The Byzantine Generals Problem

The Byzantine Generals Problem

Leslie Lamport

Robert Shostak

Marshall Pease

Part I - Infrastructure

• Introduction – Why are we here and what do we want?

• Describing the Byzantine abstraction.

• Developing necessary conditions.

• Postulating the problem.

Introduction (1)

• Generally speaking, a component of a system can malfunction.

• Failed components may exhibit erratic behavior, including arbitrary, random or wrong output.

• Failed components may provide conflicting data to other components.

Introduction (2)

• If a system is to be reliable, it must ensure that it can cope with failed components.

• We’ll deal with the problem by means of the “Byzantine Generals” abstraction.

The Abstraction (1)

• Scenario: Imagine several divisions of the Byzantine army, camped outside an enemy city.

• Each division is commanded by a general.

• Division are separated geographically.

• Generals can communicate via messengers.

The Abstraction (2)

• Mode of Operation: Each general:– Input: General observe the city.– Calculation: General decide either of the two

options: “Attack” or “Retreat”.– Communication: General may communicate

his decision to other generals.– Output: General computes locally a plan of

action, according to his decision and data he received.

The Abstraction – Traitors (3)

• A general can be either “loyal” or “traitor”.

• A traitor may do whatever he pleases, including sending conflicting messages to different generals.

• Traitors can try to prevent the loyal generals from reaching an agreement.

Abstraction vs. Reality

• The army is the “system”.

• A general is a component of the system.

• A traitor is a failed component of the system.

Objective

• We demand these two conditions:

• Condition A: All loyal generals decide upon the same plan of action.

• Condition B: A small number of traitors cannot cause the loyal generals to adopt a bad plan.

• Note nothing is demanded from the traitors’ behavior.

Satisfying the Conditions (1)

• Denote by v(i) the value communicated by the ith general.

• In order to satisfy condition A (all loyal generals follow the same plan), this must hold:

• Condition 1: Every loyal general must obtain the same information v(1),…,v(n).

• Condition 1 implies a general cannot use v(i) sent from the ith general, as he may be a traitor.

Satisfying the Conditions (2)• In order for condition B (A small number of traitors

cannot cause the loyal generals to adopt a bad plan) to hold:

• We must not introduce the possibility that the generals use a different value of v(i) if the ith general is loyal.

• E.g., If all loyal generals sent “retreat”, loyal generals must not base their decision on “attack” values only.

• We postulate:• Condition 2: If the ith general is loyal, then the value that

he sends must be used by every loyal general as the value of v(i).

Condition 1 Revisited

• Condition 1: Every loyal general must obtain the same information v(1),…,v(n).

• We rewrite condition 1 as:

• For every i, whether the ith general is loyal or not:

• Condition 1’: Any two loyal generals use the same value of v(i).

Simplifying the Problem

• Now, conditions 1’ and 2 are both conditions on the single value sent by the ith general.

• Thus we restrict the consideration to the problem of how a single general sends his value to the others.

• This single general becomes a commanding general, and the others become his lieutenants.

Byzantine Generals Problem

• A commanding general must send an order to his n-1 lieutenant generals such that:

• IC1: All loyal lieutenants obey the same order.

• IC2: If the commanding general is loyal, then every loyal lieutenant obeys the order he sends.

Byzantine Generals Problem - Notes

• IC1 and IC2 are called the interactive consistency conditions.

• If the commander is loyal, IC1 follows from IC2.

• If the Byzantine Generals problem is solved, the original problem is solved by having every general act as a commander, and the others as lieutenants.

Part II – Impossibility Result

• Degenerate case: Direct proof that there’s no solution if there are 2 loyal generals and 1 treacherous.

• General case: Proof by reduction to the degenerate case: No solution unless more than 2/3 are loyal.

Model

• Currently we assume that the messages are “oral”.– Sender can transmit any data.

• We assume (for now) a general can send a message to another general directly. That is, a message need not be relayed by any general in order to reach its destination.

Degenerate Case

• Assume: There are 3 generals – A commander and 2 lieutenants.

• Scenario A: Assume the commander and lieutenant 1 are loyal, but lieutenant 2 is a traitor.

• Commander orders both lieutenants to attack.

• Lieutenant 2 lies to lieutenant 1.• IC2 -> lieutenant 1 must attack.

Scenario A

Commander

Lieutenant 2Lieutenant 1

AttackAttack

Commander ordered “Retreat”Commander and me

are loyal. I have to attack.

• Scenario B: Assume the commander is a traitor and both lieutenants are loyal.

• Commander orders lieutenant 1 to attack, but orders lieutenant 2 to retreat.

• Lieutenant 2 reports lieutenant 1 that the commander’s order is “Retreat”.

• Lieutenant 1 cannot distinguish between scenarios A and B.

• Thus, it must act as it acted in situation A and attack.

• Therefore: Commander order lieutenant 1 to attack -> lieutenant 1 attacks.

• Scenario B

Commander

Lieutenant 2Lieutenant 1

RetreatAttack

Commander ordered “Retreat”As far as I’m concerned, I’m

in scenario A. So I must attack.

• Symmetrically: Commander order lieutenant 2 to retreat -> lieutenant 2 retreats.

• If so: In situation B, lieutenant 1 attacks and lieutenant 2 retreats, thereby violating IC1.

• QED degenerate case.

General Case

• Assume there are m traitors.

• No solution is possible if there are fewer than 3m+1 generals.

• Proof by reduction: Assume, for contradiction, a solution to the general problem where there are less than 3m+1 generals. Show that the degenerate case is solvable.

Albanian Generals

• Assume there exists an Albanian Generals algorithm, solving the Byzantine Generals problem where n<3m+1 and number of traitors is m.

• We build the Byzantine Generals algorithm for the degenerate case:

• Intuition: Each Byzantine general simulate approximately 1/3 of the Albanian generals.

• n/3 Albanian lieutenants act like Byzantine lieutenant 1 acts.

• n/3 of the Albanian lieutenants act like Byzantine lieutenant 2 acts.

• n/3 -1 Albanian lieutenants and the Albanian commander acts like the Byzantine commander acts.

Byzantine Lieutenant 1

Albanian Lieutenant 2

Albanian Lieutenant 3

Byzantine Commander

Albanian Commander

Albanian Lieutenant 1

Byzantine Lieutenant 2

Albanian Lieutenant 4

Albanian Lieutenant 5

AttackAttack

Attack

Attack

Attack

Attack

Attack

• There’s only 1 Byzantine traitor, and he’s simulating at most m Albanian generals, so there are no more than m Albanian traitors.

• Therefore, conditions IC1 and IC2 hold for the Albanian generals.

• IC1 -> All Albanian generals simulated by a loyal Byzantine general obey the same order. This is the order the (loyal) Byzantine general follows.

• This implies IC1 holds also for the Byzantine generals.

Byzantine IC2

• IC2 holds for the Albanian generals. Thus the n/3 Albanian lieutenants simulated by the loyal lieutenant follow the commander’s order (if the commander is loyal).

• Therefore, IC2 also holds for the Byzantine generals.

• QED

Part III – Solution with Oral Messages

• We first solve the problem with “oral messages”.• We make certain assumptions on the general’s

message system:• A1. Every message that is sent is delivered

correctly.• A2. The receiver of a message knows who sent

it.• A3. The absence of a message can be detected.• We also require, currently, a full communication

graph.

Messaging System - Implications

• A1 (all messages are delivered correctly) and A2 (sender is known to receiver) prevent a traitor from interfering with communications.

• A3 (detectable absence of messages) prevents a traitor from sabotaging by not sending a message. Default value for unsent messages is “retreat”.

OM(m) – Oral Messages Alg

• OM(m) is used by the commander in order to send his command to n-1 lieutenants.

• We use the majority function.

• The algorithm is defined recursively.

Base - OM(0)

• The commander sends his value to every lieutenant.

• Each lieutenant uses the value he receives from the commander, or uses the RETREAT default value if he receives no value.

Recursion - OM(m), m>0

• The commander sends his value to every lieutenant.

• Lieutenant i denotes the value it received from the commander by vi.

• Every lieutenant acts as a commander, sending the value he received to n-2 other lieutenants using OM(m-1).

• For each i, and each j≠i, lieutenant i obeys majority( ), where vj is the value received from lieutenant j.

1 1( ,..., )nv v

Lieutenant 1 Commander

Lieutenant 3

Lieutenant 6

Lieutenant 4

Lieutenant 5

Lieutenant 2

v

v v

vv

v

v

v

v

v

vv

v

x

x

Kick off – commander sends his value v to all lieutenants. This is the first step of OM(2)

Now, loyal lieutenant 2 uses OM(1) in order to convince othersThat the value he received from the commander is v.

When lieutenants 1 and 3 get lieutenant 2’s value,they use OM(0) in order to send this value to allother lieutenants. Here we see only thevalues lieutenant 6 receives. Note theTraitors send wrong values. Nowlieutenant 6 can use v lieutenant 2 value:majority(v,v,v,x,x)=v

Lemma

• For any m and k, algorithm OM(m) satisfies IC2 if there are more than 2k+m generals and at most k traitors.

• Recall IC2 assumes commander is loyal.• Proof by induction:• Base: m=0. By A1 (sent messages are

received correctly), all the loyal lieutenants receive the same value the commander sent. QED base.

Lemma – Closure (1)

• Assume lemma’s true for m-1, m>0.

• According to the algorithm: Loyal commander sends value v to n-1 lieutenants. Then each lieutenant sends his value to other lieutenants.

• By hypothesis: n>2k+m, implying n-1>2k+m-1. Using induction hypothesis we get that every loyal lieutenant receives v as the value of other loyal lieutenants.

Lemma – Closure (2)

• There are at most k traitors and n-1>2k + (m-1)≥2k, a majority of the n-1 lieutenants are loyal.

• Thus, each loyal lieutenant has v as the majority of the n-1 values.

• QED lemma.

Correctness of OM(m)

• Theorem: For any m, OM(m) satisfies conditions IC1 and IC2 if there are more than 3m generals and at most m traitors.

• Proof by induction on m:

• Base m=0 is trivial – there are no traitors.

• Closure: Assume theorem holds for m-1.

Correctness of OM(m) – Closure(1)

• First assume commander is loyal. By taking k=m, the lemma assures us that IC2 holds. If the commander is loyal, IC1 follows from IC2. QED for this case.

• We need to prove that if the commander is a traitor, IC1 holds.

Correctness of OM(m) – Closure(2)

• There are at most m traitors, and the commander is one of them.

• There are more than 3m generals, implying there are more than 3m-1 lieutenants, and 3m-1>3(m-1), i.e. number of traitors is less than a third of the number of lieutenants. .

• Thus, the induction hypothesis holds for OM(m-1) (which the lieutenants use).

Correctness of OM(m) – Closure(3)

• By correctness of OM(m-1), each lieutenant i receives from lieutenant j the value lieutenant j received from the commander.

• Therefore, all loyal lieutenants receive the same vector of values.

• Therefore, they all obey the same value.

• IC1 holds. QED.

Part IV – Solution with Signed Messages

• The traitor’s ability to lie makes the Byzantine Generals problem difficult.

• We restrict this ability by introducing signed messages, which can’t be forged.

• We add the assumption:• A4. (a) A loyal general’s signature can’t be forged, and

any alteration of the content of his signed

message can be detected.

(b) Anyone can verify the authenticity of a general’s signature.

Notes on A4

• Considering public key encryption and/or the possibility of pre-shared secretes between the generals, A4 is plausible.

• Note that traitors can forge each others signatures. This enables traitors to band against the loyal generals.

• Assuming A4, problem can be solved for and number of traitors.

SM Algorithm (informal)

• The commander sends his order signed.• Each message a lieutenant receives is signed by

him and forwarded to all other lieutenants who hadn’t signed the message yet.

• A lieutenant collects all values he receives from authentic messages in a set named V.

• In the end, a lieutenant obeys the order CHOICE(V), where CHOICE is some pre-defined deterministic function.

SM Correctness – Informal (1)

• For IC2, assume commander is loyal.

• Since no one can forge the commander’s signature, any authentic message can only contain the commander’s order.

• Thus, for every loyal lieutenant, V contains only one value. QED if commander is loyal.

SM Correctness – Informal (2)

• Assume commander is a traitor.• We prove that all loyal lieutenants obtain

the same V.• If lieutenant i collected the order v (recall

this implies the order was properly authenticated), then he sends this order to all other lieutenants.

• Thus any other loyal lieutenant will also collect the order v. QED SM correctness.

Part V - A Note on Reliable Systems - Pros

• Using the aforementioned algorithms, one can implement a reliable system.

• Reliability is obtained on the software level, and can cope with any hardware malfunctioning.

• Such a system uses redundancy of extra-computations in order to avoid a single malfunctioning module crashing the entire system.

A Note on Reliable Systems - Cons

• Then again, one need to make sure all of the assumptions hold…

• A1 – Messages are delivered correctly: Communication failures can always occur.

• A2 – The receiver of a message knows who sent it: Requires communication will carried on hard-wired lines. Unnecessary is A4 is assumed.

• A3 – The absence of a message can be detected: Requires synchronization.

• A4 – As stated before, quite reasonable.

In Conclusion

• We’ve found a necessary and sufficient condition on the number of traitors in order for the problem to be solvable.

• We’ve solved the problem for the cases it’s solvable.

• Achieving reliability in the face of arbitrary malfunctioning is a difficult problem.

• It seems any solution is inherently costly:– Long message paths.– Many messages.– Much transferred information.