The Byzantine Generals Problem Leslie Lamport , Robert Shostak , Marshall Pease ACM Transactions on Programming Languages and Systems (TOPLAS), v.4 n.3, p.382-401, July 1982 Citation Count: 734
The aim : to make a reliable computer system reliable * ! : able to be trusted to do or provide what is needed : able to be relied on : able to be believed : likely to be true or correct * http://www.merriam-webster.com/dictionary/reliable
1. INTRODUCTION
A reliable computer system - must handle malfunctioning components that give conflicting information to different parts of the system i.e. - must be able to cope (manage in spite of difficulty) with the failures of one or more of its components (conflicting feedback information; no feedback at all) The problem is expressed abstractly as the Byzantine Generals Problem .
The Byzantine Generals Problem (BGP) • several divisions of the Byzantine army are camped outside an enemy city. • each division commanded by its own general . • the generals can communicate with one another only by messenger . • after observing the enemy, they must decide upon a common plan of action . THE PROBLEM : some of the generals may be traitors , trying to prevent the loyal generals from reaching agreement.
The necessary conditions of BGP: A. All loyal generals decide upon the same plan of action . The loyal generals will all do what the algorithm says they should , but the traitors may do anything they wish . The loyal generals should not only reach agreement , but should agree upon a reasonable plan . We therefore also want to insure that B. A small number of traitors cannot cause the loyal generals to adopt a “bad plan” .
How the conditions A and B can be achieved? A. All loyal generals decide upon the same plan of action. (A) by having all generals use the same method for combining the information B. A small number of traitors cannot cause the loyal generals to adopt a “bad plan” (B) by using a robust method (based upon a majority vote *) * A small number of traitors can affect the decision only if the loyal generals were almost equally divided between the two possibilities , in which case neither decision could be called bad .
The conditions for A to be satisfied: 1. Every loyal general must obtain the same information v(1), v(2), .. , v(n). The generals may have different values of v(i) from the traitor i , as he may send different values to different generals . 1'. Any two loyal generals use the same value of v(i). 2. If the i th general is loyal, then the value that he sends must be used by every loyal general as the value of v(i).
Byzantine Generals Problem A commanding general must send an order to his (n - 1) lieutenant generals s.t. the Interactive Consistency conditions (IC) hold: IC1 . All loyal lieutenants obey the same order . IC2 . If the commanding general is loyal , then every loyal lieutenant obeys the order he sends.
2. IMPOSSIBILITY RESULTS
IMPOSSIBILITY RESULTS If the generals can send only oral messages* , then NO SOLUTION will work UNLESS > 2/3 of the generals are LOYAL . 3 generals, 1 traitor = 2/3 => NO SOLUTION! (see the example) * An oral message is one whose contents are completely under the control of the sender , so a traitorous sender can transmit any possible message . Such a message corresponds to the type of message that computers normally send to one another.
v1 ATTACK IC2: I must obey the order of the commander (ATTACK) v2 RETREAT IC1: I need obey the same order as L2 has (RETREAT) What to do??? (?) Is it obvious for L1 that L2 is the traitor? * Lieutenant 2 is a traitor
* Commander is a traitor v1 RETREAT v2 ATTACK What to do??? (?) Is it obvious for L1 that L2 is a traitor? v1 ATTACK v2 RETREAT NO!!! What to do??? We don’t know for sure who is the traitor! The same for L1!!! While L2 now is Loyal. So 2 of them are loyal, 1 traitor -> NO DECISION!!!!
IMPOSSIBILITY RESULTS (another notation of >2/3) NO SOLUTION with fewer than 3m+1 generals can cope with m traitors *. * The proof by contradiction - see the paper pp.385-386
**skip** Reaching approximate agreement is just as hard as reaching exact agreement Assumptions: the generals must agree only upon an approximate time of attack . The commander orders the time of the attack, and we require the following two conditions to hold: IC1' . All loyal lieutenants attack within 10 minutes of one another. IC2' . If the commanding general is loyal , then every loyal lieutenant attacks within 10 minutes of the time given in the commander's order . (We assume that the orders are given and processed the day before the attack and that the time at which an order is received is irrelevant - only the attack time given in the order matters ) This problem is unsolvable unless > 2/3 of the generals are loyal.
**skip** The example Suppose the commander orders an attack at 1:00 and orders a retreat at 2:00. Each lieutenant follows the algorithm: (1) After receiving the attack time from the commander, a lieutenant does one of the following: (a) If the time is 1:10 or earlier, then attack. (b) If the time is 1:50 or later, then retreat. (c) Otherwise, continue to step (2). 2) Ask the other lieutenant what decision he reached in step (1). (a) If the other lieutenant reached a decision, then make the same decision he did. (b) Otherwise, retreat.
3. A SOLUTION WITH ORAL MESSAGES
The assumptions of the oral messages system: A1 . Every message that is sent is delivered correctly - The traitor cannot interfere with the messages they do send. A2 . The receiver of a message knows who sent it - The traitor cannot confuse their intercourse by introducing spurious messages with the names of other generals A3 . The absence of a message can be detected - This will foil a traitor who tries to prevent a decision by simply not sending messages.
The additional assumption for the 3rd and 4th sections: (A*). each general is able to send messages directly to every other general. There is no such requirement for the 5th section.
Prevention of the crash: If there is no messages from the commander-traitor : let RETREAT be the default order for the loyal lieutenants.
What information to take? Choose : 1. The majority (v 1 , v 2 ,.., v n ) value among the vi if it exists, otherwise the value RETREAT ; 2. The median of the v i , assuming that they come from an ordered set.
ORAL MESSAGE ALGORITHMS Algorithm OM(0) , i.e. no traitors : (1) The commander sends his value to every lieutenant. (2) Each lieutenant uses the value he receives from the commander, or uses the value RETREAT if he receives no value.
ORAL MESSAGE ALGORITHMS Algorithm OM(m), m > 0 - there are the traitors. (1) The commander sends his value to every lieutenant. (2) For each i, let v i be the value Lieutenant i receives from the commander, or else be RETREAT if he receives no value. Lieutenant i acts as the commander in Algorithm OM(m-1) to send the value v i to each of the n - 2 other lieutenants . (3) For each i, and each j != i, let vj be the value Lieutenant i received from Lieutenant j in step (2) (using Algorithm OM(m - 1)), or else RETREAT if he received no such value. Lieutenant i uses the value majority(v 1 , v 2 ,.., v n-1 )
n = 4 m = 1 (L3) * Lieutenant 3 is a traitor OM(1) 1.The commander sends v to all 2.send (L1 -> L2; v ) using OM(0); send (L3 -> L1; x ) using OM(0); L2 has not send anything yet. 3.L2 has: v1 = v2 = v and v3 = x , so he obtains the correct value v = majority(v, v, x) .
* Commander is a traitor OM(1) 1.The commander sends false x, y, z 2.Everyone sends their vi from the commander to all 3.L1-L2 all has the same info: v1 = x; v2 = y; v3 = z , so they all obtain the same value majority(x, y, z) -> the commander is the traitor -> RETREAT .
The correctness of OM(m) LEMMA 1. For any m and k, Algorithm OM (m) satisfies IC2 if there are more than 2k + m generals and at most k traitors . THEOREM 1 . For any m, Algorithm OM (m) satisfies conditions IC1 and IC2 if there are more than 3m generals and at most m traitors .
4. A SOLUTION WITH SIGNED MESSAGES
The traitor’s ability to lie makes the BGP difficult . What if we can restrict this traitor’s ability? The solution : sending of the unforgeable signed messages (we add A4)
Additional assumption A4: (a) A loyal general's signature cannot be forged , and any alteration of the contents of his signed messages can be detected. (b) Anyone can verify the authenticity of a general's signature. * We don’t care about a traitorous general's signature
With signed messages, our constraints about the possible number of traitors no longer holds. In fact, a three-general solution does exist. We now give an algorithm that copes with m traitors for any number of generals . (The problem is vacuous if there are fewer than m + 2 generals.)
Our algorithm assumes a function choice which is applied to a set of orders to obtain a single one. The only requirements we make for this function are 1. If the set V consists of the single element v , then choice(V) = v . 2. choice(0) = RETREAT , where 0 is the empty set. One possible definition is to let choice(V) be the median element of V, assuming that there is an ordering of the elements.
Recommend
More recommend