1 / 41

In Byzantium

In Byzantium. Presented by: Hossein Ahmadi CS 525, Spring 2008. The Byzantine Generals Problem. Leslie Lamport, Robert Shostak, and Marshall Pease. Byzantine Generals. Byzantine army is camped outside an enemy city. Byzantine Generals. Generals communicate with messengers. Messenger.

meriel
Télécharger la présentation

In Byzantium

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. In Byzantium Presented by: Hossein Ahmadi CS 525, Spring 2008

  2. The Byzantine Generals Problem Leslie Lamport, Robert Shostak, and Marshall Pease

  3. Byzantine Generals • Byzantine army is camped outside an enemy city

  4. Byzantine Generals • Generals communicate with messengers Messenger Attack

  5. Byzantine Generals • They want to reach a common decision Attack Attack Attack Attack Attack

  6. Byzantine Generals • Some generals can be traitors The war is over, What are you doing here? Attack Retreat Surrender!

  7. Byzantine Generals Problem • The problem is how loyal generals can reach an agreement • Small number of traitors can’t make them adopt a bad plan • Each general receives v(i) from general i and decides based on values v(1), …, v(n) • It is solved if we guarantee: • Any two loyal general use the same v(i) • For every loyal general i, the same v(i) should be used for all generals.

  8. Byzantine Generals Problem • Rephrase the problem: A commanding general and n – 1 lieutenants. • A commanding general must send order to all lieutenants: • All loyal lieutenants obey the same order • If the commanding general is loyal, then every lieutenant obeys his order. • Assumptions? • Oral messages • Signed messages

  9. Oral Messages • Assumptions: • Every message that is sent is delivered correctly. • The receiver of a message knows who sent it. • The absence of a message can be detected. • With m traitors we need at least 3m+1 or more generals.

  10. Impossible Agreement Attack Attack ? General says “Retreat”

  11. Impossible Agreement Attack Retreat ? General says “Retreat”

  12. Oral Messages Algorithm • Assume every two generals can communicate directly. • With m traitors we can solve the problem if we have 3m + 1 generals: • Define OM(m) recursively: Oral Messages algorithm for 3m+1 or more generals when m traitors are present • AlgorithmOM(0): • The commander sends his value to every lieutenant. • Each lieutenant uses the value he receives from the commander, or uses the value RETREAT if he receives no value.

  13. Oral Messages Algorithm • OM(m): (1) The commander sends his value to every lieutenant. v1 vn-1 … v2 … {v1} {v2} {vn-1}

  14. Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) Commanding General for OM(m-1) vn-1 … v1 {v1} {v1, v2} {v1, vn-1}

  15. Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) Commanding General for OM(m-1) v2 … v2 {v1,v2} {v1, v2} {v1, v2, vn-1}

  16. Oral Messages • OM(m): (2) Each lieutenant sends vito other lieutenants using OM(m-1) vn-1 OM(m-1) General vn-1 … {v1,v2,…,vn-1} {v1, v2,…, vn-1} {v1, v2,…, vn-1}

  17. Oral Messages • OM(m): (3) Each lieutenant uses value majority(v1,…,vn-1) … majority(v1,…,vn-1) majority(v1,…, vn-1) majority(v1,…, vn-1)

  18. Oral Messages - Correctness • Two cases: • General is loyal: All lieutenants obey general’s order • General is traitor: we have m-1traitors and 3mlieutenants left • OM(m-1) successfully delivers correct values • Any two loyal lieutenants get the same vj • All loyal lieutenants have the same {v1, … , vn} • Exponential message complexity in terms of m

  19. Oral Messages - Example • Example: General is traitor x z y y y x z x {x,y,z} {x,y,z} {x,y,z} z

  20. Oral Messages • Example: A lieutenant is traitor v v v v v v y v {v,v,z} {v,v,y} z

  21. Signed messages • New assumption: • A loyal general's signature cannot be forged, and any alteration of the contents of his signed messages can be detected. • Anyone can verify the authenticity of a general's signature. • No assumptions about a traitorous general's signature. • His signature to be forged by another traitor permitting collusion among the traitors.

  22. Signed messages • The problem can be solved with any number of generals and traitors • Define SM(m) : Signed Message algorithm for at most m traitors • x:i, value x signed by i • Vi the set of orders received by i • At any step, lieutenants ignore messages with inconsistent signatures.

  23. SM Algorithm • SM(m): 1. The commander signs and sends his value to every lieutenant. v1:0 vn-1:0 … v2:0 …

  24. SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v1:0:1 v1:0:1 … V1={v1}

  25. SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v2:0:2 v2:0:2 … V2={v2}

  26. SM Algorithm • SM(m): 2. Lieutenant i receives a message of the form v:0:j1:...:jkand v is not in the set Vi, then • add v to Vi • if k < m, • Send the v:0:j1:. . :jk:i to every lieutenant other than j1. . .jk. v1:0:1:2 … V2={v1,v2}

  27. SM Algorithm • (3) For each i: When Lieutenant i will receive no more messages, he obeys the order choice(Vi). • If the set V consists of the single element v, then choice(V) = v. … choice(V1) choice(V2) choice(Vn-1)

  28. Signed Messages - Example • Example: General is traitor x:0 y:0 y:0:2 x:0:1 {x,y} {x,y}

  29. Signed Messages - Correctness • General is loyal: • All nodes have the same “v:0” • General is traitor: • If a loyal lieutenant have a value v, then after m retransmission of the message, all loyal lieutenants have v • All loyal lieutenants have the same set Vi • Still exponential message complexity

  30. Indirect Communication • What happens if some generals can not directly communicate? • A set of nodes {i1, . . . , ip} is said to be a regular set of neighbors of a node if • each ij is a neighbor of i, and • for any general k different from i, there exist paths yj,kfrom ijto k not passing through i such that any two different paths yi,k have no node in common other than k. • The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes.

  31. 3-regular graph

  32. Indirect Communication Algorithms • OM(m): • Solution to m traitors exists if generals form a 3m-regular graph • For 3m+1, 3m-regular graph is fully connected graph • SM(m): • SM(m) can’t work if the set of loyal lieutenants is not connected • For any m and d, if there are at most m traitors and the subgraph of loyal generals has diameter d, then Algorithm SM(m + d - 1) solves the Byzantine Generals Problem.

  33. Discussion • Can we implement OM and SM in real systems? • If we find m then the message complexity can be reduced, but how we can know what is m? • Can we find the traitor? • What we can do with link failures?

  34. Practical Byzantine Fault Tolerance Miguel Castro and Barbara Liskov

  35. System Model • n Replica of a state machine serving clients. • Tolerate f simultaneous Byzantine failures, if n is greater than 3f+1 • One replica is primary replica and the others are called backups. • The primary replica changes when its failure is detected • For each view there is a Assumptions: • State machines are deterministic: given the same input, the same output is produced by non faulty nodes • All start at the same state.

  36. Algorithm • A client sends a request to invoke a service operation to the primary • The primary multicasts the request to the backups • Replicas execute the request and send a reply to the client • The client waits for f+1 replies from different replicas with the same result; this is the result of the operation. • All non-faulty nodes agree on a total order of execution of requests

  37. Algorithm • Done in three phases • Pre-prepare • Prepare • Commit Total order of requests Total order of replies

  38. PeerReview: Practical Accountability forDistributed Systems Andreas Haeberlen, Petr Kuznetsov, and Peter Druschel

  39. PeerReview • Each node consists of an application, detection module, and state machine. • exposed(j) : i has obtained proof of j’s misbehavior • suspected(j) : i suspects that j does not send a message that it is supposed to send • trusted(j) is issued otherwise.

  40. Assumptions • The state machines Si are deterministic. • A message sent from one correct node to another is eventually received, if retransmitted sufficiently often. • Each node has a public/private keypair bound to a unique node identifier. Nodes can sign messages, and faulty nodes cannot forge the signature of a correct node. • Each node has access to a reference implementation of all Sj . • There is a function w that maps each node to its set of witnesses

  41. PeerReview System A's witnesses • Nodes log their input & output messages. Logs can not be tampered with. • A set of witnesses audit logs periodically using trusted copy of reference machine. • The witness informs others of the evidence. • Other nodes check evi-dence, report fault C D E M M A M B A's log B's log *Images and animations from authors SOSP’07 presentation

More Related