robust bft protocols
play

Robust BFT Protocols Sonia Ben Mokhtar , LIRIS, CNRS, Lyon Joint - PowerPoint PPT Presentation

Jun 23, 2023 •1.3k likes •1.78k views

Robust BFT Protocols Sonia Ben Mokhtar , LIRIS, CNRS, Lyon Joint work with Pierre Louis Aublin , Grenoble university Vivien Quma, Grenoble INP 18/10/2013 Who am I? CNRS reseacher, LIRIS lab, DRIM research group Fault-tolerant

  1. Robust BFT Protocols Sonia Ben Mokhtar , LIRIS, CNRS, Lyon Joint work with Pierre Louis Aublin , Grenoble university Vivien Quéma, Grenoble INP 18/10/2013

  2. Who am I?  CNRS reseacher, LIRIS lab, DRIM research group  Fault-tolerant distributed systems  Byzantine fault tolerance  State machine replication (BFT)(e.g., robust BFT [ICDCS'13] )  Byzantine fault detection  Accountability (e.g., accountable mobile systems, performance issues in accountable systems [ongoing] )  Robustness against selfish behavior  Game theory (e.g., RR spam filtering [SRDS'10] , RR anonymous communication [ICDCS'13] , RR live streaming [ongoing] )

  3. Who am I?  CNRS reseacher, LIRIS lab, DRIM research group.  Fault-tolerant distributed systems  Byzantine fault tolerance  State machine replication (BFT)(e.g., robust BFT [ICDCS'13] )  Byzantine fault detection  Accountability (e.g., accountable mobile systems, performance issues in accountable systems [ongoing] )  Robustness against selfish behavior  Game theory (e.g., RR spam filtering [SRDS'10] , RR anonymous communication [ICDCS'13] , RR live streaming [ongoing] )  → Privacy (mobile systems, reputation/recommender systems, systems enforcing accountability)

  4. Outline  What is BFT?  BFT under attack: the robustness problem  Existing robust BFT protocols  Can we do better? 4

  5. State machine replication Clients 5

  6. State machine replication Clients 6

  7. State machine replication Clients 7

  8. State machine replication Clients (1) Place copies of a deterministic state machine on multiple, independent servers. 8

  9. State machine replication Clients (2) Receive client requests (inputs to the state machine). 9

  10. State machine replication Clients Agreement protocol (3) Define an ordering for the inputs and execute them in the chosen order on each server. 10

  11. State machine replication Clients Agreement protocol (4) Respond to clients with the output from the state machine. 11

  12. BFT state machine replication BFT = Byzantine Fault Tolerance  The term Byzantine dates back to the seminal paper by Lamport,  Shostak, Pease: The Byzantine Generals Problem, ACM TPLS, 1982. Byzantine failure = arbitrary failure  + crash-stop malicious BFT state machine replication = state machine replication that  tolerates Byzantine failures 12

  13. BFT evolution  Lamport, Shostak, Pease: The Byzantine generals problem, 1982  Castro, Liskov: Practical BFT [OSDI'99]  BFT in 2011 (a decade+ later)  Efficient BFT: Q/U [SOSP’05], HQ [OSDI’06], Zyzzyva [SOSP’07], Chain and Quorum [EuroSys’10]  Cheap BFT: zz [Umass Eurosys'11]  Robust BFT : Aardvark [NSDI'09], Spinning [SRDS'09], Prime [DSN'08], RBFT[ICDCS'13] 13

  14. BFT with an example: PBFT  Message-passing with unreliable communication links  Byzantine faults  Any number of clients  Less than 1/3 of replicas are faulty (optimal)  Cryptographic techniques cannot be violated  Eventual synchrony 14

  15. PBFT: protocol steps Client sends a request to the primary 15

  16. PBFT: protocol steps The primary assigns a seqno to the 16 request

  17. PBFT: protocol steps Replicas agree on the assigned seqno 17

  18. PBFT: protocol steps Replicas know 2f+1 replicas that agreed on the proposed 18 seqno

  19. PBFT: protocol steps Replicas execute the request and reply to the client 19

  20. Outline  What is BFT?  BFT under attack: the robustness problem  Existing robust BFT protocols  Can we do better? 20

  21. BFT under attack: the robustness problem ” BFT protocols do not tolerate Byzantine faults very well ” [NSDI'09] System Peak Throughput throughput under attack (req/s) (req/s) PBFT 61710 0 Q/U 23850 0 HQ 7629 N/A Zyzzyva 65999 0 21

  22. Outline  What is BFT?  BFT under attack: the robustness problem  Existing robust BFT protocols  Can we do better? 22

  23. Robust BFT state machine replication  Guarantees a lower bound on performance during uncivil executions  Uncivil executions:  Synchronous network  Up to f servers and any number of clients are Byzantine  Lower bound:  k% of the theoretical maximum (with the same workload)  k should be as high as possible 23

  24. Malicious primary 24

  25. Malicious primary D E L A Y 25

  26. Aardvark [NSDI'09]  Principle: Regular primary changes  Increasing throughput expectations  Monitoring of the current throughput  Change the primary when the current throughput is below the expected thourhgput 26

  27. Aardvark  A malicious primary is bounded in:  The delay it can add to requests  The amount of time it acts as a primary Only works under constant load  Attack 27

  28. Aardvark under fluctuating load 28

  29. Spinning [SRDS'09]  Principle:  Each primary orders a fixed number of requests  The primary is changed if no request is ordered before a timeout r1 r2 r3 r4 29

  30. Spinning  Spinning throughput with a malicious primary that delays client requests by up to timeout: 1/(1+F*timeout)*t peak r1 r2 r3 r4 timeout 30

  31. Prime [DSN'08]  Principle:  The primary periodically sends messages of the same size in the network (fixed workload)  Replicas monitor the primary Distributed pre-ordering phase Leader-based global ordering phase 31

  32. Prime  The latency of any update initiated by a correct client is bounded Only if the network guarantees bounded variance  Distributed pre-ordering phase Leader-based global ordering phase D E L A Y 32

  33. Outline  What is BFT?  BFT under attack: the robustness problem  Existing robust BFT protocols  Can we do better? 33

  34. What is wrong with existing protocols?  The primary is a single point of failure  Aardvark and Prime: monitor the primary  Spinning: bound the time spent with a faulty primary  Robustness conditions are strong:  Aardvark: constant load  Prime: bounded variance 34

  35. What is wrong with existing protocols?  The primary is a single point of failure  Aardvark and Prime: monitor the primary  Spinning: bound the time spent with a faulty primary  Robustness conditions are strong:  Aardvark: constant load  Prime: bounded variance Question : Can we run multiple instances of a protocol simultaneously? 35

  36. The RBFT protocol Clients Node 0 Node 1 Node 2 Node 3 Master Protocol Primary Replica Replica Replica Instance Backup Replica Primary Replica Replica Protocol Instance 36

  37. The RBFT protocol Node 0 Node 1 Node 2 Node 3 Master Protocol Primary Primary Instance Backup Primary Primary Protocol Instance Primary change 37

  38. RBFT Redundant Agreement PRE-PREPARE PREPARE COMMIT PRE-PREPARE PREPARE COMMIT REQUEST PROPAGATE REPLY Client Node 0 Node 1 Node 2 Node 3 3 4 5 1 2 3 4 5 6 Redundant agreement performed by the replicas 38

  39. RBFT Node Design 39

  40. RBFT Performance 40

  41. RBFT under attack 41

  42. Conclusion  We need BFT protocols (to tolerate arbitrary faults)  Current BFT protocols are either:  Robust (e.g., RBFT) or  Efficient (e.g., Chain, Quorum)  Future work  Dynamic switching: can we design a BFT protocol that smartly combines robustness and efficiency? 42

  43. Thank you! 43

Recommend

Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on

Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on

Middleware for Gossip Protocols Michael Chow and Robbert van Renesse Cornell University Mo:va:on Gossip protocols are highly robust Problema:c when an error does occur E.g. Amazon S3 6 hours to fix an otherwise simple problem

635 views • 37 slides
GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O.

GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O.

GASP: a Generic Approach to Secure network Protocols Olivier Levillain May 13th 2020 O. Levillain GASP 1/39 Agenda Introduction The Need for Robust Parsers A Platform for Binary Parser Generators Animating Protocols Fuzzing

977 views • 74 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that

What Is Robust Code? Robust code A style of programming that prevents abnormal termina8on or unexpected ac8ons Handles bad input gracefully Detects

433 views • 12 slides
Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

The 1 st World Congress on Controversies in Hematology (COHEM) Rome, September, 2-5, 2010 Session 4. Acute Lymphoblastic Leukemia Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL? No No JM

990 views • 44 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

Concurrency Control Lock-Based Protocols Timestamp-Based Protocols Lecture 9 Concurrency Control Validation-Based Protocols Multiple Granularity Multiversion Schemes Deadlock Handling Chapter 16 Insert and Delete

780 views • 8 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification

Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification

GESG seminar, 16 October 2015, UFM Outlier Outlier Outlier- Outlier - -robust - robust robust robust identification identification identification of identification of of of switching regimes: switching regimes: switching regimes:

582 views • 27 slides
How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer

How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer

How Robust are Thresholds for Community Detection? Ankur Moitra (MIT) Robust Statistics Summer School Let me tell you a story about the success of belief propagation and statistical physics THE STOCHASTIC BLOCK MODEL Introduced by Holland,

1.65k views • 119 slides
AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev 01-22-13 Rpt Ver: andy 1/22/2013 2:23:35 PM 1 of 17 Agenda Review UCMR 3 Test Groups Sampling Protocols Storage and Transportation 2 Rpt

712 views • 17 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised

Robust Optimization & Machine Learning 6. Robust Optimization Short Course in Supervised Learning Robust Optimization and Machine Learning Robust Supervised Learning Motivations Examples Thresholding and robustness Boolean data

724 views • 48 slides
Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific consistency model Classification Distributed Systems (ICE 601) primary-based protocols remote-write protocols Replication & Consistency

425 views • 4 slides
for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik

Dynamic Covariance Scaling for Robust Robot Mapping Workshop on Robust and Multimodal Inference in Factor Graphs Pratik Agarwal , Gian Diego Tipaldi, Luciano Spinello, Cyrill Stachniss and Wolfram Burgard University of Freiburg, Germany Maps

840 views • 45 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer

Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer

Robust Aggregation in Sensor Robust Aggregation in Sensor Networks Networks Jie Gao Computer Science Department Stony Brook University 1 Papers Papers [Nath04] Suman Nath, Phillip B. Gibbons, Zachary Anderson, and Srinivasan Seshan,

616 views • 43 slides
Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols: aspects of network o http --- Web application protocols o ftp --- File transfer learn about protocols by examining popular o smtp --- Mail

419 views • 17 slides
Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING COVID-19 PROTOCOLS & GUIDELINES PROTOCOL RESEARCH + CREATION Wellness Partners + Hospital Network Patient room protocols for cleaning

751 views • 37 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides

More recommend