Agreement Protocols

CS60002: Distributed Systems

Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

Dept. of CSE, IIT KGP

Classification of Faults
Based on components that failed
Program / process Processor / machine Link Storage Clock

Based on behavior of faulty component

Crash just halts Failstop crash with additional conditions Omission fails to perform some steps Byzantine behaves arbitrarily Timing violates timing constraints

Dept. of CSE, IIT KGP

Classification of Tolerance
Types of tolerance:
Masking system always behaves as per specifications even in presence of faults Non-masking system may violate specifications in presence of faults. Should at least behave in a well-defined manner

Fault tolerant system should specify:

Class of faults tolerated What tolerance is given from each class

Dept. of CSE, IIT KGP

Core problems
Agreement (multiple processes agree on some value) Clock synchronization Stable storage (data accessible after crash) Reliable communication (point-to-point, broadcast, multicast) Atomic

Dept. of CSE, IIT KGP

Overview of Consensus Results

Let f be the maximum number of faulty processors. Tight bounds for message passing:
Crash failures Number of rounds Total number of processors Message size f+1 f+1 polynomial Byzantine failures f+1 3f + 1 polynomial

Dept. of CSE, IIT KGP

Overview of Consensus Results

Impossible in asynchronous case.
Even if we only want to tolerate a single crash failure. True both for message passing and shared read-write memory.

Dept. of CSE, I KGP IIT

Consensus Algorithm for Crash Failures

Code for each processor:
v := my input at each round 1 through f+1: if I have not yet sent v then send v to all wait to receive messages for this round v := minimum among all received values and current value of v if this is round f+1 then decide on v

Correctness of Crash Consensus Algo

Termination: By the code, finish in round f + 1.

Validity: Holds since processors do not introduce spurious messages

if all inputs are the same, then that is the only value ever in circulation.

Dept. of CSE, IIT KGP

Correctness of Crash Consensus Algo

Agreement: Suppose in contradiction pj decides on a smaller value, x, than does pi. Then x was hidden from pi by a chain of faulty processors:
round round round f round f+1

q1

q2

qf

qf+1

pj pi

There are f + 1 faulty processors in this chain, a contradiction.

Dept. of CSE, IIT KGP

Performance of Crash Consensus Algo

Number of processors n > f f + 1 rounds n2 |V| messages, each of size log|V| bits, where V is the input set.

Dept. of CSE, I KGP IIT

Lower Bound on Rounds

Assumptions: n>f+1 every processor is supposed to send a message to every other processor in every round Input set is {0,1}

Dept. of CSE, I KGP IIT

Byzantine Agreement Problems

Model :
Total of n processes, at most m of which can be faulty Reliable communication medium Fully connected Receiver always knows the identity of the sender of a message Byzantine faults Synchronous system
In each round, a process receives messages, performs computation, and sends messages.

Dept. of CSE, IIT KGP

Byzantine Agreement

Also known as Byzantine Generals problem One process x broadcasts a value v

Agreement Condition: All non-faulty processes must agree on a common value. Validity Condition: The agreed upon value must be v if x is non-faulty.

Dept. of CSE, IIT KGP

Variants
Consensus Each process broadcasts its initial value
Satisfy agreement condition If initial value of all non-faulty processes is v, then the agreed upon value must be v

Interactive Consistency Each process k broadcasts its own value vk

All non-faulty processes agree on a common vector (v1,v2,,vn) If the kth process is non-faulty, then the kth value in the vector agreed upon by non-faultyprocesses must be vk

Solution to Byzantine agreement problem implies solution to other two

Dept. of CSE, IIT KGP

Byzantine Agreement Problem

No solution possible if:
asynchronous system, or n < (3m + 1)

Lower Bound:
Needs at least (m+1) rounds of message exchanges

Oral messages messages can be forged / changed in any manner, but the receiver always knows the sender

Dept. of CSE, IIT KGP

Proof
Theorem: There is no t-Byzantine-robust broadcast protocol for t N/3

S
0 0 0 0 1 0 1 1

S S
1 0 1 1

U U

T T

U U

Scenario-0: T must decide 0

Scenario-1: U must decide 0

S S
0 0 1 0 1 1

T
Dept. of CSE, IIT KGP

U U U

Scenario-2: -- similar to Scenario-0 for T -- similar to Scenario-1 for U -- T decides 0 and U decides 1

Lamport-Shostak-Pease Algorithm
Algorithm Broadcast( N, t ) where t is the resilience For t = 0, Broadcast( N, 0 ):
Pulse 1

The general sends value, xg to all processes, the lieutenants do not send. Receive messages of pulse 1. The general decides on xg. Lieutenants decide as follows: if a message value, x was received from g in pulse-1 then decide on x else decide on udef

Dept. of CSE, IIT KGP

Lamport-Shostak-Pease Algorithm contd..

For t > 0, Broadcast( N, t ):
Pulse 1 The general sends value, xg to all processes, the lieutenants do not send. Receive messages of pulse 1. Lieutenant p acts as follows: if a message value, x was received from g in pulse-1 then xp = x else xp = udef ; Announce xp to the other lieutenants by acting as a general in Broadcastp( N 1, t 1 ) in the next pulse Pulse t +1 Receive messages of pulse t +1. The general decides on xg. For lieutenant p: A decision occurs in Broadcastq( N 1, t 1 ) for each lieutenant q Wp[q] = decision in Broadcastq( N 1, t 1 ) yp = max (Wp)

Dept. of CSE, IIT KGP

Features
Termination: If Broadcast( N, t ) is started in pulse 1, every process decides in pulse t + 1 Dependence: If the general is correct, if there are f faulty processes, and if N > 2f + t, then all correct processes decide on the input of the general Agreement: All correct processes decide on the same value The Broadcast( N, t ) protocol is a t-Byzantine-robust broadcast protocol for t < N/3 Time complexity: O( t + 1 )
Dept. of CSE, IIT KGP

Message complexity: O( Nt )