 10: Consensus with Byzantine Failures8 Processor Lower Bound for Any f Theorem: Any consensus algorithm for f Byzantine failures must have at least 3f+1 processors. Proof: Use a reduction to the 3:1 case. Suppose in contradiction there is an algorithm A for f > 1 failures and n = 3f total processors. Use A to construct an algorithm for 1 failure and 3 processors, a contradiction.

CPSC 668Set 10: Consensus with Byzantine Failures9 The Reduction Partition the n ≤ 3f processors into three sets, P 0, P 1, and P 2, each of size at most f. In the n = 3 case, let –p 0 simulate P 0 –p 1 simulate P 1 –p 2 simulate P 2 If one processor is faulty in the n = 3 system, then at most f processors are faulty in the simulated system. Thus the simulated system is correct. Let the processors in the n = 3 system do the same as the simulated processors, and it will also be correct.

CPSC 668Set 10: Consensus with Byzantine Failures10 Exponential Tree Algorithm This algorithm uses –f + 1 rounds (optimal) –n = 3f + 1 processors (optimal) –exponential size messages (sub-optimal) Each processor keeps a tree data structure in its local state Values are filled in the tree during the f + 1 rounds At the end, the values in the tree are used to calculate the decision.

CPSC 668Set 10: Consensus with Byzantine Failures11 Local Tree Data Structure Each tree node is labeled with a sequence of unique processor indices. Root's label is empty sequence ; root has level 0 root has n children, labeled 0 through n - 1 Child node labeled i has n - 1 children, labeled i : 0 through i : n-1 (skipping i : i) Node at level d labeled v has n - d children, labeled v : 0 through v : n-1 (skipping any index appearing in v) Nodes at level f + 1 are leaves.

CPSC 668Set 10: Consensus with Byzantine Failures12 Example of Local Tree The tree when n = 4 and f = 1 :

CPSC 668Set 10: Consensus with Byzantine Failures13 Filling in the Tree Nodes Initially store your input in the root (level 0) Round 1: –send level 0 of your tree to all –store value x received from each p j in tree node labeled j (level 1); use a default if necessary –"p j told me that p j 's input was x" Round 2: –send level 1 of your tree to all –store value x received from each p j for each tree node k in tree node labeled k : j (level 2); use a default if necessary –"p j told me that p k told p j that p k 's input was x" Continue for f + 1 rounds

CPSC 668Set 10: Consensus with Byzantine Failures14 Calculating the Decision In round f + 1, each processor uses the values in its tree to compute its decision. Recursively compute the "resolved" value for the root of the tree, resolve ( ), based on the "resolved" values for the other tree nodes: resolve (  ) = value in tree node labeled  if it is a leaf majority{ resolve (  ') :  ' is a child of  } otherwise (use a default if tied)

CPSC 668Set 10: Consensus with Byzantine Failures15 Example of Resolving Values The tree when n = 4 and f = 1 : (assuming 0 is the default)

CPSC 668Set 10: Consensus with Byzantine Failures16 Resolved Values are Consistent Lemma (5.9): If p i and p j are nonfaulty, then p i 's resolved value for tree node labeled  ' j (what p j tells p i for node  ') equals what p j stores in its node  '. Proof Ideas: By induction on the height of the tree node. Uses inductive hypothesis to know that resolved values for children of the tree node corresponding to nonfaulty procs are consistent. Uses fact that n > 3f and fact that each tree node has at least n - f children to know that majority of children are nonfaulty.

CPSC 668Set 10: Consensus with Byzantine Failures17 Validity Suppose all inputs are v. Nonfaulty proc. p i decides resolve ( ), which is the majority among resolve (j), 0 ≤ j ≤ n-1, based on p i 's tree. Since resolved values are consistent, resolve(j) (at p i ) is value stored at the root of p j 's tree, which is p j 's input value if p j is nonfaulty. Since there are a majority of nonfaulty processors, p i decides v.

CPSC 668Set 10: Consensus with Byzantine Failures18 Common Nodes and Frontiers A tree node  is common if all nonfaulty procs. compute the same value of resolve (  ). A tree node  has a common frontier if every path from  to a leaf contains a common node. Lemma (5.10): If  has a common frontier, then  is common. Proof Ideas: By induction on height of . Uses fact that resolve is defined using majority.

CPSC 668Set 10: Consensus with Byzantine Failures19 Agreement The nodes on each path from a child of the root to a leaf correspond to f + 1 different processors. Since there are at most f faulty processors, at least on such node corresponds to a nonfaulty processor. This node is common (by the lemma about the consistency of resolved values). Thus the root has a common frontier. Thus the root is common (by preceding lemma).

CPSC 668Set 10: Consensus with Byzantine Failures20 Complexity Exponential tree algorithm uses n > 3f processors f + 1 rounds exponential size messages: –each msg in round r contains n(n-1)(n-2)…(n-(r-2)) values –When r = f + 1, this is exponential if f is more than constant relative to n