1 / 35

Byzantine Fault Tolerance

Byzantine Fault Tolerance. Eleanor Birrell November 23, 2010. x. SIG(x, i ). SIG(y, i ). y. SIG( x,i ). Authenticated Messages. Digital Signatures. Message Authentication Codes (MAC). Secret-Key 3 orders of magnitude faster. Public-Key Inefficient . SK A. M,. M SK A. SIG.

barbra
Download Presentation

Byzantine Fault Tolerance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Byzantine Fault Tolerance Eleanor Birrell November 23, 2010

  2. x SIG(x, i) SIG(y, i) y SIG(x,i)

  3. Authenticated Messages Digital Signatures Message Authentication Codes (MAC) Secret-Key 3 orders of magnitude faster • Public-Key • Inefficient SKA M, MSKA SIG PKA MSKA, b  {yes, no} SIGSHA(M,SKA) = SHA(SKA||SHA(SKA||f(M))) SIGRSA(M,SKA) = f(M)SKA mod n VER SKA

  4. Authenticators • MACs cannot be authenticated by a third party • Solution: create vector of MACs (called authenticator) with one code for each node • Verification O(1) but generation O(n) SKA M, MSKA SIG MSKA, b  {yes, no} SIGAUTH(M,SKA1, …, SKAn) = (SIGSHA(M,SKA1) ,…, SIGSHA(M,SKAn) ) VER SKA

  5. Byzantine Fault Tolerance(Results)

  6. Byzantine Fault Tolerance(Results)

  7. Byzantine Fault Tolerance(Results)

  8. L. Lamport, R. Shostak, and M. Pease. The Byzantine Generals Problem (1982) • Leslie Lamport • PhD Brandeis 1972 (Math) • SRI, DEC, Compaq, MSR • Clocks, Paxos, LaTex • Robert Shostak • PhD Harvard 1974 • SRI, Ansa (Paradox), Portera, Vocera • Marshall Pease • SRI International

  9. A R

  10. Byzantine Generals Problem • Interactive consistency conditions (ICCs): Commanding general i sends vj(i) to Lt. j : • All loyal Lt. obey same order • If i is loyal, every loyal Lt. j obeys order vj(i) • Solution if ICCs hold for all i • Simpler Model: • Army of n Generals • Com. Gen. ihas opinion • v(i)  {Attack, Retreat} • Goals: • Agree on i’s opinion • Agree on right opinion • Model: • Army of n Generals • Each Gen. ihas opinion • v(i)  {Attack, Retreat} • Goals: • Agree on plan • Agree on good plan

  11. BFT with Un-Auth. Messages • (A1) Every message is delivered correctly • (A2) The receiver knows who sent the message • (A3) The absence of a message can be detected

  12. Impossibility Results Sync. Communication [LSP80] Async. Communication [FLP82] • Impossible: n ≤ 3m + 1 • Impossible: m ≥ 1 Bivalent A A A A A R 0 0 0 1 1 0 0 1 1 1 0 R R R Univalent

  13. A Solution with Oral Messages( n ≥ 3m + 1 ) x x OM(i, v, n, 0): OM(i, v, n, m): x x v ? x y y y v y y v v v v v y y y v y y v v v x y v v {x,x,y,y,x,x} y y

  14. A Solution with Oral Messages( n ≥ 3m + 1 ) • OM(i, v, n, 0): • Com. Gen. i sends vi,j= v to every Lt. j • All Lt. j uses the value vi,j (default = RETREAT) • OM(i, v, n, m): • Com. Gen i sends vi,j = v to every Lt. j • Lt. j initiates OM(j, vi,j, m-1, n-1) to send the value vi,jto each of the n-2 other Lts. (default = RETREAT) • Let vj,kbe the value Lt. k received from Lt. j in step 2, default RETREAT. Lt. k uses the value MAJ(v1 , …, vn-1 ).

  15. Byzantine Fault Tolerance(Results)

  16. Byzantine Fault Tolerance(Results)

  17. BFT with Auth. Messages • (A1) Every message is delivered correctly • (A2) The receiver knows who sent the message • (A3) The absence of a message can be detected • (A4) A loyal general’s signature cannot be forged, alterations are detected, authenticity can be verified by all

  18. A Solution with Signed Messages {x, y} {x} {} {x, y} {x} {} SIG(x,i) SIG(y,i,k,j) SIG(x,i,j) SIG(y,i,k) SIG(x,i) SIG(x,i,j) SIG(y,i,k,j) SIG(x,i) SIG(x,i,j) SIG(y,i,k,j) {x, y} {x} SIG(y,i,k) SIG(y,i,k) {} {x, y} {x} {} SIG(x,i) SIG(y,i,k) SIG(y,i,k,j) SIG(x,i,j) SIG(y,i) SIG(y,i,k) SIG(x,i,j) {y} {x, y} {} {x, y} {x} {}

  19. A Solution with Signed Messages • SM (m): • Vi = {} • Com. Gen. i sends vi,j:0 to each Lt. j • If Lt. j receives v:0:k1 : ... : kl and v  Vj, then • Lt. j adds v toVj • If k < m, then he sends the message v:0:k1: … :kl:ito all Lt. s ≠ 0,k1, …, kl. • When Lt. j will receive no more messages, he follows MAJ(Vj)

  20. So what’s wrong? • Synchronous • Unscalable • (Inefficient)

  21. M. RabinRandomized Byzantine Generals (1983) • PhD Princeton (1956) • Professor: MIT, Hebrew University, Harvard • Nondeterminism, primality testing, encryption, oblivious transfer, string search, auctions • Turing Award 1976

  22. A Randomized Solution Polling Lottery Share(b,i) x Share(b,i) shares b b = 0 & count(Temp) ≥ n/2 b = 1 & count(Temp) ≥ n – 2m Temp = MAJ({x,x,y,y,x,z,x})

  23. So what is wrong? • [LSP80] • Synchronous • Unscalable • [Rabin83] • Still too inefficient • Rampart • SecureRing

  24. Fifteen years later…

  25. M. Castro and B. LiskovPractical Byzantine Fault Tolerance (1999) • Miguel Castro • PhD MIT 2001 • MSR Cambridge • Barbara Liskov • PhD Stanford 1968 • MIT • Distributed systems, fault tolerance, prog. languages (OOP) • Turing Award 2008

  26. PBFT Assumptions • Asynchronous environment/ communication • delay(t) doesn’t grow faster than t indefinitely • Independent, Byzantine node failures • At most n-1/3 faulty • Authenticated messages • Adversary can’t break signatures/ MACs

  27. Byzantine Fault Tolerance(Results)

  28. State Machine Replication Client c Request, o, t, cc Multicast Request (3-phase protocol) 3) Reply, v, t, c, i, ri Primary p … Backups i1, …, ik

  29. Multicast (3-phase) •  Pre-prepare, v, n, dp, m • Prepare, v, n, d, ii • Successfully prepared if received • 2m different prepared copies • ( honest agree on total ordering) •  Commit, v, n, D(m), ii …

  30. Backup Plan (c doesn’t receive m+1 replies) • Broadcast Request, o, t, cc • Resend or • Relay request to p • Recover • If p multicasts continue • Else Change View …

  31. View Change • Signed properly? • V valid for view v+1? • Set O is correct? ViewChange, v+1, n, C, P, ii New-View, v+1, V, Op

  32. (Stable) Checkpoints . . . message1 message2 message3 v Checkpt, n, d( ), ii

  33. BFS: A Byzantine-Fault-Tolerant File System • Replication Library • Client: invoke • server: execute make_checkpointdelete_checkpointget_digest get_checkpointset_checkpoint • Relay • Mediate comm. b/n NFS and client/replicas • snfsd • NFS v2 daemon • Implemented using fixed-size memory-mapped file snfsd replication library Kernel VM relay Andrew benchmark replication library snfsd Kernel NFS client replication library Kernel VM

  34. Performance • Table 3: Andrew Benchmark (BFS vs. NFS-std)

  35. Thoughts?

More Related