## 1 Introduction

Ensuring seamless communication between two indirectly connected entities of a network is fundamental for achieving more complex cooperative tasks. Since vulnerability of modern networks is increased along with their size, there is a strong interest in achieving consistent communication in unreliable environments. This task is captured by the *Reliable Message Transmission* problem (RMT), in which the goal is the correct delivery of message from a sender to a receiver even if some of the intermediate nodes-players are corrupted and do not relay the message as agreed. In this work, we study RMT in the presence of a *Byzantine adversary* which can make some players deviate from the protocol arbitrarily, by blocking, rerouting, or even altering a message that they should normally relay intact to specific nodes.

The feasibility of RMT naturally depends on the structure of the network and the corruption capability of the adversary. Thus, the literature has been focused on the deduction of topological conditions which involve the adversary model and prove necessary or sufficient for RMT to be achieved. We stress that another important parameter affecting distributed tasks in contemporary networks is the level of players’ knowledge over the topology and the adversary. To this end, we employ the recently introduced *Partial Knowledge Model* [6], which assumes that each player only has knowledge over some arbitrary subgraph of the network. It encompasses all previous topology knowledge models including the extensively studied full knowledge [1, 5] and ad hoc [8, 10]

models (in the latter, a node is only aware of its immediate neighborhood). The motivation for partial knowledge considerations comes from large scale networks, where global estimation of system properties may be hard to obtain, and social networks, where proximity is often correlated with an increased amount of available information. In this context, we specifically study the role of local information exchange in the feasibility of RMT. Regarding the adversary model we address the problem under the

*General Adversary model*[3] which subsumes all known models such as global [2] or local [4, 9] threshold adversaries and intuitively captures coalitions of adversarial players. The combination of these two quite general models forms the most general setting encountered within the synchronous deterministic model.

We assume a synchronous network represented by a graph consisting of the player set (also denoted as ) and edge set which represents undirected authenticated
channels between players.
The neighborhood of a node will be denoted as .
We will denote the sender and the receiver nodes as respectively and say that a distributed protocol *achieves RMT* if by the end of the protocol the receiver has *decided on* , i.e. if it has been able to output the value originally sent by the sender.

The Adversary Model [3]. In the General Adversary model, the possible corruption sets are defined by the *adversary structure* , which is, a monotone family of subsets of ,
i.e. , where all subsets of a set are in if . In this work we obtain our results with respect to a General Byzantine adversary.

The Partial Knowledge Model [6].
Each player only has knowledge of the topology of a certain subgraph of which includes . Namely considering the family of subgraphs of we use the *view function* , where represents the subgraph of over which player has knowledge of the topology. We extend the domain of by allowing a set as an argument. The value will correspond to the *joint view* of nodes in . More specifically, if then . The extensively studied ad hoc model (cf. [8]) can be seen as a special case of the Partial Knowledge Model, where .

To combine these two models, we first define the *restriction* of a structure to a node set as . We assume that given the actual adversary structure each player is aware of its *local adversary structure* .
We denote an instance of the problem by the tuple , whereas in the ad hoc case we will omit since it’s fixed.
We will say that an RMT protocol is *safe* if it never causes the receiver to decide on an incorrect value in any instance. The importance of the safety property is pointed out in [8],
where it is regarded as a basic requirement of a Broadcast algorithm.

## 2 RMT in the ad hoc model

In this section we present a tight condition for RMT in the ad hoc model. The proofs are variations of the respective theorems in [6] for the Broadcast problem. The following notion proves crucial for the exact characterization of instances where RMT is possible.

(*-partial pair cut*)
Let be a cut of partitioning into sets s.t. and .
is a *-pp cut* if there exists a partition with
and .

Observe that -pp cut, constitutes a one-sided variation of the well known separator notion used in [5] in the context of full topology knowledge networks. Its existence in a network yields impossibility of safe RMT as shown below.

###### Theorem 1 (RMT Impossibility)

Given an RMT instance , if an -pp cut exists on then no safe RMT algorithm exists for .

Checking the above condition has been proven in [6] to be -hard but interestingly, the impossibility is matched by a variation of the simple Broadcast algorithm -CPA (*Certified Propagation Algorithm*). The algorithm was introduced in the same work and in turn, can be seen as a generalization of CPA Broadcast algorithm, proposed in [4]. In -CPA, initially, the sender sends its value to all its neighbors and terminates. Subsequently, each player decides on a value through a *decision rule* and propagates its decision to all its neighbors if , or outputs its decision if . The core of -CPA consists of the following decision rules:

-CPA decision rules: If then upon reception of from the sender, decide on . Else, if then upon receiving the same value from all neighbors in a set such that , decide on value .

-CPA proves to be tight for RMT by a variation of the theorem presented in [6] as shown below. This practically means that given an ad hoc RMT instance , the best one can do is to execute -CPA; if RMT is not achieved then no safe algorithm can achieve RMT in .

###### Theorem 2 (Feasibility of RMT)

Given an RMT instance , if no -pp cut exists on , then -CPA achieves RMT in .

The minimal communication that -CPA utilizes is noteworthy. For instance, Theorems 1,2 imply that in the ad hoc model, local knowledge exchange between players cannot benefit the feasibility of the problem. Considering partial knowledge in its most general form, presents a new challenge in the study; namely, it becomes clear that tight results can be obtained only if the players exchange and appropriately combine their knowledge regarding the topology and the adversary.

## 3 Joining partial knowledge

Combining topological knowledge exchanged by two players is trivial, since their joint knowledge can easily be computed. However, their joint knowledge over the adversary structure is not obvious to define. In this section we address the issue and define a *joint operation* over local adversary structures^{1}^{1}1The operation takes into account potentially different adversarial structures, so that it is well defined even if a corrupted player provides a different structure than the real one to
some honest player.. As is proved in the following, this operation allows the combination of local knowledge in an optimal way. Details of this section’s results can be found in [7].

(*Joint operation *)
Let denote the space of adversary structures on a set of nodes . For any node sets and adversary structures , the operation , is defined as follows:

Informally, the operation unites possible corruption sets from and that ‘agree’ on . The operation is commutative, associative and idempotent, which means that it imposes a *semi-lattice structure* on the space of all possible partial adversary information. The semi-lattice structure allows for the definition of a partial order relation on this space which guarantees the existence of a supremum for every finite subset under . Utilizing the latter, we can prove the following property of the operation which is important for our study.

###### Theorem 3

For any adversary structure and node sets : .

What Theorem 3 shows is that the operation gives the maximal (w.r.t inclusion) possible adversary structure that is indistinguishable by two agents that know and respectively, i.e., it coincides with their knowledge of the adversary structures on sets and respectively. We can now define the combined knowledge of a set of nodes about the adversary structure given a view function :

Note that exactly captures the maximal adversary structure possible, restricted in , conforming to the initial knowledge of players in . Also notice that using Theorem 3 we get . This means that, what nodes in conceive as the worst case adversary structure indistinguishable to them, always contains the actual adversary structure in their scenario.

Impossibility of RMT in this case is based on the following separator notion which is analogous to that of -pp cut but also involves the joint knowledge of players.

(*RMT-cut*)
Let be an RMT instance and be a cut in , partitioning in two sets where and . Then is a *RMT-cut* iff and .

Then the impossibility result can be stated as follows.

###### Theorem 4 (Necessity)

Let be an RMT instance. If there exists a RMT-cut in then no safe and resilient RMT algorithm exists for .

Conclusions. As in the ad hoc case, algorithm *RMT-PKA* proposed in [7], is proven tight. This proves the optimality of the local information exchange procedure. On the negative, RMT-PKA is of exponential bit complexity and the reduction of the communication cost is an open problem. Also an interesting research direction would be to study the exact threshold which renders local information exchange useful.

## References

- [1] D. Dolev. The byzantine generals strike again. J. Algorithms, 3(1):14–30, 1982.
- [2] D. Dolev, C. Dwork, O. Waarts, and M. Yung. Perfectly secure message transmission. J. ACM, 40(1):17–47, Jan. 1993.
- [3] M. Hirt and U. M. Maurer. Complete characterization of adversaries tolerable in secure multi-party computation (extended abstract). In J. E. Burns and H. Attiya, editors, PODC, pages 25–34. ACM, 1997.
- [4] C.-Y. Koo. Broadcast in radio networks tolerating byzantine adversarial behavior. In S. Chaudhuri and S. Kutten, editors, PODC, pages 275–282. ACM, 2004.
- [5] M. V. N. A. Kumar, P. R. Goundan, K. Srinathan, and C. P. Rangan. On perfectly secure communication over arbitrary networks. In Proceedings of the twenty-first annual symposium on Principles of distributed computing, PODC ’02, pages 193–202, New York, NY, USA, 2002. ACM.
- [6] A. Pagourtzis, G. Panagiotakos, and D. Sakavalas. Reliable broadcast with respect to topology knowledge. Distributed Computing, 30(2):87–102, 2017.
- [7] A. Pagourtzis, G. Panagiotakos, and D. Sakavalas. Reliable communication via semilattice properties of partial knowledge. In R. Klasing and M. Zeitoun, editors, Fundamentals of Computation Theory - 21st International Symposium, FCT 2017, Bordeaux, France, September 11-13, 2017, Proceedings, volume 10472 of Lecture Notes in Computer Science, pages 367–380. Springer, 2017.
- [8] A. Pelc and D. Peleg. Broadcasting with locally bounded byzantine faults. Inf. Process. Lett., 93(3):109–115, 2005.
- [9] L. Tseng, N. Vaidya, and V. Bhandari. Broadcast using certified propagation algorithm in presence of byzantine faults. Information Processing Letters, 115(4):512 – 514, 2015.
- [10] L. Tseng and N. H. Vaidya. Iterative approximate byzantine consensus under a generalized fault model. In D. Frey, M. Raynal, S. Sarkar, R. K. Shyamasundar, and P. Sinha, editors, ICDCN, volume 7730 of Lecture Notes in Computer Science, pages 72–86. Springer, 2013.

Comments

There are no comments yet.