CS603Clock Synchronization

February 4, 2002

What is the best we can do?Lundelius and Lynch ‘84

• Assumptions:– No failures– No drift– Fully connected network of n nodes– Uncertainty of ε in message delivery time

• Best guarantee:– ε(1 – 1/n)– This is a tight lower bound

Lower bound proof

• Idea: Based on view of each node– Views indistinguishable even if real time not

the same– Shift execution of a node relative to real time

• Shift of global view and local view equivalent if message delays changed– Can always shift by at least ε(1 – 1/n) without

changing local views

Proof: Induction

• Clocks synchronized to within γ• Assume messages one way take time μ, return takes

time μ+ε (e1)• Induction: Assume node i-1 sends with delay μ, receives

with delay μ+ε– Shift processes < i by ε

• Let V1,…,Vn be local times at termination of e1.– In e1, Vn ≤ V1 + γ– In ei, Vi-1 ≤ Vi + y – ε

• ∑ Vi ≤ ∑ Vi+nγ – (n-1) ε– (n-1) nγ– γ ≥ ε(1-1/n)

Synchronization with Faulty Clocks(Dolev, Halpern, Strong ‘84)

• Problem: What if some sites are really bad?– Bad clocks– Don’t follow protocol

• Notation– C: Logical clock– D: Physical clock– TAR: Time Adjustment Register

• C = D + TAR

– Δ: Uncertainty in message delay– C(t), D(t) – value of clock at REAL time t

Assumptions• Fully connected, but not necessarily complete• Recipient knows source of message• Given nodes p,q; H(p,q) and L(p,q) are upper/lower bounds on

transmission time– ρ is min(H/L)

• A real time frame (not directly observable)• Correct physical clock has bounded drift rate:

R such that time u>v, (1/R)(u-v) ≤ D(u)-D(v) ≤ R(U-v)• Correct processor has correct clock, implements algorithm• No assumptions on behavior of faulty processor

– Don’t care if faulty processor knows correct time• All processors start within time B (can easily show B ≤ R(n-1)H)

Weak Synchronization

• Weak Clock Synchronization Condition: Constants PER, DMAX, ADJ such that:– TAR changes only at times that are multiples

of PER by amount less than ADJ– Difference between clocks bounded by DMAX

• Theorem: There is an algorithm that achieves WCSC, independent of faults, for which C(t) is unbounded

• Proof: Set TAR(t’) = logPER(D(t))-D(t)

Real clock synchronization

• Clock Synchronization Condition: Add– PER > ADJ– Changes occur only first time C reads iPER

• If change when C(t)=iPER, then C(t’) ≠ iPER t’<t

• Gives Linear Envelope Synchronization:– at+b < C(t) < ct+d, a>0

• Theorem:Linear Envelope Synchronization impossible if 1/3 processors faulty

Proof Sketch

• Construct algorithm that forces a correct processor to run at rate greater than aρn

• Idea: faulty processor p uses one algorithm for processor q, other for others– Two-faced behavior– Can’t tell which is two-faced– Correct processor caught in the middle –

follow fast clock or slow clock?

Three-processor case (p, q, r)

• Assume algorithm A synchronizes in time N and tolerates one fault

• F0 = A• Fm+1: p pretends its clock runs at ρ times q’s rate• p pretends r sends messages so

Cp(t) > aρmDp(t)+b-mDMAX– Fm gives these messages

• q cannot distinguish from case where p’s clock is fast, r is sending p messages according to Fm

• Cq(t) > Cp(t) – DMAX> aρmDp(t) + b – (m+1) DMAX= aρm+1Dq(t)+b-(m+1) DMAX (since Dp(t) = ρDq(t)

Possibility(Fischer, Lynch, Merritt)

• If no uncertainty in message delay, f faulty, can do with 2f+1 processors– Send messages to all neighbors– Send all messages back– Round trip gives time– Faulty processor will be detected if it tries to

be worse than round-trip time• Messages out of order

Possibility(Dolev Halpern Simons Strong)

• We CAN do better– Requires authentication

• Assumptions:– Messages will be received with bounded delay– Bounded drift– Digital signature– If p has set of messages M at time t with more than f distinct

signers, one signer was correct at time signed– 2ρ(f+1) < 1

• Key: Synchronization time known in advance– At time, send signed “time is now”– If receive f+1 messages saying “time is now” before getting to

that time, update local time

Recruiting Bulletin

• Harris Corporation is in the CS lobby until 3pm today