Byzantine Generals

2,035 views
1,895 views

Published on

Presentation on Lamport's paper "The Byzantine Generals Problem"

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,035
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
46
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Byzantine Generals

  1. 1. Byzantine Generals Problem Wednesday, August 18, 2010
  2. 2. Motivation Wednesday, August 18, 2010
  3. 3. Each division is directed by its own general Wednesday, August 18, 2010
  4. 4. There are n generals Wednesday, August 18, 2010
  5. 5. All armies are camped outside enemy castle, observing enemy Wednesday, August 18, 2010
  6. 6. Communicate with each other by messengers Wednesday, August 18, 2010
  7. 7. Requirement A: All loyal generals decide upon the same plan of action Wednesday, August 18, 2010
  8. 8. Requirement B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
  9. 9. Agreemeent G2 V1 General 1 sends his ideas on what to do G1 V1 next G4 V1 G3 Wednesday, August 18, 2010
  10. 10. Agreemeent { V1, V2 } V2 G2 { V1 } General 2 sends his ideas on what to do G1 V2 next V2 G4 G3 { V1 } { V1 } Wednesday, August 18, 2010
  11. 11. Apply combination method to all values { V1, V2, V3, V4 } G2 { V1, V2, V3, V4 } A: All loyal generals decide upon the same G1 plan of action G4 G3 { V1, V2, V3, V4 } Wednesday, August 18, 2010
  12. 12. Beware of the wolves… { V1, V2 } V2 G2 General might be a { V1 } traitor, sabotaging G1 V2' the process. V2' G4 G3 { V1 } { V1 } B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
  13. 13. Requirements reworked • From A: Every loyal general must obtain the same information v(1), .... v(n) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) Wednesday, August 18, 2010
  14. 14. Rewritten • From A: Any two loyal generals use the same value of v (i) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) 2 ... an d since now both 1 and are conditions on the single al: value of a single gener Wednesday, August 18, 2010
  15. 15. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends Wednesday, August 18, 2010
  16. 16. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends y Interactive Consistenc Conditions Wednesday, August 18, 2010
  17. 17. Assuming oral messages… • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected Wednesday, August 18, 2010
  18. 18. No solution for 3 generals, 1 traitor C C ? ? attack attack attack retreat L1 he said 'retreat' L2 L1 he said 'retreat' L2 e From L 1’s perspective, both th s the commanding general a other lieutenant could be the ion. traitor causing confus Wednesday, August 18, 2010
  19. 19. General Impossibility (Oral Messages) In general, no solutions with fewer than 3m+1 generals can cope with m traitors. Wednesday, August 18, 2010
  20. 20. Assuming Signatures • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected • Signatures • A loyal general’s signature cannot be forged, and any alteration of the contents of his signed messages can be detected. • Anyone can verify the authenticity of a general’s signature Wednesday, August 18, 2010
  21. 21. Algorithm SM(m) • Each lieutenant maintains a set V of properly signed orders received so far. • The commander sends a signed order to lieutenants • A lieutenant receives an order from someone (either from commander or other lieutenants), • Verifies authenticity and puts it in V. • If there are less than m distinct signatures on the order • Augments orders with signature • Relays messages to lieutenants who have not seen the order. • When lieutenant receives no new messages, and use choice(V) as the desired action. • If you want to protect against more traitors, increase m Wednesday, August 18, 2010
  22. 22. SM(m) and Traitors C V = attack, retreat => ! C ommander is a traitor attack : C retreat : C retreat : C : L2 L1 attack : C : L1 L2 Wednesday, August 18, 2010
  23. 23. But what if… not all generals can reach all other generals directly? Wednesday, August 18, 2010
  24. 24. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
  25. 25. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and *SNAP* 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
  26. 26. Samples 3-regular not 3-regular Wednesday, August 18, 2010
  27. 27. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
  28. 28. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. ssing In other words: in case of messengers pa h oral messages only, if you send enoug an messages, there m ay be a way to come to of agreement on w hat to do, even in face s. (It traitors and missin g communication path hich all depends on ho w many traitors and w paths are missing.) Wednesday, August 18, 2010
  29. 29. Missing Communication Paths For any m, SM(m) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
  30. 30. Practical Use of BGP General Processor Loyal general Non-faulty processor • IC1: All nonfaulty processors must use the same input value (so they produce the same output) • IC2: If the input unit is nonfaulty, then all nonfaulty processes use the value it provides as input (so they produce the correct output) Wednesday, August 18, 2010
  31. 31. Assumption A1 Every message sent by non-faulty process is delivered correctly. • Failure of communication line cannot be distinguished from failure of nodes. • OK because we still are tolerating m failures. Wednesday, August 18, 2010
  32. 32. Assumption A2 A processor can determine origin of message • In a fixed line network, this can be assumed. • In a switched network, A2 is not needed since the messages will be signed. Wednesday, August 18, 2010
  33. 33. Assumption A3 The absence of a message can be detected • Only by the use of some time-out convention • Fixed maximum time needed for the generation and transmission of a message. • The sender and receiver have clocks that are synchronized to within some maximum error Wednesday, August 18, 2010
  34. 34. Assumption A4 Unforgeable signatures. Anyone can verify authenticity of signature • Message signed by i = (M, Si(M)) • If i is not faulty, no one can generate Si(M). (Faulty processor used for generating signatures.) • Given M and X, anyone can verify if X=Si(M) Wednesday, August 18, 2010
  35. 35. Conclusions • BGP solutions are expensive (communication overheads and signatures) • Use of redundancy and voting to achieve reliability. What if >1/3 nodes (processors) are faulty? • 3m+1 replicas for m failures. Is that expensive? • Tradeoffs between reliability and performance • How would you determine m in a practical system? Wednesday, August 18, 2010

×