The Byzantine Generals Problem Leslie Lamport Robert Shostak
The Byzantine Generals Problem Leslie Lamport, Robert Shostak, Marshall Pease Presented by: Anna Bendersky 1 Distributed Algorithms A AM 6: 11: 25
Motivation • A reliable computer system must be able to cope with a failure of one or more of its components • A failed computer behavior in this case: – Sending conflicting messages to different parts of the system – Not sending some of the messages 2 AM 6: 11: 27
Byzantine Generals (Abstract Expression) • Several divisions of the byzantine army are camped outside a city, each division has a general. • The generals can communicate with each other using a messenger • The generals must decide upon a common plan of action • Some of the generals might be traitors! • We will assume that there is a single commanding general (Commander), and the rest of the generals are his subordinates (Lieutenants) 3 AM 6: 11: 27
Objective • All loyal generals decide upon the same plan of action • A small number of traitors will not cause the loyal generals to adopt a bad plan Formally: The Byzantine Generals Problem 1. All loyal lieutenants obey the same order 2. If the commander is loyal, then every loyal lieutenant obeys the order he sends 4 AM 6: 11: 27
Outline • Minimal bound on the number of traitors • Oral messages algorithm to reach agreement • Written messages algorithm to reach agreement 5 AM 6: 11: 28
Minimal Bound on the traitors number The Byzantine Generals Problem 1. All loyal lieutenants obey the same order 2. If the commander is loyal, then every loyal lieutenant obeys the order he sends From now forward we will assume that the generals have to decide upon a single bit: ‘ 1’ for ‘Attack’, or ‘ 0’ for ‘Retreat’. The default operation is ‘Retreat’ Commander retreat attack L 1 Commander retreat L 2 Case 1: Source process is faulty 6 attack L 1 attack retreat L 2 Case 2: Process L 2 is faulty AM 6: 11: 28
Minimal Bound on the traitors number • Corollary 1: In the case of 3 processes, there is no way to deal with one faulty process. • Corollary 2: No solution with fewer than 3 m+1 generals can cope with m traitors 1 0 0 7 1 1 0 AM 6: 11: 29
A solution with oral messages The Byzantine Generals Problem 1. 2. All loyal lieutenants obey the same order If the commanding general is loyal, then every loyal lieutenant obeys the order he sends • No solution with fewer than 3 m+1 generals can cope with m traitors • The paper shows an algorithm to solve the byzantine generals problem when the number of loyal generals > 3 m Assumptions: 1. Every message that is sent is delivered correctly 2. A receiver of a message knows who sent it 3. The absence of a message can be detected 8 AM 6: 11: 29
Oral Messages Algorithm A recursive definition, with a base case for m=0, and a recursive step for m > 0: Algorithm OM(0) 1. 2. The commander sends his value to every lieutenant. Each lieutenant uses the value he receives from the commander. Algorithm OM(m), m > 0 1. 2. 3. 9 The commander sends his value to each lieutenant. For each i, let vi be the value lieutenant i receives from the commander. Lieutenant i acts as the commander in Algorithm OM(m-1) to send the value vi to each of the n-2 other lieutenants. For each i, and each j ≠ i, let vi be the value lieutenant i received from lieutenant j in step 2 (using Algorithm OM(m-1)). Lieutenant i uses the value Majority(v 1, v 2, … vn). AM 6: 11: 29
Oral Messages Example (1) G m=0 The general sends a message to all lieutenants 6 5 2 3 4 m=1 Each general sends the message he received to all other lieutenants Sender=P 2 Sender=P 3 Sender=P 4 Sender=P 5 Sender=P 6 Dest Msg Dest Msg P 2 {0, 12} P 2 {0, 13} P 2 {0, 14} P 2 {1, 15} P 2 {1, 16} P 3 {0, 12} P 3 {0, 13} P 3 {0, 14} P 3 {1, 15} P 3 {1, 16} P 4 {0, 12} P 4 {0, 13} P 4 {0, 14} P 4 {1, 15} P 4 {1, 16} P 5 {0, 12} P 5 {0, 13} P 5 {0, 14} P 5 {1, 15} P 5 {1, 16} P 6 {0, 12} P 6 {0, 13} P 6 {0, 14} P 6 {1, 15} P 6 {1, 16} Sender=P 2 {0, 12} 10 Sender=P 3 {0, 13} Sender=P 4 {0, 14} Sender=P 5 {1, 15} 1 6 5 G 1 … 0 4 0 0 2 3 Sender=P 6 {1, 16} AM 6: 11: 30
Oral Messages Example (2) Messages sent in step 1: Sender=P 2 {0, 12} Sender=P 3 {0, 13} Sender=P 4 {0, 14} Sender=P 5 {1, 15} Sender=P 6 {1, 16} Step 2: Each lieutenant sends the message he received to all other lieutenants Sender=P 2 {0, 132} {0, 142} {1, 152} {1, 162} Sender=P 3 {0, 123} {0, 143} {1, 153} {1, 163} Sender=P 4 {0, 124} {0, 134} {1, 154} {1, 164} Sender=P 5 {0, 125} {0, 135} {0, 145} {1, 165} Sender=P 6 {0, 126} {0, 136} {0, 146} {1, 156} These are the messages being sent in the recursive algorithm – Lets see which value each lieutenant decides to use 11 AM 6: 11: 30
Oral Messages Example (3) • We could build a “recursion tree” for the decision of each lieutenant: Message source Lieutenant i: The messages lieutenant i receives at step OM(1) Received message Decision {1, 1, ? } {1, 1, 0} majority (v 1, v 2, … vn) All lieutenants reach the decision ‘ 0’ 12 {0, 12, ? } 0} {0, 13, ? } 0} {0, 14, ? } 0} {1, 15, ? } 1} {1, 16, ? } 1} The messages lieutenant i receives at step OM(0) AM 6: 11: 30
A more complex example {0, 12, ? } 0} • n=7 , m=2 {0, 13, ? } 0} G 7 2 6 3 5 4 {0, 14, ? } 0} {0, 1, ? } 0} {0, 15, ? } 0} {X, 16, ? } X} {X, 17, ? } X} 13 {0, 123, ? } 0} {0, 124, ? } 0} {0, 125, ? } 0} {X, 126, ? } X} {X, 127, ? } X} {0, 132, ? } 0} {0, 134, ? } 0} {0, 135, ? } 0} {X, 136, ? } X} {X, 137, ? } X} {0, 142, ? } 0} {0, 143, ? } 0} {0, 145, ? } 0} {X, 146, ? } X} {X, 147, ? } X} {0, 152, ? } 0} {0, 153, ? } 0} {0, 154, ? } 0} {X, 156, ? } X} {X, 157, ? } X} {X, 162, ? } X} {X, 163, ? } X} {X, 164, ? } X} {X, 165, ? } X} {X, 167, ? } X} {X, 172, ? } X} {X, 173, ? } X} {X, 174, ? } X} {X, 175, ? } X} {X, 176, ? } X}
Oral Messages Algorithm: Proof (1) The Byzantine Generals Problem 1. All loyal lieutenants obey the same order 2. If the commander is loyal, then every loyal lieutenant obeys the order he sends Lemma 1: For any m and k, Algorithm OM(m) satisfies (2) if there are more than 2 k+m generals and at most k traitors Proof: (by induction on m) Base: Algorithm OM(0) satisfies (2) when the commander is loyal. Assumption: the algorithm OM(m-1) satisfies (2) if there are more than 2 k+m-1 generals and at most k traitors Step: • In step (1) every loyal commander sends the value ‘v’ to all n-1 lieutenants. • In step (2) each loyal lieutenant applies OM(m-1) with n-1 lieutenants • By hypothesis, Þ A majority of the n-1 lieutenants are loyal Þ By assumption, each loyal lieutenant has vi = ‘v’ for a majority of n-1 values i. Þ Majority(v 1, …vn)=‘v’ in step (3). 14 AM 6: 11: 32
Oral Messages Algorithm: Proof (2) The Byzantine Generals Problem 1. All loyal lieutenants obey the same order 2. If the commander is loyal, then every loyal lieutenant obeys the order he sends Theorem 1: For any m, algorithm OM(m) satisfies conditions 1 and 2 if there are more than 3 m generals, and at most m traitors. Proof: (By induction on m) Base: if there are no traitors, OM(0) satisfies conditions 1 and 2 Assumption: OM(m-1) satisfies conditions 1 and 2 if there are more than 3(m-1) generals, and at most m-1 traitors Step: • We can use lemma 1 with k=m, and get that condition 2 holds. • Condition 1 follows from condition 2 when the commander is loyal. • Else, there at most m traitors and the commander is one of them Þ At most m-1 of the lieutenants are traitors Þ At step (2) of the algorithm there are 3 m-1 > 3(m-1) generals, and at most m-1 traitors Þ From the assumption, OM(m-1) satisfies conditions 1 and 2. QED Þ All loyal generals get the same values vj for every loyal general j. Þ Majority(v 1, …vn) is the same for all loyal lieutenants in step (3). 15 AM 6: 11: 33
A solution with signed messages • The problem we had: traitors could lie Assumption 4: • A loyal general’s signature cannot be forged, and any alteration of the contents of his signed message can be detected • Anyone can verify the authenticity of a general’s signature The previous lower bound no longer holds! There exists an algorithm that copes with m traitors for any number of generals (n≥m+2) 16 AM 6: 11: 33
Signed messages example Commander is faulty! retreat Commander is not faulty! attack Commander attack: 0 L 1 Commander retreat: 0: 2 attack: 0: 1 L 2 attack: 0 L 1 Case 1: Source process is faulty attack: 0 retreat: 2 attack: 0: 1 L 2 Case 2: Process L 2 is faulty Commander’s message cannot be forged! 17 AM 6: 11: 33
Signed Messages Algorithm SM(m) Initially Vi = {} 1. The commander signs and sends his value to every lieutenant 2. For each i: 1. 2. 3. 18 If Lieutenant i receives a message of the form v: 0 from the commander and he has not yet received any order, then 1. 2. Vi {v} He sends the message v: 0: i to every other lieutenant 1. 2. Vi U {v} If k<m then he sends the message v: 0: j 1: … : jk: i to every lieutenant other than j 1, …, jk If Lieutenant i receives a message of the form v: 0: j 1: … : jk and v is not in the set Vi then For each i: When lieutenant i will receive no more messages, he obeys the order choice(Vi) AM 6: 11: 33
Signed messages example Commander is faulty! retreat Commander is not faulty! attack Commander attack: 0 L 1 Commander retreat: 0: 2 attack: 0: 1 L 2 attack: 0 L 1 Case 1: Source process is faulty attack: 0 retreat: 2 attack: 0: 1 L 2 Case 2: Process L 2 is faulty V(L 1) = {attack} V(L 1) = {attack, retreat} Commander’s message cannot be forged! 19 AM 6: 11: 33
Signed Messages Algorithm: Proof The Byzantine Generals Problem 1. All loyal lieutenants obey the same order 2. If the commander is loyal, then every loyal lieutenant obeys the order he sends • • • 20 If the commander is loyal, then he sends his signed order v: 0 to every lieutenant in step (1), and every loyal lieutenant will add v to Vi. Since no traitorous lieutenant can forge a message of the form v’: 0, a loyal lieutenant can receive no other order in step (2. 2). For all loyal lieutenants: Vi = {v} => every loyal lieutenant obeys the order the general sends. (condition 2 OK) It remains to prove condition 1 for the case where the commander is not loyal. Two loyal lieutenants i and x obey the same order in step (3) if the sets Vi = Vx. => i received the message v 1: – If it was received from the general – It was sent to x in step 1. – It was received by v 1: 0: {list}. If x is in the list, then x has. – It was received by v 1: 0: {list}, and x is not in the list: • If one of the lieutenants in the list is loyal, then x received it when the loyal lieutenant sent it • There at most m-1 traitorous lieutenants, so in step m lieutenant i will send the message to x. QED AM 6: 11: 34
Questions? Thank You 21 AM 6: 11: 34
- Slides: 21