Date post: | 07-Apr-2018 |
Category: |
Documents |
Upload: | rashmi-ranjan |
View: | 229 times |
Download: | 0 times |
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 1/7
Byzantine C lock Synchronization
L e s l i e L a m p o r t 1
P . M . M e l l i a r -S m i t h 2
C o m p u t e r S c i e n c e L a b o r a t o r y
S R I I n t e r n a t i o n a l
A b s t r a c t
A n i n f o r m a l d e s c r i p t i o n i s g i v e n o f t h r e e f a u l t - t o l e r a n t
c l o c k - s y n c h r o n iz a t io n a l g o r i t h m s . T h e s e a l g o r i t h m s w o r k
i n th e p r e s e n c e o f a r b i t r a r y k i n d s o f f a i lu r e , i n c l u d i n g " t w o -
f a c e d " c lo c k s . T w o o f t h e a l g o r i t h m s a r e d e r i v e d f r o m
B y z a n t i n e G e n e r a l s s o l u t i o n s .
1 . I n t r o d u c t i o n
M a n y m u l t i p r o c e s s s y s t e m s , e s p e c ia l l y p r o c e s s - c o n t r o l
s y s t e m s , r e q u i r e p r o c e s s e s to m a i n t a i n c l o c k s t h a t a r e sy n -
c h r o n i z e d w i t h o n e a n o t h e r [ 4 ] , [ 6 ] , [ 11 ]. P h y s i c a l c l o c k s
d o n o t k e e p p e r f e c t t i m e , b u t c a n d r i f t w i t h r e s p e c t t o o n e
a n o t h e r , s o t h e c l o c k s m u s t p e r i o d i c a l l y b e r e s y n c h r o n i z e d .
F o r s u ch a p r o c e s s t o b e f a u l t - t o l e r a n t , t h e c l o c k s y n c h r o -
n i z a ti o n a l g o r i t h m m u s t w o r k d e s p i te f a u l t y b e h a v i o r b y
s o m e p r o c e s s e s a n d c l o c k s .
T h e p u r p o s e o f t h i s p a p e r i s t o p r o v i d e a n i n f o r -
m a l , i n t u i t i v e d e s c r i p t i o n o f t h r e e f a u l t - t o l e r a n t c l o c k -
s y n c h r o n i z a t i o n a l g o r i t h m s . W e r e f e r t h e r e a d e r t o [7 ] f o rt h e d e t a i ls , i n c l u d i n g a p r e c is e s t a t e m e n t o f t h e p r o b l e m , a
r i g o r o u s d e s c r i p t i o n o f t h e a l g o r i t h m s , a n d a p r o o f o f t h e i r
c o r r e c t n e s s .
I t is e a s y t o c o n s t r u c t f a u l t - t o l e r a n t c l o c k - s y n c h r o n i z a -
t i o n a l g o r i t h m s i f o n e r e s t r i c t s t h e t y p e o f fa u l t s t h a t a r e
p e r m i t t e d . H o w e v e r , it is d i f f ic u l t t o f in d a l g o r i t h m s t h a t
lWork supported in part by the National Science Foundation under
grant number MCS-8104459.
2W ork supported in part by the National Aeronautics and Space Ad-
ministration under grant number NA SA 99-34234.
Permission to copy without fee all or part of this material is grantedprovided that the copies are not made or distributed for directcommercial advantage, the ACM copyright notice and the t i t le of thepublication and its date appear, and notice is given that copying is bypermission of the Association for Comput;ng Machinery. To copyotherwise, or to republish, requires a fee and/or specific permission.
© 1 98 4 A C M 0 - 8 9 7 9 1 - 1 4 3 - 1 8 4 0 0 8 / 0 0 6 8 $ 0 0 .7 5
c a n h a n d l e a r b i t r a r y f a u l t s - - i n p a r t i c u l a r , f a u l t s t h a t r e s u l t
i n " t w o - f a c e d " c l o ck s . C o n s i d e r a th r e e - p r o c e s s s y s t e m i n
w h i c h :
• P r o c e s s l ' s c lo c k r e a d s 1 : 00
• P r o c e s s 2 ' s c l o c k r e a d s 2 : 0 0
• P r o c e s s 3 ' s c l o c k i s f a u l t y i n s u c h a w a y t h a t w h e n
r e a d b y P r o c e s s 1 i t g iv e s t h e v a l u e 0 : 0 0 a n d w h e n
r e a d b y P r o c e s s 2 it g i v e s t h e v a l u e 3 :0 0 .
P r o c e s s e s 1 a n d 2 a r e i n s y m m e t r i c p o s i t i o n s ; e a c h s e e s o n e
c l o c k t h a t r e a d s a n h o u r e a r l i e r t h a n i t s o w n c l o c k , an d o n e
c l oc k t h a t r e a d s a n h o u r l a t er . T h e o b v i o u s s y n c h r o n i z at i o n
a l g o r i t h m s , w h i c h a r e s y m m e t r i c , w i l l n o t c a u s e P r o c e s s e s
1 a n d 2 to r e s e t t h e i r c l o c k s i n a w a y t h a t w o u l d b r i n g
t h e i r v a lu e s c lo s e r t o g e t h e r . T h e s t u d y o f t h i s p r o b l e m w a s
i n i t i a t e d b y t h e r e a l i z a t i o n , d u r i n g t h e d e s i g n o f t h e S I F T
r e l i a b l e a i r c r a f t c o n t r o l c o m p u t e r [ 11 ], t h a t s u c h m a l i c i o u s
f a u l t s c a n o c c u r i n p r a c t i c e .
T h e a l g o r i t h m s d e s c r i b e d i n t h i s p a p e r a s s u m e t h a t
e a c h p r o c e s s c a n r e a d e v e r y o t h e r p r o c e s s ' s cl o c k . T h e y
w o r k i n t h e p r e s e n c e o f a n y k i n d o f f a u l t , i n c l u d i n g s u c h
m a l i c i o u s t w o - f a c e d c lo c k s . W e l e t a p r o c e s s ' s c lo c k b ep a r t o f t h e p r o c e s s , s o a c l o c k f a i lu r e i s j u s t o n e k i n d o f
p r o c e s s f a i lu r e . W e c o n s i d e r o n l y p r o c e s s f a i l u r e s , i g n o r i n g
c o m m u n i c a t i o n l i n e f a i lu r e s . A t w o r s t , t h e f a i l u r e o f a c o m -
m u n i c a t i o n l i n e j o i n i n g t w o p r o c e s s e s c a n b e a n a l y z e d a s if
i t w e r e a f a il u r e o f e i t h e r o f t h e p r o c e s s e s . C o m m u n i c a t i o n -
l i n e f a i l u r e i s b r i e f l y d i s c u s s e d i n [ 7 ] .
O u r f i r s t a l g o r i t h m i s c a l l e d a n in terac t ive convergence
a l g o r i t h m , s i n c e i t c a u s e s c o r r e c t l y w o r k i n g c l o c k s t o c o n -
v e r g e , b u t t h e c l o s e n e s s w i t h w h i c h t h e y c a n b e s y n c h r o -
n i z e d d e p e n d s u p o n h o w f a r a p a r t t h e y a r e a l lo w e d t o d r if t
b e f o r e b e in g r e s y n c h r o n iz e d . I n a n e t w o r k o f a t l e as t 3 m + 1
p r o c e s s e s , i t w i ll h a n d l e u p t o m f a u l t s .
T h e r e m a i n i n g t w o a l g o r i t h m s a r e c a l l e d in terac t ive
c o n s i s t e n c y a l g o r i th m s , s o n a m e d b e c a u s e t h e n o n f a u l ty
p r o c e s s e s o b t a i n m u t u a l l y c o n s i s t e n t v i e w s o f a l l t h e c l o ck s .
I n t h e se a l g o r i th m s , t h e d e g r e e o f s y n c h r o n i z a t i o n - - t h e
m a x i m u m d i f fe r e n c e b e t w e e n a n y t w o n o n f a u l t y p r o c e s se s '
c l o c k s - - d e p e n d s o n l y u p o n t h e a c c u r a c y w i t h w h i c h p r o-
6 8
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 2/7
cesses can read each other's clocks and how far clocks can
drift during the actual s ynchroniz ation procedure.
The i nteractive consistency algorithms are derived from
two basic "Byzantine Generals" solutions presented in [5].
The first one requires at least 3m + 1 processes to handle
up to m faults. The second algorithm assumes a special
method of reading clocks, requiring the use of unforgeable
digital signatures, to handle up to m faults with as few as2m + 1 processes. A recent algor ithm of Halpe rn, Simons
and Strong [3], using a similar method of reading clocks,
will be better than our second Byzantine Generals solution
in almost all practical situations. However, we feel that our
algorithm is still worth describin g because it makes some-
what different assumptions about how clocks are read and
because its derivation from the Byzantine Generals algo-
rithm is interesting.
Lundelius and Lynch [8] have recently described an
interactive convergence algorithm. It requires a special
method of reading clocks, so it is difficult to compare with
our first two algorithms . However, i n some situation s, it can
synchronize the clocks with greater accuracy than our al-
gorithms. We discuss the various algorithms' clock-reading
methods in Section 4, and, in the conclusion, we compare
their efficiency and accuracy.
Dolev, Ha lpern , and Stron g [2] have recently proved
that, like the original Byzantine generals problem, 3m + 1
processes are required to allow clock synchroni zatio n in the
presence of m faults if digital signatures are not used. Our
first two algorithms are thus use the minimum number of
processes.
2 . A l g o r i t h m C O N
Algorithm CON, our interactive convergence algorithm,
is the simplest of the three algorithms. It assumes that the
clocks are initially synchronized, and that they are resyn-
chronized often enough so two nonfaulty processes' clocks
never differ by more t han 6. The value of 6 is chosen in ad-
vance, as explai ned later. We ignore for now the questio n
of how processes read each other's clocks.
Algorithm CON is essentially the following.
Eac h proc e s s r e ads the v a lue o f e v e ry proc e s s ' s
c loc k and se t s i t s own c loc k to the av e rage o f
the se v a lue s - - e x c e pt tha t i f i t r e ads a c loc k v a lue
d i f fe r i n g f r o m i t s o w n b y m o r e t h a n 6 , t h e n i t
r e p lac e s tha t v a lue by i t s own c loc k ' s v a l , t e whe n
f o r m i n g t h e a v e r a g e .
To see why this works, let us consi der by how much two
nonfaulty processes' clocks can differ after they are resyn-
chronized. For simplicity, we ignore the error in readin g
another process's clock and assume that all processes ex-
ecute the algorithm instan taneo usly at exactly the same
time.
Let p and q be nonfaulty processes, let r be any pro-
cess, and let cp , an d % , be the values used by p and q,
respectively, as process r's clock value when forming the
average. If r is nonfaulty, then cp , an d cq , will be equal. If
r is faulty, then % , and %, will differ by at most 36, since
cp, lies within 6 of p's clock value, Cqr lies within 6 of q's
clock value, and the clock values of p and q lie within 6 ofone another.
Let n be the total numb er of processes and m the num-
ber of faulty ones, and assume tha t n > 3rn. Processes p
and q set their clocks to the average of the n values cp, and
cq,, respectively, for i -- 1 ,. .. , n. We have car = Cq, for the
n - m nonfaulty processes r, and [% , - ear ] <_ 36 for the
m faulty processes r. It follows from this that the averages
computed by p and q will differ by at most ( 3 r e ~ n ) 6 . Th e
assumption n > 3m implies ( 3 r e ~ n ) 6 < 6 , so the algorithm
succeeds in bring ing the clocks closer together. Therefore,
we can keep the nonfaulty processes' clocks synchronized
to within 6 of one other by resynch ronizing often enough
so that clocks which are initially within ( 3 r e ~ n ) 5 seconds
of each other never drift further that 5 seconds apart.
It appea rs that by repeated resynchronizations, each
one bringi ng the clocks closer by a factor of 3 r e ~ n , this al-
gorithm can achieve any desired degree of synchronization.
However, we have ignored two factors:
I. The time taken to execute the algorithm.
2. The error in reading another process's clock.
The fact that a process does not read all other clocks
at exactly the same time means that it must average not
clock values, but differences between its clock value and the
others. When process p reads process q's clock, it records
the difference Aqa betwee n q's clock and its own. More
precisely, Aqa = Cq - % , where Cq is the value p reads on q's
clock and % is the value it reads at the same time on its
own clock. Let ting Apa = 0 and de fining
Aqa if[Aqa 1< 6Aqa -=
0 otherwise ,
process p resets its clock by adding the average of the n
values Aqa to its own clock value.
The error in reading clocks must also be taken into
account in computing Aqa. Let e be the maximum error inreading the clock difference Aqa. If 6 is the maximum true
difference between the two clocks, t hen the difference read
by process p could be as grea t as 6 + c. There fore, we nmst
replace 6 by 6 + e in the above definition of Aqp.
A careful analysis, given in [7], shows that the al gorith m
works if 6 is at least about (6m + 2)e + (3m + 1 ) p R , where
p is the maximum error in the rates at which the clocks
69
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 3/7
r u n a n d R i s t h e l e n g t h o f t i m e b e t w e e n r e s y n c h r o n i z a -
t io n s . T h e v a l u e o f 6 i s t h e m a x i m u m d i f f e r e n c e b e t w e e n
t w o n o n f a u l t y c l o c k s , s o t h i s v a l u e r e p r e s e n t s t h e d e g r e e o f
c l o c k s y n c h r o n i z a t i o n m a i n t a i n e d b y th i s a lg o r i t h m , l T h e
v a l u e ( 6 m + 2 ) c + ( 3 m + 1)pR i s t h e s m a l l e s t v a l u e w e c a n
s a f e ly c h o o s e f o r 6 ; a n y l a r g e r v a l u e w i l l a l s o w o r k , y i e l d i n g
a l a r g e r cl o c k s y n c h r o n i z a t i o n e r r o r .
3 . T h e I n t e r a c t i v e C o n s i s t e n c y A l -
g o r i t h m s
I n t h e A l g o r i t h m C O N , a p r o c e s s s e t s i ts c lo c k t o th e
a v e r a g e o f a ll c lo c k v a l u e s . S i n c e a s i n g l e b a d v a l u e c a n s k e w
a n a v e r a g e , b a d c l o c k v a l u e s m u s t b e th r o w n a w a y . A n o t h e r
a p p r o a c h i s t o t a k e a m e d i a n i n s t e a d o f a n a v e r a g e , s i n c e a
m e d i a n p r o v i d e s a g o o d v a l u e s o l o n g a s a m i n o r i t y o f v a l u e s
a r e b a d . H o w e v e r , b e c a u s e o f t h e p o s s i b i l i t y o f t w o - f a c e d
c l o c k s , t h e p r o c e s s e s c a n n o t s i m p l y r e a d e a c h o t h e r ' s c l o c k s
a n d t a k e a m e d i a n ; t h e y m u s t u s e a m o r e s o p h i s t i c a t e d
m e t h o d o f o b t a i n in g t h e v a l u e s o f o t h e r p r o c e s s e s ' cl o ck s .W e n o w i n v e s t ig a t e w h a t p r o p e r t i e s s uc h a m e t h o d m u s t
h a v e .
T h e m e d i a n c o m p u t e d b y t w o d if f e re n t p r o c e ss e s w il l
b e a p p r o x i m a t e l y t h e s a m e i f t h e s e t s o f c l o c k v a l u e s t h e y
o b t a i n a r e a p p r o x i m a t e l y t h e s a m e . T h e r e f o r e , w e w a n t t h e
f o l l o w i n g c o n d i t i o n t o h o l d f o r e v e r y p r o c e s s r .
CC1. A n y t w o n o n f a u l t y p r o c e s se s o b t a i n a p p r o x i m a t e l y
t h e s a m e v a l u e f o r r ' s c l o c k - - e v e n i f r i s f a u l ty .
W h i l e C C 1 g u a r a n t e e s t h a t a l l p r o c e s s e s w i ll c o m p u t e
a p p r o x i m a t e l y t h e s a m e c l o ck v a lu e s , i t d o e s n ' t e n s u r e t h a t
t h e v a l u e s t h e y c o m p u t e w i l l b e m e a n i n g f u l . F o r e x a m p l e ,
CCI i s s a t is f i e d i f e v e r y p r o c e s s a l w a y s o b t a i n s t h e v a l u el : 0 0 fo r a n y p r o c e s s ' s cl o c k . T h i s s y n c h r o n i z e s t h e c l o c k s
b y ef f e c t i v e ly s t o p p i n g t h e m a ll . T o m a k e s u r e t h a t t h e p r o -
c e s s e s ' c l o c k s k e e p r u n n i n g a t a r e a s o n a b l e r a t e , w e m a k e
t i le f o l l o w i n g a d d i t i o n a l r e q u i r e m e n t f o r a n y p r o c e s s r :
C C 2 . I f r is n o n f a u l t y , t h e n e v e r y n o n f a u l t y p r o c e s s o b t a i n s
a p p r o x i m a t e l y t h e c o r r e c t v a l u e o f r ' s c lo c k .
I f a m a j o r i t y o f p r o c e s s e s a r e n o n f a u l t y , t h e n t h i s e n s u r e s
t h a t t h e m e d i a n c l o c k v a lu e c o m p u t e d b y a n y p r o c es s is
a p p r o x i m a t e l y e q u a l t o t h e v a l u e o f a g o o d c l o ck . 2
C o n d i t i o n s CCI a n d C C 2 a r e v e r y s i m i l a r to t h e c o n -
d i t i o n s t h a t d e s c r i b e t h e B y z a n t i n e G e n e r a l s p r o b l e m [ 5 ] .
I n t h i s p r o b l e m , s o m e p r o c e s s r m u s t s e n d a v a l u e t o a llp r o c e s s c s i n s u c h a w a y t h a t t h e f o l l o w i n g t w o c o n d i t i o n s
are sati~sfi~'d; .INo te that [7] shows only tha t at least this degree of synchronization
can be obtained; we do not know if the worst-case behavior is really
this bad. The same remark applies to the other error bounds quoted
below.
:Mo re precisely, it is either approximately equal to a good clock's value
or else l ies between the values of two goo d clocks.
I C 1 . A l l n o n f a u l t y p r o c e s s e s o b t a i n t h e s a m e v a l u e.
I C 2 . I f p r o c e s s r is n o n f a u l t y , t h e n a l l n o n f a u l t y p r o c e s s e s
o b t a i n t h e v a l u e t h a t i t s e n d s .
O u r t w o i n t e r a c t i v e c o n s i s t e n c y a l g o r i t h m s a r e m o d i f i -
c a t i o n s o f tw o B y z a n t i n e G e n e r a l s s o l u t i o n s f r o m [5 ] t o
a c h i ev e c o n d i t io n s C C 1 a n d C C 2 .
3 . 1 . A l g o r i t h m C O M ( m )
O u r f ir s t i n t e r a c t i v e c o n s i s t e n c y a l g o r i t h m , d e n o t e d
C O M ( m ) , w o r k s in t h e p r e se n c e o f u p t o m f a u l t y p r o -
c e s s e s w h e n t h e t o t a l n u m b e r n o f p r o c e s s e s is g r e a t e r t h a n
3 m . I t is b a s e d u p o n A l g o r i t h m O M ( m ) o f [5 ].
W e f i rs t c o n s i d e r t h e c a s e n - - 4 , m - - l , a n d d e s c r i b e a
s p e c i a l c a s e o f A l g o r i t h m O M ( 1 ) i n w h i c h t h e v a l u e b e i n g
s e n t is a n u m b e r . I n t h i s a l g o r i t h m , p r o c e s s r s e n d s i ts
v a l u e t o e v e r y o t h e r p r o c e s s , w h i c h i n t u r n r e l a y s t h e v a l u e
t o th e t w o r e m a i n i n g p r o c e s s e s . P r o c e s s r u s e s i t s o w n
v a l u e . E v e r y o t h e r p r o c e s s i h a s r e c e i v e d t h r e e " c o p i e s "
o f t h i s v a l u e : o n e d i r e c t l y f r o m p r o c e s s r a n d t h e o t h e r
t w o f r o m t h e o t h e r t w o p r o c e s se s , s T h e v a l u e o b t a in e d b y
p r o c e s s i i s d e f i n e d t o b e t h e m e d i a n o f t h e s e t h r e e c o p i e s.
T o s h o w t h a t t h i s w o r k s , w e c o n s i d e r s e p a r a t e l y t h e t w o
c a s e s: p r o c e s s r f a u l t y a n d n o n f a u l t y . F i r s t , s u p p o s e r is
n o n f a u l t y . I n t h i s c a s e , a t l e a s t t w o o f t h e c o p i e s r e c e i v e d
b y a n y o t h e r n o n f a u l t y p r o c e s s p m u s t e q u a l t h e v a l u e se n t
b y r : t h e o n e r e c e i v e d d i r e c t l y f r o m r a n d t h e o n e r e l a y e d
b y a n o t h e r n o n f a u l t y p r o c e s s . ( S i n c e t h e r e i s a t m o s t o n e
f a u l t y p r o c e s s , a t l e a s t o n e o f t h e t w o p r o c e s s e s t h a t r e l a y
t h e v a l u e to p m u s t b e n o n f a u l t y . ) T h e m e d i a n o f a s e t o f
t h r e e n u m b e r s , t w o o f w h i c h e q u a l v , is v , s o c o n d i t i o n I C 1
i s s a t is f i ed . W h e n p r o c e s s r i s n o n f a u l t y , I C 1 i m p l i e s I C 2 ,
w h i c h f i n i s h e s t h e p r o o f f o r t h i s e a s e .
N e x t , s u p p o s e t h a t p r o c e s s r i s f a u l ty . C o n d i t i o n I C 1 i s
t h e n v a c u o u s , s o w e n e e d o n l y v e r i f y I C 2 . S i n c e t h e r e i s a t
m o s t o n e f a u l t y p r o c e ss , t h e t h r e e p r o c e s s e s o t h e r t h a n r
m u s t b e n o n f a u l t y . E a c h o n e t h e r e f o r e c o r r e c t l y t r a n s m i t s
t h e v a l u e i t r e c e iv e s f ro m r t o t h e o t h e r p r o c e s s e s . A l l o f t h e
o t h e r p r o c e s s e s t h u s r e c e i v e t h e s a m e s e t o f co p i e s , so t h e y
c h o o s e t h e s a m e m e d i a n , s h o w i n g t h a t t h a t I C 2 i s s a t is f ie d .
T o m o d i f y A l g o r i t h m O M ( 1 ) f o r c l o ck s y n c h r o n i za t i o n ,
l e t u s s u p p o s e t h a t i n s t e a d o f s e n d i n g a n u m b e r , a p r o c e s s
c a n s e n d c o p y o f a cl o c k . ( W e c a n i m a g i n e c l o c k s b e i n g s e n t
f r o m p r o c e s s t o p r o c e s s , c o n t i n u i n g t o t i c k w h i l e in t r a n s i t .)
W e a s s u m e t h a t s e n d i n g a c l o ck f r o m o n e n o n f a u l t y p r o c e ss
t o a n o t h e r c a n p e r t u r b i t s v a l u e b y a t m o s t s o m e s m a l l
a m o u n t E, b u t l e a v e s i t o t h e r w i s e u n a f f e c t e d . H o w e v e r , a
f a u l t y p r o c e s s c a n a r b i t r a r i l y c h a n g e a c l o c k ' s v a l u e b e f o r e
s e n d i n g i t .
Sin case a process fails to receive a message, presumably because the
sender is faulty, it can pretend to have received any arbitra ry message
from tha t process. See [5] for more details.
7 0
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 4/7
In Algorithm COM(1), we apply Algorithm OM(1) four
times, once for each process r. However, instea d of send ing
values, the processes send clocks. Exact ly the same argu-
ment used above to prove ICl and IC2 proves C C I an d
CC2, where "approximately" means to within O(~).
The more general Byzantine Generals solution OM(m),
which handles m faul ty processes, n > 3m, involves more
rounds of message passing and additional median taking.This algorithm can be found in [5]. Algorithm COM(rn)
is obtained from OM(m) in the same way we obtained
COM(1) f rom OM(1): by sendin g clocks instea d of mes-
sages.
This completes our description of Algorithm COM(m),
except for one question: how do processes send clocks to
one another? The answer is that the processes don't send
clocks, they send clock differences. As before, when pro-
cess p reads process q's clock, it records the difference Aqp
between its clock value an d q's. Process p sends a "copy"
of q's clock to another process r by sending the value Aqp,
which means "q's clock differs from mine by Aqp".
Now, suppose r receives a copy of q's clock from p in
the form of a message (from p) saying "q's clock differs
from mine by x' . How does r relay a copy of this clock to
another process? Process r reasons as follows:
• p tells me that q's clock differs from his by x.
• I know that p's clock differs from mine by Ap,.
• Therefore, p has told me that q's clock differs from
mine by x + Ap,
In other words, when r relays a clock difference sent to him
by p, he just adds Ap, to that difference.
This completes the description of Algorithm COM(m).
A careful analysis, described in [7], reveals that this algo-
rithm keeps the clocks of different processes synchronized
to within approximately (6m + 4)e + p R , where, as before,
is the maximu m error in reading a clock, p is the ma ximum
error in the ru nnin g rate of a clock, an d R is the length
of time between resynchronizations. The first term of the
error is caused by clock-reading errors that accumulate as
messages are passed ar ound; the second term is the amoun t
that the clocks drift apart between resynchronizations.
3 . 2 . A l g o r i t h m C S M
With no assumptions about the behavior of failed pro-
cesses, it can be shown that the Byzantine Generals prob-lem is solvable only if n > 3m [9]. However, we can do
better than this by allowing the use of digital signatures.
More precisely, we assume th at a process can generate a
message which can be copied but cannot be undetectably
altered. Thus, if r gene rate s a signed message, and copies
of that message are relayed from process to process, the ul-
timate recipient can tell if the copy he receives is identical
to the original signed message generated by r. With digital
signatures, we are assuming that a faulty process cannot
affix the signature of another process to any message not
actua lly signed by that process. See [5] for a brief discussion
of how digital signatures can be generated in practice.
Algorithm SM(m) of [5] solves the Byzantine Genera ls
problem in the presence of up to m faults for any value of
n. ~ We first consider the case n -- 3, m = 1. In Algo-rithm SM(1), process r sends a signed message containing
its value to the other two processes, each of which relays a
copy of this signed message to the other. Each process p
other t han r winds up with a pile contain ing up to two prop-
erly signed messages: one received directly from process r
and anoth er relayed by the third process. Process p may
receive fewer than two messages because a faulty process
could fail to send a message. The value process p obtains
is defined to be the largest of the values contained in this
pile of properly signed messages. (If no message is received,
then some arbit rary fixed value is chosen.)
For notational convenience, we pretend that r sends
a signed message to itself, which it does not relay. It iseasy to see that the piles of messages received by the three
processes satisfy the following two properties.
SM1. For any two non fau lty processes p and q: every value
in p's pile is also in q's.
SM2. If process r is nonfaulty, then every nonfaulty pro-
cess's pile has at least one properly signed message,
and every properly signed message has the same
value.
Note that SMI holds for p or q equal to r because of our
assumption t hat r sends a properly signed message to itself.
Condition IC1 follows immediately from property SM1,
and condition IC2 follows immediately from property SM2,proving that SM(1) is a Byz antine Generals solution.
In the general Algorithm SM(m), messages are copied
and relayed up to m times, with each relaying process
addi ng its signa ture . When a process p receives a mes-
sage with fewer than m signatures, p signs the message,
copies it, and relays it to every process that has not al-
ready signed the message. The reader can either verify for
himself or find the proof in [5] that the stacks of messages
received by the processes satisfy conditions SMI and SM2.
(Again, we assume that r sends a signed message to itself,
so SM1 is satisfied when p or q equals r.) Hence, defining
the value obtained by a process to be the largest value in its
pile gives an algorithm that solves the Byzantine Generals
problem.
To turn the Byzantine Generals solution SM(m) into
the clock-synchroniz ation Algorithm CSM(m), we again
send clocks instead of messages. Moreover, we allow pro-
cesses to sign the clocks tha t they send. As before, we
4The problem is vacuous f there are more than n - 2 faults.
71
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 5/7
assume that a clock's value is perturbed by at most some
small amount c when sent by a nonfaulty process. How-
ever, instead of allowing a faulty process to set a clock to
any value when relaying it, we assume that the process can
tur n the clock back but not ahead. More precisely, we as-
sume that, when relaying a clock, a faulty process can set
it back arbitrarily far, but can set it ahead by at most E.
We now use the same relaying procedure as in Algo-
rithm SM(m) to send copies of r's clock to all processes.For simplicity, we assume that all clocks run at exactly the
same rate, except for the perturbations they receive when
being relayed, s Each process keeps a copy of every prop-
erly signed clock, so after all the relaying has ended, it has
a pile of copies of r' s clock. (We assum e that r keeps a
signed copy of its own clock.) Since a nonf ault y process
pertu rbs a clock's value by at most E when relaying it, the
same reasoning used to prove SM1 an d SM2 shows that the
following properties are true of these piles of copies of r's
clock.
CSM1. For any two nonfaulty processes p and q : if p has
a properly signed clock with value c, then q has aproperly signed clock whose value is within me of
C.
CSM2. If process r is nonfaulty and its clock has the value
c, then every other process has at least one properly
signed clock whose value is within ~ of c, and every
properly signed clock that it has reads no later th an
c+m~.
The value that a process obtains for r's clock is defined to be
the fastest clock in its pile. Conditions conditions CC1 and
CC2 then follow immed iate ly from CSM1 and CSM2, where
"approximately" means to within O(m~). Hence, this pro-
vides a fault-tole rant clock-synchroniz ation algorithm.
To finish the description of Algorithm CSM(rn), we
must describe how clocks can be signed an d relayed in such
a way that the y are distu rbed by at most ~ when relayed
by a nonfaulty clock and can be set forward at most e by a
faulty one. As in Algorithm SM(m), we require a method
for gene rating unforgeable signed messages.
We first assume that processes and transmission lines
are infi nitely fast, so a message can b e relayed from pro-
cess to process in zero time. We use this ass umpt ion to
construct a method of relaying clocks for which e equals
zero. The message that r sends, and that all the processes
relay, is r's clock value cr. The message c, acts like a clockwhose value is now c,. A nonfau lty process relays this value
in zero time, so the clock is sent with no per turba tion. A
S R e m o v i n g t h i s a s s u m p t i o n a d d s a t e r m o f o r d e r pS t o th e m a x i m u m
d i f f e r e n c e b e t w e e n t h e c l o c k s , w h e r e S i s t h e t i m e t a k e n t o e x e c u t e t h e
a l g o r i t h m a n d p t h e m a x i m u m e r r o r i n th e c l o c k r a t e s . I n m o s t c a s e s
t h i s t e r m i s m u c h s m a l l e r t h a n t h e d i f f e r e n c e d u e t o t h e p e r t u r b a t i o n
faulty process cannot change the value of the clock, since
the value is contained in a signed message; all it can do is
delay sending the value. Th is is equivalent to stopping the
clock while holding it, which is tantamount to turning the
clock back. Hence, the assumpt ion about sending clocks is
satisfied, with zero perturbation.
In practice, processes and transmission lines are not
infinitely fast. Instead, we assume that a message received
by a nonfaulty process will be copied, signed, sent, andreceived at its des tina tion i n time "74-E, for some const ant '7.
By counting the signatures affixed to a message, a process
knows how many times the message has been relayed, so it
can correct the clock value in the message by adding the
appropri ate mu ltipl e of "7. T he ne t effect is to introduce
an error of at most ~ each time the message is relayed.
The detailed an alysis of [7] shows that this algo rithm can
main tain clocks synchronized to within abo ut (m+6)E+pR,
where once again p is the maximum error in the clock rate
and R is the interval between resynchronizations.
4 . R e a d i n g C l oc k s
To synchro nize their clocks, processes have to read each
other' s clock values. Errors in re ading those values limit the
closeness with which clocks can b e synchronized. We let E
denote the worst-case error in rea ding a clock value. The
degree of closeness with which an algorithm can synchro-
nize clocks depends upon e, and it is tempting to use tfiis
dependence ~ as a measure for comparing different clock-
synchronization algorithms--the algorithm that can syn-
chronize to within the smallest factor of e being the best.
Such comparisons can be misleading. Different algo-
rithms require different methods of reading clocks, and
these different methods can yield very different values for
E. Algorithms CON and COM can use any method of
clock reading, so they can always be implemented with
the sma llest possible value of ~. However, this is not tru e
of Algorithm CSM or the algorithms of Lundelius [8] and
Halpern [3].
In practice, the value of ~ is determined primarily by
the syste m level at which clock readin g takes place. The
value of E can be quite small if clock readin g is performed by
the oper ating system. For example, c is a few microseconds
in SIFT [ll] . However, if clock readin g is done by a high-
level program in a multi progr ammin g environme nt, E can
be tenths of a second or more.
In Algorithm CSM and the a lgorithms of Lundelius and
Halpern, one process rea ds a noth er's clock by" deter mining
the arriva l time (o n its own clock) of a message. Thus, E is
the maximum uncertainty in the elapsed time between the
generation and receipt of the message. The algorithms dif-
fer in how the messages are generated. In the Lu ndelius al-
72
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 6/7
, g o r i t h m [ 8 ], t h e y a r e s i m p l y s e n t b y a p r o c e s s w h e n i t s o w n
c l o c k r e a c h e s a c e r t a i n v a l u e . H o w e v e r , i n A l g o r i t h m C S M
a n d t h e H a l p e r n a l g o r i th m , s o m e o f th e m e s s a g e s a r e g e n-
e r a t e d i n r e s p o n s e t o t h e a r r i v a l o f o t h e r m e s s a g e s , a n d t h e
g e n e r a t i o n o f t h e s e m e s s a g e s r e q u i r e s a n o n t r i v i a l c o m p u -
t a t io n . T h u s , o f t h e s e t h r e e a l g o r i t h m s , L u n d e l i u s ' s i s m o r e
l ik e l y t o b e i m p l e m e n t a b l e a t a l o w e r s y s t e m l e v e l .
C o m p a r i s o n o f t h e s e t h r ee a l g o r i t h m s w i t h A l g o r i t h m s
C O N a n d C O M i s d i f f ic u l t, s i n c e t h e l a t t e r t w o a l g o r i t h m sm a k e n o a s s u m p t i o n s a b o u t h o w c l o c k s a r e r e a d . H o w e v e r ,
t h e f o l l o w i n g t h e o r e t i c a l o b s e r v a t i o n s s e e m t o b e r e l e v a n t .
I t i s l i k e l y t h a t , a t s o m e l e v e l , f o r p r o c e s s p t o r e a d t h e
c l o c k o f a n o t h e r p r o c e s s q , p m u s t m e a s u r e t h e a r r i v a l t i m e
o f a m e s s a g e s en t b y q . T h i s " m e s s a g e " m i g h t b e a s i n -
g l e v o l t a g e c h a n g e t r a v e l i n g a l o n g a w i r e . S i n c e p a n d q
a r e a s y n c h r o n o u s , q ' s m e s s a g e m u s t b e s t o r e d i n a b u f f er ,
w h i c h p r e a d s to d e t e r m i n e i f t h e m e s s a g e h a s a r r i v e d . T h e
f r e q u e n c y w i t h w h i c h p c h e c k s t h e b u f f e r i n t r o d u c e s a f u n -
d a m e n t a l s o u r c e o f e r r o r - - w h e n w h e n p s e es a m e ss a g e , it
k n o w s o n l y t h a t t h e m e s s a g e a r r i v e d s o m e t i m e s i n c e i t l a s t
r e a d t h e b u f f e r. T h u s , t h e t i m e b e t w e e n s u c c e s s i v e r e a d s o f
t h e b u f f e r p r o v i d e s a lo w e r b o u n d o n ~ .
T h e b e s t t h a t a p r o c e s s c a n d o t o r e d u c e t h e t i m e b e -
t w e e n s u c c e s s i v e r e a d s i s t o d o n o t h i n g b u t r e p e a t e d l y r e a d
t h e b u f f er . T h e r e f o r e , E c a n n o t b e s m a l l e r t h a n t h e t i m e
n e e d e d t o r e a d a m e s s a g e b u f f e r. M o r e o v e r , t h e fo l l o w i n g
c l o c k - r e a d i n g p r o c e d u r e s e e m s t o in d i c a t e t h a t t h i s b o u n d
i s t h e o r e t i c a l l y a c h i e v a b l e . T o r e a d p r o c e s s q ' s c lo c k , p r o -
c e s s p s e n d s q a requestm e s s a g e , t h e n c o n t i n u a l l y e x a m i n e s
t h e b u f f e r l o o k i n g f o r q 's r e p ly . P r o c e s s q e v e n t u a l l y r e p l i es
t o t h i s m e s s a g e b y s e n d i n g p a m e s s a g e w i t h i t s c u r r e n t
c l o c k v a l u e . I n p r i n c i p l e, i t s h o u l d b e p o s s i b l e to d e t e r m i n e
t h e t i m e i t ta k e s q g e n e r a t e t h e m e s s a g e , a s w e l l a s t h e
t r a v e l t i m e o f t h e m e s s a g e , w i t h a r b i t r a r y a c c u r a c y . T h e n ,
i s e q u a l t o t h e e r r o r i n p 's d e t e r m i n a t i o n o f w h e n t h e m e s -
s a g e a r r i v e d , w h i c h i s t h e t i m e i t t a k e s t o r e a d t h e b u f f e r.
( A c t u a l l y , p m u s t w a i t o n l y a f ix e d l e n g t h o f t im e f o r q ' s r e -
p l y, s in c e q m i g h t b e f a u l t y , s o th e r e m u s t a l s o b e a t i m e o u t
t e g t i n q ' s " w a i t i n g l o o p " . )
A l g o r i t h m C S M a n d t h e L u n d e l i u s a n d H a l p e r n a l g o -
r i t h m s r e q u i r e a p r o c e s s p t o m e a s u r e t h e a r r i v a l t i m e o f
m e ~ s a g e s s e n t c o n c u r r e n t l y b y d i f f er e n t p r o c e s s e s. F a u l t -
t o l e r a n c e r e q u i r e s t h a t p m a i n t a i n a s e p a r a t e b u f f e r fo r
m e s s a g e s f r o m d i f f e r e n t p r o c e s s e s , s i n c e a f a u l t y p r o c e s s
c o u l d " j a m " c o m m u n i c a t i o n t o a s h a r e d b u f f e r b y c o n t i n -
u a l ly s e n d i n g m e s s a g e s . I f a p r o c e s s is i m p l e m e n t e d b y a
s i n g l e p r o c e s s o r , t h e n i t m u s t c y c l i c a l l y s c a n a l l i t s in p u tb u [ h , r s. T h u s , ( i s a t l e a s t n ti m e s t h e t i m e n e e d e d t o r e a d
a ~ in g l e b u f f er , w h e r e n i s t h e n u m b e r o f p ro c e s s e s . T h u s ,
t h e l i m i t i n g v a l u e o f ~ f o r t h e s e a l g o r i t h m s i s n t i m e s a s
g r e at a s t h e l im i t in g v a l u e f o r A l g o r i th m s C O N a n d C O M ,
w h i c h c a n u s e a n? ' m e t h o d o f c lo c k r e a d i n g .
B y r ( , g u l a ti n g w h e n p r o c e s s e s s e n d t h e i r m e s s a g e s , A I -
g o r i t h m C S M c a n b e m o d i f i e d s o e v e r y p r o c e s s w a i ts f o r
o n l y a s i n g l e m e s s a g e a t a t i m e . F o r e x a m p l e , f i x ed t im e
s l o t s c a n b e a l l o c a t e d t o ea c h c o m m u n i c a t i o n l i n k , w i t h
e a c h m e s s a g e s e n t a t t h e b e g i n n i n g o f t h e f ir s t a v a il a b l e
t i m e s l o t a f te r i ts g e n e r a t i o n . T h e t i m e b e t w e e n s u c c e s s i v e
s l o t s j u s t h a s t o b e g r e a t e r t h a n t h e m a x i m u m d i f f e re n c e b e -
t w e e n p r o c e s s e s ' c lo c k s . T h i s a d d s a k n o w n d e l a y t o e v e r y
m e s s a g e , w h i c h d o e s n o t s i g n i f i c a n t l y a f f e c t t h e a c c u r a c y
o f t h e a l g o r i t h m . I t s h o u l d b e p o s s i b l e t o m o d i f y t h e L u n -
d e l i u s a l g o r i t h m i n a s i m i l a r w a y . H o w e v e r , t h i s t r ic k d o e s
n o t s e e m t o w o r k f o r t h e H a l p e r n a l g o r i t h m , s i n c e t h e a l g o -
r i t h m r e l ie s o n t h e a b i l i t y t o r e c e iv e m e s s a g e s c o n c u r r e n t l y
f r o m d i f f e r e n t p r o c e s s e s .
5 . C o n c l u s i o n
W e h a v e p r e s e n t e d t h r e e c l o c k - s y n c h r o n i z a t i o n a l g o -
r i t h m s a n d n o t e d t h a t t h e y k e e p th e c l o c k s s y n c h r o n i z e d
t o w i t h i n t h e f o l l o w i n g to l e r a n c e s , w h e r e m i s t h e d e g r e e o f
f a u l t t o l e r a n c e , E i s t h e m a x i m u m e r r o r i n r e a d i n g a c lo c k ,
p i s t h e m a x i m u m e r r o r i n t h e c l o c k r a t e , a n d R i s t h e t i m e
b e t w e e n s u c c e s s i v e r e s y n c h r o n i z a t i o n s .
A l g o r i t h m C O N : ( 6 m + 2 )~ + ( 3 m + 1)pR
A l g o r i t h m C O M : ( 6 m + 4 ) c + pRA l g o r i t h m C S M : ( m + 6 ) e + pR
( N o t e t h a t t h e e x p r e s si o n f o r A l g o r i t h m C O N is m o r e c o m -
p l i c a t e d b e c a u s e i t i s a n i n t e F a c t i v e c o n v e r g e n c e a l g o r i th m . )
A l g o r i t h m C O N i s t h e s i m p l e s t , r e q u i r i n g o n l y t h a t
e a c h p r o c e s s r e a d e v e r y o t h e r p r o c e s s ' s c l o ck . I t a p p e a r s
t o b e s li g h t l y b e t t e r t h a n A l g o r i t h m C O M i f o n e i s i n t e r-
e s t e d i n m a i n t a i n i n g t h e c l o s e s t p o s s i b l e s y n c h r o n i z a t i o n ,
w i t h o u t r e g a r d t o h o w f r e q u e n t l y r e s y n c h r o n i z a t i o n i s p e r -
f o r m e d . H o w e v e r , A l g o r i t h m C O N r e q u i r e s m u c h m o r e fr e -
q u e n t r e s y n c h r o n i z a t io n t h a n t h e o t h e r t w o , b y an a s y m p -
t o t i c f a c t o r o f 3 m + 1 , t o m a i n t a i n t h e s a m e d e g r e e o f
s y n c h r o n i z a t i o n . e
T h e c o r r e s p o n d i n g s y n c h r o n i z a t io n e r r o r fo r th e H a l -
p e r n a l g o r i t h m [ 3] i s 2 E + pR. W h i l e L u n d e l i u s a n d L y n c h
d o n o t g i v e t h e s y n c h r o n i z a t i o n e r r o r f o r t h e i r a l g o r i t h m i n
a c o m p a r a b l e f o r m , i t a p p e a r s t o h a v e t h e v a l u e 4 c + 4pR.
( A s in A l g o r i t h m C O N , t h e e x t r a f a c t o r a p p e a r s i n f r o nt o f
t h e pR t e r m b e c a u s e t h i s i s a n i n t e r a c t i v e c o n v e r g e n c e a lg o -
r i t h m . ) H o w e v e r , a s w e h a v e i n d i c a t e d , t h e v a l u e s o f c a r e
n o t t h e s a m e f o r t h e d i f f e r e n t a l g o r i t h m s . A l g o r i t h m s C O N
a n d C O M h a v e t h e s m a l l e s t v a l u e o f E , s i n c e t h e y c a n u s e
a n y m e t h o d o f c l o c k re a d i n g . T h e v a l u e s o f e f o r t h e o t h e rt h r e e a l g o r i th m s c o u l d b e l a r g e r i n s o m e c ir c u m s t a n c e s .
6While the above numbers are simply the best bounds on the synchro-
nization errors that we have been able to find and do not necessarily
reflect the actua l worst-cause performance of the algorithms, we believe
that i t is in the nature of an interactive conv ergence algorithm to re-
quire more frequent resynchronization than an interactive consistency
algorithm.
7 3
8/6/2019 Byzentine Clocks
http://slidepdf.com/reader/full/byzentine-clocks 7/7
O u r t w o i n t e r a c t i v e c o n s i s t e n c y a l g o r i t h m s a r e b a s e d
u p o n p a r t i c u l a r B y z a n t i n e G e n e r a l s s o lu t i o n s. D o l e v [1 ] h a s
g e n e r a l i ze d A l g o r i t h m O M o f [5 ] t o t h e c a s e i n w h i c h p r o -
c e s s es c a n n o t s e n d m e s s a g e s d i r e c t l y t o a l l o t h e r p r o c e s se s .
H i s a lg o r i t h m i s s im i l a r e n o u g h t o A l g o r i t h m O M t h a t i t
c a n b e t r a n s f o r m e d i n t o a c l o c k - s y n c h r o n i z a t io n a l g o r i t h m
b y th e s a m e m e t h o d w e u s e d t o t r a n s f o r m A l g o r i t h m O Mi n t o A l g o r i t h m C O M , t h e r e b y y i e l d i n g a g e n e r a l i z a t i o n o f
A l g o r i t h m C O M t o t h e c a s e w h e n a p r o c e s s c a n n o t r e a d
e v e r y o t h e r p r o c e s s ' s c lo c k . T h e i n t u i t i v e re a s o n i n g u s e d
a b o v e w o r k s t h e s a m e w a y . H o w e v e r, w e h a v e n o t a n a l y z e d
t h e r e s u l t i n g a l g o r i t h m t o d e t e r m i n e i t s p r e c i se p r o p e r ti e s .
M a n y o t h e r B y z a n t i n e G e n e r a l s s o l u t i o n s h a v e b e e n
f o u n d t h a t i m p r o v e i n s o m e w a y u p o n t h e o n e s i n [ 5 ] - -
u s u a l l y b y re d u c i n g t h e n u m b e r o f m e s s ag e s . O u r t w o i n-
t e r a c t i v e c o n s i st e n c y a l g o r i t h m s g e n e r a t e a b o u t n ra+l m e s -
s a g e s, w h i l e t h e r e a r e m o r e r e c e n t a l g o r i t h m s i n w h i c h t h e
n u m b e r o f m e s s a g e s is p o l y n o m i a l i n n a n d m . A s u r v e y
o f t h e s e r e s u l t s c a n b e f o u n d i n [ 1 0 ]. A l l t h e c u r r e n t a l g o -
r i t h m s t h a t d o n o t u s e s i g n e d m e s s a g e s r e q u i r e m o r e r o u n d s
o f m e s s a g e p a s s i n g th a n A l g o r i t h m O M .
O n e s h o u l d c o m p a r e t h e s e m e s s a g e r e q u i r e m e n t s w i t h
t h o s e o f t h e k n o w n a l g o r i t h m s n o t b a s e d u p o n B y z a n t i n e
G e n e r a l s s o l u t i o n s - - n a m e l y , A l g o r i th m C O N a n d t h e a l go -
r i t h m s o f H a l p e r n a n d L u n d e l i u s . T h e l a s t tw o r e q u i r e , in
t h e w o r s t c a s e , a b o u t n : m e s s a g e s . A l g o r i t h m C O N d o e s
n o t r e q u i r e a n y m e s s a g e p a s s i n g p e r se , j u s t t h e r e a d i n g o f
e v e r y c l o c k b y e a c h p r o c e s s . I f t h i s i s d o n e b y s e n d i n g c l o c k
v a l u e s i n m e s s a g e s , t h e n i t t o o r e q u i r e s a b o u t n 2 m e s s a g e s .
P r o c e s s - c o n t r o l s y s t e m s , w h i c h w e s e e a s t h e m a i n a p -
p l i c a t i o n o f o u r c l o c k - s y n c h r o n i z a t i o n a l g o r i t h m s , u s e a
s m a l l n u m b e r o f p r o c e s s e s , s o t h e n u m b e r o f m e s s a g e s i s
n o t p r o h i b i t i v e . H o w e v e r , t h e n u m b e r o f r o u n d s o f m e s s a g e
p a s s i n g i s s i g n i f i c a n t , s i n c e i t i n c r e a s e s t h e t i m e n e e d e d t o
p e r f o r m t h e c l o c k s y n c h r o n i z a t io n . T h e r e f o r e , f o r p ro c e s s -
c o n t r o l a p p l i c a t i o n s , A l g o r i t h m O M i s t h e b e s t B y z a n t i n e
G e n e r a l s a l g o r i t h m n o t u s i n g s ig n e d m e s s a g e s , s o i t i s t h e
b e s t c a n d i d a t e f o r c o n v e r t i n g t o a c l o c k - s y n c h r o n i z a t i o n a l-
g o r i t h m .
I n a n y e v e n t, o u r m e t h o d o f c o n s t r u c t i n g A l g o -
r i t h m C O M d e p e n d s v e r y st r o n g l y o n th e n a t u r e o f A l g o -
r i t h m O M . O t h e r B y z a n t i n e G e n e r a l s s o l u ti o n s m i g h t l e a d
t o c lo c k s y n c h r o n i z a t i o n a l g o r i t h m s t h a t a r e b e t t e r t h a n A l -
g o r i t h m C O M i n s o m e a p p l i c a t i o n s , b u t w e d o n ' t k n o w h ow
t o c o n s t r u c t s u c h a l g o r i t h m s . N e i t h e r d o w e n o t k n o w h o w
t o c o n s t r u c t c l o c k - s y n c h r o n i z a t i o n a l g o r i t h m s f r o m s i g n e d -
m e s s a g e B y z a n t i n e G e n e r a l s s o l u t io n s o t h e r t h a n A l g o -
r i t h m S M . H o w e v e r , t h e H a l p e r n a l g o r i t h m , w h i c h is n o t
d e r i v e d fr o m a B y z a n t i n e G e n e r a l s s o l u t io n , s e e m s t o m a k e
t h i s a n u n i n t e r e s t i n g p r o b l e m .
R E F E R E N C E S
[1 ] D . D o le v . T h e B y z a n t i n e G e n e r a l s S t r i k e A g a i n .
J our na l o f A l gor it hms 8, l (1982), 14-30.
[ 2] D . D o l e v , J . H a l p e r n . a n d H . R . S t r o n g . O n t h e P o s -
s i b i l i t y a n d I m p o s s i b i l i t y o f A c h i e v i n g C l o c k S y n c h r o -
n i z a t i o n . Proceedings o f the S ix teenth Ann ual A C M
S T O C Con f e r e nc e (May 1984) .
[ 3] J . H a l p e r n , B . S i m o n s a n d R . S t r o n g . F a u l t - T o l e r a n t
C l o c k S y n c h r o n i z a t i o n . Proceedings of the Third An -
nua l AC M S y mpos i um on P r i nc ip l e s o f D i st ri but ed
Compu t i ng ( A u g u s t 1 9 8 4 ) ] t h e s e p r o c e e d i n g s ] .
[4] L . L a m p o r t . T h e I m p l e m e n t a t i o n o f R e l i a b l e D i s -
t r i b u t e d M u l t i p r o c e s s S y s t e m s . Compu t e r N e t wor k s
2 (1978) , 95 -114 .
[5] L . L a m p o r t , R . S h o s t a k a n d M . P e a s e . T h e B y z a n t i n e
G e n e r a l s P r o b l e m . AC M T r ans . on P r og . L ang . and
Sys . 4 , 3 ( Ju ly 1982) , 382-401 .
[6 ] L . L a m p o r t . U s i n g T i m e I n s t e a d o f T i m e o u t f o r
F a u l t - t o l e r a n t D i s t r i b u t e d S y s t e m s . A C M T r a n s . o n
Prog. Lang. and Sys . 6, 2 (April 1984), 254-280.
[7 ] L . L a m p o r t a n d P . M . M e l l i a r - S m i t h . S y n c h r o n i z -
i n g C l o c k s in t h e P r e s e n c e o f F a u l t s . S u b m i t t e d t o
J our na l o f the AC M .
[8 ] A N e w F a u l t - t o l e r a n t A l g o r i t h m f o r C l o c k S y n c h r o n i -
z a t i o n . Proceedings o f the Third An nual A CM Sym po-
s ium on Principles o f Dis tr ibuted Comp ut ing ( A u g u s t
1 9 84 ) ] t h e s e p r o c e e d i n g s ] .
[ 9] M . P e a s e , R . S h o s t a k a n d L . L a m p o r t . R e a c h i n g
A g r e e m e n t i n t h e P r e s e n c e o f F a u l t s . Journ. ACM.27, 2 (Apr. 1980), 228-234.
[ 10 ] H . R . S t r o n g a n d D . D o l e v . B y z a n t i n e A g r e e -
m e n t . In te l lec tual Leverage for the In format ion Soci -
e ty (Compcon) . I E E E C o m p u t e r S o c i e t y P r e s s , N e w
York , 77 -82 .
[ 11 ] J . W e n s l e y e t . a l . S I F T : D e s i g n a n d A n a l y s i s o f a
F a u l t - T o l e r a n t C o m p u t e r f o r A i r c r a f t C o n t r o l . Pro-
ceedings o f the IE EE 66, 10 (O ct. 1978).
7 4