3. Each division is directed by its own
general
Wednesday, August 18, 2010
4. There are n
generals
Wednesday, August 18, 2010
5. All armies are camped outside enemy
castle, observing enemy
Wednesday, August 18, 2010
6. Communicate
with each
other by
messengers
Wednesday, August 18, 2010
7. Requirement
A: All loyal generals
decide upon the same
plan of action
Wednesday, August 18, 2010
8. Requirement
B: A small number of traitors
cannot cause the loyal
generals to adopt a bad plan
Wednesday, August 18, 2010
9. Agreemeent
G2
V1
General 1 sends his
ideas on what to do
G1 V1
next
G4
V1
G3
Wednesday, August 18, 2010
10. Agreemeent
{ V1, V2 }
V2
G2
{ V1 } General 2 sends his
ideas on what to do
G1 V2
next
V2
G4
G3 { V1 }
{ V1 }
Wednesday, August 18, 2010
11. Apply combination method
to all values
{ V1, V2, V3, V4 }
G2
{ V1, V2, V3, V4 } A: All loyal generals
decide upon the same
G1
plan of action
G4
G3 { V1, V2, V3, V4 }
Wednesday, August 18, 2010
12. Beware of the wolves…
{ V1, V2 }
V2
G2 General might be a
{ V1 }
traitor, sabotaging
G1 V2'
the process.
V2'
G4
G3 { V1 }
{ V1 }
B: A small number of traitors
cannot cause the loyal generals
to adopt a bad plan
Wednesday, August 18, 2010
13. Requirements reworked
• From A: Every loyal general must obtain the same
information v(1), .... v(n)
• From B: If the ith general is loyal, then the value that
he sends must be used by every loyal general as the
value of v(i)
Wednesday, August 18, 2010
14. Rewritten
• From A: Any two loyal generals use the same value of v
(i)
• From B: If the ith general is loyal, then the value that
he sends must be used by every loyal general as the
value of v(i)
2
... an d since now both 1 and
are conditions on the single
al:
value of a single gener
Wednesday, August 18, 2010
15. Byzantine Generals
Problem
A commanding general must
send an order to his n - 1 C
lieutenant generals such that
IC1: All loyal lieutenants
obey the same order
IC2: If the commanding L1 L2 L3
general is loyal, then every
loyal general obeys the order
he sends
Wednesday, August 18, 2010
16. Byzantine Generals
Problem
A commanding general must
send an order to his n - 1 C
lieutenant generals such that
IC1: All loyal lieutenants
obey the same order
IC2: If the commanding L1 L2 L3
general is loyal, then every
loyal general obeys the order
he sends
y
Interactive Consistenc
Conditions
Wednesday, August 18, 2010
17. Assuming oral messages…
• Every message that is sent is delivered correctly
• The receiver of a message knows who sent it
• The absence of a message can be detected
Wednesday, August 18, 2010
18. No solution for 3 generals,
1 traitor
C C
? ?
attack attack attack retreat
L1 he said 'retreat'
L2 L1 he said 'retreat'
L2
e
From L 1’s perspective, both th
s the
commanding general a
other lieutenant could be the
ion.
traitor causing confus
Wednesday, August 18, 2010
19. General
Impossibility
(Oral Messages)
In general, no solutions with
fewer than 3m+1 generals can
cope with m traitors.
Wednesday, August 18, 2010
20. Assuming
Signatures
• Every message that is sent is delivered correctly
• The receiver of a message knows who sent it
• The absence of a message can be detected
• Signatures
• A loyal general’s signature cannot be forged, and any
alteration of the contents of his signed messages can be
detected.
• Anyone can verify the authenticity of a general’s signature
Wednesday, August 18, 2010
21. Algorithm SM(m)
• Each lieutenant maintains a set V of properly signed orders received so
far.
• The commander sends a signed order to lieutenants
• A lieutenant receives an order from someone (either from commander
or other lieutenants),
• Verifies authenticity and puts it in V.
• If there are less than m distinct signatures on the order
• Augments orders with signature
• Relays messages to lieutenants who have not seen the order.
• When lieutenant receives no new messages, and use choice(V) as the
desired action.
• If you want to protect against more traitors, increase m
Wednesday, August 18, 2010
22. SM(m) and Traitors
C
V = attack, retreat =>
!
C ommander is a traitor
attack : C retreat : C
retreat : C : L2
L1 attack : C : L1
L2
Wednesday, August 18, 2010
23. But what if…
not all generals can reach all
other generals directly?
Wednesday, August 18, 2010
24. p-Regular Graphs
1. A set of nodes { i1, …, ip } is said to be a regular set of
neighbors of a node i if:
1. each ij is a neighbor of i, and
2. for any general k different from i, there exists paths γj,k
from ij to k not passing through i such that any two
different paths γj,k have no node in common other than k.
2. The graph G is said to be p-regular if every node has a
regular set of neighbors consisting of p distinct nodes.
Wednesday, August 18, 2010
25. p-Regular Graphs
1. A set of nodes { i1, …, ip } is said to be a regular set of
neighbors of a node i if:
1. each ij is a neighbor of i, and
*SNAP*
2. for any general k different from i, there exists paths γj,k
from ij to k not passing through i such that any two
different paths γj,k have no node in common other than k.
2. The graph G is said to be p-regular if every node has a
regular set of neighbors consisting of p distinct nodes.
Wednesday, August 18, 2010
26. Samples
3-regular not 3-regular
Wednesday, August 18, 2010
27. Missing communication
paths
For any m and any p ≥ 3m, algorithm OM(m, p) solves the
Byzantine Generals Problem if there are at most m
traitors.
Wednesday, August 18, 2010
28. Missing communication
paths
For any m and any p ≥ 3m, algorithm OM(m, p) solves the
Byzantine Generals Problem if there are at most m
traitors.
ssing
In other words: in case of messengers pa
h
oral messages only, if you send enoug
an
messages, there m ay be a way to come to
of
agreement on w hat to do, even in face
s. (It
traitors and missin g communication path
hich
all depends on ho w many traitors and w
paths are missing.)
Wednesday, August 18, 2010
29. Missing
Communication Paths
For any m, SM(m) solves the Byzantine Generals
Problem if there are at most m traitors.
Wednesday, August 18, 2010
30. Practical Use of BGP
General Processor
Loyal general Non-faulty processor
• IC1: All nonfaulty processors must use the same input
value (so they produce the same output)
• IC2: If the input unit is nonfaulty, then all nonfaulty
processes use the value it provides as input (so they
produce the correct output)
Wednesday, August 18, 2010
31. Assumption A1
Every message sent by non-faulty process is delivered
correctly.
• Failure of communication line cannot be distinguished
from failure of nodes.
• OK because we still are tolerating m failures.
Wednesday, August 18, 2010
32. Assumption A2
A processor can determine origin of message
• In a fixed line network, this can be assumed.
• In a switched network, A2 is not needed since the
messages will be signed.
Wednesday, August 18, 2010
33. Assumption A3
The absence of a message can be detected
• Only by the use of some time-out convention
• Fixed maximum time needed for the generation and
transmission of a message.
• The sender and receiver have clocks that are synchronized to
within some maximum error
Wednesday, August 18, 2010
34. Assumption A4
Unforgeable signatures. Anyone can verify authenticity
of signature
• Message signed by i = (M, Si(M))
• If i is not faulty, no one can generate Si(M). (Faulty
processor used for generating signatures.)
• Given M and X, anyone can verify if X=Si(M)
Wednesday, August 18, 2010
35. Conclusions
• BGP solutions are expensive (communication
overheads and signatures)
• Use of redundancy and voting to achieve reliability.
What if >1/3 nodes (processors) are faulty?
• 3m+1 replicas for m failures. Is that expensive?
• Tradeoffs between reliability and performance
• How would you determine m in a practical system?
Wednesday, August 18, 2010