The Byzantine Generals Strike Again Danny Dolev

Introduction We’ll build on the LSP presentation. Prove a necessary and sufficient condition on the network graph in order for the problem to be solvable. The model becomes more specified. The problem definition changes. Two new concepts – Crusader agreement and explicitly faulty processors.

New Agreement IC1 and IC2 are called here “Byzantine Agreement”. We change the requirements, postulating the “Crusader Agreement”. (z is the processor which sends the message, previously known as the “commander”). –Cru1. All reliable receivers that do not explicitly know z is faulty agree on the same message. –Cru2. If z if reliable, then all the reliable receivers agree on its message.

Upper Bound on Faulty Processors We aim at finding t, the upper bound on the number of faulty processors a system can tolerate and still reach the crusader agreement. Trivially, t exists – Obviously if t=n then no agreement can be reached and if t=0 both agreements can be reached. Intuitively, t depends on the system’s topology (consider a tree graph).

Intermission – Graph Connectivity Given a graph G: G is not connected if there exist two vertices u and v s.t. there’s no path from u to v. A cut is a set of vertices whose removal renders G not connected. Connectivity of G (denoted k) is the size of the smallest cut. G is said to be k-connected. If G is k-connected, there exist at least k disjoint paths between every pair of vertices. (AKA Menger Theorem).

Result – We’ll Show That t is independent of the type of agreements (Byzantine or crusader). t depends only on the number of processors and the connectivity of the network. Both agreements can be achieved in a network G if and only if: –1. t is less than half of the connectivity of G. AND –2. t is less than one third of the total number of processors in G.

Explicitly Knowing z is Faulty Note that if z is faulty, the processors are split into 3 separate groups: –Faulty processors. –Reliable processors who know z is faulty. –Reliable processors who don’t know z is faulty. Only the third group is required to agree on a single message of z. Intuitively, a processor can know z is faulty if it receives enough conflicting versions of it’s message.

Extra Assumptions (1) We add these assumptions about routing: A message contains its full routing information. This implies the entire communication graph is known to every processor. Remember a faulty processor can alter any information a message contains, including its routing path.

Extra Assumptions (2) A reliable processor relays a message to its neighbor only if the neighbor appears after itself in the message’s route. A reliable processor relays a message only if the processor from which it received the message appears immediately before itself in the message’s route. A reliable processor relays messages without altering them and without eavesdropping on their values.

Purified Value (1) We’ll define an algorithm to choose a “purified value” out of all the values a receiver received. Intuitively, the purified value is a value that is possible to be the correct value. The default is 0 – Either if the receiver received no values, or if the purified value doesn’t exist.

Suspicious Processors Let {a 1,… a r } be a set of messages x received. Let U x be a set of processors that does not contain x. U x is a set of suspicious processors determined by x if every message a i that did not pass through processors in U x carries the same value.

Purified Value (2) Algorithm Purify (t; a 1,… a r ; x): 1. If a set U x of up to t suspicious processors exists then the purified value is the value of the message that did not pass through U x. If no message is left, the value is If there’s no such U x, purified value is 0.

Purified Value - Note If more than one set of suspicious processors exists, then there may be many purified values. This will not pose a problem for us.

Purified Values - Example Assume t=2. Assume receiver x got these values from v through these paths (value – path): 1. a – v;x 2. a – v;1;x 3. a – v;2;x 4. b – v;7;4;x 5. b – v;8;5;x The purified value is a, by choosing {7,8} as the suspicious processors.

Sufficiency – Under Reliable Transmitter Let G be a network of processors which contains at most t faulty processors and the connectivity of which is at least 2t+1. If a reliable transmitter transmits 2t+1 copies of its message to every receiver, through disjoint paths, then, by the use of the purifying algorithm, every reliable receiver can obtain the transmitter value.

Proof of Sufficiency (Reliable Transmitter) Let {a 1,… a r } be the set of all the messages the receiver x received. There are at most t faulty processors. Therefore, at least t+1 messages were relayed through reliable processors. Therefore, no more than t messages that were sent to x may be lost. Therefore, r>t.

Also, at least t+1 received messages are equal to the original transmitted messages. By our assumptions, any message that passed through at least one faulty processor contains at least one faulty processor in its routing path – the last faulty processor it passed through.

x applies the purifying algorithm. Since there are at most t faulty processors and the transmitter is not one of them, U x exists. The purifying algorithm cannot eliminate the original value, since there are at least t+1 copies of it, and U x can eliminate no more than t independent values. QED.

Evidence Set and Explicitly Faulty Transmitters Evidence set is the set of messages a receiver received. We say that a receiver explicitly knows that the transmitter is faulty if the receiver can’t find a set of t suspicious processors given its evidence set. In other words, ignoring messages of every subset of t processors leaves conflicting values.

Explicitly Faulty Transmitters - Correctness If the number of faulty processors is at most t, then receiver x explicitly knows that the transmitter z is faulty only if z is a faulty processor. We prove by contradiction: Assume z is not faulty. Let T be the set of faulty processors.

Consider G\T: G after removing T from it. In G\T there are no faults, and if x received anything, it is the correct value. T is a candidate for U x that x should check. When it does so, the purified value is the correct value. Contradiction, QED.

Explicitly Faulty Transmitter - Implications Above proof implies that a faulty transmitter may be identified as faulty by receivers. This is because it has sent too many conflicting values. Even if some receivers found out that the transmitter is faulty, others might still consider it reliable (or at least, not explicitly faulty). We need to make sure those who don’t know explicitly that the transmitter is faulty will agree on the same value.

Necessity Theorem : No crusader agreement can be achieved in a network of n processors if the number of faulty processors is not less than half of the connectivity of the network. Intuition – Faulty processors form a bottleneck, filtering messages that passes through them. Messages passing from “right” to “left” are altered systematically so that processors on the “left” can’t know what’s the right message.

Necessity - Proof Let G be a network with connectivity k, and let {v 1,…,v k } be a set of processors which disconnect the network into two non empty parts G 1 and G 2. Assume the subset {v 1,…,v t } is the set of faulty processors (t ≥½k). Divide into cases, according to where z can be:

z is in G 1 The faulty processors follow: Denote by a the original transmitted value. A message passing from G 1 to G 2 via the faulty transmitters changes its value to b. A message passing from G 2 to G 1 via the faulty transmitters changes its value back to a (if it was changed to b).

All receivers in G 1 consider z to be reliable, and choose a as its value. But receivers in G 2 obtained conflicting values. They can choose either {v 1,…,v t } or {v t+1,…,v k } as the set of suspicious processors. Since t ≥½k, they have to choose {v t+1,…,v k }. Thus their purified value is b. Contradiction to Cru2. Also proves case where z is in G 2 by symmetry.

z is in {v 1,…,v t } If z is reliable, the faulty processors can use the same method in order to fail the crusader agreement. If z is faulty, it can send a to G 1 and b to G 2, thus failing the crusader agreement. QED necessity.

Sufficiency – The Crusader Alg We’ll now show how the crusader agreement can be achieved if the conditions we’ve required are met. Scheme: –Transmitter will send it’s value. –Every receiver will send this value again to all receivers.

The Crusader Alg z sends its value to every receiver through 2t+1 disjoint paths. Each receiver u obtains a purified value a u. Receiver u sends a u to all other receivers through 2t+1 disjoint paths. Each receiver u tries to find a set U u of t processors ( ) s.t. all values who didn’t pass through U u are identical. If no such U u exists, u decides “faulty transmitter”.

Proof of Cru1 Receiver x didn’t find out that z is faulty, so it did find a set U x of t suspicious processors (by definition). Let x and y be such receivers, denote their values by a x and a y, respectively. Let T be the set of faulty processors, U x and U y the set of suspicious processors chosen by x and y, respectively. Each of these sets is not larger than t.

The network contains 3t+1 processors. Thus, there exists processors w which is not in Denote by a w the value w determines in step 2. w is reliable thus it transmits a w faithfully to all other processors. Network is at least 2t+1 connected. So the network minus T and U x is at least 1 connected. Therefore there exists a reliable path from w to x. Along such a path x receivers a w. Recall w is not determined to be suspicious processor by x. Thus, a w = a x. Symmetrically, a w = a y. QED Cru1.

Crusader Alg - Correctness We’re left with proving Cru2 holds. Assume z is reliable. We’ve already proved that if transmitter is reliable, every reliable receiver receives the transmitted value. No processor could decide faulty transmitter, because it can receive no more than t wrong values (from the faulty processors). QED.