Exact Byzantine Consensus Under Local-Broadcast Model

11/21/2018 ∙ by Syed Shalan Naqvi, et al. ∙ Georgetown University University of Illinois at Urbana-Champaign 0

This paper considers the problem of achieving exact Byzantine consensus in a synchronous system under a local-broadcast communication model. The nodes communicate with each other via message-passing. The communication network is modeled as an undirected graph, with each vertex representing a node in the system. Under the local-broadcast communication model, when any node transmits a message, all its neighbors in the communication graph receive the message reliably. This communication model is motivated by wireless networks. In this work, we present necessary and sufficient conditions on the underlying communication graph to achieve exact Byzantine consensus under the local-broadcast communication model.

READ FULL TEXT VIEW PDF
POST COMMENT

Comments

There are no comments yet.

Authors

page 1

page 2

page 3

page 4

This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.

1 Introduction

This paper considers the problem of achieving exact Byzantine consensus in a synchronous system under a local-broadcast communication model. The nodes communicate with each other via message-passing. The communication network is modeled as an undirected graph, with each vertex representing a node in the system. Under the local-broadcast communication model, when any node transmits a message, all its neighbors in the communication graph receive the message reliably. This communication model is motivated by wireless networks. For instance, in the communication graph in Figure 1, node 1 has neighbors 2 and 3, whereas node 2 has neighbors 1, 4 and 5. Thus, when node 1 transmits a message, the message is received by both its neighbors, namely 2 and 3. Similarly, when node 2 transmits a message, it is received by its neighbors 1, 4 and 5.

In this brief announcement, we present necessary and sufficient conditions on the underlying communication graph to achieve exact Byzantine consensus under the local-broadcast communication model.

2 Related Work

Under the classical point-to-point network model, and vertex connectivity are both necessary and sufficient conditions for Byzantine consensus on undirected graphs [2, 3]. Closest to our contributions is the work on consensus using partial broadcast channels that help achieve various forms of “non-equivocation” [9, 4, 6]. Intuitively, non-equivocation prevents a node from transmitting inconsistent messages. Prior work has considered various constraints on equivocation, however, surprisingly, the local-broadcast model considered in this paper does not seem to have been addressed yet. In a completely connected graph, a broadcast channel ensures that a node cannot send inconsistent messages to any pair of nodes, and it is easy to see that nodes suffice to tolerate Byzantine faults. [9] consider networks modeled as a -uniform hypergraph. In this setting, each transmission is viewed as occurring on one of the hyperedges, and the nodes belonging to the hyperedge receive the message reliably. Motivated by the work in [9], [4] obtained further results on networks with 3-uniform hypergraphs.[6] studies the problem of iterative approximate Byzantine consensus using 3-hyperedges in which one of nodes in each hyperedge is identified as the unique sender.

For the local-broadcast communication model, [5, 1, 8] consider the problem of reliable broadcast. Although their communication model is analogous to this paper, we consider Byzantine consensus, whereas this prior work considers reliable broadcast. It turns out that the network requirements for these two problems are quite different.

Another related line of research considers approximate Byzantine consensus algorithms with a restrictive computation structure. In particular, each node maintains a real-valued state, and in each iteration of the algorithm, a node computes its new state as a weighted linear combination of its previous state and its neighbors’ state. For this class of iterative approximate consensus algorithms, necessary and sufficient conditions under the local-broadcast model have been identified [10]. These conditions are distinct from those obtained in our work, since we do not constrain the algorithm structure; additionally, we consider exact consensus.

3 System Model

represents the communication graph. Each vertex represents node , and edge if and only if nodes and can receive each other’s message transmissions. The system is synchronous. The local-broadcast communication model is assumed. Thus, a transmission by any node is received reliably (and identically) by all the nodes in the set . It is assumed that when a node receives a message, it can correctly identify the neighbor that sent the message.

Each node has a binary input, i.e., the input is in . Up to of the nodes may be Byzantine faulty. A faulty node is assumed to have complete knowledge of the states of all the nodes, the algorithm, and the communication graph. A correct algorithm for Byzantine consensus must satisfy the following conditions:

  • Agreement: All non-faulty nodes decide on an identical value.

  • Validity: If input of all the non-faulty nodes equals , then non-faulty nodes decide .

  • Termination: The algorithm terminates after a bounded duration of time.

Figure 1: Example graph                            Figure 2: Detecting message tampering

4 Our Results

Before presenting the results, we illustrate a benefit of the local-broadcast model. As an example, consider the illustration in Figure 2, where we assume that node B is Byzantine faulty, and other nodes are non-faulty. In the figure, solid lines show edges between nodes, and directed dotted lines show the messages being transmitted. As shown in Figure 2, node A transmits message to node B, and then expects B to forward to node C. However, node B tampers the message before forwarding to C. Instead of , node B forwards message . Due to the local-broadcast property, node A will also receive , and learn that node B is faulty. Subsequently, node A sends a message to node E along path A-D-E claiming that node B is faulty111Some messages have been omitted from the figure for brevity.. If the path travelled by the message is also included in the message, then node E can now infer that at least one of the nodes on the path D-A-B must be faulty. Such inferences under the local-broadcast model can be shown to reduce the requirements on the communication graph, compared to the classical point-to-point communication model. In particular, we have obtained the following results [7].

Theorem 4.1 (Necessary Conditions).

Under the local-broadcast model, Byzantine consensus is impossible with up to Byzantine faults () if either condition below holds true:

  • Minimum degree of is less than , or

  • Vertex connectivity of is at most .

Theorem 4.2 (Sufficient Conditions).

Under the local-broadcast model, Byzantine consensus can be achieved with up to Byzantine faults () if the vertex connectivity of is at least .

The sufficient condition above is proved constructively by providing a correct Byzantine consensus algorithm [7]. A simpler algorithm for -connectivity is given in Appendix A. There is a gap between the necessary and sufficient conditions in Theorems 4.1 and 4.2, due the different thresholds on vertex connectivity. The following result suggests that it may be possible to significantly tighten the sufficient condition in Theorem 4.2.

Theorem 4.3.

There exists a graph with vertex connectivity on which Byzantine consensus with up to Byzantine faults is achievable under the local-broadcast model.

Motivated by the above result, we are presently working to bridge the gap between Theorems 4.1 and 4.2.

References

  • [1] V. Bhandari and N. H. Vaidya. On reliable broadcast in a radio network. In ACM Symposium on Principles of Distributed Computing (PODC), 2005.
  • [2] D. Dolev. The Byzantine generals strike again. Journal of algorithms, 3(1):14–30, 1982.
  • [3] M. J. Fischer, N. A. Lynch, and M. Merritt. Easy impossibility proofs for distributed consensus problems. Distributed Computing, 1(1):26–39, 1986.
  • [4] A. Jaffe, T. Moscibroda, and S. Sen. On the price of equivocation in byzantine agreement. In Proceedings of the 2012 ACM symposium on Principles of distributed computing, pages 309–318. ACM, 2012.
  • [5] C.-Y. Koo, V. Bhandari, J. Katz, and N. H. Vaidya. Reliable broadcast in radio networks: The bounded collision case. In Proceedings of the twenty-fifth annual ACM symposium on Principles of distributed computing, pages 258–264. ACM, 2006.
  • [6] C. Li, M. Hurfin, Y. Wang, and L. Yu. Towards a restrained use of non-equivocation for achieving iterative approximate Byzantine consensus. In Parallel and Distributed Processing Symposium, 2016 IEEE International, pages 710–719. IEEE, 2016.
  • [7] S. S. Naqvi. Exact Byzantine consensus under local-broadcast channels, University of Illinois at Urbana-Champaign, M.S. Thesis (Advisor: Nitin Vaidya), 2018.
  • [8] A. Pelc and D. Peleg. Broadcasting with locally bounded byzantine faults. Information Processing Letters, 93(3):109–115, 2005.
  • [9] D. Ravikant, V. Muthuramakrishnan, V. Srikanth, K. Srinathan, and C. P. Rangan. On Byzantine agreement over (2, 3)-uniform hypergraphs. In International Symposium on Distributed Computing, pages 450–464. Springer, 2004.
  • [10] H. Zhang and S. Sundaram. Robustness of information diffusion algorithms to locally bounded adversaries. In American Control Conference (ACC), 2012.

Appendix A Algorithm for -Connectivity ()

Definition A.1.

For two nodes , reliably receives a message sent by if

  1. [topsep=0pt, itemsep=0pt]

  2. ,

  3. is a neighbor of , or

  4. receives the message identically on at least node disjoint -paths.

Observe that if a node sends a message , then any node can not reliably receive a message from other than .

For simplicity, fix node disjoint paths for each pair of nodes. We say that a non-faulty node is a type A node if it knows the identity of all faulty nodes. Every other non-faulty node is a type B node. Initially, all non-faulty nodes are type B nodes. As the algorithm is run, some non-faulty nodes will discover the identity of faulty nodes and transition to type A nodes. We show that by the end of the algorithm, all type A nodes have reached consensus on the output. Since type B nodes know the identity of all faulty nodes, they can ignore messages from paths with faulty nodes (faulty paths) and receive the correct decision value of type A nodes.

The algorithm proceeds in 3 rounds. In round 1, each node sends its input value to the entire network (i.e. “floods” its input value). As all the communication is synchronous, can wait for synchronous time steps to ensure that the input value is propagated to each node in the graph. Since the communication is via broadcast, all non-faulty neighbors of reliably receive the same value from in round 1, even if is faulty. Therefore, we assume that the input value of a faulty node is the value it floods in the first round. In round 2, for each node , its neighbors report on the messages propagated in round 1. As before, after synchronous time steps, this information has been propagated to the entire network. Again, due to the broadcast model, each neighbor of knows the exact messages propagated by in round . These messages help identify faulty nodes if they exhibit faulty behaviour (i.e. tamper with messages). The details are in the proof of Lemma A.2. In round 3, type B nodes reach consensus and inform the type A nodes on the decision. If no type B nodes exist, then type A nodes decide by themselves.

The algorithm is as follows.

  1. [label=Round 0:,topsep=0pt, itemsep=0pt]

  2. (Flood) Each node floods its input value.

  3. (Report) For each node , its neighbors report on the messages propagated by in round 1. At the end, each node , attempts to discover the faulty nodes (details in proof of Lemma A.2).

  4. (Decide) Fix an arbitrary non-faulty node . If is a type B node, then it decides from the input values it received reliably in round 1, by taking the majority, and then floods the decision value. If is a type A node, then it waits for a decision value from a non-faulty (type B) node. If a decision value is received from a non-faulty (type B) node, then decides on this value. Otherwise, decides from the input values of all non-faulty nodes by taking the majority.

Lemma A.2.

Message sent by a faulty node is received reliably by every node.

Proof:   Let be an arbitrary faulty node and let be an arbitrary node in the graph. If or is a neighbor of , then the claim is trivially true from Definition A.1. Otherwise, there exist node disjoint paths from to as the graph is -connected. Since is faulty, only of these paths can have faulty nodes. Moreover, due to the broadcast model, sends the same message on all the node disjoint paths. Therefore receives identical messages from the remaining node disjoint paths that do not have a faulty node.

Lemma A.3.

Let and be distinct nodes. In round 1, if reliably receives an input value of some node and does not, then knows the identity of faulty nodes after round .

Proof:   Fix a node with input . Observe that, by Lemma A.2, is a non-faulty node since did not receive from reliably in round 1. Note also that reliably receives from in round 1. Let be the node disjoint -paths. Since did not reliably receive from in round 1, therefore exactly of these paths have faulty nodes. WLOG let these paths be . By Lemma A.2, after round 2, reliably receives that some nodes on forwarded in round 1. For each path, sets the first such node to be faulty.

To see why this assignment is correct, consider an arbitrary path in . WLOG let this path be . Let be the faulty node in that tampers the message. Observe that each of has exactly one faulty node that tampers the message. In round 2, by Lemma A.2, reliably receives that forwarded in round 1. Moreover, let be an arbitrary node in before . Then is non-faulty and forwarded in round 1. Therefore, in round 2, can not reliably receive that forwarded in round 1.

Lemma A.4 (Agreement).

All type B nodes reliably receive the same set of input values in round 1.

Proof:   Suppose, for the sake of contradiction, that two nodes and are type B nodes and there exists a node such that reliably receives the input of and does not. Then, by Lemma A.3, knows the identity of faulty nodes after round 2. Therefore, must be a type A node, a contradiction.

Lemma A.5 (Validity).

Each node reliably receives input values of at least other nodes.

Proof:   Since the graph is connected, therefore each node has at least neighbors. By Definition A.1 each node reliably receives input from these nodes.

Theorem A.6.

The algorithm given above achieves Byzantine consensus with up to Byzantine faults () if the vertex connectivity of is at least .

Proof:   The termination follows from the construction of the algorithm. For validity and agreement, there are two cases to consider.

There is at least one type B node: For agreement, note that by Lemma A.4 all type B nodes receive the same input values and therefore decide on the same value by taking the majority. Type A nodes know the identity of all () faulty nodes and so they can ignore messages on paths with faulty nodes. So we only need one non-faulty path between a type A node and a type B node. Since there are at least node disjoint paths without any faulty nodes between any two nodes, therefore in round 3 each type A node correctly receives a message from a type B node about the final decision and decides on the same value. For validity, note that by Lemma A.5 each type B node is aware of input values of at least nodes (including its own). If the input of all non-faulty nodes equals , then by taking the majority a type B node will decide on .

There are no type B nodes: Let be an arbitrary non-faulty node. Since there are no type B nodes, is a type A node that does not receive any decision value from any type B node in round 3. Since knows the identity of faulty nodes, can check messages received from non-faulty nodes in round 1 and ignore messages from any path that contains a faulty node. Therefore, knows the input values of all non-faulty nodes. For agreement, observe that all non-faulty nodes are type A and each non-faulty node decides on the same decision value by taking the majority of the input values of non-faulty nodes. For validity, observe that all non-faulty nodes only consider the input values of non-faulty nodes.

Appendix B Alternate characterization of the Necessity Condition

Consider an undirected graph . For a set , define . For two disjoint sets , define if . For a set , is an -partition of if

  1. [topsep=0pt, itemsep=0pt]

  2. is a partition of ,

  3. is non-empty, and

  4. is non-empty.

is -good if for every set of cardinality at most , every -partition of is such that

  1. [topsep=0pt, itemsep=0pt]

  2. either ,

  3. or .

Lemma B.1.

If a graph is -connected, then it is -good.

Proof:   Since is -connected so it is of size . We show the contrapositive that if a graph of size is not -good, then it has connectivity less than . Since is not -good, there exists a set of cardinality at most and an -partition of such that

  1. [topsep=0pt, itemsep=0pt]

  2. , and

  3. .

There are three cases to consider:

  • and .
    We have that , a contradiction.

  • and . Since , we have that is non-empty. Also, since is non-empty and , we have that . Now has neighbors (outside of ) in either or . Furthermore, we have that both and are non-empty. Therefore, removing and disconnects from . To see that less than nodes have been removed, observe that (since ) and .

  • and . Since and , we have that both and are non-empty. WLOG we assume that so that . Now has neighbors (outside of ) in either or . Furthermore, we have that both and are non-empty. Therefore, removing and disconnects from . To see that at most nodes have been removed, observe that (since ) and for a total of at most nodes.

Lemma B.2.

If a graph is -good, then it is -connected.

Proof:   We show that contrapositive that if a graph is not -connected, then it is not -good. Since has connectivity less than , there exists a vertex cut of size at most that separates two sets . We create a set and a corresponding -partition that violates the conditions for -good to show that is not -good. Partition the cut into roughly equal parts so that , , and . Let so that . We create an -partition as follows. Let , , and . Observe that is indeed a partition of and and are non-empty. Now we have that and . Therefore is non-empty and is non-empty. Thus is indeed an -partition. Now observe that has cardinality at most . Similarly has cardinality at most . Therefore we conclude that

  1. [topsep=0pt, itemsep=0pt]

  2. , and

  3. .

This completes the proof that is not -good.

Lemma B.3.

If a graph is -good, then each node in has degree at least .

Proof:   First note that if is of size , then cannot be -good (partition the graph into two parts and of roughly equal size with ). Therefore we assume that . We show the contrapositive that if there exists a node in of degree less than , then is not -good. Suppose has degree strictly less than . We create a set and a corresponding -partition that violates the conditions for -good to show that is not -good. Let be arbitrary neighbors of or the set if has less than neighbors. Let , , and . Then is indeed a partition of , is non-empty, and is non-empty since it has at least nodes (since , , and ). We show that

  1. [topsep=0pt, itemsep=0pt]

  2. , and

  3. .

Now has at most neighbors in by construction. Also so that can not have more than neighbors in .

Lemma B.4.

If a graph is -connected and every node has degree at least , then it is -good.

Proof:   We show the contrapositive that if a graph is not -good, then either it has connectivity at most or there exists a node in of degree strictly less than . Since is not -good, there exists a set of cardinality at most and an -partition of such that

  1. [topsep=0pt, itemsep=0pt]

  2. , and

  3. .

There are three cases to consider:

  • [topsep=0pt, itemsep=0pt]

  • and .
    We have that . Therefore, all nodes in have degree at most .

  • and . Consider a node (recall that is non-empty). We show that has degree strictly less than . Now has neighbors either in or in . Observe that so that has strictly less than neighbors in . Also since . Therefore has at most neighbors in . Thus , as required.

  • and . Since and , we have that both and are non-empty. WLOG we assume that so that . Now has either neighbors in or in . Furthermore, we have that both and are non-empty. Therefore, removing and disconnects from . To see that at most nodes have been removed, observe that (since ) and for a total of at most nodes.

This completes the proof that has either connectivity less than or a node of degree less than .

Theorem B.5.

A graph is -good if and only if it is -connected and every node has degree at least .

Proof:   From Lemmas B.2, B.3, and B.4.