multidimensional approximate agreement in byzantine asynchornous systems
DESCRIPTION
Multidimensional Approximate agreement in byzantine asynchornous systems. Hammurabi Mendes, Maurice Herlihy Presented By: Gil Einziger. Model And assumptions:. A synchronous message passing t – processes that may crush or fail, and even be byzantine. Messages are passed in FIFO order. - PowerPoint PPT PresentationTRANSCRIPT
MULTIDIMENSIONAL APPROXIMATE AGREEMENT IN BYZANTINE ASYNCHORNOUS SYSTEMS
Hammurabi Mendes, Maurice Herlihy
Presented By: Gil Einziger
1
MODEL AND ASSUMPTIONS:
1. Asynchronous message passing 2. t – processes that may crush or fail, and
even be byzantine.3. Messages are passed in FIFO order. 4. Reliable delivery and reliable sender
identification.
2
–APPROXIMATE AGREEMENT For arbitrary, ε > 0, each process starts with an input value in R .
We require all non faulty process to choose outputs:
1. All outputs are within ε of each other. 2. The chosen value must be within the range
of the non faulty processes.
3
ε
ε ε
– VECTOR APPROXIMATE AGREEMENT For arbitrary, ε > 0 and m ≥ 1, each process starts with an input value in Rm .
We require all non faulty process to choose outputs:
1. All outputs are within ε of each other. 2. All outputs lie in the convex hull of the
inputs of the non faulty processes.
ε ε2εε
4
ε
– APPROXIMATE AGREEMENT Multi Dimensional Approximate
agreement is different than single dimension.
What happens if we simply go over the dimensions one at a time with a regular (single dimension) approximate agreement protocol?
Approximate Agree for
X!Approximate Agree for
Y!
εε
5
ε
TEMPLATE ALGORITHM ‘Instant recipe for an approximate agreement
algorithm. Repeat until converged:
1. Broadcast*2. Trim range of values.3. Value Middle(Range)
Another asynchronous algorithm.Remove byzantine influence
Converge
What is the multi dimension
analogue of Trimming the
range?
We also want to converge to a point in the
convex hull of the non faulty processes
6
p1
p3
p2
p0
p4
0 0(0,0,0,1)
middle= 0
(0,1,1,1)middle = 11
1
1
0
0
Reliable Broadcast prevents byzantine processes from sending different messages to different processes.
Single Byzantine
process
7
p1
p3
p2
p0
0 0
1 1
middle= 0
middle = 1
middle= 0
Single Byzantine
process
Witness Technique deals with byzantine processes that are only contacting some of the good processes
8
RESULT OF BROADCAST TECHNIQUE
9
Running both algorithms assures the follows:broadcastp(round r, message m)acceptq(process p, round r, message m)
If p and q are nonfaulty processes, then
Nonfaulty correctness: q performs acceptq(p, r, m) if and only if p performed broadcastp(r, m) earlierUniqueness: If q performs acceptq(z, r, m1) and p performs acceptp(z, r, m2), then m1 = m2
Every two processes accept N-t common messages.
TRIMMING THE RANGEIn 1 dimension, remove t highest and lowest
items.What's the analogue for higher dimension?Let X be a group of points,
What is the multi dimensional analogue?
10
TRIMMING OFF THE RANGE
Motivation:
Restrict (X) {All | X | t}t sub groups of size
I don’t know who the byzantine is… but the
intersection, of all convex hulls is also in the convex hull of all the good processes.
11
TRIMMING OFF THE RANGE
Motivation:
Restrict (X) {All | X | t}t sub groups of size Other processes may consider me bad…
What happens if I also consider myself
“bad”?
12
TRIMMING OFF THE RANGE More formally we define:
13
' Re
't
tX strict X
Poly X Convex hull of X
Safe X Poly X
IS THERE ALWAYS A SAFE ZONE ?
3 points, 1 byzantine – no safe zone.
(d=2)
My initial starting point, is the only
point I can guarantee is in the convex hull
of the good processes.
14
CONDITIONS FOR NON EMPTY SAFE ZONE
Let X be a set of messages of the form:
For simplicity, we can treat X as a set of points, using the notation C(X).
Lemma:
Proof: Notice that C contains a restriction of X. The safe zone is the conjunction of all restrictions of X.
, ,i i ip r c
15
if C C ,
then Safet
X and C X t
X Poly C
Process id:
Round number:
Value
CONDITIONS FOR NON EMPTY SAFE ZONE
161 dimension, x =3, every two intersect.
2 dimensions, x =3, every two intersect.
Theorem requires that every 3 intersect.
2 dimensions, x =3, every three intersect.
CONDITIONS FOR NON EMPTY SAFE ZONE
17
CONDITIONS FOR NON EMPTY SAFE ZONE
18
CONDITIONS FOR NON EMPTY SAFE ZONE
19
Every m+1 restrictions intersects
Poly of every m+1 restrictions
intersects
Helly’s Theorem
Polly of all restrictions intersects
CONDITIONS FOR NON EMPTY SAFE ZONE
Every m+1 restrictions intersects
20
Poly of every m+1 restrictions Intersects
Helly’s theorem ensures that all restrictions intersects.
CONCRETE ALGORITHM
For every coordinate d Repeat until converged:
1. Broadcast*2. Trim (Safe Zone).3. Value Middle(Safe Zone) –
(projected to coordinate d)
21
CORRECTNESS PROOF We proved that initially if |X|>t(m+1) the
safe zone is not empty. However, every process receives a slight
different set of messages, and calculates the safe zone on these messages.
22V1 V2 V3 V4 V5 V6 V1 V2 V3 V4 V5 V7
My Safe zone, was calculated
on different values than
yoursI Really hope
they intersect…
CORRECTNESS PROOF
23
V5’
V1 V2 V3 V4 V5 V6 V1 V2 V3 V4 V5 V7
V4 V3
V2
V1
V5
V6 V7
This is my safe
zoneAnd this is
mine…
CORRECTNESS PROOF
24
CORRECTNESS PROOF
25
CORRECTNESS PROOF
26
' Re
' Re { } , ' ' Re { } , '
' Re { }
'
' '
' {M}
t
t t
t
tX strict X
X strict X M M X X strict X M M X
tX strict X M
Safe X X A B
Poly X Poly X
Poly X Safe X
CORRECTNESS PROOF
27
For process Pj, and coordinate d:
Sj(d) is the projection of the safe zone of Pj, in coordinate d. Loj(d) is the smallest point of the safe zone of j, in coordinate d. Hij(d) is the biggest point of the safe zone of j, in coordinate d. vj(d) is the value of process Pj in the current round.
For all processes:Max(d) is the maximal value any of the processes have for the safe zone on coordinate d.
Min(d) is the minimal value any of the processes have for the safe zone on coordinate d
CORRECTNESS PROOF
28
Consider two processes Pi, Pj, and assume without loss of generality that Pi has a bigger value on coordinate d: vi(d) > vj(d) .
and therefore there exist a value :
Lemma 4.9: After each round, the distance between each two processes shrinks to (max(d)-min(d))/2.
i jS S i jl S S
2 2max min
2 2max min
2
j ji ii j
lo d hi dlo d hi dv d v d
l d d l
d d
LOWER BOUND
29
If there is no safe zone ~ no protocol can be correct.
Example: 3 points, 2 dimensions, 1 byzantine process…
Let’s assume that you have a correct algorithm. Where does it converges?
How about here?
I am a good process !
I will not expose myself as
byzantine, I play nice.
LOWER BOUND
30
If there is no safe zone ~ no protocol can be correct.
Example: 3 points, 2 dimensions, 1 byzantine process…
Let’s assume that you have a correct algorithm. Where does it converges?
How about here?
I am a good process !
I will not expose myself as
byzantine, I play nice.
LOWER BOUND If the ‘Byzantine’ nature of a process have no
manifestation in the protocol it is impossible to distinguish from a good process. Lets call such a byzantine “Silent”.
For every convergence point the algorithm picks when there are no byzantine processes.
I can place silent byzantine processes that render the convergence points outside of the convex hull of the good processes.
31
LOWER BOUND It is therefore enough to show constructions
without safe zones. Using simplicial structures, we can build for
any dimension a group of (m+1) points with no safe zone for a single byzantine.
32
0
SUMMARY Multi dimension approximate agreement is
different than single dimension. We can only solve the multi dimension
problem when |X|>(m+1)t The problem cannot be solved for |X|
=(m+1)t or smaller. The safe zone concept captures the nature of
the problem, existence of a safe zone ensures convergence.
When there is no safe zone, the problem cannot be solved.
33
THANK YOU!
34
Now all the Autobots can converge even
when the Deceptions interfere!
Thank you humans, we will never forget it!