49
The Byzantine Generals Problem Leslie Lamport Robert Shostak Marshall Pease
The Byzantine Generals Problem
Leslie Lamport
Robert Shostak
Marshall Pease
Part I - Infrastructure
• Introduction – Why are we here and what do we want?
• Describing the Byzantine abstraction.
• Developing necessary conditions.
• Postulating the problem.
Introduction (1)
• Generally speaking, a component of a system can malfunction.
• Failed components may exhibit erratic behavior, including arbitrary, random or wrong output.
• Failed components may provide conflicting data to other components.
Introduction (2)
• If a system is to be reliable, it must ensure that it can cope with failed components.
• We’ll deal with the problem by means of the “Byzantine Generals” abstraction.
The Abstraction (1)
• Scenario: Imagine several divisions of the Byzantine army, camped outside an enemy city.
• Each division is commanded by a general.
• Division are separated geographically.
• Generals can communicate via messengers.
The Abstraction (2)
• Mode of Operation: Each general:– Input: General observe the city.– Calculation: General decide either of the two
options: “Attack” or “Retreat”.– Communication: General may communicate
his decision to other generals.– Output: General computes locally a plan of
action, according to his decision and data he received.
The Abstraction – Traitors (3)
• A general can be either “loyal” or “traitor”.
• A traitor may do whatever he pleases, including sending conflicting messages to different generals.
• Traitors can try to prevent the loyal generals from reaching an agreement.
Abstraction vs. Reality
• The army is the “system”.
• A general is a component of the system.
• A traitor is a failed component of the system.
Objective
• We demand these two conditions:
• Condition A: All loyal generals decide upon the same plan of action.
• Condition B: A small number of traitors cannot cause the loyal generals to adopt a bad plan.
• Note nothing is demanded from the traitors’ behavior.
Satisfying the Conditions (1)
• Denote by v(i) the value communicated by the ith general.
• In order to satisfy condition A (all loyal generals follow the same plan), this must hold:
• Condition 1: Every loyal general must obtain the same information v(1),…,v(n).
• Condition 1 implies a general cannot use v(i) sent from the ith general, as he may be a traitor.
Satisfying the Conditions (2)• In order for condition B (A small number of traitors
cannot cause the loyal generals to adopt a bad plan) to hold:
• We must not introduce the possibility that the generals use a different value of v(i) if the ith general is loyal.
• E.g., If all loyal generals sent “retreat”, loyal generals must not base their decision on “attack” values only.
• We postulate:• Condition 2: If the ith general is loyal, then the value that
he sends must be used by every loyal general as the value of v(i).
Condition 1 Revisited
• Condition 1: Every loyal general must obtain the same information v(1),…,v(n).
• We rewrite condition 1 as:
• For every i, whether the ith general is loyal or not:
• Condition 1’: Any two loyal generals use the same value of v(i).
Simplifying the Problem
• Now, conditions 1’ and 2 are both conditions on the single value sent by the ith general.
• Thus we restrict the consideration to the problem of how a single general sends his value to the others.
• This single general becomes a commanding general, and the others become his lieutenants.
Byzantine Generals Problem
• A commanding general must send an order to his n-1 lieutenant generals such that:
• IC1: All loyal lieutenants obey the same order.
• IC2: If the commanding general is loyal, then every loyal lieutenant obeys the order he sends.
Byzantine Generals Problem - Notes
• IC1 and IC2 are called the interactive consistency conditions.
• If the commander is loyal, IC1 follows from IC2.
• If the Byzantine Generals problem is solved, the original problem is solved by having every general act as a commander, and the others as lieutenants.
Part II – Impossibility Result
• Degenerate case: Direct proof that there’s no solution if there are 2 loyal generals and 1 treacherous.
• General case: Proof by reduction to the degenerate case: No solution unless more than 2/3 are loyal.
Model
• Currently we assume that the messages are “oral”.– Sender can transmit any data.
• We assume (for now) a general can send a message to another general directly. That is, a message need not be relayed by any general in order to reach its destination.
Degenerate Case
• Assume: There are 3 generals – A commander and 2 lieutenants.
• Scenario A: Assume the commander and lieutenant 1 are loyal, but lieutenant 2 is a traitor.
• Commander orders both lieutenants to attack.
• Lieutenant 2 lies to lieutenant 1.• IC2 -> lieutenant 1 must attack.
Scenario A
Commander
Lieutenant 2Lieutenant 1
AttackAttack
Commander ordered “Retreat”Commander and me
are loyal. I have to attack.
• Scenario B: Assume the commander is a traitor and both lieutenants are loyal.
• Commander orders lieutenant 1 to attack, but orders lieutenant 2 to retreat.
• Lieutenant 2 reports lieutenant 1 that the commander’s order is “Retreat”.
• Lieutenant 1 cannot distinguish between scenarios A and B.
• Thus, it must act as it acted in situation A and attack.
• Therefore: Commander order lieutenant 1 to attack -> lieutenant 1 attacks.
• Scenario B
Commander
Lieutenant 2Lieutenant 1
RetreatAttack
Commander ordered “Retreat”As far as I’m concerned, I’m
in scenario A. So I must attack.
• Symmetrically: Commander order lieutenant 2 to retreat -> lieutenant 2 retreats.
• If so: In situation B, lieutenant 1 attacks and lieutenant 2 retreats, thereby violating IC1.
• QED degenerate case.
General Case
• Assume there are m traitors.
• No solution is possible if there are fewer than 3m+1 generals.
• Proof by reduction: Assume, for contradiction, a solution to the general problem where there are less than 3m+1 generals. Show that the degenerate case is solvable.
Albanian Generals
• Assume there exists an Albanian Generals algorithm, solving the Byzantine Generals problem where n<3m+1 and number of traitors is m.
• We build the Byzantine Generals algorithm for the degenerate case:
• Intuition: Each Byzantine general simulate approximately 1/3 of the Albanian generals.
• n/3 Albanian lieutenants act like Byzantine lieutenant 1 acts.
• n/3 of the Albanian lieutenants act like Byzantine lieutenant 2 acts.
• n/3 -1 Albanian lieutenants and the Albanian commander acts like the Byzantine commander acts.
Byzantine Lieutenant 1
Albanian Lieutenant 2
Albanian Lieutenant 3
Byzantine Commander
Albanian Commander
Albanian Lieutenant 1
Byzantine Lieutenant 2
Albanian Lieutenant 4
Albanian Lieutenant 5
AttackAttack
Attack
Attack
Attack
Attack
Attack
• There’s only 1 Byzantine traitor, and he’s simulating at most m Albanian generals, so there are no more than m Albanian traitors.
• Therefore, conditions IC1 and IC2 hold for the Albanian generals.
• IC1 -> All Albanian generals simulated by a loyal Byzantine general obey the same order. This is the order the (loyal) Byzantine general follows.
• This implies IC1 holds also for the Byzantine generals.
Byzantine IC2
• IC2 holds for the Albanian generals. Thus the n/3 Albanian lieutenants simulated by the loyal lieutenant follow the commander’s order (if the commander is loyal).
• Therefore, IC2 also holds for the Byzantine generals.
• QED
Part III – Solution with Oral Messages
• We first solve the problem with “oral messages”.• We make certain assumptions on the general’s
message system:• A1. Every message that is sent is delivered
correctly.• A2. The receiver of a message knows who sent
it.• A3. The absence of a message can be detected.• We also require, currently, a full communication
graph.
Messaging System - Implications
• A1 (all messages are delivered correctly) and A2 (sender is known to receiver) prevent a traitor from interfering with communications.
• A3 (detectable absence of messages) prevents a traitor from sabotaging by not sending a message. Default value for unsent messages is “retreat”.
OM(m) – Oral Messages Alg
• OM(m) is used by the commander in order to send his command to n-1 lieutenants.
• We use the majority function.
• The algorithm is defined recursively.
Base - OM(0)
• The commander sends his value to every lieutenant.
• Each lieutenant uses the value he receives from the commander, or uses the RETREAT default value if he receives no value.
Recursion - OM(m), m>0
• The commander sends his value to every lieutenant.
• Lieutenant i denotes the value it received from the commander by vi.
• Every lieutenant acts as a commander, sending the value he received to n-2 other lieutenants using OM(m-1).
• For each i, and each j≠i, lieutenant i obeys majority( ), where vj is the value received from lieutenant j.
1 1( ,..., )nv v
Lieutenant 1 Commander
Lieutenant 3
Lieutenant 6
Lieutenant 4
Lieutenant 5
Lieutenant 2
v
v v
vv
v
v
v
v
v
vv
v
x
x
Kick off – commander sends his value v to all lieutenants. This is the first step of OM(2)
Now, loyal lieutenant 2 uses OM(1) in order to convince othersThat the value he received from the commander is v.
When lieutenants 1 and 3 get lieutenant 2’s value,they use OM(0) in order to send this value to allother lieutenants. Here we see only thevalues lieutenant 6 receives. Note theTraitors send wrong values. Nowlieutenant 6 can use v lieutenant 2 value:majority(v,v,v,x,x)=v
Lemma
• For any m and k, algorithm OM(m) satisfies IC2 if there are more than 2k+m generals and at most k traitors.
• Recall IC2 assumes commander is loyal.• Proof by induction:• Base: m=0. By A1 (sent messages are
received correctly), all the loyal lieutenants receive the same value the commander sent. QED base.
Lemma – Closure (1)
• Assume lemma’s true for m-1, m>0.
• According to the algorithm: Loyal commander sends value v to n-1 lieutenants. Then each lieutenant sends his value to other lieutenants.
• By hypothesis: n>2k+m, implying n-1>2k+m-1. Using induction hypothesis we get that every loyal lieutenant receives v as the value of other loyal lieutenants.
Lemma – Closure (2)
• There are at most k traitors and n-1>2k + (m-1)≥2k, a majority of the n-1 lieutenants are loyal.
• Thus, each loyal lieutenant has v as the majority of the n-1 values.
• QED lemma.
Correctness of OM(m)
• Theorem: For any m, OM(m) satisfies conditions IC1 and IC2 if there are more than 3m generals and at most m traitors.
• Proof by induction on m:
• Base m=0 is trivial – there are no traitors.
• Closure: Assume theorem holds for m-1.
Correctness of OM(m) – Closure(1)
• First assume commander is loyal. By taking k=m, the lemma assures us that IC2 holds. If the commander is loyal, IC1 follows from IC2. QED for this case.
• We need to prove that if the commander is a traitor, IC1 holds.
Correctness of OM(m) – Closure(2)
• There are at most m traitors, and the commander is one of them.
• There are more than 3m generals, implying there are more than 3m-1 lieutenants, and 3m-1>3(m-1), i.e. number of traitors is less than a third of the number of lieutenants. .
• Thus, the induction hypothesis holds for OM(m-1) (which the lieutenants use).
Correctness of OM(m) – Closure(3)
• By correctness of OM(m-1), each lieutenant i receives from lieutenant j the value lieutenant j received from the commander.
• Therefore, all loyal lieutenants receive the same vector of values.
• Therefore, they all obey the same value.
• IC1 holds. QED.
Part IV – Solution with Signed Messages
• The traitor’s ability to lie makes the Byzantine Generals problem difficult.
• We restrict this ability by introducing signed messages, which can’t be forged.
• We add the assumption:• A4. (a) A loyal general’s signature can’t be forged, and
any alteration of the content of his signed
message can be detected.
(b) Anyone can verify the authenticity of a general’s signature.
Notes on A4
• Considering public key encryption and/or the possibility of pre-shared secretes between the generals, A4 is plausible.
• Note that traitors can forge each others signatures. This enables traitors to band against the loyal generals.
• Assuming A4, problem can be solved for and number of traitors.
SM Algorithm (informal)
• The commander sends his order signed.• Each message a lieutenant receives is signed by
him and forwarded to all other lieutenants who hadn’t signed the message yet.
• A lieutenant collects all values he receives from authentic messages in a set named V.
• In the end, a lieutenant obeys the order CHOICE(V), where CHOICE is some pre-defined deterministic function.
SM Correctness – Informal (1)
• For IC2, assume commander is loyal.
• Since no one can forge the commander’s signature, any authentic message can only contain the commander’s order.
• Thus, for every loyal lieutenant, V contains only one value. QED if commander is loyal.
SM Correctness – Informal (2)
• Assume commander is a traitor.• We prove that all loyal lieutenants obtain
the same V.• If lieutenant i collected the order v (recall
this implies the order was properly authenticated), then he sends this order to all other lieutenants.
• Thus any other loyal lieutenant will also collect the order v. QED SM correctness.
Part V - A Note on Reliable Systems - Pros
• Using the aforementioned algorithms, one can implement a reliable system.
• Reliability is obtained on the software level, and can cope with any hardware malfunctioning.
• Such a system uses redundancy of extra-computations in order to avoid a single malfunctioning module crashing the entire system.
A Note on Reliable Systems - Cons
• Then again, one need to make sure all of the assumptions hold…
• A1 – Messages are delivered correctly: Communication failures can always occur.
• A2 – The receiver of a message knows who sent it: Requires communication will carried on hard-wired lines. Unnecessary is A4 is assumed.
• A3 – The absence of a message can be detected: Requires synchronization.
• A4 – As stated before, quite reasonable.
In Conclusion
• We’ve found a necessary and sufficient condition on the number of traitors in order for the problem to be solvable.
• We’ve solved the problem for the cases it’s solvable.
• Achieving reliability in the face of arbitrary malfunctioning is a difficult problem.
• It seems any solution is inherently costly:– Long message paths.– Many messages.– Much transferred information.
