tutorial byzantine agreement
play

Tutorial : Byzantine agreement Valerie King University of Victoria - PowerPoint PPT Presentation

Jan 16, 2023 •540 likes •1.08k views

Tutorial : Byzantine agreement Valerie King University of Victoria Victoria, Canada 25 Byzantine Agreement Byzantine Generals Problem in the full information model We imagine that several divisions of the Byzantine army are camped outside

  1. Tutorial : Byzantine agreement Valerie King University of Victoria Victoria, Canada

  2. 25 Byzantine Agreement Byzantine Generals Problem in the full information model � We imagine that several divisions of the Byzantine army are camped outside an enemy city, each division commanded by its own general. The generals can communicate with one another only by messenger. After observing the enemy, they must decide upon a common plan of action. However, some of the generals may be traitors, trying to prevent the loyal generals from reaching agreement... � --Lamport, Shostak and Pease, 1978

  3. Byzantine Agreement To model worst case faults in networks where processors communicate via point-to-point links

  4. Byzantine Agreement To model worst case faults in networks where processors communicate via point-to-point links All pairs are connected Source of message known to recipient

  5. B A has i has i 0 1 C has 0 i Start with initial bits; exchanges messages, then output same bit. If all start with the same bit, must output that bit.

  6. B A has i has i 0 1 C has 0 i Agreement Protocol: Send each other input bit and vote

  7. Byzantine Adversary (BA) n nodes t bad nodes behave arbitrarily Worst case input

  8. B has 0 A has 1 i i C has 1 i C has i 0 Agreement Protocol: Vote and output majority. Requires t< n/3 Without some signature scheme, A can’t prove what C sent to B (no “authentication”)

  9. Synchronous model • Proceeds in rounds: Time=number of rounds • Round: A) All nodes send messages B) All nodes receive all messages sent There is a deterministic algorithm that takes t+1 rounds and this is the best possible, even in the authenticated setting. Works by detecting bad nodes.

  10. The asynchronous model Adversary schedules message delivery, no global clock à At any step, a node must act before hearing from all n-t nodes and t of these nodes which send may be bad

  11. How do you measure time? • Initial step when all or some nodes may send messages, then event-driven: • each node waits for an event before acting • Time = length of longest chain of events where each event depends on the previous one occurring or equivalently • Time= # of maximum time units where the max time to send a message from one node to another takes 1 time unit

  12. Famous impossibility result Crash fault: A node dies. In the worst case, ONE crash fault makes (deterministic) agreement impossible with asynchrony. ( 1982: Fischer, Lynch and 2007 Nancy Lynch wins the Patterson) Knuth Prize for lifetime achievement, with this result called � fundamental in all of computer science � .

  13. Randomness, time and messages • Can be used to save time and communication • In the asynchronous model, it’s necessary

  14. What kind of randomness? • A random bit “global coin” known to all OR • “private coinflips”: Each node has access to its own random bits which are generated as needed

  15. Randomness and the power of the adversary “adversary” ==worst case faults Using randomness: coinflips are made during the algorithm Adversary does NOT know their outcomes until they are flipped Can the adversary wait to see the coinflips before • choosing whom to corrupt? Then it is an “adaptive adversary” • Else it is “static” •

  16. Randomness and the power of the adversary Can the adversary wait to see the coinflips before • choosing whom to corrupt? Then it is an “adaptive adversary” • Else it is “static” • With the static version, the algorithm can elect a leader which decides.

  17. Outline for tutorial Part I • Rabin’s global coin alg • Ben-Or’s with private coins – Reliable broadcast, multicast Part II • Averaging samplers

  18. Global Coin Alg, t <n/8 (synch version of Rabin) Repeat • Each node sends its bit to all – maj <- majority bit received, – tally <-number of maj bits received • If global coin = heads, threshold <- L=5n/8 Else threshold <- H= 6n/8 tally >= threshold then vote <-- maj Else vote <- 0 • If tally >= D= 7n/8 then Decide maj

  19. Why this works: 2 thresholds Why this works: 2 thresholds Adversary can only affect number received by t Adversary can only affect number received by t TALLY TALLY D=7n/8 D=7n/8 H=6n/8 H=6n/8 If maj is not unique, If maj is not unique, ALL < L so all set to 0 ALL < L so all set to 0 L=5n/8 L=5n/8 and decide next round and decide next round

  20. Why this works: 2 thresholds Why this works: 2 thresholds Adversary can only affect number received by t Adversary can only affect number received by t TALLY TALLY D=7n/8 D=7n/8 ALL> H, all set to maj ALL> H, all set to maj H=6n/8 H=6n/8 ALL decide current round ALL decide current round L=5n/8 L=5n/8 or next or next

  21. Why this works: 2 thresholds Adversary can only affect number received by t CASE: TALLY tiers D=7n/8 Otherwise, all nodes in H=6n/8 two consecutive tiers. L=5n/8 D>All > L: All keep maj if threshold is L H > All: All set to 0 if threshold is H

  22. Why this works: 2 thresholds Adversary can only affect number received by t CASE: TALLY tiers What if the threshold is D=7n/8 NOT the right one? H=6n/8 L=5n/8 No decision, repea t

  23. Asynchronous with private coins

  24. Ben-Or Byzantine Agreement t<n/5 r=1 While not decided each p repeats: do Broadcast of vote b p v ß majority value tally ß size of majority CASE: tally A) > (n+t)/2 then Decides on v B) > t then b p ß v C) else b p ß private coinflip Increment r

  25. Broadcast (p) • Sends (b p, r) to all • Waits until votes for round r received from n-t – Can only wait this long or alg may stall • If > (n+t)/2 of same vote v received, then sends (echo,v,r) to all – Ensures >half good nodes had same value so only 1 such v – Else sends (echo, nil, r) to all Waits until n-t (echo,*, r) messages received •

  26. Analyzing Ben-Or Byzantine Agreement t<n/5 While not decided each p repeats: do Broadcast of vote b p v ß majority value tally ß size of majority CASE: tally A) > (n+t)/2 then Decides on v B) > t then b p ß v C) else b p ß private coinflip

  27. Two thresholds A Deciding point (all above maintaining pt) B Maintaining point (only 1 value possible ) If tally of all nodes above A, they decide, and because of property of echoes, they decide on same value

  28. Two thresholds A Deciding point (all above maintaining pt) B Maintaining point (only 1 value possible ) If one node decides--> tally> 2t+1 --> tally > t+1 for all nodes --> All hold same vote, all decide next round

  29. Two thresholds A Deciding point (all above maintaining pt) B Maintaining point (only 1 value possible ) If there is no tally above A, then some nodes may be in CASE C Decision occurs if coin flips all agree and they agree with bits held by nodes in CASE B

  30. Observe 1 : Ben-Or’s iterations can be repeated until private coins agree with each other and with the maintained bit. Ends when 4n/5 good nodes hold the same value Bracha improves this to 2n/3, and t<n/3 by having nodes by a verification routine that enures nodes act consistently (or are detected).

  31. Observe 2: For t ≤ √n/4 then w/const prob it works the first time: Let X be the #heads-#tails when n coins are tossed, normal distribution with σ 2 = ∑(E [X 2 i ] - E[X i ] 2 ) = n(1/2) –n(1/4)=n/4 σ = √n/2=2t Pr(X > 2t) = If #heads - #tails > 2t or. #tails - #heads > 2t à Adv can’t affect majority value à 1/2 prob. of fair coin

  32. Reliable Broadcast (Bracha) A node p broadcasts a message m to all other nodes. If if t<n/3 • If all nodes start with the same bit, all decide the same bit within 3 steps • If any good node decides on a bit, all nodes will decide the same bit.

  33. Bracha’s Reliable Broadcast {p a node, m message} 1. p sends ( init , m) to all nodes 2. Upon receiving (init , m) from n-t other nodes, 3. Send ( echo , m) to all nodes 4. Upon receiving (n+t)/2 ( echo , m) or t+1 ( ready ,m) 5. Send (ready , m) to all nodes 6. Upon receiving n-t ( ready , m), decide m

  34. CASE: Suppose good nodes start with a 1 {p a node, m message} 1. p sends ( init , m) to all nodes 2. Upon receiving (init , m) from n-t other nodes, 3. Send ( echo , m) to all nodes 4. Upon receiving (n+t)/2 ( echo , m) or t+1 ( ready ,m) 5. Send (ready , m) to all nodes 6. Upon receiving n-t ( ready , m), decide m

  35. All n-t good nodes receive and send {p a node, m message} 1. p sends ( init , m) to all nodes 2. Upon receiving (init , m) 3. Send ( echo , m) to all nodes 4. Upon receiving (n+t)/2 ( echo , m) or t+1 ( ready ,m) 5. Send (ready , m) to all nodes 6. Upon receiving n-t ( ready , m), decide m

  36. All n-t good nodes All good nodes receive receive and send echoes and send {p a node, m message} 1. p sends ( init , m) to all nodes 2. Upon receiving (init , m) 3. Send ( echo , m) to all nodes 4. Upon receiving (n+t)/2 ( echo , m) or t+1 ( ready ,m) 5. Send (ready , m) to all nodes 6. Upon receiving n-t ( ready , m), decide m

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus

Towards Low-Latency Byzantine Agreement Protocols Using RDMA DSN Workshop on Byzantine Consensus and Resilient Blockchains Signe Rsch, Ines Messadi, Rdiger Kapitza, 2018-06-25 ruesch@ibr.cs.tu-bs.de Technische Universitt Braunschweig,

781 views • 47 slides
A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu

A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu

Introduction Byzantine agreement P modules Faster Byzantine solution Conclusions A Faster P Solution for the Byzantine Agreement Problem Michael J. Dinneen, Yun-Bum Kim, and Radu Nicolescu Department of Computer Science, University of

1.07k views • 69 slides
Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico , Joint

Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico , Joint

Introduction Almost Everywhere Byzantine Agreement via Universe Reduction From Almost Everywhere to everywhere(AE2E) Experimental Results Future work Results on a Scalable Byzantine Agreement. Olumuyiwa Oluwasanmi, University of New Mexico ,

604 views • 34 slides
Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at

Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at

Weighted Byzantine Agreement Vijay K. Garg John Bridgman Parallel and Distributed Systems Lab at The University of Texas at Austin IPDPS 2011 Introduction Byzantine Agreement Introduced by Lamport, Shostak and Pease 1980 Model: n

504 views • 47 slides
Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert Jaworski Byzantine system Copies of critical components Concurent replicas Response agreement Omission failure proof Robustness

660 views • 20 slides
Byzantine agreement in the Clear Valerie King University of Victoria Victoria, Canada

Byzantine agreement in the Clear Valerie King University of Victoria Victoria, Canada

Byzantine agreement in the Clear Valerie King University of Victoria Victoria, Canada Byzantine Agreement 0 1 0 1 Start with initial bits; exchanges messages, then output same bit. If all start with the same bit, must output that bit

746 views • 61 slides
The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of

The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of

StopFail EIGStop ByzAuth The Byzantine Agreement part 2 Radu Nicolescu Department of Computer Science University of Auckland 12 August 2018 1 / 14 StopFail EIGStop ByzAuth 1 Stopping failures 2 EIGStop 3 Byzantine agreement with

461 views • 30 slides
Fast Byzantine Agreement Nicolas BS Rachid

Fast Byzantine Agreement Nicolas BS Rachid

Fast Byzantine Agreement Nicolas BS Rachid G Florian H MMTDC'13, Bremen . Rushing adversary . No cryptographic hypotheses . Non-adaptive adversary Introduction . . . .

906 views • 53 slides
Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman

Advanced Network Security 6. Agreement and consensus II: Byzantine failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine failures are real

477 views • 30 slides
CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C.

CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C.

CS6410 Byzantine Agreement Kai Sun *Some slides are borrowed from Ken Birman, Andrea C. Arpaci- Dusseau, Eleanor Birrell, Zhiyuan Teo, and Indranil Gupta So Far Weve Talked About State machine replication Paxos So Far Weve

843 views • 49 slides
Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H.

Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H.

Sublinear-Round Byzantine Agreement under Corrupt Majority Elaine Shi @ Cornell Joint with T-H. Hubert Chan (HKU) &amp; Rafael Pass (Cornell) PKC2021 Virtual or Physical? Chair makes a suggestion Virtual Everyone discusses

482 views • 36 slides
Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley

Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley

Achieving Agreement In Three Rounds With Bounded-Byzantine Faults Mahyar Malekpour NASA Langley Research Center AIAA SciTech 2017, 7-14 January 2017 Grapevine, Texas Communication And Synchronization Distributed systems are integral part

318 views • 14 slides
The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science

The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science

Byz Problem Informal EIG Example Attributes Quiz TMR The Byzantine Agreement An Introduction Radu Nicolescu Department of Computer Science University of Auckland 25 July 2018 1 / 29 Byz Problem Informal EIG Example Attributes

1.04k views • 80 slides
Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with PBFT (Traditional BFT protocols) Similarities: Build practical Byzantine fault tolerance systems Protocol: Clients Primary Replicas

493 views • 18 slides
Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Overview The Byzantine Generals Problem Practical Byzantine Fault Tolerance Conclusion Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques Overview The Byzantine Generals Problem Practical

940 views • 64 slides
Actor-like cP Systems Alec Henderson and Radu Nicolescu Application/Test : Byzantine

Actor-like cP Systems Alec Henderson and Radu Nicolescu Application/Test : Byzantine

Greet Motiv cP cP Byz Syb Rules Bonus Actor-like cP Systems Alec Henderson and Radu Nicolescu Application/Test : Byzantine Agreement Department of Computer Science University of Auckland, Auckland, New Zealand CMC Dresden,

1.27k views • 69 slides
EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 Slides by: Lorenzo Alvisi B YZANTINE F

EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 Slides by: Lorenzo Alvisi B YZANTINE F

EECS 591 D ISTRIBUTED S YSTEMS Manos Kapritsos Fall 2020 Slides by: Lorenzo Alvisi B YZANTINE F AULT T OLERANCE A HIERARCHY OF FAILURE MODELS Fail-stop Crash Send omission Receive omission = benign failures General omission Arbitrary

654 views • 37 slides
Byzantine Generals Problem August 26, 2019 source: Department of Homeland Security, Science &amp;

Byzantine Generals Problem August 26, 2019 source: Department of Homeland Security, Science &amp;

Byzantine Generals Problem August 26, 2019 source: Department of Homeland Security, Science &amp; Technology Directorate https://nvlpubs.nist.gov/nistpubs/ir/2018/NIST.IR.8202.pdf source: Department of Homeland Security, Science &amp; Technology

822 views • 60 slides
The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be

The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be

The Byzantine Generals Problem Zixin Chi Julian Angeles Motivation A reliable system must be fault-tolerant. having some degree of redundancy. Consensus protocol. How can we reach consensus? What is the problem? First proposed by

599 views • 33 slides
How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4

Benjamin Canou, Emmanuel Chailloux and Jrme Vouillon . . . How to Run your Favorite Language on Web Browsers The Revenge of Virtual Machines Paris, le 4 octobre 2011 WWW 2012, Lyon, France . Introduction . . Introduction 3/20 What

341 views • 20 slides
FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault

FTCS 93 June 1993 A Formally Verified Algorithm for Interactive Consistency Under a Hybrid Fault Model Patrick Lincoln and John Rushby Computer Science Laboratory SRI International Menlo Park CA USA FTCS 93 1 Summary What we have

494 views • 25 slides
Agreement in Distributed Systems CS 188 Distributed Systems February 19, 2015 Lecture 12 Page

Agreement in Distributed Systems CS 188 Distributed Systems February 19, 2015 Lecture 12 Page

Agreement in Distributed Systems CS 188 Distributed Systems February 19, 2015 Lecture 12 Page 1 CS 188,Winter 2015 Introduction We frequently want to get a set of nodes in a distributed system to agree Commitment protocols and

793 views • 62 slides
Consensus in Distributed Systems Course: Distributed Computing Faculty: Dr. Rajendra Prasath

Consensus in Distributed Systems Course: Distributed Computing Faculty: Dr. Rajendra Prasath

Consensus in Distributed Systems Course: Distributed Computing Faculty: Dr. Rajendra Prasath Spring 2019 About this topic This course covers various concepts in Consensus in Distributed Systems. We will also focus on the essential aspects of

553 views • 38 slides
Using Proof-of-Work to Coordinate Adam Brandenburger* and Kai Steverson * J.P. Valles

Using Proof-of-Work to Coordinate Adam Brandenburger* and Kai Steverson * J.P. Valles

Using Proof-of-Work to Coordinate Adam Brandenburger* and Kai Steverson * J.P. Valles Professor, NYU Stern School of Business Distinguished Professor, NYU Tandon School of Engineering Faculty Director, NYU Shanghai Program on Creativity +

152 views • 14 slides

More recommend