Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Like this presentation? Why not share!

- The new decentralized sharing econo... by Hubert Gertis 2040 views
- The byzantine generals problem by Luong Nguyen 1126 views
- PBFT by Anna Yudina 1511 views
- Bitcoin & Blockchain Basics by Crowdsourcing Week 601 views
- Practical Byzantine Fault Tolerance by Suman Karumuri 2087 views
- Maintaining Mental Models by Anna Yudina 401 views

2,035 views

1,895 views

1,895 views

Published on

Presentation on Lamport's paper "The Byzantine Generals Problem"

Published in:
Technology

No Downloads

Total views

2,035

On SlideShare

0

From Embeds

0

Number of Embeds

1

Shares

0

Downloads

46

Comments

0

Likes

3

No embeds

No notes for slide

- 1. Byzantine Generals Problem Wednesday, August 18, 2010
- 2. Motivation Wednesday, August 18, 2010
- 3. Each division is directed by its own general Wednesday, August 18, 2010
- 4. There are n generals Wednesday, August 18, 2010
- 5. All armies are camped outside enemy castle, observing enemy Wednesday, August 18, 2010
- 6. Communicate with each other by messengers Wednesday, August 18, 2010
- 7. Requirement A: All loyal generals decide upon the same plan of action Wednesday, August 18, 2010
- 8. Requirement B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
- 9. Agreemeent G2 V1 General 1 sends his ideas on what to do G1 V1 next G4 V1 G3 Wednesday, August 18, 2010
- 10. Agreemeent { V1, V2 } V2 G2 { V1 } General 2 sends his ideas on what to do G1 V2 next V2 G4 G3 { V1 } { V1 } Wednesday, August 18, 2010
- 11. Apply combination method to all values { V1, V2, V3, V4 } G2 { V1, V2, V3, V4 } A: All loyal generals decide upon the same G1 plan of action G4 G3 { V1, V2, V3, V4 } Wednesday, August 18, 2010
- 12. Beware of the wolves… { V1, V2 } V2 G2 General might be a { V1 } traitor, sabotaging G1 V2' the process. V2' G4 G3 { V1 } { V1 } B: A small number of traitors cannot cause the loyal generals to adopt a bad plan Wednesday, August 18, 2010
- 13. Requirements reworked • From A: Every loyal general must obtain the same information v(1), .... v(n) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) Wednesday, August 18, 2010
- 14. Rewritten • From A: Any two loyal generals use the same value of v (i) • From B: If the ith general is loyal, then the value that he sends must be used by every loyal general as the value of v(i) 2 ... an d since now both 1 and are conditions on the single al: value of a single gener Wednesday, August 18, 2010
- 15. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends Wednesday, August 18, 2010
- 16. Byzantine Generals Problem A commanding general must send an order to his n - 1 C lieutenant generals such that IC1: All loyal lieutenants obey the same order IC2: If the commanding L1 L2 L3 general is loyal, then every loyal general obeys the order he sends y Interactive Consistenc Conditions Wednesday, August 18, 2010
- 17. Assuming oral messages… • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected Wednesday, August 18, 2010
- 18. No solution for 3 generals, 1 traitor C C ? ? attack attack attack retreat L1 he said 'retreat' L2 L1 he said 'retreat' L2 e From L 1’s perspective, both th s the commanding general a other lieutenant could be the ion. traitor causing confus Wednesday, August 18, 2010
- 19. General Impossibility (Oral Messages) In general, no solutions with fewer than 3m+1 generals can cope with m traitors. Wednesday, August 18, 2010
- 20. Assuming Signatures • Every message that is sent is delivered correctly • The receiver of a message knows who sent it • The absence of a message can be detected • Signatures • A loyal general’s signature cannot be forged, and any alteration of the contents of his signed messages can be detected. • Anyone can verify the authenticity of a general’s signature Wednesday, August 18, 2010
- 21. Algorithm SM(m) • Each lieutenant maintains a set V of properly signed orders received so far. • The commander sends a signed order to lieutenants • A lieutenant receives an order from someone (either from commander or other lieutenants), • Veriﬁes authenticity and puts it in V. • If there are less than m distinct signatures on the order • Augments orders with signature • Relays messages to lieutenants who have not seen the order. • When lieutenant receives no new messages, and use choice(V) as the desired action. • If you want to protect against more traitors, increase m Wednesday, August 18, 2010
- 22. SM(m) and Traitors C V = attack, retreat => ! C ommander is a traitor attack : C retreat : C retreat : C : L2 L1 attack : C : L1 L2 Wednesday, August 18, 2010
- 23. But what if… not all generals can reach all other generals directly? Wednesday, August 18, 2010
- 24. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
- 25. p-Regular Graphs 1. A set of nodes { i1, …, ip } is said to be a regular set of neighbors of a node i if: 1. each ij is a neighbor of i, and *SNAP* 2. for any general k different from i, there exists paths γj,k from ij to k not passing through i such that any two different paths γj,k have no node in common other than k. 2. The graph G is said to be p-regular if every node has a regular set of neighbors consisting of p distinct nodes. Wednesday, August 18, 2010
- 26. Samples 3-regular not 3-regular Wednesday, August 18, 2010
- 27. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
- 28. Missing communication paths For any m and any p ≥ 3m, algorithm OM(m, p) solves the Byzantine Generals Problem if there are at most m traitors. ssing In other words: in case of messengers pa h oral messages only, if you send enoug an messages, there m ay be a way to come to of agreement on w hat to do, even in face s. (It traitors and missin g communication path hich all depends on ho w many traitors and w paths are missing.) Wednesday, August 18, 2010
- 29. Missing Communication Paths For any m, SM(m) solves the Byzantine Generals Problem if there are at most m traitors. Wednesday, August 18, 2010
- 30. Practical Use of BGP General Processor Loyal general Non-faulty processor • IC1: All nonfaulty processors must use the same input value (so they produce the same output) • IC2: If the input unit is nonfaulty, then all nonfaulty processes use the value it provides as input (so they produce the correct output) Wednesday, August 18, 2010
- 31. Assumption A1 Every message sent by non-faulty process is delivered correctly. • Failure of communication line cannot be distinguished from failure of nodes. • OK because we still are tolerating m failures. Wednesday, August 18, 2010
- 32. Assumption A2 A processor can determine origin of message • In a ﬁxed line network, this can be assumed. • In a switched network, A2 is not needed since the messages will be signed. Wednesday, August 18, 2010
- 33. Assumption A3 The absence of a message can be detected • Only by the use of some time-out convention • Fixed maximum time needed for the generation and transmission of a message. • The sender and receiver have clocks that are synchronized to within some maximum error Wednesday, August 18, 2010
- 34. Assumption A4 Unforgeable signatures. Anyone can verify authenticity of signature • Message signed by i = (M, Si(M)) • If i is not faulty, no one can generate Si(M). (Faulty processor used for generating signatures.) • Given M and X, anyone can verify if X=Si(M) Wednesday, August 18, 2010
- 35. Conclusions • BGP solutions are expensive (communication overheads and signatures) • Use of redundancy and voting to achieve reliability. What if >1/3 nodes (processors) are faulty? • 3m+1 replicas for m failures. Is that expensive? • Tradeoffs between reliability and performance • How would you determine m in a practical system? Wednesday, August 18, 2010

No public clipboards found for this slide

Be the first to comment