byzantine fault tolerance
play

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab - PowerPoint PPT Presentation

Jan 11, 2024 •478 likes •1.26k views

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Hopefully everyone has started by now, maybe even finished large portions. If not ... you should worry . Please don't change the protobufs. My testing strategy

  1. Byzantine Fault Tolerance Consensus Strikes Back

  2. Announcements

  3. Lab 2 • Hopefully everyone has started by now, maybe even finished large portions. • If not ... you should worry . • Please don't change the protobufs. • My testing strategy is going to be to write a few clients and check linearizability. • Changing the interface doesn't let me do that. • Feel free to change whatever is not the interface.

  4. BFT

  5. A Note on Terminology • Byzantine Empire? • Continuation of the Roman Empire, ~400-1450 AD • Commonly used as example of bad bureaucracy, in fighting... • Historical records don't entirely agree with this.

  6. What is the Problem? 0 1 2 3 4

  7. What is the Problem? 0 1 2 3 4

  8. Concrete Problems 0 AppendEntries(..., AppendEntries(..., [(index=4)]) [], leaderCommit=4) Success 1 2 3 4

  9. Concrete Problems 0 VoteGranted( VoteGranted( term=2) term=2) RequestVote( term=2) RequestVote( term=2) 1 2

  10. Concrete Problems

  11. Failure Models • Until now we have considered fail-stop processes. • When failed: stop sending messages and take no steps. • Byzantine faults: when failed do "arbitrary things." • These arbitrary things could even be coordinated with other failed nodes.

  12. However assuming we know participants a priori.

  14. On the internet nobody knows what maps to a user, nor to a machine, ...

  15. Not Considering this Problem • Live in a centralized environment. • All servers/nodes are launched by some centralized entity. • For example Kubernetes or a human with physical access. • Several ways to solve the decentralized problem. • But largely separable from the discussion at hand.

  16. Is This Still Useful? • Yes... • Used by Boeing in the 777 to ensure safety. • Used in SpaceX Falcon -- "... to meet requirements for approaching the ISS" • Generally useful, but cost prohibitive.

  17. Failure Models • Until now we have considered fail-stop processes. • When failed: stop sending messages and take no steps. • Byzantine faults: when failed do "arbitrary things." • These arbitrary things could even be coordinated with other failed nodes.

  18. What Can we Do?

  19. What Do We Care about Addressing 0 State 1 2 3 4 State State State State

  20. What Do We Care about Addressing 0 State 1 2 3 4 State State State State Can't really peer into the state of a remote node, cannot do much.

  21. What Do We Care about Addressing 0 1 2 3 4 Failed nodes can only interfere by sending messages.

  22. What Do We Care about Addressing 0 1 2 3 4 Make sure messages sent by all nodes are "correct" before acting.

  23. Why challenging? Don't know failed nodes a-priori.

  24. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Same might not necessarily mean "correct". • But always accept any message from a correct participant. • Every message is "consistent" with the protocol. • Attach some kind of proof that you were supposed to send this message.

  25. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Every message is "consistent" with the protocol.

  26. Agreeing on Correct Messages

  27. Problem we Want to Solve 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  28. Problem we Want to Solve 0 Success 1 2 3 4

  29. Problem we Want to Solve 0 AppendEntries(..., [], leaderCommit = 4) 1 2 3 4

  30. Problem we Want to Solve 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  31. Problem we Want to Solve 0 AppendEntries(..., [], leaderCommit = 4) 1 2 3 4

  32. Problem we Want to Solve • Cannot observe messages between individuals. • Hard to judge whether behavior is correct. • New idea: send messages to everyone. • Everyone knows where the state machine should be.

  33. Sending to Everyone 0 0->1: AppendEntries(..., [(index=4)]) 1 2 3 4

  34. Sending to Everyone 0 Success 1 2 3 4 Success

  35. Sending to Everyone is Insu ffi cient 0 0 0->1: AppendEntries(..., [(c1, index=4)]) 0->1: AppendEntries(..., [(c0, index=4)]) 1 2 3 4

  36. Sending to Everyone is Insu ffi cient 0 0 1 thinks slot 4 1 thinks slot 4 is c1 is c0 Success 1 2 3 4 Slot 4 is c0 Success

  37. Sending to Everyone is Not Su ffi cient • Faulty node can send differing messages to "everyone". • Run some protocol to detect this problem.

  38. Sending to Everyone 0 0 0->1: AppendEntries(..., [(c1, index=4)]) 0->1: AppendEntries(..., [(c0, index=4)]) 1 2 3 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4

  39. Sending to Everyone 0 0 1 2 3 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 3 3 3 3 4 4 4 4

  40. Sending to Everyone 0 0 Choose majority, 1 2 3 4 breaking ties deterministically. 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4

  41. Sending to Everyone 0 Choose majority, 1 2 2 3 4 breaking ties deterministically. 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c0, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 ??? ??? ??? 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4

  42. Not Possible for 1 failure with 3 participants 0 0 0->1: x=1 0->1: x=1 0->1: x=1 0->1: x=2 2 1 1 2

  43. Not Possible for 1 failure with 3 participants 0 0 0->1: x=2 0->1: x=2 2 1 1 2 0->1: x=1 0->1: x=1

  44. Not Possible for 1 failure with 3 participants 0 0 0->1: x=2 0->1: x=2 2 1 1 2 0->1: x=1 0->1: x=1 Cannot distinguish between these two cases. Cannot meet the two requirements state at the beginning.

  45. Limitations • More generally cannot solve for m failures with < 3m+1 participants. • Proof by reduction to the case with 3.

  46. Sending to Everyone 0 0 1 2 3 4 5 6 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c1, 4 1 1 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 2 2 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 3 3 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 5 5 5 5 5 0->1: c1, 4 0->1: c1, 4 5 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 6 6 6 6 6 0->1: c0, 4 0->1: c0, 4 6 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 • However, note that doing this once is not sufficient for more than 1 faults.

  47. Sending to Everyone 0 0 1 2 2 3 4 5 6 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c1, 4 1 1 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 2 2 ??? ??? ??? ??? ??? 3 3 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 5 5 5 5 5 0->1: c1, 4 0->1: c1, 4 5 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 6 6 6 6 6 0->1: c0, 4 0->1: c0, 4 6 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 • However, note that doing this once is not sufficient for more than 1 faults. • For example, can force any decision in this case.

  48. Solution: Recursively call again.

  49. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Every message is "consistent" with the protocol.

  50. Proving Consistency with the Protocol

  51. What Does this Even Mean? 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  52. What Does this Even Mean? 0 Success 1 2 3 4

  53. What Does this Even Mean? 0 AppendEntries(..., [], leaderCommit = 4), Proof that a majority have accepted entires until 4. 1 2 3 4

  54. Problem • How to generate proofs? • Many possibilities, but just going to include messages here. • How to prevent failed nodes from misrepresenting messages?

  55. Misrepresenting Messages 0 AppendEntries(..., [], leaderCommit = 4), Success from 0, 1, 2, 3 1 2 3 4

  56. Misrepresenting Messages 0 0 AppendEntries(..., [], leaderCommit = 4), Success from 0, 1, 2, 3 1 2 3 4

  57. Warning: Cryptography

  58. Digests/Hashes Arbitrary length input h Fixed length output • Deterministic: h(x) should always be the same value. • Not invertable -- given h(x) cannot find x. • Output of h(x) is equivalent to a random function. • Infeasible to find collisions.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Introduction Consensus and Partial Synchrony Practical Byzantine Fault Tolerance Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in Distributed Computing WS 2007/2008, MPI-SWS (Saarland University),

1.12k views • 37 slides
Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with PBFT (Traditional BFT protocols) Similarities: Build practical Byzantine fault tolerance systems Protocol: Clients Primary Replicas

493 views • 18 slides
Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel Dresden, 2008-11-05 Motivation Byzantine Faults

681 views • 12 slides
BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019

BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019

BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019 BYZANTINE FAULT TOLERANCE Long-standing problem in systems Byzantine (adj): excessively complicated, and typically involving a great deal of

685 views • 19 slides
Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April

Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April

Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April 2010 Plan Zyzzyva: Last word of dictionary Requirements &amp; Introduction Byzantine problem Zyzzyva Protocol Evaluation

265 views • 24 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Note, even with late days you must submit by 23:59 on

1.34k views • 56 slides
Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures Traditional state machine

989 views • 41 slides
Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement,

Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement,

Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement, E. Wong Sajjad Rahnama, November 1st 1 Agenda Introduction Zyzzyva System Model Protocol Overview Node State and Checkpoints

697 views • 44 slides
Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault Tolerance Given 6 Generals: 4 Loyal General, 2 Traitor Why is a solution for this impossible? 1 1 G Each loyal general receives 3 0 correct

547 views • 38 slides
RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien

RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien

RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien Quema Grenoble University, CNRS LIRIS, Grenoble INP presenter = Muhammad Awad ECS265 - Paper Presnetaion 1/20 Goal and Motivation: Robust BFT

518 views • 20 slides
Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Unit OS10: Fault Tolerance Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume Management - Striped

394 views • 25 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Lab 2 Due in

1.69k views • 119 slides
Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in Action Jack Dongarra, Innovative Computing Laboratory University of Tennessee and Computer Science and Mathematics Division Oak Ridge National

422 views • 14 slides
Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully everyone has started by now, maybe even finished large portions. Lab 2 Hopefully everyone has started by now, maybe even finished large portions.

1.87k views • 141 slides
Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains

Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains

Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains Signe R usch April 4, 2018 Organisational Topic Descriptions Table of Contents Organisational Topic Descriptions Signe R usch | Seminar

471 views • 15 slides
General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For Fault-Tolerance? Reduce the overhead (in space and in time) needed for fault-tolerance Better fault-tolerance in 1D? Better magic state

556 views • 22 slides
Gam ame e Theor Theory y for or Dist istribut ibuted ed Syst ystem ems John P. Conley

Gam ame e Theor Theory y for or Dist istribut ibuted ed Syst ystem ems John P. Conley

Gam ame e Theor Theory y for or Dist istribut ibuted ed Syst ystem ems John P. Conley Vanderbilt University and Geeq.io Crypto Crypto Economics Economics Security Security Conference Conference Berkeley Berkeley October 2019 1

496 views • 23 slides
The geometry of hydrodynamic integrability David M. J. Calderbank University of Bath October

The geometry of hydrodynamic integrability David M. J. Calderbank University of Bath October

The geometry of hydrodynamic integrability David M. J. Calderbank University of Bath October 2017 1 What is hydrodynamic integrability? A test for integrability of dispersionless systems of PDEs. Introduced by E. Ferapontov

343 views • 20 slides
Parsing pregroup grammars using partial composition echet (1) , Annie Foret (2) and Isabelle

Parsing pregroup grammars using partial composition echet (1) , Annie Foret (2) and Isabelle

Parsing pregroup grammars using partial composition echet (1) , Annie Foret (2) and Isabelle Tellier (3) Denis B (1) LINA, University of Nantes (2) IRISA, University of Rennes (3) LIFL, University of Lilles III Workshop on Pregroups and Linear

470 views • 29 slides
Constructing a spanning tree Toni Kylml toni.kylmala@tkk.fi 1 Constructing a spanning tree

Constructing a spanning tree Toni Kylml toni.kylmala@tkk.fi 1 Constructing a spanning tree

T-79.4001 Seminar on Theoretical Computer Science Spring 2007 Distributed Computation Constructing a spanning tree Toni Kylml toni.kylmala@tkk.fi 1 Constructing a spanning tree Spanning tree To construct a spanning tree we must get

467 views • 18 slides
Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) ,

Verifying Safety of Fault-Tolerant Distributed Components R. Ameur-Boulifa (1) , R. Halalai (2) , L. Henrio (2) , E. Madelaine (2) (1) Telecom-ParisTech Sophia-Antipolis (2) Oasis team INRIA -- CNRS - I3S -- Univ. of Nice Sophia-Antipolis

750 views • 27 slides
Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical

Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical

Tsunami simulation on FPGA/GPU Tsunami simulation on FPGA/GPU and its analysis based on Statistical Model Checking Masahiro Fujita VLSI Design and Education Center (VDEC) University of Tokyo 1 2 Outline What Tsunami simulation means in

1.25k views • 44 slides
Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University

Betting on Consensus with Fantmette Sarah Azouvi, Patrick McCorry, Sarah Meiklejohn University College London CESC 2018, SF , October 11 2018 1 Bitcoin vs Traditional Consensus Bitcoin vs Traditional Consensus Open, participants

1.18k views • 91 slides
Forks and Governance November 6, 2019 guha.jayachandran@sjsu.edu What is a Fork? What is a

Forks and Governance November 6, 2019 guha.jayachandran@sjsu.edu What is a Fork? What is a

Forks and Governance November 6, 2019 guha.jayachandran@sjsu.edu What is a Fork? What is a Fork? Divergence in view of the blockchain Just like a fork in Github, except you usually dont want a fork in a blockchain Why? What

348 views • 22 slides

More recommend