reaching agreement in the presence of faults m. pease, r. shotak and l. lamport sanjana patel dec 3,...
TRANSCRIPT
Reaching Agreement in Reaching Agreement in the Presence of Faultsthe Presence of FaultsM. Pease, R. Shotak and L. LamportM. Pease, R. Shotak and L. Lamport
Sanjana PatelSanjana Patel
Dec 3, 2003Dec 3, 2003
IntroductionIntroduction
The algorithm proposed by this paper The algorithm proposed by this paper offers the means by which offers the means by which independent processes can arrive at independent processes can arrive at an exact mutual agreement.an exact mutual agreement.
The algorithm works for greater than The algorithm works for greater than or equal to 3m+1 total processes or equal to 3m+1 total processes (where m processes are faulty)(where m processes are faulty)
AssumptionsAssumptions
There are n isolated processes and There are n isolated processes and no more than m are faultyno more than m are faulty
Faulty processes need not be Faulty processes need not be identifiedidentified
Processors communicate by means Processors communicate by means of two-party messageof two-party message
The communication channel is fail-The communication channel is fail-safe and has negligible delaysafe and has negligible delay
Sender of a message is identifiableSender of a message is identifiable
GoalGoal Devise an algorithm based on an exchange of Devise an algorithm based on an exchange of
messages that allows each non-faulty process to messages that allows each non-faulty process to compute an interactive consistency vector (of n compute an interactive consistency vector (of n values) such thatvalues) such that• The non-faulty processes compute the exact same The non-faulty processes compute the exact same
vectorvector• The elements of the vector corresponding to a given The elements of the vector corresponding to a given
non-faulty process is the private value of that processnon-faulty process is the private value of that process The above goal helps achieve interactive The above goal helps achieve interactive
consistencyconsistency The vector corresponding to the faulty process The vector corresponding to the faulty process
may be arbitrary as long as all non-faulty may be arbitrary as long as all non-faulty processes compute the exact same value for any processes compute the exact same value for any faulty processfaulty process
No-Fault CaseNo-Fault Case
If there are no faults, each process will have the If there are no faults, each process will have the same interactive consistency vector (i.e., Each same interactive consistency vector (i.e., Each process has an identical vector containing the process has an identical vector containing the private values of each process)private values of each process)
P1 P2
P3 P4
{1,2,3,4}
{1,2,3,4}
{1,2,3,4}
{1,2,3,4}
1 2
3 4
Single-Fault CaseSingle-Fault Case
Consider obtaining interactive consistency Consider obtaining interactive consistency for m=1 and n=4for m=1 and n=4
Two rounds of information exchange are Two rounds of information exchange are requiredrequired• Exchange private values in the first roundExchange private values in the first round• Exchange results of the first round in the Exchange results of the first round in the
second roundsecond round All non-faulty processes can record ‘NIL’ All non-faulty processes can record ‘NIL’
for the faulty process ICV value or the for the faulty process ICV value or the majority value for the faulty process is majority value for the faulty process is used used
Single-Fault CaseSingle-Fault Case
P1 P2
P3 P4
P2:{1,2,Z,4}
P3:{1,B,3,4}
P4:{1,2,Y,4}
{1,2,3,4}
2
4
P1:{1,2,3,4}
P3:{A,2,Z,4}
P4:{1,2,Y,4}
P1:{1,2,3,4}
P3:{1,2,Y,4}
P2:{1,2,Z,4}
1
3 Z
Y
Based on Majority, ICV used will be {1,2,NIL,4} as there is no majority value for P3 (all processes have a different value for P3)
M-fault CaseM-fault Case
m+1 rounds of information exchange are m+1 rounds of information exchange are required to obtain interactive consistency required to obtain interactive consistency in a system of m faulty processesin a system of m faulty processes
Either the majority or NIL is used for vector Either the majority or NIL is used for vector valuesvalues
If broadcast is used for communication If broadcast is used for communication from round 2 onwards, a maximum of from round 2 onwards, a maximum of n*(m+1) messages are exchanged before n*(m+1) messages are exchanged before an agreement is reached.an agreement is reached.
Impossibility for n < 3m+1Impossibility for n < 3m+1
P1
P2P3
P2:{1,2,Z}
P3:{1,B,3}
{1,2,3}
2
P1:{1,2,3}
P3:{A,2,Z}
1
3Z
There is no majority value for any of the ICV values so no agreement can be reached.
Algorithm using AuthenticatorsAlgorithm using Authenticators
The problem of reaching an agreement The problem of reaching an agreement with n < 3m+1 is based on the with n < 3m+1 is based on the assumption that a faulty process may assumption that a faulty process may refuse to pass-on or fabricate the values it refuse to pass-on or fabricate the values it received from other processesreceived from other processes
Authentication can be used to guard Authentication can be used to guard against the above so that a faulty process against the above so that a faulty process may lie about it’s own value or refuse to may lie about it’s own value or refuse to send it’s own value but cannot relay send it’s own value but cannot relay altered values without other processes altered values without other processes being able to identify it as faulty.being able to identify it as faulty.
Algorithm using AuthenticatorsAlgorithm using Authenticators
An authenticator is an argument An authenticator is an argument appended to the data, that can be appended to the data, that can be created by the sender onlycreated by the sender only
The receiver should be able to use The receiver should be able to use the authenticator to verify the sender the authenticator to verify the sender and that the value was not altered.and that the value was not altered.
Public Key/Private Key infrastructure Public Key/Private Key infrastructure can be used to achieve the above in can be used to achieve the above in combination with Message Hashingcombination with Message Hashing
ExampleExample
P1
P2P3
P2:{1,2,Z}
P3:{1,2,3}
{1,2,3}
2
P1:{1,2,3}
P3:{1,2,Z}
1
3Z
Since P3 cannot lie about P1 or P2’s values without reveling itself as faulty, an agreement. ICV value of {1,2,NIL} is used.
ConclusionConclusion The problem of obtaining interactive The problem of obtaining interactive
consistency is fundamental to the design consistency is fundamental to the design of distributed fault-tolerant systemsof distributed fault-tolerant systems
The algorithm is needed for at least three The algorithm is needed for at least three aspects of designaspects of design• Synchronization of clocksSynchronization of clocks• Stabilization of input from sensorsStabilization of input from sensors• Agreement of results of diagnostic testsAgreement of results of diagnostic tests
Preliminary research assumed that a Preliminary research assumed that a simple majority was sufficient. Realization simple majority was sufficient. Realization that simple majorities were insufficient led that simple majorities were insufficient led to the results reported in this paperto the results reported in this paper
Q&A?Q&A?