byzantine fault tolerance
play

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab - PowerPoint PPT Presentation

Jan 11, 2024 •478 likes •1.26k views

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Hopefully everyone has started by now, maybe even finished large portions. If not ... you should worry . Please don't change the protobufs. My testing strategy

  1. Byzantine Fault Tolerance Consensus Strikes Back

  2. Announcements

  3. Lab 2 • Hopefully everyone has started by now, maybe even finished large portions. • If not ... you should worry . • Please don't change the protobufs. • My testing strategy is going to be to write a few clients and check linearizability. • Changing the interface doesn't let me do that. • Feel free to change whatever is not the interface.

  4. BFT

  5. A Note on Terminology • Byzantine Empire? • Continuation of the Roman Empire, ~400-1450 AD • Commonly used as example of bad bureaucracy, in fighting... • Historical records don't entirely agree with this.

  6. What is the Problem? 0 1 2 3 4

  7. What is the Problem? 0 1 2 3 4

  8. Concrete Problems 0 AppendEntries(..., AppendEntries(..., [(index=4)]) [], leaderCommit=4) Success 1 2 3 4

  9. Concrete Problems 0 VoteGranted( VoteGranted( term=2) term=2) RequestVote( term=2) RequestVote( term=2) 1 2

  10. Concrete Problems

  11. Failure Models • Until now we have considered fail-stop processes. • When failed: stop sending messages and take no steps. • Byzantine faults: when failed do "arbitrary things." • These arbitrary things could even be coordinated with other failed nodes.

  12. However assuming we know participants a priori.

  14. On the internet nobody knows what maps to a user, nor to a machine, ...

  15. Not Considering this Problem • Live in a centralized environment. • All servers/nodes are launched by some centralized entity. • For example Kubernetes or a human with physical access. • Several ways to solve the decentralized problem. • But largely separable from the discussion at hand.

  16. Is This Still Useful? • Yes... • Used by Boeing in the 777 to ensure safety. • Used in SpaceX Falcon -- "... to meet requirements for approaching the ISS" • Generally useful, but cost prohibitive.

  17. Failure Models • Until now we have considered fail-stop processes. • When failed: stop sending messages and take no steps. • Byzantine faults: when failed do "arbitrary things." • These arbitrary things could even be coordinated with other failed nodes.

  18. What Can we Do?

  19. What Do We Care about Addressing 0 State 1 2 3 4 State State State State

  20. What Do We Care about Addressing 0 State 1 2 3 4 State State State State Can't really peer into the state of a remote node, cannot do much.

  21. What Do We Care about Addressing 0 1 2 3 4 Failed nodes can only interfere by sending messages.

  22. What Do We Care about Addressing 0 1 2 3 4 Make sure messages sent by all nodes are "correct" before acting.

  23. Why challenging? Don't know failed nodes a-priori.

  24. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Same might not necessarily mean "correct". • But always accept any message from a correct participant. • Every message is "consistent" with the protocol. • Attach some kind of proof that you were supposed to send this message.

  25. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Every message is "consistent" with the protocol.

  26. Agreeing on Correct Messages

  27. Problem we Want to Solve 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  28. Problem we Want to Solve 0 Success 1 2 3 4

  29. Problem we Want to Solve 0 AppendEntries(..., [], leaderCommit = 4) 1 2 3 4

  30. Problem we Want to Solve 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  31. Problem we Want to Solve 0 AppendEntries(..., [], leaderCommit = 4) 1 2 3 4

  32. Problem we Want to Solve • Cannot observe messages between individuals. • Hard to judge whether behavior is correct. • New idea: send messages to everyone. • Everyone knows where the state machine should be.

  33. Sending to Everyone 0 0->1: AppendEntries(..., [(index=4)]) 1 2 3 4

  34. Sending to Everyone 0 Success 1 2 3 4 Success

  35. Sending to Everyone is Insu ffi cient 0 0 0->1: AppendEntries(..., [(c1, index=4)]) 0->1: AppendEntries(..., [(c0, index=4)]) 1 2 3 4

  36. Sending to Everyone is Insu ffi cient 0 0 1 thinks slot 4 1 thinks slot 4 is c1 is c0 Success 1 2 3 4 Slot 4 is c0 Success

  37. Sending to Everyone is Not Su ffi cient • Faulty node can send differing messages to "everyone". • Run some protocol to detect this problem.

  38. Sending to Everyone 0 0 0->1: AppendEntries(..., [(c1, index=4)]) 0->1: AppendEntries(..., [(c0, index=4)]) 1 2 3 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 2 2 2 2 3 3 3 3 4 4 4 4

  39. Sending to Everyone 0 0 1 2 3 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 3 3 3 3 4 4 4 4

  40. Sending to Everyone 0 0 Choose majority, 1 2 3 4 breaking ties deterministically. 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4

  41. Sending to Everyone 0 Choose majority, 1 2 2 3 4 breaking ties deterministically. 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c0, 4 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 ??? ??? ??? 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4

  42. Not Possible for 1 failure with 3 participants 0 0 0->1: x=1 0->1: x=1 0->1: x=1 0->1: x=2 2 1 1 2

  43. Not Possible for 1 failure with 3 participants 0 0 0->1: x=2 0->1: x=2 2 1 1 2 0->1: x=1 0->1: x=1

  44. Not Possible for 1 failure with 3 participants 0 0 0->1: x=2 0->1: x=2 2 1 1 2 0->1: x=1 0->1: x=1 Cannot distinguish between these two cases. Cannot meet the two requirements state at the beginning.

  45. Limitations • More generally cannot solve for m failures with < 3m+1 participants. • Proof by reduction to the case with 3.

  46. Sending to Everyone 0 0 1 2 3 4 5 6 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c1, 4 1 1 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 2 2 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 3 3 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 5 5 5 5 5 0->1: c1, 4 0->1: c1, 4 5 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 6 6 6 6 6 0->1: c0, 4 0->1: c0, 4 6 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 • However, note that doing this once is not sufficient for more than 1 faults.

  47. Sending to Everyone 0 0 1 2 2 3 4 5 6 0 0->1: c0, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c0, 4 0 0->1: c1, 4 0 0->1: c1, 4 1 1 1 1 1 1 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 2 2 2 2 2 2 ??? ??? ??? ??? ??? 3 3 3 3 3 3 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 4 4 4 4 4 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 5 5 5 5 5 0->1: c1, 4 0->1: c1, 4 5 0->1: c1, 4 0->1: c1, 4 0->1: c1, 4 6 6 6 6 6 0->1: c0, 4 0->1: c0, 4 6 0->1: c0, 4 0->1: c0, 4 0->1: c0, 4 • However, note that doing this once is not sufficient for more than 1 faults. • For example, can force any decision in this case.

  48. Solution: Recursively call again.

  49. When are Messages Correct? • Every correct node receives the same messages (and acts correctly). • Every message is "consistent" with the protocol.

  50. Proving Consistency with the Protocol

  51. What Does this Even Mean? 0 AppendEntries(..., [(index=4)]) 1 2 3 4

  52. What Does this Even Mean? 0 Success 1 2 3 4

  53. What Does this Even Mean? 0 AppendEntries(..., [], leaderCommit = 4), Proof that a majority have accepted entires until 4. 1 2 3 4

  54. Problem • How to generate proofs? • Many possibilities, but just going to include messages here. • How to prevent failed nodes from misrepresenting messages?

  55. Misrepresenting Messages 0 AppendEntries(..., [], leaderCommit = 4), Success from 0, 1, 2, 3 1 2 3 4

  56. Misrepresenting Messages 0 0 AppendEntries(..., [], leaderCommit = 4), Success from 0, 1, 2, 3 1 2 3 4

  57. Warning: Cryptography

  58. Digests/Hashes Arbitrary length input h Fixed length output • Deterministic: h(x) should always be the same value. • Not invertable -- given h(x) cannot find x. • Output of h(x) is equivalent to a random function. • Infeasible to find collisions.

Recommend

Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in

Introduction Consensus and Partial Synchrony Practical Byzantine Fault Tolerance Byzantine Fault Tolerance and Partial Synchrony Stefan Stattelmann Seminar Advanced Topics in Distributed Computing WS 2007/2008, MPI-SWS (Saarland University),

1.12k views • 37 slides
Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with

Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults Dian Yu 1/16 Comparison with PBFT (Traditional BFT protocols) Similarities: Build practical Byzantine fault tolerance systems Protocol: Clients Primary Replicas

493 views • 18 slides
Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel

Faculty of Computer Science Institute for System Architecture, Operating Systems Group Practical Byzantine Fault Tolerance (Miguel Castro, Barbara Liskov) presented by Bjoern Doebel Dresden, 2008-11-05 Motivation Byzantine Faults

681 views • 12 slides
BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019

BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019

BFTCBFTP: BYZANTINE-FAULT -TOLERANT CONSTRUCTION OF BFT PROTOCOLS EDWARD TREMEL SIGSEGV 2019 BYZANTINE FAULT TOLERANCE Long-standing problem in systems Byzantine (adj): excessively complicated, and typically involving a great deal of

685 views • 19 slides
Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April

Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April

Speculative Byzantine Fault Tolerance By Ocan Gillaux University of Stavanger, MID110, April 2010 Plan Zyzzyva: Last word of dictionary Requirements &amp; Introduction Byzantine problem Zyzzyva Protocol Evaluation

265 views • 24 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Note, even with late days you must submit by 23:59 on

1.34k views • 56 slides
Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini

Byzantine Fault Tolerance CS 240: Computing Systems and Concurrency Lecture 11 Marco Canini Credits: Michael Freedman and Kyle Jamieson developed much of the original material. So far: Fail-stop failures Traditional state machine

989 views • 41 slides
Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement,

Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement,

Zyzzyva : Speculative Byzantine Fault Tolerance R. Kotla, L. Alvisi, M.Dahlin, A. Clement, E. Wong Sajjad Rahnama, November 1st 1 Agenda Introduction Zyzzyva System Model Protocol Overview Node State and Checkpoints

697 views • 44 slides
Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault

Byzantine Generals Problem &amp; FLP Impossibility Addendum Sep. 4th, 2019 Byzantine Fault Tolerance Given 6 Generals: 4 Loyal General, 2 Traitor Why is a solution for this impossible? 1 1 G Each loyal general receives 3 0 correct

547 views • 38 slides
RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien

RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien

RBFT: Redundant Byzantine Fault Tolerance Pierre-Louis Aublin, Sonia Ben Mokhtar, and Vivien Quema Grenoble University, CNRS LIRIS, Grenoble INP presenter = Muhammad Awad ECS265 - Paper Presnetaion 1/20 Goal and Motivation: Robust BFT

518 views • 20 slides
Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume

Unit OS10: Fault Tolerance Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 10.1 The Notion of Fault-Tolerance Fault-Tolerance Support in NTFS Volume Management - Striped

394 views • 25 slides
Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in

Byzantine Fault Tolerance Consensus Strikes Back (continued) Announcements Lab 2 Due in approximately 5 hours. Lab 2 Due in approximately 5 hours. If you haven't started yet then ... I don't really know how to help. Lab 2 Due in

1.69k views • 119 slides
Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in

Fault Tolerance in Message Passing Fault Tolerance in Message Passing and in Action and in Action Jack Dongarra, Innovative Computing Laboratory University of Tennessee and Computer Science and Mathematics Division Oak Ridge National

422 views • 14 slides
Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully

Byzantine Fault Tolerance Consensus Strikes Back Announcements Lab 2 Lab 2 Hopefully everyone has started by now, maybe even finished large portions. Lab 2 Hopefully everyone has started by now, maybe even finished large portions.

1.87k views • 141 slides
Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains

Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains

Seminar Distributed Systems Byzantine Fault Tolerance-Based Consensus Protocols for Blockchains Signe R usch April 4, 2018 Organisational Topic Descriptions Table of Contents Organisational Topic Descriptions Signe R usch | Seminar

471 views • 15 slides
General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For

General Principles of Fault- Tolerance Daniel Gottesman Perimeter Institute Whats Left For Fault-Tolerance? Reduce the overhead (in space and in time) needed for fault-tolerance Better fault-tolerance in 1D? Better magic state

556 views • 22 slides
Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert

Distributed Systems Making Byzantine Fault-Tolerant Systems Tolerate Byzantine Faults Hubert Jaworski Byzantine system Copies of critical components Concurent replicas Response agreement Omission failure proof Robustness

660 views • 20 slides
Karol Ruszczyk kr248234 What Byzantine failures are? World before UpRight UpRight

Karol Ruszczyk kr248234 What Byzantine failures are? World before UpRight UpRight

Karol Ruszczyk kr248234 What Byzantine failures are? World before UpRight UpRight model UpRight architecture Challenges and possible solutions Make Byzantine fault tolerance (BFT) something that practitioners can easily

838 views • 27 slides
Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate

Rigorous fault-tolerance thresholds Ben Reichardt UC Berkeley N gate circuit 0/1 N gate circuit Need error 1/N 1/0 Quantum fault-tolerance problem Classical fault-tolerance: Von Neumann (1956) 0/1 Fault-tolerant, larger C High

846 views • 63 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault

1 Tr n H i Anh Distributed System CH NG 8: FAULT TOLERANCE TS. Tr n H i Anh Content 2 1. Introduction to fault tolerance 2. Process resilience 3. Reliable client-Server Communication 4. Reliable Group Communication 5.

966 views • 50 slides
Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques

Overview The Byzantine Generals Problem Practical Byzantine Fault Tolerance Conclusion Byzantine Techniques Michael George November 29, 2005 Michael George Byzantine Techniques Overview The Byzantine Generals Problem Practical

940 views • 64 slides
Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi

Distributed Systems 5. Fault Tolerant Systems Fault-Tolerance - 1 Lszl Bszrmnyi Distributed Systems Fault tolerance A system or a component fails due to a fault Fault tolerance means that the system continues to provide its

428 views • 40 slides
CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and

CSci 5105 Introduction to Distributed Systems Fault Tolerance Last Time Replication and Consistency Today Fault tolerance Chapter 8 TVS Fault Tolerance Basics Availability short time horizon e.g down 1 msec every hour

292 views • 27 slides

More recommend