23-04-18 Advanced Network Security 3. Agreement and consensus I: - - PDF document

SLIDE 1

23-04-18 1

Jaap-Henk Hoepman

Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh

Advanced Network Security

• 3. Agreement and consensus I:

concepts and protocols for crash failures

Byzantine generals

29-2-2016 // Fault Tolerance - Byzantine Generals 2 Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 3

SLIDE 2

23-04-18 2

Jaap-Henk Hoepman // Radboud University Nijmegen //

Types of faults

n Stopping / Crash

• Process stops unexpectedly and does nothing after that, forever

n Omission

• Process skips a step it is supposed to perform

«e.g. sending a messages; this models message dropping on an edge (except that there is a limit on the number of affected edges…)

n Byzantine

• Process performs arbitrary actions, not specified by the protocol

«e.g. sending different messages to different recipients

29-2-2016 // Fault Tolerance - Byzantine Generals 4 Jaap-Henk Hoepman // Radboud University Nijmegen //

Byzantine failures are real

29-2-2016 // Fault Tolerance - Byzantine Generals 5

sender Receiver 1 Wire/bus Receiver 2 Receiver 3 Receivers have slightly different thresholds, so may receive different values

Jaap-Henk Hoepman // Radboud University Nijmegen //

Decision problems

n Private inputs ! " . $% , private decision outputs ! & . '()$*$+% n Termination condition

• Deterministic termination

«Every correct process decides irrevocably, and stops/knows it decided

• Probabilistic termination (convergence)

«Every correct process decides irrevocably with probability 1, and stops/knows it decided

• Implicit termination (stabilisation)

«Every correct process decides, but never knows it decided (and may change decisions in the process); no such changes occur after a finite number of steps

n Consistency condition

• A global predicate over inputs and decision outputs
• Problem specific

29-2-2016 // Fault Tolerance - Byzantine Generals 6

SLIDE 3

23-04-18 3

Jaap-Henk Hoepman // Radboud University Nijmegen //

Solving decision problems

n We assume a certain topology ! = ($, &), ( = |$|

• Typically a clique

n We assume certain faulty behaviour

• E.g. crash failures only

n We assume at most * < ( processes are faulty

• Link failures are modelled as process failures
• * expresses robustness; typically * < (/3 or * < (/2
• Sometimes we specify certain processes can/cannot fail

n We assume recipient knows sender of messages (authenticity)

• Not signatures, but because of point-to-point direct connections

29-2-2016 // Fault Tolerance - Byzantine Generals 7

f is assumption on number of faults. Real number of faults in an execution may be lower or equal (in which case algorithm is succesful) or not (in which case it fails)

Jaap-Henk Hoepman // Radboud University Nijmegen //

Decision problem: replicated server

n Suppose two (replicated) servers !, # hold the same data (input) n Consistency condition:

• All correct processes decide on

this input n Termination condition:

• deterministic

n Assumptions

• Crash failures
• At most one of the replicated

servers fail n Protocol for !, # n Protocol for other processes $

29-2-2016 // Fault Tolerance - Byzantine Generals 8

forall $ ≠ #, ! do send & ! . () to $ & ! . *+,(-(.) = & ! . () receive 0 & $ . *+,(-(.) = 0 Also sometimes written as *+,(*+(& ! . ())

Jaap-Henk Hoepman // Radboud University Nijmegen //

Decision problem: replicated server

n What if (replicated) servers !, # hold different data? n What if both replicated servers fail? n Protocol for !, # n Protocol for other processes $

29-2-2016 // Fault Tolerance - Byzantine Generals 9

forall $ ≠ #, ! do send & ! . () to $ & ! . *+,(-(.) = & ! . () receive 0 & $ . *+,(-(.) = 0

SLIDE 4

23-04-18 4

Jaap-Henk Hoepman // Radboud University Nijmegen //

Decision problem: weak broadcast

n One server ! holds a bit

• Either 0 or 1

n Consistency condition:

• All correct processes decide on

the same value

• If ! does not crash, this should be

!’s input n Termination condition:

• stabilising

n Assumptions

• Crash failures

n Protocol for ! n Protocol for other processes $

29-2-2016 // Fault Tolerance - Byzantine Generals 10

% ! . '()*+*,- = % ! . *- if % ! . *- == 1 then forall $ ≠ ! do send 1 to $ % $ . '()*+*,- = 0 receive 1 % $ . '()*+*,- = 1 forall q ≠ $ do send 1 to 1

Jaap-Henk Hoepman // Radboud University Nijmegen //

Decision problem: weak broadcast

n What if ! crashes? n Why is this not deterministically terminating? n Protocol for ! n Protocol for other processes "

29-2-2016 // Fault Tolerance - Byzantine Generals 11

# ! . %&'()(*+ = # ! . (+ if # ! . (+ == 1 then forall " ≠ ! do send 1 to " # " . %&'()(*+ = 0 receive 1 # " . %&'()(*+ = 1 forall q ≠ " do send 1 to 1

The consensus problem

SLIDE 5

23-04-18 5

Jaap-Henk Hoepman // Radboud University Nijmegen //

The consensus problem

n All processes have a binary input value

• So it is different from a broadcast

n Consistency condition

• All correct processes decide on the same value (Agreement)
• If all processors have the same input value !, then all correct

processors must decide ! (Validity) n Termination condition

• Deterministic

29-2-2016 // Fault Tolerance - Byzantine Generals 13 Jaap-Henk Hoepman // Radboud University Nijmegen //

Aside: solving consensus with broadcast

n Atomic broadcast

• Sender ! holds a bit

«Either 0 or 1

• Consistency condition:

«All correct processes decide on the same value (even when sender p fails) «If ! does not fail, all correct processes decide on sender !’s input

• Termination condition:

deterministic n Remember: no link failures n Consensus protocol for ! n In other words: atomic broadcast and consensus are very similar

29-2-2016 // Fault Tolerance - Byzantine Generals 14

Initialise vector $[] $[!] = ( ! . *+ broascast ( ! . *+ forall , ≠ ! do receive $ , ( ! . ./0*1*2+ = 3452,*67 {$ , } Recipient recognizes sender a.k.a agreement

Jaap-Henk Hoepman // Radboud University Nijmegen //

Consensus for crash failures

n Assume at most ! < # crash failures n Synchronous protocol

• Computation proceeds in rounds
• At start of round $, all processors send all messages for round $
• Before proceeding to round $ + 1 all processors receive all round $

messages «If they arrive, they arrive in this round; otherwise they are lost forever

29-2-2016 // Fault Tolerance - Byzantine Generals 15

SLIDE 6

23-04-18 6

Jaap-Henk Hoepman // Radboud University Nijmegen //

Consensus: main approach

n Each processor ! builds the following tree "

#

29-2-2016 // Fault Tolerance - Byzantine Generals 16

$%&,%(,..,%*

#

means: +,told !, that +,-.told +,, …. that +.’s value is $ Initially all ⊥ $0

# = 2 ! . 34

$0

#

$.

#

$%

#

$5

#

$5,.

#

$5,5-.

#

$.,6

#

$.,5

#

Level 0 Level 1 Level 2 Level 7 Level 8 + 1 $;

#

Level 7 + 1 $;;=

# for all > ∉ @, i.e. 4 − @ = 4 − 7 children Jaap-Henk Hoepman // Radboud University Nijmegen //

Building the tree: protocol for p

n Before round 1

• Initialise tree. Set all !"

# =⊥ and !& # = ' ( . *+

n Round ,, 1 ≤ , ≤ 0 + 1

• For all 2 with 2 = , − 1 ∧ ( ∉ 2, send !"

# to all processors 6 (including

() «Call this message 7";#

9

• Receive all 7";:

#

addressed to ( and store in !";:

#

«By the protocol ; ∉ 2 so ( receives + − (, − 1) such messages from each ;

29-2-2016 // Fault Tolerance - Byzantine Generals 17

!9>,9?,..,9@

#

means: 6Atold (, that 6ABCtold 6A, …. that 6C’s value is ! Initially all ⊥ !&

# = ' ( . *+ Jaap-Henk Hoepman // Radboud University Nijmegen //

The protocol in action: round 1

29-2-2016 // Fault Tolerance - Byzantine Generals 18

!"

#

!$

# = !" $

!&

# =⊥

!(

# = !" (

!(,$

#

!(,(*$

#

!$,+

#

!$,(

#

Processor q crashes !&,,

#

!&-,&.,..,&0

#

means: 12told 3, that 12*$told 12, …. that 1$’s value is ! Initially all ⊥ !"

# = 4 3 . 56

SLIDE 7

23-04-18 7

Jaap-Henk Hoepman // Radboud University Nijmegen //

The protocol in action: round 2

29-2-2016 // Fault Tolerance - Byzantine Generals 19

!"

#

!$

# = !" $

!&

# =⊥

!(

# = !" (

!(,$

#

!(,(*$

#

!$,+

#

!$,(

# = !" $

!&,,

# = -. /

!&0,&1,..,&3

#

means: 45told 6, that 45*$told 45, …. that 4$’s value is ! Initially all ⊥ !"

# = 7 6 . 89

z tells p that q told z its value is v; So q crashed after sending to z If z is honest, z will tell this to all honest nodes For crash failures we have either !&;;

#

=⊥

• r !&;;

#

= !"

& Jaap-Henk Hoepman // Radboud University Nijmegen //

Deciding on a value

n Let !

" = $ $ = $% " ∈ ' " ∧ $ ≠⊥}, i.e. the set of different values in ' "

n What are the possible values for !

"?

• If inputs are binary, then {}, {0}, {1}, {0,1}

n If !

" = 1 , i.e. ! " = {$}

• 1 decides on $

n Otherwise

• 1 decides on a default value $345, say 0

29-2-2016 // Fault Tolerance - Byzantine Generals 20 Jaap-Henk Hoepman // Radboud University Nijmegen //

Correctness

n Lemma: suppose both processors ! and " are correct (i.e don’t fail). Then if # ∈ %

& then # ∈ % '

n Proof

• If # ∈ %

& then # = #) & for some * with ! ∉ σ

«If ! ∈ *, i.e. * = -; !; / then ! sent # = 01;&

&

and hence # = #1

& too, with ! ∉ -

• If * < 3 + 1 then ! will sent 0);&

'

= #)

& = # to q and then #);& '

= # and so # ∈ %

'

• If * = 3 + 1 then there is a non faulty processor 6 with * = -; 6; / such

that #1

7 = #) & Then at round - + 1 processor 6 sent # = #1 7 to " as well

(as the first processor in /). Again # ∈ %

'

29-2-2016 // Fault Tolerance - Byzantine Generals 21

SLIDE 8

23-04-18 8

Jaap-Henk Hoepman // Radboud University Nijmegen //

Correctness

n By lemma previous slide, for any two correct processors we have agreement

• If !

" > 1 then ! % > 1 so both decide on the same value &'()

• If !

" = 1 then ! " = ! % = & for some & on which both decide

n If all processors start with the same value &, then all nodes in any tree equals & or ⊥. Therefore !

" = & for all correct , who

therefore decides on &

29-2-2016 // Fault Tolerance - Byzantine Generals 22