Byzantine Techniques Michael George November 29, 2005 Michael - - PowerPoint PPT Presentation

byzantine techniques
SMART_READER_LITE
LIVE PREVIEW

Byzantine Techniques Michael George November 29, 2005 Michael - - PowerPoint PPT Presentation

Sep 21, 2022 285 likes •942 views

Overview The Byzantine Generals Problem Practical Byzantine Fault Tolerance Conclusion Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques Overview The Byzantine Generals Problem Practical

slide-1
SLIDE 1

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Byzantine Techniques

Michael George November 29, 2005

Michael George Byzantine Techniques

slide-2
SLIDE 2

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Reliability and Failure

“There can be no unity without agreement, and there can be no agreement without conciliation” — Ren´ e Maowad

Michael George Byzantine Techniques

slide-3
SLIDE 3

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Reliability and Failure

“There can be no unity without agreement, and there can be no agreement without conciliation” — Ren´ e Maowad We want reliable systems Until now, we’ve assumed that failures are fail-stop What happens if failures are arbitrary?

Michael George Byzantine Techniques

slide-4
SLIDE 4

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Reliability and Failure

“There can be no unity without agreement, and there can be no agreement without conciliation” — Ren´ e Maowad We want reliable systems Until now, we’ve assumed that failures are fail-stop What happens if failures are arbitrary? . . . or even malicious?

Michael George Byzantine Techniques

slide-5
SLIDE 5

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Today’s Presentation

We will discuss two papers that address this worst-case scenario:

1 The Byzantine General’s Problem [Lamport et. al. 1982]

Phrases the problem in terms of Byzantine Generals Shows a tight upper bound on fault tolerance Explores bounds under modified assumptions

Michael George Byzantine Techniques

slide-6
SLIDE 6

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Today’s Presentation

We will discuss two papers that address this worst-case scenario:

1 The Byzantine General’s Problem [Lamport et. al. 1982]

Phrases the problem in terms of Byzantine Generals Shows a tight upper bound on fault tolerance Explores bounds under modified assumptions

2 Practical Byzantine Fault Tolerance [Castro and Liskov 1999]

Implements fault-tolerant state-machine replication Aggressively optimizes the implementation Layers replicated NFS over state-machine Shows performance penalty is reasonable

Michael George Byzantine Techniques

slide-7
SLIDE 7

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Basic Problem

A group of Byzantine Generals are surrounding an enemy city. They need to jointly decide whether to attack or retreat. But some of them might be traitors. Want them to agree on a decision.

Michael George Byzantine Techniques

slide-8
SLIDE 8

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Basic Problem

A group of Byzantine Generals are surrounding an enemy city. They need to jointly decide whether to attack or retreat. But some of them might be traitors. Want them to agree on a decision. Decision must be good.

Michael George Byzantine Techniques

slide-9
SLIDE 9

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent

Michael George Byzantine Techniques

slide-10
SLIDE 10

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A Bob R Cathy A Don A

Michael George Byzantine Techniques

slide-11
SLIDE 11

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A A Bob R A Cathy A A Don A A Commander Lieutenants

Michael George Byzantine Techniques

slide-12
SLIDE 12

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A A R Bob R A R Cathy A A R Don A A R Commander Lieutenants

Michael George Byzantine Techniques

slide-13
SLIDE 13

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A A R A Bob R A R A Cathy A A R A Don A A R A Commander Lieutenants

Michael George Byzantine Techniques

slide-14
SLIDE 14

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A A R A A Bob R A R A A Cathy A A R A A Don A A R A A Commander Lieutenants

Michael George Byzantine Techniques

slide-15
SLIDE 15

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Reducing Decision Making to Information Propogation

If a single commander can send information to some lieutenants such that: IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent Alice A A R A A Bob R A R A A Cathy A A R A A Don A A R A A The Byzantine General’s Problem is to send information in a way that satisfies IC1 and IC2.

Michael George Byzantine Techniques

slide-16
SLIDE 16

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Three Generals

Consider the following: Commander Lieutenant 1 Lieutenant 2 “attack” he said “attack” “attack” Commander says Lieutenant 2 says Lieutenant 1 concludes “attack” “attack” “attack”

Michael George Byzantine Techniques

slide-17
SLIDE 17

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Three Generals

Consider the following: Commander Lieutenant 1 Lieutenant 2 “attack” he said “retreat” “attack” Commander says Lieutenant 2 says Lieutenant 1 concludes “attack” “attack” “attack” “attack” “retreat” “attack”

Michael George Byzantine Techniques

slide-18
SLIDE 18

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Three Generals

Consider the following: Commander Lieutenant 1 Lieutenant 2 “attack” he said “retreat” “retreat” Commander says Lieutenant 2 says Lieutenant 1 concludes “attack” “attack” “attack” “attack” “retreat” “attack” “attack” “retreat” “retreat”

Michael George Byzantine Techniques

slide-19
SLIDE 19

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With 3m Generals

What if we can solve for 3m Albanian generals with m failures? AC AL1 AL2 AL3 AL4 AL5 AL6 AL7 AL8

Michael George Byzantine Techniques

slide-20
SLIDE 20

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With 3m Generals

What if we can solve for 3m Albanian generals with m failures? AC AL1 AL2 AL3 AL4 AL5 AL6 AL7 AL8 Byzantine Lieut. 1 Byzantine Commander Byzantine Lieut. 2 Then we can implement three Byzantine generals with one failure!

Michael George Byzantine Techniques

slide-21
SLIDE 21

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Approximate Agreement

Can we do approximate (within a given δ) agreement?

Michael George Byzantine Techniques

slide-22
SLIDE 22

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Approximate Agreement

Can we do approximate (within a given δ) agreement? ( A ) ( R ) No - just have general choose points further then 2δ apart.

Michael George Byzantine Techniques

slide-23
SLIDE 23

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Impossibility With Approximate Agreement

Can we do approximate (within a given δ) agreement? ( A ) ( R ) Attack No - just have general choose points further then 2δ apart. Now we’ve solved the exact problem.

Michael George Byzantine Techniques

slide-24
SLIDE 24

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Oral Messages

Some assumptions: A1 Every message that is sent is delivered correctly A2 The reciever of a message knows who sent it A3 The absence of a message can be detected

Michael George Byzantine Techniques

slide-25
SLIDE 25

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Oral Messages

Some assumptions: A1 Every message that is sent is delivered correctly A2 The reciever of a message knows who sent it A3 The absence of a message can be detected implicit Only the sender and reciever can read a message

Michael George Byzantine Techniques

slide-26
SLIDE 26

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

Oral Messages

Some assumptions: A1 Every message that is sent is delivered correctly A2 The reciever of a message knows who sent it A3 The absence of a message can be detected implicit Only the sender and reciever can read a message Also need a majority function: If a majority of vi’s are v then majority( v) = v Can use the “majority or default” function or the median function

Michael George Byzantine Techniques

slide-27
SLIDE 27

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Oral Messages Algorithm

IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent C L1 L2 L3 L4 L5 L6

Michael George Byzantine Techniques

slide-28
SLIDE 28

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Oral Messages Algorithm

IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent C L1 L2 L3 L4 L5 L6 Step 1

Michael George Byzantine Techniques

slide-29
SLIDE 29

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Oral Messages Algorithm

IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent C L1 L2 L3 L4 L5 L6 Step 2

Michael George Byzantine Techniques

slide-30
SLIDE 30

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Oral Messages Algorithm

IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent C L1 L2 L3 L4 L5 L6 Step 2

Michael George Byzantine Techniques

slide-31
SLIDE 31

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

The Oral Messages Algorithm

IC1 All loyal lieutenants recieve the same value IC2 If commander is loyal, then all lieutenants recieve value she sent C L1 L2 L3 L4 L5 L6 Step 2

Michael George Byzantine Techniques

slide-32
SLIDE 32

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

With Signed Messages (or broadcast)

Impossibility proof assumes that lieutenants can lie Can be prevented with digitial signatures Also with broadcast

Michael George Byzantine Techniques

slide-33
SLIDE 33

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

With Signed Messages (or broadcast)

Impossibility proof assumes that lieutenants can lie Can be prevented with digitial signatures Also with broadcast Authors provide m + 2 general algorithm that thwarts m traitors

Michael George Byzantine Techniques

slide-34
SLIDE 34

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

With Restricted Communications

What if generals can only talk to certain (nearby) generals? Under certain connectivity hypotheses: Almost the same basic algorithm works (add forwarding) Same bounds on number of traitors/generals Signed version also goes through as long as loyal generals connected

Michael George Byzantine Techniques

slide-35
SLIDE 35

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

“Certain Connectivity Hypotheses”

Definition: A set N of neighbors of v is regular if for all n ∈ N and all v′ = v there is a path γnv′ from n to v′ not passing through v

  • r γn′v′′

A graph is p-regular if every node has a regular set of p neighbors

Michael George Byzantine Techniques

slide-36
SLIDE 36

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion The Basic Problem Impossibility Results An Optimal Algorithm Extensions

“Certain Connectivity Hypotheses”

Definition: A set N of neighbors of v is regular if for all n ∈ N and all v′ = v there is a path γnv′ from n to v′ not passing through v

  • r γn′v′′

A graph is p-regular if every node has a regular set of p neighbors

Michael George Byzantine Techniques

slide-37
SLIDE 37

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Problems With Lamport et. al.

The first paper was theoretical: Algorithms provided only as proof of existence Very impractical; synchronous execution Assume network is reliable

Michael George Byzantine Techniques

slide-38
SLIDE 38

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Problems With Lamport et. al.

The first paper was theoretical: Algorithms provided only as proof of existence Very impractical; synchronous execution Assume network is reliable The second paper aims for practicality. Algorithm is implemented as general-purpose library Assumptions model reality better Implementation is optimized and benchmarked

Michael George Byzantine Techniques

slide-39
SLIDE 39

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Theoretical Limitations

Some hard limitations: Previous paper: need 3m + 1 generals

Michael George Byzantine Techniques

slide-40
SLIDE 40

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Theoretical Limitations

Some hard limitations: Previous paper: need 3m + 1 generals FLP result: need synchrony

Michael George Byzantine Techniques

slide-41
SLIDE 41

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Theoretical Limitations

Some hard limitations: Previous paper: need 3m + 1 generals FLP result: need synchrony Can’t avoid failures that are correct according to protocol

Michael George Byzantine Techniques

slide-42
SLIDE 42

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Theoretical Limitations

Some hard limitations: Previous paper: need 3m + 1 generals FLP result: need synchrony Can’t avoid failures that are correct according to protocol Given these limitations, the authors design a state machine replication protocol

Michael George Byzantine Techniques

slide-43
SLIDE 43

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

State Machine Replication

Replicated state machines are an abstract framework for distributed systems There is a shared global “state” of the system Events modify the state in a deterministic way

Client requests Membership changes / failure

Michael George Byzantine Techniques

slide-44
SLIDE 44

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

State Machine Replication

Replicated state machines are an abstract framework for distributed systems There is a shared global “state” of the system Events modify the state in a deterministic way

Client requests Membership changes / failure

Replicated servers maintain local copy of state

Can act on state transitions

Michael George Byzantine Techniques

slide-45
SLIDE 45

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

State Machine Replication

Replicated state machines are an abstract framework for distributed systems There is a shared global “state” of the system Events modify the state in a deterministic way

Client requests Membership changes / failure

Replicated servers maintain local copy of state

Can act on state transitions

If all replicas start in same state and all events propogated, then all replicas remain in the same state

Michael George Byzantine Techniques

slide-46
SLIDE 46

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Normal Operation

The algorithm is a 3-phase commit protocol:

0 Client sends request to primary

If primary is down, broadcast request

Michael George Byzantine Techniques

slide-47
SLIDE 47

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Normal Operation

The algorithm is a 3-phase commit protocol:

0 Client sends request to primary

If primary is down, broadcast request

1 Primary broadcasts Pre-prepare message to replicas

Just contains a sequence number, a view, and a signature Message is piggybacked

Michael George Byzantine Techniques

slide-48
SLIDE 48

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Normal Operation

The algorithm is a 3-phase commit protocol:

0 Client sends request to primary

If primary is down, broadcast request

1 Primary broadcasts Pre-prepare message to replicas

Just contains a sequence number, a view, and a signature Message is piggybacked

2 When a replica recieves a Pre-prepare it broadcasts a

Prepare message

Michael George Byzantine Techniques

slide-49
SLIDE 49

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Normal Operation

The algorithm is a 3-phase commit protocol:

0 Client sends request to primary

If primary is down, broadcast request

1 Primary broadcasts Pre-prepare message to replicas

Just contains a sequence number, a view, and a signature Message is piggybacked

2 When a replica recieves a Pre-prepare it broadcasts a

Prepare message

3 When a replica recieves 2f Prepare messages, it sends a

Commit message

Michael George Byzantine Techniques

slide-50
SLIDE 50

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Normal Operation

The algorithm is a 3-phase commit protocol:

0 Client sends request to primary

If primary is down, broadcast request

1 Primary broadcasts Pre-prepare message to replicas

Just contains a sequence number, a view, and a signature Message is piggybacked

2 When a replica recieves a Pre-prepare it broadcasts a

Prepare message

3 When a replica recieves 2f Prepare messages, it sends a

Commit message

4 When a replica recieves 2f + 1 commit messages, it changes

its’ local state

Michael George Byzantine Techniques

slide-51
SLIDE 51

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

View Changes

Like Paxos, we maintain a view of primary

1 When a replica thinks current primary has failed, broadcasts a

View-change message

Contains its best estimate of primary’s state upon failure

Michael George Byzantine Techniques

slide-52
SLIDE 52

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

View Changes

Like Paxos, we maintain a view of primary

1 When a replica thinks current primary has failed, broadcasts a

View-change message

Contains its best estimate of primary’s state upon failure

2 When the new primary recieves 2f View-change messages

it broadcasts New-view to all other replicas

Contains proof that it really recieved View-change messages

Michael George Byzantine Techniques

slide-53
SLIDE 53

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Optimizations

Some optimizations to reduce communication delay: Client designates single server for reply; others send digest

Michael George Byzantine Techniques

slide-54
SLIDE 54

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Optimizations

Some optimizations to reduce communication delay: Client designates single server for reply; others send digest Client can accept 2f + 1 tentative replies instead of waiting for f + 1 actual replies

Michael George Byzantine Techniques

slide-55
SLIDE 55

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Optimizations

Some optimizations to reduce communication delay: Client designates single server for reply; others send digest Client can accept 2f + 1 tentative replies instead of waiting for f + 1 actual replies Reduced interaction in read-only case Also use message authentication codes instead of public-key crypto for common case.

Michael George Byzantine Techniques

slide-56
SLIDE 56

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Micro-Benchmarks

arg./res. (KB) replicated without replication read-write read-only 0/0 3.35 (309%) 1.62 (98%) 0.82 (0%) 4/0 14.19 (207%) 6.98 (51%) 4.62 (0%) 0/4 8.01 (72%) 5.94 (27%) 4.66 (0%) For the “worst-case scenario”: Tests measure null operations Without replication is just “best-effort” (UDP) The worst is about four times as slow

Michael George Byzantine Techniques

slide-57
SLIDE 57

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Cost of Replication

BFS phase strict r/o lookup BFS-nr 1 0.55 (57%) 0.47 (34%) 0.35 (0%) 2 9.24 (82%) 7.91 (56%) 5.08 (0%) 3 7.24 (18%) 6.45 (6%) 6.11 (0%) 4 8.77 (18%) 7.87 (6%) 7.41 (0%) 5 38.68 (20%) 38.38 (19%) 32.12 (0%) total 64.48 (26%) 61.07 (20%) 51.07 (0%) This benchmark measures the cost of replication: BFS-nr is the same as BFS but performs no replication It is unsafe because reports that result is stable before it is

Michael George Byzantine Techniques

slide-58
SLIDE 58

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion Overview The Algorithm Performance

Cost of Fault Tolerance

BFS phase strict r/o lookup NFS-std 1 0.55 (-69%) 0.47 (-73%) 1.75 (0%) 2 9.24 (-2%) 7.91 (-16%) 9.46 (0%) 3 7.24 (35%) 6.45 (20%) 5.36 (0%) 4 8.77 (32%) 7.87 (19%) 6.60 (0%) 5 38.68 (-2%) 38.38 (-2%) 39.35 (0%) total 64.48 (3%) 61.07 (-2%) 62.52 (0%) This test measures the cost of fault tolerance: NFS-std is the standard implementation of NFS Some numbers are negative (!) Best numbers (r/o lookup) not quite fair

Michael George Byzantine Techniques

slide-59
SLIDE 59

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Take-home Messages

First paper: Possible to tolerate m traitors with 3m + 1 generals Not possible with fewer

Michael George Byzantine Techniques

slide-60
SLIDE 60

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Take-home Messages

First paper: Possible to tolerate m traitors with 3m + 1 generals Not possible with fewer Signatures make it much easier Connectivity doesn’t make it much harder

Michael George Byzantine Techniques

slide-61
SLIDE 61

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Take-home Messages

First paper: Possible to tolerate m traitors with 3m + 1 generals Not possible with fewer Signatures make it much easier Connectivity doesn’t make it much harder Second paper: Byzantine techniques are reasonable to use in practice Can even improve performance by replacing slow disk with fast distributed processors

Michael George Byzantine Techniques

slide-62
SLIDE 62

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Thoughts for Discussion

Are byzantine assumptions worthwhile?

Who does n-version programming anyway? Does it really help?

Michael George Byzantine Techniques

slide-63
SLIDE 63

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Thoughts for Discussion

Are byzantine assumptions worthwhile?

Who does n-version programming anyway? Does it really help?

Can this be done better at a lower level (e.g. broadcast)?

Lamport et. al. say no Need to be careful to avoid circularity

Michael George Byzantine Techniques

slide-64
SLIDE 64

Overview The Byzantine General’s Problem Practical Byzantine Fault Tolerance Conclusion

Thoughts for Discussion

Are byzantine assumptions worthwhile?

Who does n-version programming anyway? Does it really help?

Can this be done better at a lower level (e.g. broadcast)?

Lamport et. al. say no Need to be careful to avoid circularity

What about graceful failure?

Michael George Byzantine Techniques