Byzantine Agreement. 3.2 How Many Byzantine Nodes? Algorithm 3.9 Byzantine Agreement with f = 1. 1: Code for node u, with input value x: Round 1
Byzantine Agreement. Finding consensus as in Definition 2.1 in a system with byzantine nodes is called byzantine agreement. An algorithm is f-resilient if it still works correctly with f byzantine nodes.
Byzantine Agreement. Remarks: • A general proof without the restriction to decide for the minimum value exists as well. • Since byzantine nodes can also just crash, this lower bound also holds for byzantine agreement, so Algorithm 3.14 has an asymptotically optimal runtime. • So far all our byzantine agreement algorithms assume the synchronous model. Can byzantine agreement be solved in the asynchronous model?
Byzantine Agreement. If the correct nodes have different (binary) input values, the validity condition becomes trivial as any result is fine. − − What about agreement? Let u be the first node to decide on value x (in Line 8). Due to asynchrony another node v received messages from a different subset of the nodes, however, at most f senders may be different. Taking into account that byzantine nodes may lie (send different propose messages to different nodes), f additional propose messages received by v may differ from those received by u. Since node u had at least n 2f propose messages with value x, node v has at least n 4f propose messages with value x. Hence every correct node will propose x in the next round, and then decide on x. So we only need to worry about termination: We have already seen that as soon as one correct node terminates (Line 8) everybody terminates in the next round. So what are the chances that some node u terminates in Line 8? Well, we can hope that all correct nodes randomly propose the same value (in Line 12). Maybe there are some nodes not choosing at random (entering Line 10 instead of 12), but according to Lemma 3.22 they will all propose the same. − Thus, at worst all n f correct nodes need to randomly choose the same bit, which happens with probability 2−(n−f)+1. If so, all correct nodes will send the same propose message, and the algorithm terminates. So the expected running time is exponential in the number of nodes n.
Byzantine Agreement agree on the same minimum value. The nodes agree on a value proposed by any node, so any-input validity holds. Moreover, the algorithm terminates after two rounds.
Byzantine Agreement. 3.3 The King Algorithm Algorithm 3.14 King Algorithm (for f < n/3) 1: x = my input value 2: for phase = 1 to f + 1 do Round 1 3: Broadcast value(x) Round 2 − 4: if some value(y) at least n f times then 5: Broadcast propose(y) 6: end if 7: if some propose(z) received more than f times then 8: x = z 9: end if Round 3 10: Let node vi be the predefined king of this phase i 11: The king vi broadcasts its current value w − 12: if received strictly less than n f propose(x) then 13: x = w 14: end if 15: end for Lemma 3.15. Algorithm 3.14 fulfills the all-same validity. −
Byzantine Agreement. There are many algorithms for the byzantine agreement problem. For ex- ample the Queen Algorithm [BG89] which has a better runtime than the King algorithm [BGP89], but tolerates less failures. That byzantine agreement re- quires at least f + 1 many rounds was shown by Xxxxx and Strong [DS83], based on a more complicated proof from Xxxxxxx and Xxxxx [FL82]. While many algorithms for the synchronous model have been around for a long time, the asynchronous model is a lot harder. The only results were by Ben- Or and Bracha. Ben-Or [Ben83] was able to tolerate f < n/5. Bracha [BT85] improved this tolerance to f < n/3. The first algorithm with a polynomial expected runtime was found by Xxxx and Saia [KS13] just recently. Nearly all developed algorithms only satisfy all-same validity. There are a few exceptions, e.g., correct-input validity [FG03], available if the initial values are from a finite domain, or median validity [SW15] if the input values are orderable. Before the term byzantine was coined, the terms Albanian Generals or Chi- nese Generals were used in order to describe malicious behavior. When the involved researchers met people from these countries they moved – for obvious reasons – to the historic term byzantine [LSP82]. This chapter was written in collaboration with Xxxxxxx Xxxxxx. Bibliography [Ben83] Xxxxxxx Xxx-Or. Another advantage of free choice (extended ab- stract): Completely asynchronous agreement protocols. In Proceed- ings of the second annual ACM symposium on Principles of distrib- uted computing, pages 27–30. ACM, 1983. [BG89] Xxxxx Xxxxxx and Xxxx X Xxxxx. Asymptotically optimal distributed consensus. Springer, 1989. [BGP89] Xxxxx Xxxxxx, Xxxx X. Xxxxx, and Xxxxxxx X. Xxxxx. Towards optimal distributed consensus (extended abstract). In 30th Annual Symposium on Foundations of Computer Science, Research Triangle Park, North Carolina, USA, 30 October - 1 November 1989, pages 410–415, 1989. [BT85] Xxxxxxx Xxxxxx and Xxx Xxxxx. Asynchronous consensus and broad- cast protocols. Journal of the ACM (JACM), 32(4):824–840, 1985. [DS83] Xxxxx Xxxxx and X. Xxxxxxx Xxxxxx. Authenticated algorithms for byzantine agreement. SIAM Journal on Computing, 12(4):656–666, 1983. [FG03] Xxxxxxxx Xxxxx and Xxxx X Xxxxx. Efficient player-optimal protocols for strong and differential consensus. In Proceedings of the twenty- second annual symposium on Principles of distributed computing, pages 211–220. ACM, 2003. [FL82] Xxxxxxx X. Xxxxxxx and Xxxxx X. Xxxxx. A ...
Byzantine Agreement. Informally, in an n-party, t-resilient Byzantine agreement protocol, the honest parties must agree on one of their input bits, even when t parties collude and actively try to prevent it. We provide two definitions for BA: the first is the standard, property-based definition and the second is based on the real/ideal paradigm. We start with the property-based definition. This definition captures the core properties required for consensus; namely, agreement and validity. This is a weaker definition than the simulation-based one, and as such is most suitable for proving lower bounds. Definition 2.1 (BA, property-based). Let π be an n-party protocol in which every party Pi has an input bit xi ∈ {0, 1} and outputs a bit yi ∈ {0, 1} at the end of the protocol. The protocol π is an n-party, t-resilient BA protocol if the following properties are satisfied with all but negligible probability when up to t parties maliciously attack the protocol: • Agreement. For every pair of honest parties Pi and Pj it holds that yi = yj.
Byzantine Agreement involved researchers met people from these countries they moved – for obvious reasons – to the historic term byzantine [LSP82]. Hat tip to Xxxxx Xxxxxxxx for noting how to improve Algorithm 17.9 to all- same validity. This chapter was written in collaboration with Xxxxxxx Xxxxxx.
Byzantine Agreement. A protocol Π where initially each party Pi holds an input value xi 0, 1 and terminates upon generating an output yi is a Byzantine agreement protocol, resilient against t corruptions, if the following properties are satisfied whenever up to t parties are corrupted: – Validity: If all honest parties have as input x, then every honest party out- puts yi = x. – Consistency: Any two honest parties Pi and Pj output the same value yi = yj.