MULTIDIMENSIONAL APPROXIMATE AGREEMENT IN BYZANTINE ASYNCHORNOUS SYSTEMS

Hammurabi Mendes, Maurice Herlihy

Presented By: Gil Einziger

1

MODEL AND ASSUMPTIONS:

1. Asynchronous message passing 2. t – processes that may crush or fail, and

even be byzantine.3. Messages are passed in FIFO order. 4. Reliable delivery and reliable sender

identification.

2

–APPROXIMATE AGREEMENT For arbitrary, ε > 0, each process starts with an input value in R .

We require all non faulty process to choose outputs:

1. All outputs are within ε of each other. 2. The chosen value must be within the range

of the non faulty processes.

3

ε

ε ε

– VECTOR APPROXIMATE AGREEMENT For arbitrary, ε > 0 and m ≥ 1, each process starts with an input value in Rm .

We require all non faulty process to choose outputs:

1. All outputs are within ε of each other. 2. All outputs lie in the convex hull of the

inputs of the non faulty processes.

ε ε2εε

4

ε

– APPROXIMATE AGREEMENT Multi Dimensional Approximate

agreement is different than single dimension.

What happens if we simply go over the dimensions one at a time with a regular (single dimension) approximate agreement protocol?

Approximate Agree for

X!Approximate Agree for

Y!

εε

5

ε

TEMPLATE ALGORITHM ‘Instant recipe for an approximate agreement

algorithm. Repeat until converged:

1. Broadcast*2. Trim range of values.3. Value Middle(Range)

Another asynchronous algorithm.Remove byzantine influence

Converge

What is the multi dimension

analogue of Trimming the

range?

We also want to converge to a point in the

convex hull of the non faulty processes

6

p1

p3

p2

p0

p4

0 0(0,0,0,1)

middle= 0

(0,1,1,1)middle = 11

1

1

0

0

Reliable Broadcast prevents byzantine processes from sending different messages to different processes.

Single Byzantine

process

7

p1

p3

p2

p0

0 0

1 1

middle= 0

middle = 1

middle= 0

Single Byzantine

process

Witness Technique deals with byzantine processes that are only contacting some of the good processes

8

RESULT OF BROADCAST TECHNIQUE

9

Running both algorithms assures the follows:broadcastp(round r, message m)acceptq(process p, round r, message m)

If p and q are nonfaulty processes, then

Nonfaulty correctness: q performs acceptq(p, r, m) if and only if p performed broadcastp(r, m) earlierUniqueness: If q performs acceptq(z, r, m1) and p performs acceptp(z, r, m2), then m1 = m2

Every two processes accept N-t common messages.

TRIMMING THE RANGEIn 1 dimension, remove t highest and lowest

items.What's the analogue for higher dimension?Let X be a group of points,

What is the multi dimensional analogue?

10

TRIMMING OFF THE RANGE

Motivation:

Restrict (X) {All | X | t}t sub groups of size

I don’t know who the byzantine is… but the

intersection, of all convex hulls is also in the convex hull of all the good processes.

11

TRIMMING OFF THE RANGE

Motivation:

Restrict (X) {All | X | t}t sub groups of size Other processes may consider me bad…

What happens if I also consider myself

“bad”?

12

TRIMMING OFF THE RANGE More formally we define:

13

' Re

't

tX strict X

Poly X Convex hull of X

Safe X Poly X

IS THERE ALWAYS A SAFE ZONE ?

3 points, 1 byzantine – no safe zone.

(d=2)

My initial starting point, is the only

point I can guarantee is in the convex hull

of the good processes.

14

CONDITIONS FOR NON EMPTY SAFE ZONE

Let X be a set of messages of the form:

For simplicity, we can treat X as a set of points, using the notation C(X).

Lemma:

Proof: Notice that C contains a restriction of X. The safe zone is the conjunction of all restrictions of X.

, ,i i ip r c

15

if C C ,

then Safet

X and C X t

X Poly C

Process id:

Round number:

Value

CONDITIONS FOR NON EMPTY SAFE ZONE

161 dimension, x =3, every two intersect.

2 dimensions, x =3, every two intersect.

Theorem requires that every 3 intersect.

2 dimensions, x =3, every three intersect.

CONDITIONS FOR NON EMPTY SAFE ZONE

17

CONDITIONS FOR NON EMPTY SAFE ZONE

18

CONDITIONS FOR NON EMPTY SAFE ZONE

19

Every m+1 restrictions intersects

Poly of every m+1 restrictions

intersects

Helly’s Theorem

Polly of all restrictions intersects

CONDITIONS FOR NON EMPTY SAFE ZONE

Every m+1 restrictions intersects

20

Poly of every m+1 restrictions Intersects

Helly’s theorem ensures that all restrictions intersects.

CONCRETE ALGORITHM

For every coordinate d Repeat until converged:

1. Broadcast*2. Trim (Safe Zone).3. Value Middle(Safe Zone) –

(projected to coordinate d)

21

CORRECTNESS PROOF We proved that initially if |X|>t(m+1) the

safe zone is not empty. However, every process receives a slight

different set of messages, and calculates the safe zone on these messages.

22V1 V2 V3 V4 V5 V6 V1 V2 V3 V4 V5 V7

My Safe zone, was calculated

on different values than

yoursI Really hope

they intersect…

CORRECTNESS PROOF

23

V5’

V1 V2 V3 V4 V5 V6 V1 V2 V3 V4 V5 V7

V4 V3

V2

V1

V5

V6 V7

This is my safe

zoneAnd this is

mine…

CORRECTNESS PROOF

24

CORRECTNESS PROOF

25

CORRECTNESS PROOF

26

' Re

' Re { } , ' ' Re { } , '

' Re { }

'

' '

' {M}

t

t t

t

tX strict X

X strict X M M X X strict X M M X

tX strict X M

Safe X X A B

Poly X Poly X

Poly X Safe X

CORRECTNESS PROOF

27

For process Pj, and coordinate d:

Sj(d) is the projection of the safe zone of Pj, in coordinate d. Loj(d) is the smallest point of the safe zone of j, in coordinate d. Hij(d) is the biggest point of the safe zone of j, in coordinate d. vj(d) is the value of process Pj in the current round.

For all processes:Max(d) is the maximal value any of the processes have for the safe zone on coordinate d.

Min(d) is the minimal value any of the processes have for the safe zone on coordinate d

CORRECTNESS PROOF

28

Consider two processes Pi, Pj, and assume without loss of generality that Pi has a bigger value on coordinate d: vi(d) > vj(d) .

and therefore there exist a value :

Lemma 4.9: After each round, the distance between each two processes shrinks to (max(d)-min(d))/2.

i jS S i jl S S

2 2max min

2 2max min

2

j ji ii j

lo d hi dlo d hi dv d v d

l d d l

d d

LOWER BOUND

29

If there is no safe zone ~ no protocol can be correct.

Example: 3 points, 2 dimensions, 1 byzantine process…

Let’s assume that you have a correct algorithm. Where does it converges?

How about here?

I am a good process !

I will not expose myself as

byzantine, I play nice.

LOWER BOUND

30

If there is no safe zone ~ no protocol can be correct.

Example: 3 points, 2 dimensions, 1 byzantine process…

Let’s assume that you have a correct algorithm. Where does it converges?

How about here?

I am a good process !

I will not expose myself as

byzantine, I play nice.

LOWER BOUND If the ‘Byzantine’ nature of a process have no

manifestation in the protocol it is impossible to distinguish from a good process. Lets call such a byzantine “Silent”.

For every convergence point the algorithm picks when there are no byzantine processes.

I can place silent byzantine processes that render the convergence points outside of the convex hull of the good processes.

31

LOWER BOUND It is therefore enough to show constructions

without safe zones. Using simplicial structures, we can build for

any dimension a group of (m+1) points with no safe zone for a single byzantine.

32

0

SUMMARY Multi dimension approximate agreement is

different than single dimension. We can only solve the multi dimension

problem when |X|>(m+1)t The problem cannot be solved for |X|

=(m+1)t or smaller. The safe zone concept captures the nature of

the problem, existence of a safe zone ensures convergence.

When there is no safe zone, the problem cannot be solved.

33

THANK YOU!

34

Now all the Autobots can converge even

when the Deceptions interfere!

Thank you humans, we will never forget it!