Byzantine Fault Tolerance in Stateful Web Service

Yilei ZHANG

30/10/2009

Outline

Byzantine generals problem BFT in Stateful Web service

Once upon a time...

The pictures are taken from: R. Goscinny and A. Uderzo, Asterix and Latraviata.

Communicating only by messenger

Generals must agree upon a common battle plan

Some of them may be traitors who will try to confuse the others

several divisions of the Byzantine army each commanded by its own general

Byzantine generals problem

Find an algorithm to ensure that: A. All loyal generals decide upon the same plan of

action. (consistent agreement) B. A small number of traitors cannot cause the

loyal generals to adopt a bad plan. (reasonable plan)

Notation vi: message sent by general i. n: number of generals. f: number of traitors.

Byzantine generals problem

Condition A: All loyal generals decide upon the same plan of action. (consistent agreement)

For condition A to be satisfied, the following must be true: 1. Every loyal general must obtain the same information v1 .

. . . , vn. 2. If the ith general is loyal, then the value that he sends m

ust be used by every loyal general as the value of vi.

Byzantine generals problem

To hold condition 1 & 2, how does a single general send his value to the others?

Remodeled as a commanding general sending an order to his lieutenants: IC1. All loyal lieutenants obey the same order. IC2. If the commanding general is loyal, then every loyal lie

utenant obeys the order he sends.

If n<3f+1, then there is no solution

Example: Poor Lieutenant 1’s Dilemma

Lieutenant 1

Attack

Attack

He said retreatLieutenant 2 (Traitor)

Commander

Lieutenant 1

Attack

Retreat

He said retreatLieutenant 2

Commander (Traitor)

The two situations are identical to me!

IC1 violated !

Attack Retreat

BFT

Solution for more than 3f+1 generals with f traitors Assumptions

A1. Every message that is sent is delivered correctly. A2. The receiver of a message knows who sent it. A3. The absence of a message can be detected.

Function 'majority': With the property that if a majority of the values vi equals v, then

majority(v1,...,vn-1) equals v. Order set Vi

Each lieutenant uses it to store orders from others Algorithm OM(m) can deal with m traitors

Defined recursively

Base case: OM(0)

Lieutenant i

atta

ckattack

Lieutenant k

Commander 0

Lieutenant j

attack

Commander sends messages to LieutenantsEach Lieutenant receives and records it.

Vi ={v0:attack} Vi ={v0:attack} Vi ={v0:attack}

OM(m)

Lieutenant i

attac

kattack

Lieutenant k

Commander

Lieutenant j

attack

……

attack

Each Lieutenant act as the commander in OM(m-1)Send messages to ‘his’ LieutenantsDo this recursively

attack

attack

Step 3: Majority Vote

Lieutenant 1 Lieutenant n-1

Commander

Lieutenant 2

My decision is: majority(v1,v2,…,v_n-1)

……

Me tooMe too

For any m, Algorithm OM(m) satisfies conditions IC1 and IC2 if there are more than 3m generals and at most m traitors

OM(1): Lieutenant 3 is a traitor

Lieutenant 1

Attack

Attack

Lieutenant 3 (Traitor)

Commander

Lieutenant 2

Attack

Attack

Attack

Retreat

Attack

Attack

Attack

Majority(attack,attack,attack)=attack Majority(attack,attack,retreat)

=attack

IC1 achievedIC2 achieved

OM(1): Commander is a traitor

Lieutenant 1

Attack

Retreat

IC1 achievedIC2 need not be satisfied

Lieutenant 3

Commander (Traitor)

Lieutenant 2

Attack

Retreat

Attack Retreat

Retreat Retreat

Retreat

Majority(attack,retreat,retreat)=retreat Majority(attack,retreat,retreat)

=retreat

Majority(attack,retreat,retreat)=retreat

BFT in stateful Web service

Voting center (a, b, a, c)->a

Majority voting 1: (a, a, a, b)->a 3: (a, b, a, b)->a/b 4: (a, b, a, b)->a/b

BFT 1: (a, x, a, b)->a 3: (a, x, a, b)->a 4: (a, x, a, b)->a