Post on 22-Mar-2020
Byzantine Agreement
Gábor Mészáros
CEU Budapest, Hungary
Gábor Mészáros Byzantine Agreement
1453 AD, Byzantium
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System Model
G = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)
E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of Interest
CryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of InterestCryptography
Data CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of InterestCryptographyData Compression
Distributed Computing...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of InterestCryptographyData CompressionDistributed Computing
...
Gábor Mészáros Byzantine Agreement
Distibuted Systems
Communication System ModelG = (V ,E ) simple graph
V : nodes - participants (finite state machines)E : edges - communication channels
Description of the communication mechanism
Different Attributes - Different Fields of InterestCryptographyData CompressionDistributed Computing...
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
Attributes
SynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronous
ReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliable
AuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticated
Point-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-Point
Presence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many steps
Agreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")
Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
AttributesSynchronousReliableAuthenticatedPoint-to-PointPresence of faulty participants ("traitors") which can behavearbitrarily ("Byzantine failures").
GoalsGiven the set of initial assessments xi ∈ {0, 1} of each Gi ∈ L ⊂ V (G )("loyal generals") calculate decisions di ∈ {0, 1} satisfying:
Termination: each process terminates in finitely many stepsAgreement: di = dj∀Gi ,Gj ∈ L (the set of "loyal generals")Nontriviality: xi = c ∈ {0, 1}∀Gi ∈ L⇒ di = c
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
DefinitionA protocol P is t-resilient if it tolerates byzantine failure of at most t faultyparticipants.
QuestionHow many byzantine failures can a network tolerate?
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
DefinitionA protocol P is t-resilient if it tolerates byzantine failure of at most t faultyparticipants.
QuestionHow many byzantine failures can a network tolerate?
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
ExampleThe "Simple Majority" strategy is not 1-resilient.
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
Theorem (Lamport, Pease, Shostak, 1980)There exists t-resilient protocol ⇔ t < n
3 .
LemmaNo 1-resilient protocol P exists on K3.
Gábor Mészáros Byzantine Agreement
Byzantine Generals Problem
Theorem (Lamport, Pease, Shostak, 1980)There exists t-resilient protocol ⇔ t < n
3 .
LemmaNo 1-resilient protocol P exists on K3.
Gábor Mészáros Byzantine Agreement
No 1-resilient P in K3
Proof
Gábor Mészáros Byzantine Agreement
No 1-resilient P in K3
Proof
Gábor Mészáros Byzantine Agreement
No 1-resilient P in K3
Proof
Gábor Mészáros Byzantine Agreement
t-resilient ⇔ t < n3
Corollary of the Lemma - ReductionA t ≤ n
3 -resilient protocol is 1-resilient in K3.
Constructions for t < n3 (sketch)
1 Exponential data trees - "x told me, that y told him, that..." - fill()and resolve() -not efficient
2 Efficient (polinomial) Broadcast- firefly effect, echoes...
Gábor Mészáros Byzantine Agreement
t-resilient ⇔ t < n3
Corollary of the Lemma - ReductionA t ≤ n
3 -resilient protocol is 1-resilient in K3.
Constructions for t < n3 (sketch)
1 Exponential data trees - "x told me, that y told him, that..." - fill()and resolve() -not efficient
2 Efficient (polinomial) Broadcast- firefly effect, echoes...
Gábor Mészáros Byzantine Agreement
t-resilient ⇔ t < n3
Corollary of the Lemma - ReductionA t ≤ n
3 -resilient protocol is 1-resilient in K3.
Constructions for t < n3 (sketch)
1 Exponential data trees - "x told me, that y told him, that..." - fill()and resolve() -not efficient
2 Efficient (polinomial) Broadcast- firefly effect, echoes...
Gábor Mészáros Byzantine Agreement
t-resilient ⇔ t < n3
Corollary of the Lemma - ReductionA t ≤ n
3 -resilient protocol is 1-resilient in K3.
Constructions for t < n3 (sketch)
1 Exponential data trees - "x told me, that y told him, that..." - fill()and resolve() -not efficient
2 Efficient (polinomial) Broadcast- firefly effect, echoes...
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
Attributes
SynchronousReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
Attributes
SynchronousReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronous
ReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronousReliable
AuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronousReliableAuthenticated
Not necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronousReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)
Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronousReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzatine Generals Problem I. - Graphs
Communication ModelG = (V ,E ) simple (not necessarily complete) graph with connectivitynumber k(G ) := k
AttributesSynchronousReliableAuthenticatedNot necessarily Point-to-Point (communication on edges only)Presence of faulty participants
GoalUnanimity between the non-faulty processors
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient ⇔ t < n3 and t < k
2 .
Theorem (Kumar,2002)
Given S ⊂ 2V (G) set of corruptible subsets in G = (V ,E ) unanimity isattainable ⇔
no union S1 ∪ S2 of any pair S1, S2 ∈ S contains a cut of G ,no union S1 ∪ S2 ∪ S3 of any triple S1, S2, S3 ∈ S covers V (G ).
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient ⇔ t < n3 and t < k
2 .
Theorem (Kumar,2002)
Given S ⊂ 2V (G) set of corruptible subsets in G = (V ,E ) unanimity isattainable ⇔
no union S1 ∪ S2 of any pair S1, S2 ∈ S contains a cut of G ,no union S1 ∪ S2 ∪ S3 of any triple S1, S2, S3 ∈ S covers V (G ).
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient ⇔ t < n3 and t < k
2 .
Theorem (Kumar,2002)
Given S ⊂ 2V (G) set of corruptible subsets in G = (V ,E ) unanimity isattainable ⇔
no union S1 ∪ S2 of any pair S1, S2 ∈ S contains a cut of G ,
no union S1 ∪ S2 ∪ S3 of any triple S1, S2, S3 ∈ S covers V (G ).
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient ⇔ t < n3 and t < k
2 .
Theorem (Kumar,2002)
Given S ⊂ 2V (G) set of corruptible subsets in G = (V ,E ) unanimity isattainable ⇔
no union S1 ∪ S2 of any pair S1, S2 ∈ S contains a cut of G ,no union S1 ∪ S2 ∪ S3 of any triple S1, S2, S3 ∈ S covers V (G ).
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient iff t < n3 and t < k
2 .
Proof ("⇐")
1 For each Gi ,Gj ∈ V (G ), (GiGj) 6∈ E (G ) fix disjoint pathsP1,P2, ...,Pk between the nodes ("delivery channels").
2 Send messages from Gi to Gj via P1,P2, ...,Pk and consider majorityof the 0 - 1 messages. t < k
2 guaranties reliability.3 Emulate the solution of the original BA problem.
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient iff t < n3 and t < k
2 .
Proof ("⇐")
1 For each Gi ,Gj ∈ V (G ), (GiGj) 6∈ E (G ) fix disjoint pathsP1,P2, ...,Pk between the nodes ("delivery channels").
2 Send messages from Gi to Gj via P1,P2, ...,Pk and consider majorityof the 0 - 1 messages. t < k
2 guaranties reliability.3 Emulate the solution of the original BA problem.
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient iff t < n3 and t < k
2 .
Proof ("⇐")1 For each Gi ,Gj ∈ V (G ), (GiGj) 6∈ E (G ) fix disjoint paths
P1,P2, ...,Pk between the nodes ("delivery channels").
2 Send messages from Gi to Gj via P1,P2, ...,Pk and consider majorityof the 0 - 1 messages. t < k
2 guaranties reliability.3 Emulate the solution of the original BA problem.
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient iff t < n3 and t < k
2 .
Proof ("⇐")1 For each Gi ,Gj ∈ V (G ), (GiGj) 6∈ E (G ) fix disjoint paths
P1,P2, ...,Pk between the nodes ("delivery channels").2 Send messages from Gi to Gj via P1,P2, ...,Pk and consider majority
of the 0 - 1 messages. t < k2 guaranties reliability.
3 Emulate the solution of the original BA problem.
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem I. - Graphs
Theorem (Dolev, 1982)
G = (V ,E ) is t-resilient iff t < n3 and t < k
2 .
Proof ("⇐")1 For each Gi ,Gj ∈ V (G ), (GiGj) 6∈ E (G ) fix disjoint paths
P1,P2, ...,Pk between the nodes ("delivery channels").2 Send messages from Gi to Gj via P1,P2, ...,Pk and consider majority
of the 0 - 1 messages. t < k2 guaranties reliability.
3 Emulate the solution of the original BA problem.
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
Attributes
SynchronousReliableAuthenticatedBroadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
Attributes
SynchronousReliableAuthenticatedBroadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
AttributesSynchronous
ReliableAuthenticatedBroadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
AttributesSynchronousReliable
AuthenticatedBroadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
AttributesSynchronousReliableAuthenticated
Broadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
AttributesSynchronousReliableAuthenticatedBroadcast on the edges
Presence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Communication ModelH = (V ,E ) hypergraph.
AttributesSynchronousReliableAuthenticatedBroadcast on the edgesPresence of faulty participants
Gábor Mészáros Byzantine Agreement
Generalized Byzantine Generals Problem II. - Hypergraphs
Theorem (Fitzi, Maurer, 2000)H = (V ,E ) 3-uniform complete hypergraph is t-resilible ⇔ n ≤ 2 · t + 1.
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
Variants
Asynchronous communicationGeneral HypergraphsCorruptible subsetsRandom processes...
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
VariantsAsynchronous communication
General HypergraphsCorruptible subsetsRandom processes...
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
VariantsAsynchronous communicationGeneral Hypergraphs
Corruptible subsetsRandom processes...
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
VariantsAsynchronous communicationGeneral HypergraphsCorruptible subsets
Random processes...
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
VariantsAsynchronous communicationGeneral HypergraphsCorruptible subsetsRandom processes
...
Gábor Mészáros Byzantine Agreement
Other Possible Generalizations
VariantsAsynchronous communicationGeneral HypergraphsCorruptible subsetsRandom processes...
Gábor Mészáros Byzantine Agreement
THANK YOU!
Gábor Mészáros Byzantine Agreement