Early stopping: the idea. TRB for benign failures. Early Stopping: The Protocol. Termination

Similar documents
Agreement Protocols. CS60002: Distributed Systems. Pallab Dasgupta Dept. of Computer Sc. & Engg., Indian Institute of Technology Kharagpur

Asynchronous Models For Consensus

Distributed Systems Byzantine Agreement

Section 6 Fault-Tolerant Consensus

CS505: Distributed Systems

Fault-Tolerant Consensus

Distributed Consensus

AGREEMENT PROBLEMS (1) Agreement problems arise in many practical applications:

Reliable Broadcast for Broadcast Busses

Impossibility of Distributed Consensus with One Faulty Process

Unreliable Failure Detectors for Reliable Distributed Systems

Coordination. Failures and Consensus. Consensus. Consensus. Overview. Properties for Correct Consensus. Variant I: Consensus (C) P 1. v 1.

Lower Bounds for Achieving Synchronous Early Stopping Consensus with Orderly Crash Failures

Implementing Uniform Reliable Broadcast with Binary Consensus in Systems with Fair-Lossy Links

Consensus when failstop doesn't hold

Optimal Resilience Asynchronous Approximate Agreement

Failure detectors Introduction CHAPTER

On the Number of Synchronous Rounds Required for Byzantine Agreement

Simple Bivalency Proofs of the Lower Bounds in Synchronous Consensus Problems

Consensus. Consensus problems

Byzantine agreement with homonyms

Deterministic Consensus Algorithm with Linear Per-Bit Complexity

CS505: Distributed Systems

Tolerating Permanent and Transient Value Faults

How to solve consensus in the smallest window of synchrony

Finally the Weakest Failure Detector for Non-Blocking Atomic Commit

Do we have a quorum?

Time. Lakshmi Ganesh. (slides borrowed from Maya Haridasan, Michael George)

Degradable Agreement in the Presence of. Byzantine Faults. Nitin H. Vaidya. Technical Report #

The Weakest Failure Detector to Solve Mutual Exclusion

Eventually consistent failure detectors

Colorless Wait-Free Computation

C 1. Recap: Finger Table. CSE 486/586 Distributed Systems Consensus. One Reason: Impossibility of Consensus. Let s Consider This

Common Knowledge and Consistent Simultaneous Coordination

Model Checking of Fault-Tolerant Distributed Algorithms

Optimal Clock Synchronization

Byzantine Agreement. Gábor Mészáros. Tatracrypt 2012, July 2 4 Smolenice, Slovakia. CEU Budapest, Hungary

Uniform consensus is harder than consensus

Optimal and Player-Replaceable Consensus with an Honest Majority Silvio Micali and Vinod Vaikuntanathan

Randomized Protocols for Asynchronous Consensus

Self-stabilizing Byzantine Agreement

The Weighted Byzantine Agreement Problem

Network Algorithms and Complexity (NTUA-MPLA) Reliable Broadcast. Aris Pagourtzis, Giorgos Panagiotakos, Dimitris Sakavalas

Bee s Strategy Against Byzantines Replacing Byzantine Participants

Byzantine Agreement. Gábor Mészáros. CEU Budapest, Hungary

Shared Memory vs Message Passing

Signature-Free Broadcast-Based Intrusion Tolerance: Never Decide a Byzantine Value

LOWER BOUNDS FOR RANDOMIZED CONSENSUS UNDER A WEAK ADVERSARY

(Leader/Randomization/Signature)-free Byzantine Consensus for Consortium Blockchains

Consensus and Universal Construction"

Byzantine behavior also includes collusion, i.e., all byzantine nodes are being controlled by the same adversary.

Byzantine Agreement. Chapter Validity 190 CHAPTER 17. BYZANTINE AGREEMENT

Authenticated Broadcast with a Partially Compromised Public-Key Infrastructure

How can one get around FLP? Around FLP in 80 Slides. How can one get around FLP? Paxos. Weaken the problem. Constrain input values

DEXON Consensus Algorithm

Distributed Computing in Shared Memory and Networks

Early-Deciding Consensus is Expensive

Replication predicates for dependent-failure algorithms

Valency Arguments CHAPTER7

ROBUST & SPECULATIVE BYZANTINE RANDOMIZED CONSENSUS WITH CONSTANT TIME COMPLEXITY IN NORMAL CONDITIONS

Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited

SYNCHRONOUS SET AGREEMENT: A CONCISE GUIDED TOUR (WITH OPEN PROBLEMS)

A Realistic Look At Failure Detectors

Crashed router. Instructor s Guide for Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design Edn. 3 Pearson Education

The Byzantine Generals Problem Leslie Lamport, Robert Shostak and Marshall Pease. Presenter: Jose Calvo-Villagran

Silence. Guy Goren Viterbi Faculty of Electrical Engineering, Technion

Protocol for Asynchronous, Reliable, Secure and Efficient Consensus (PARSEC)

Easy Consensus Algorithms for the Crash-Recovery Model

Concurrent Non-malleable Commitments from any One-way Function

Round Complexity of Authenticated Broadcast with a Dishonest Majority

Causality and Time. The Happens-Before Relation

CS3110 Spring 2017 Lecture 21: Distributed Computing with Functional Processes

Early consensus in an asynchronous system with a weak failure detector*

On Equilibria of Distributed Message-Passing Games

On the weakest failure detector ever

Failure Detectors. Seif Haridi. S. Haridi, KTHx ID2203.1x

A Message-Passing and Adaptive Implementation of the Randomized Test-and-Set Object

Failure Detection and Consensus in the Crash-Recovery Model

How to Elect a Leader Faster than a Tournament

Multi-join Query Evaluation on Big Data Lecture 2

Resolving Message Complexity of Byzantine. Agreement and Beyond. 1 Introduction

Generic Broadcast. 1 Introduction

6.852: Distributed Algorithms Fall, Class 10

Time. To do. q Physical clocks q Logical clocks

Basic Theorems about Independence, Spanning, Basis, and Dimension

The Heard-Of Model: Computing in Distributed Systems with Benign Failures

Byzantine Agreement in Polynomial Expected Time

THE chase for the weakest system model that allows

Byzantine Vector Consensus in Complete Graphs

Failure detection and consensus in the crash-recovery model

Dynamic Group Communication

Realistic Failures in Secure Multi-Party Computation

Chapter 11 Time and Global States

Lecture 18: Message Authentication Codes & Digital Signa

Private and Verifiable Interdomain Routing Decisions. Proofs of Correctness

Unreliable Failure Detectors for Reliable Distributed Systems

Time Free Self-Stabilizing Local Failure Detection

Byzantine Agreement with Homonyms

Combining Shared Coin Algorithms

Abstract. The paper considers the problem of implementing \Virtually. system. Virtually Synchronous Communication was rst introduced

Transcription:

TRB for benign failures Early stopping: the idea Sender in round : :! send m to all Process p in round! k, # k # f+!! :! if delivered m in round k- and p " sender then 2:!! send m to all 3:!! halt 4:! receive round k messages 5:! if received m then 6:!! deliver(m) 7:!! if k = f+ then halt 8:! else if k = f+ 9:!! deliver(sf) 0:!! halt Terminates in f + rounds How can we do better? find a protocol whose round complexity is proportional to! t the number of failures that actually occurred rather than to f.. the max number of failures that may occur Suppose processes can detect the set of processes that have failed by the end of round i Call that set faulty(p, i) If faulty(p, i) < ithere can be no active dangerous chains, and p can safely deliver SF Early Stopping: The Protocol failed to send a message to! p! in any round,..., k :!if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "? and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 6: if received value v "? then 7:!! value := v 8:!! deliver value 9:! else if k =f + or faulty(p, k) < k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Termination

Termination Validity failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt If in any round a process receives a value, then it delivers the value in that round If a process has received only? for f + rounds, then it delivers SF in round f + failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Validity Agreement - failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt If the sender is correct then it sends m to all in round By Validity of the underlying send and receive, every correct process will receive m by the end of round By the protocol, every correct process will deliver m by the end of round failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma :! For any r, if a process p delivers m!! SF in round r, then there exists a sequence of processes, p,..., p r such that = sender, p r = p, and in each round k, k r, p k sent m and p k received it. Furthermore, all processes in the sequence are distinct, unless r = and = p = sender Lemma 2:! For any r, if a process p sets value to SF in round r, then there exist some j r and a sequence of distinct processes! q j, q j+,..., q r = p q j! such that only receives? in rounds to j, faulty(q j, j) < j, and in each round k, j+ k r, q k sends SF to q k and q k receives SF

Agreement - 2 Agreement - 2 failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma 3:! It is impossible for p and q, not necessarily correct or distinct, to set value in the same round r to m and SF, respectively failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Lemma 3:! It is impossible for p and q, not necessarily correct or distinct, to set value in the same round r to m and SF, respectively Proof By contradiction Suppose p sets value = m and q sets value = SF By Lemmas and 2 there exist,..., p r q j,..., q r with the appropriate characteristics Since q j did not receive m from process p k k j in round k q j must conclude that,..., p j are all faulty processes But then, faulty(q j, j) j CONTRADICTION Agreement - 3 Agreement - 3 failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt Proof If no correct process ever receives m, then every correct process delivers SF in round f + Let r be the earliest round in which a correct process delivers value! SF r " f By Lemma 3, no (correct) process can set value differently in round r In round r + " f +, that correct process sends its value to all Every correct process receives and delivers the value in round r + " f + r = f + By Lemma, there exists a sequence,, p f+ = p r of distinct processes Consider processes,, p f f + processes; only f faulty one of,, p f is correct-- let it be p c To send v in round c +, p c must have set its value to v and delivered v in round c < r CONTRADICTION

Integrity Integrity failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt failed to send a message to p in any round,..., k :! if p = sender then value := m else value:=? Process p in round! k, k f + 3:! if value "?! and delivered m in round k then halt 5:! faulty(p, k) := faulty(p, k ) { q p 9:! else if k =f + or faulty(p, k) <k then 0:!! value := SF :!! deliver value 2:!! if k =f + then halt At most one m Failures are benign, and a process executes at most one deliver event before halting If m! SF, only if m was broadcast From Lemma in the proof of Agreement A Lower Bound Views Theorem There is no algorithm that solves the consensus problem in fewer than f + rounds in the presence of f crash failures, if n f +2 Let # be an execution. The view of process in α., denoted by α p i, is the subsequence of computation and message receive events that occur in p i together with the state of p i in the initial configuration of α p p 2 p 3 p 4 p i We consider a special case! the proof technique (f =) to study p p 2 p 3 p 4

Views Let # be an execution. The view of process in α., denoted by α p i, is the subsequence of computation and message receive events that occur in p i together with the state of p i in the initial configuration of α p i Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity p p 2 p 3 p 4 from p. from p4. α p 3 p p 2 p 3 p 4 Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity Note If α pi α 2 then p i decides the same value in both executions Note If α pi α 2 then p i decides the same value in both executions Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 )

Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity The transitive closure of! α pi α 2 is denoted! α α 2. We say that! α α 2 if there exist executions β!, β 2,.!.., β k+ such that α = β pi β 2 pi2..., pik β k+ = α 2 Definition Let α and α 2 be two executions of consensus and let! p i be a correct process in both! α and α 2. α is similar to α 2 with respect to p i, denoted α pi α 2 if α p i = α 2 p i Similarity The transitive closure of! α pi α 2 is denoted! α α 2. We say that! α α 2 if there exist executions β!, β 2,.!.., β k+ such that α = β pi β 2 pi2..., pik β k+ = α 2 Note If α pi α 2 then p i decides the same value in both executions Note If α pi α 2 then p i decides the same value in both executions Lemma If α α 2 then! dec( α ) = dec( α 2 ) Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 ) Lemma If α pi α 2 and p i is correct, then dec( α ) = dec( α 2 ) Single-Failure Case The Idea By contradiction There is no algorithm that solves consensus in fewer than two rounds in the presence of one crash failure, if n 3 Consider a one-round execution in which each process proposes 0. What is the decision value? Consider another one-round execution in which each process proposes. What is the decision value? So what? Show that there is a chain of similar executions that relate the two executions.

s Adjacent s are similar! Definition is the execution of the algorithm in which no failures occur only processes,..., p i propose 0 p i 0 α 0 i p i p i+ p n p i α n + Starting from, we build a set of executions! where 0 j n as follows: j αj i is obtained from after removing the messages that p i sends to the j-th highest numbered processors (excluding itself) The executions 0 n 0

2 p i n n β i n

p i p i n β i n 2 n β i n 3 p i p i + n β i 0 n β i 0

Arbitrary failures with message authentication Fail-stop Crash p i Send Omission Receive Omission + Process can send conflicting messages to different receivers Messages signed with unforgeable signatures General Omission Arbitrary failures with message authentication Arbitrary (Byzantine) failures Valid messages AFMA: The Idea A valid message m has the following form: in round : m.: s id ( m is signed by the sender) in round r >, if received by p from q : m : p : p 2 :... : p r where p = sender; p r = q p,..., p r are distinct from each other and from message has not been tampered with p A correct process p discards all non-valid messages it receives If a message is valid, it extracts the value from the message it relays the message, with its own signature appended At round f +: if it extracted exactly one message, p delivers it otherwise, p delivers SF

AFMA: The Protocol Termination Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p 2 :... : p k!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF In round f +, every correct process delivers either m or SF and then halts Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Lemma. If a correct process extracts m, then every correct process eventually extracts m Agreement Proof Let r be the earliest round in which some correct process extracts m. Let that process be p. if p is the sender, then in round p sends a valid message to all. All correct processes extract that message in round otherwise, p has received in round r a message!! m : p : p2 :... : pr Claim: p, p2,..., pr are all faulty true for p = s Suppose pj, j r, were correct pj signed and relayed message in round j pj extracted message in round j CONTRADICTION If r f, p will send a valid message! m : p : p2 :... : pr : p! in round r+ f + and every correct process will extract it in round r+ f + If r =f +, by Claim above, p, p2,..., pf+ faulty At most f faulty processes CONTRADICTiON Initialization for process p :! if p = sender and p wishes to broadcast m then!! extracted := relay := {m} Process p in round k, k f +! for each s relay!! send s : p to all! receive round k messages from all processes! relay :=! for each valid message received s = m : p : p2 :... : pk!! if m extracted then!!! extracted := extracted {m}!!! relay := relay {s} At the end of round f +!! if m such that extracted = {m} then!!! deliver m!! else deliver SF Validity From Agreement and the observation that the sender, if correct, delivers its own message.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback