23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for crash failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh Byzantine generals 29-2-2016 // Fault Tolerance - Byzantine Generals 2 Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 3 1
23-04-18 Types of faults n Stopping / Crash ● Process stops unexpectedly and does nothing after that, forever n Omission ● Process skips a step it is supposed to perform « e.g. sending a messages; this models message dropping on an edge (except that there is a limit on the number of affected edges…) n Byzantine ● Process performs arbitrary actions, not specified by the protocol « e.g. sending different messages to different recipients Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 4 Byzantine failures are real sender Wire/bus Receiver 1 Receiver 2 Receiver 3 Receivers have slightly different thresholds, so may receive different values Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 5 Decision problems n Private inputs ! " . $% , private decision outputs ! & . '()$*$+% n Termination condition ● Deterministic termination « Every correct process decides irrevocably, and stops/knows it decided ● Probabilistic termination (convergence) « Every correct process decides irrevocably with probability 1, and stops/knows it decided ● Implicit termination (stabilisation) « Every correct process decides, but never knows it decided (and may change decisions in the process); no such changes occur after a finite number of steps n Consistency condition ● A global predicate over inputs and decision outputs ● Problem specific Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 6 2
23-04-18 Solving decision problems n We assume a certain topology ! = ($, &) , ( = |$| ● Typically a clique f is assumption on number of faults. Real number of faults in an execution n We assume certain faulty behaviour may be lower or equal (in which case algorithm is succesful) or not (in ● E.g. crash failures only which case it fails) n We assume at most * < ( processes are faulty ● Link failures are modelled as process failures ● * expresses robustness ; typically * < (/3 or * < (/2 ● Sometimes we specify certain processes can/cannot fail n We assume recipient knows sender of messages (authenticity) ● Not signatures, but because of point-to-point direct connections Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 7 Decision problem: replicated server Also sometimes written as *+,(*+(& ! . ()) n Suppose two (replicated) n Protocol for !, # servers !, # hold the same data (input) forall $ ≠ #, ! do send & ! . () to $ n Consistency condition: & ! . *+,(-(.) = & ! . () ● All correct processes decide on this input n Termination condition: n Protocol for other processes $ ● deterministic n Assumptions receive 0 & $ . *+,(-(.) = 0 ● Crash failures ● At most one of the replicated servers fail Jaap-Henk Hoepman // Radboud University Nijmegen // 8 29-2-2016 // Fault Tolerance - Byzantine Generals Decision problem: replicated server n What if (replicated) servers !, # n Protocol for !, # hold different data? forall $ ≠ #, ! do send & ! . () to $ & ! . *+,(-(.) = & ! . () n What if both replicated servers fail? n Protocol for other processes $ receive 0 & $ . *+,(-(.) = 0 Jaap-Henk Hoepman // Radboud University Nijmegen // 9 29-2-2016 // Fault Tolerance - Byzantine Generals 3
23-04-18 Decision problem: weak broadcast n One server ! holds a bit n Protocol for ! ● Either 0 or 1 % ! . '()*+*,- = % ! . *- if % ! . *- == 1 n Consistency condition: then forall $ ≠ ! ● All correct processes decide on do send 1 to $ the same value ● If ! does not crash, this should be ! ’s input n Protocol for other processes $ n Termination condition: % $ . '()*+*,- = 0 ● stabilising receive 1 % $ . '()*+*,- = 1 n Assumptions forall q ≠ $ do send 1 to 1 ● Crash failures Jaap-Henk Hoepman // Radboud University Nijmegen // 10 29-2-2016 // Fault Tolerance - Byzantine Generals Decision problem: weak broadcast n What if ! crashes? n Protocol for ! # ! . %&'()(*+ = # ! . (+ if # ! . (+ == 1 n Why is this not deterministically then forall " ≠ ! terminating? do send 1 to " n Protocol for other processes " # " . %&'()(*+ = 0 receive 1 # " . %&'()(*+ = 1 forall q ≠ " do send 1 to 1 Jaap-Henk Hoepman // Radboud University Nijmegen // 11 29-2-2016 // Fault Tolerance - Byzantine Generals The consensus problem 4
23-04-18 The consensus problem n All processes have a binary input value ● So it is different from a broadcast n Consistency condition ● All correct processes decide on the same value ( Agreement ) ● If all processors have the same input value ! , then all correct processors must decide ! ( Validity ) n Termination condition ● Deterministic Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 13 Aside: solving consensus with broadcast a.k.a n Atomic broadcast n Consensus protocol for ! agreement ● Sender ! holds a bit Initialise vector $[] Recipient « Either 0 or 1 $[!] = ( ! . *+ recognizes sender ● Consistency condition: broascast ( ! . *+ forall , ≠ ! « All correct processes decide on the do receive $ , same value (even when sender p ( ! . ./0*1*2+ = 3452,*67 {$ , } fails) « If ! does not fail, all correct processes decide on sender ! ’s input n In other words: atomic broadcast and consensus are very similar ● Termination condition: deterministic n Remember: no link failures Jaap-Henk Hoepman // Radboud University Nijmegen // 14 29-2-2016 // Fault Tolerance - Byzantine Generals Consensus for crash failures n Assume at most ! < # crash failures n Synchronous protocol ● Computation proceeds in rounds ● At start of round $ , all processors send all messages for round $ ● Before proceeding to round $ + 1 all processors receive all round $ messages « If they arrive, they arrive in this round; otherwise they are lost forever Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 15 5
23-04-18 # $ % & ,% ( ,..,% * means: + , told ! , Consensus: main approach that + ,-. told + , , …. that + . ’s value is $ Initially all ⊥ n Each processor ! builds the following tree " # = 2 ! . 34 # $ 0 # $ 0 Level 0 # Level 1 # # $ 5 $ . $ % # # # # Level 2 $ .,6 $ .,5 $ 5,. $ 5,5-. # $ ; Level 7 # for all > ∉ @ , i.e. 4 − @ = 4 − 7 children $ ;;= Level 7 + 1 Level 8 + 1 Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 16 # ! 9 > ,9 ? ,..,9 @ means: 6 A told ( , Building the tree: protocol for p that 6 ABC told 6 A , …. that 6 C ’s value is ! Initially all ⊥ n Before round 1 # = ' ( . *+ ! & # =⊥ and ! & # = ' ( . *+ ● Initialise tree. Set all ! " n Round ,, 1 ≤ , ≤ 0 + 1 # to all processors 6 (including ● For all 2 with 2 = , − 1 ∧ ( ∉ 2, send ! " ( ) 9 « Call this message 7 ";# # # ● Receive all 7 ";: addressed to ( and store in ! ";: « By the protocol ; ∉ 2 so ( receives + − (, − 1) such messages from each ; Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 17 # ! & - ,& . ,..,& 0 means: 1 2 told 3 , The protocol in action: round 1 that 1 2*$ told 1 2 , …. that 1 $ ’s value is ! Initially all ⊥ # = 4 3 . 56 # ! " ! " # = ! " # = ! " # =⊥ Processor q crashes $ ! ( ( ! $ ! & # # # # ! $,+ ! $,( # ! &,, ! (,$ ! (,(*$ Jaap-Henk Hoepman // Radboud University Nijmegen // 29-2-2016 // Fault Tolerance - Byzantine Generals 18 6
Recommend
More recommend