Byzantine fault tolerance
The objective of Byzantine fault tolerance is to be able to defend against Byzantine failures, in which components of a system fail in arbitrary ways (i.e., not just by stopping or crashing but by processing requests incorrectly, corrupting their local state, and/or producing incorrect or inconsistent outputs). Correctly functioning components of a Byzantine fault tolerant system will be able to correctly provide the system's service assuming there are not too many Byzantine faulty components.
A Byzantine fault is an arbitrary fault that occurs during the execution of an algorithm by a distributed system. It encompasses both omission failures (e.g., crash failures, failing to receive a request, or failing to send a response) and commission failures (e.g., processing a request incorrectly, corrupting local state, and/or sending an incorrect or inconsistent response to a request). When a Byzantine failure has occurred, the system may respond in any unpredictable way, unless it is designed to have Byzantine fault tolerance.
For example, if the output of one function is the input of another, then small round-off errors in the first function can produce much larger errors in the second. If the second function were fed into a third, the problem could grow even larger, until the values produced are worthless. Another example is in compiling source code. One minor syntactical error early on in the code can produce large numbers of perceived errors later, as the parser of the compiler gets out-of-phase with the lexical and syntactic information in the source program. Such failures have brought down major Internet services. For example, in 2008 Amazon S3 was brought down for several hours when a single-bit hardware error propagated through the system.
In a Byzantine fault tolerant (BFT) algorithm, steps are taken by processes, the logical abstractions that represent the execution path of the algorithms. A faulty process is one that at some point exhibits any of the above failures. A process that is not faulty is correct.
The Byzantine failure assumption models real-world environments in which computers and networks may behave in unexpected ways due to hardware failures, network congestion and disconnection, as well as malicious attacks. Byzantine failure-tolerant algorithms must cope with such failures and still satisfy the specifications of the problems they are designed to solve. Such algorithms are commonly characterized by their resilience t, the number of faulty processes with which an algorithm can cope.
Many classic agreement problems, such as the Byzantine Generals' Problem, have no solution unless n ≥ 3t + 1, where n is the number of processes in the system and t is the number of traitors (faults). In other words, the algorithm can ensure correct operation only if fewer than one third of the processes are faulty.
Byzantine refers to the Byzantine Generals' Problem, an agreement problem (first proposed by Marshall Pease, Robert Shostak, and Leslie Lamport in their 1980 paper, "Reaching Agreement in the Presence of Faults") in which generals of the Byzantine Empire's army must decide unanimously whether to attack some enemy army. (The Byzantine Army was chosen as an example for the problem as the Byzantine state experienced frequent treachery in the high levels of its administration.) The problem is complicated by the geographic separation of the generals who must communicate by sending messengers to each other, and by the presence of traitors amongst the generals. These traitors can act arbitrarily in order to achieve the following aims: trick some generals into attacking; force a decision that is not consistent with the generals' desires, e.g. forcing an attack when no general wishes to attack; or confusing some generals to the point that they are unable to make up their minds. If the traitors succeed in any of these goals any resulting attack is doomed, as only a concerted effort can result in victory.
Byzantine fault tolerance can be achieved if the loyal (non-faulty) generals have a unanimous agreement on their strategy. Note that if the source general is correct, all loyal generals must agree upon that value; otherwise, the choice of strategy agreed upon is irrelevant.
Several solutions were originally described by Lamport, Shostak, and Pease in 1982. They began by noting that the Generals' Problem can be reduced to solving a "Commander and Lieutenants" problem where Loyal Lieutenants must all act in unison and that their action must correspond to what the Commander ordered in the case that the Commander is Loyal. Roughly speaking, the Generals vote by treating each other's orders as votes.
- One solution considers scenarios in which messages may be forged, but which will be Byzantine-fault-tolerant as long as the number of traitorous generals does not equal or exceed one third. The impossibility of dealing with one-third or more traitors ultimately reduces to proving that the 1 Commander + 2 Lieutenants problem cannot be solved, if the Commander is traitorous. The reason is, if we have three commanders, A, B, and C, and A is the traitor: when A tells B to attack and C to retreat, and B and C send messages to each other, forwarding A's message, neither B nor C can figure out who is the traitor, since it isn't necessarily A—the other commander could have forged the message purportedly from A. It can be shown that if n is the number of generals in total, and t is the number of traitors in that n, then there are solutions to the problem only when n is greater than or equal to 3t + 1.
- A second solution requires unforgeable signatures (in modern computer systems, this may be achieved in practice using public-key cryptography), but maintains Byzantine fault tolerance in the presence of an arbitrary number of traitorous generals.
- Also presented is a variation on the first two solutions allowing Byzantine-fault-tolerant behavior in some situations where not all generals can communicate directly with each other.
Practical Byzantine fault tolerance
Byzantine fault tolerant replication protocols were long considered too expensive to be practical. Then in 1999, Miguel Castro and Barbara Liskov introduced the "Practical Byzantine Fault Tolerance" (PBFT) algorithm, which provides high-performance Byzantine state machine replication, processing thousands of requests per second with sub-millisecond increases in latency.
PBFT triggered a renaissance in BFT replication research, with protocols like Q/U, HQ, Zyzzyva, and ABsTRACTs  working to lower costs and improve performance and protocols like Aardvark and RBFT working to improve robustness.
UpRight is an open source library for constructing services that tolerate both crashes ("up") and Byzantine behaviors ("right") that incorporates many of these protocols' innovations.
One example of BFT in use is Bitcoin, a peer-to-peer digital currency system. The Bitcoin network works in parallel to generate a chain of Hashcash style proof-of-work. The proof-of-work chain is the key to overcome Byzantine failures and to reach a coherent global view of the system state.
Additionally to PBFT and Upright, there is also the BFT-SMaRt library, a high-performance Byzantine fault-tolerant state machine replication library developed in Java. This library implements a protocol very similar to PBFT's, plus complementary protocols which offer state transfer and on-the-fly reconfiguration of hosts. BFT-SMaRt is the most recent effort to implement state machine replication, still being actively maintained.
Archistar utilizes a slim BFT layer for communication. It prototypes a secure multi-cloud storage system within Java using GPLv2. Focus lies on simplicity and readability, it aims to be the foundation for further research projects.
- Atomic commit
- Brooks–Iyengar algorithm
- Byzantine Paxos
- Consensus (computer science)
- Quantum Byzantine agreement
- Lamport, L.; Shostak, R.; Pease, M. (1982). "The Byzantine Generals Problem". ACM Transactions on Programming Languages and Systems 4 (3): 382–401. doi:10.1145/357172.357176.
- "S3 Availability Event". Amazon. July 20, 2008.
- Pease, M.; Shostak, R.; Lamport, L. (April 1980). "Reaching Agreement in the Presence of Faults". Journal of the ACM 27 (2): 228–234. doi:10.1145/322186.322188.
- Feldman, P.; Micali, S. (1997). "An optimal probabilistic protocol for synchronous Byzantine agreement". SIAM J. Computing 26 (4): 873–933.
- Castro, M.; Liskov, B. (2002). "Practical Byzantine Fault Tolerance and Proactive Recovery". ACM Transactions on Computer Systems (Association for Computing Machinery) 20 (4): 398–461. CiteSeerX: 10.1.1.127.6130.
- Abd-El-Malek; Ganger, G.; Goodson, G.; Reiter, M.; Wylie, J. (2005). Fault-scalable Byzantine Fault-Tolerant Services. Symposium on Operating Systems Principles. Association for Computing Machinery. doi:10.1145/1095809.1095817.
- Cowling, James; Myers, Daniel; Liskov, Barbara; Rodrigues, Rodrigo; Shrira, Liuba (2006). "HQ Replication: A Hybrid Quorum Protocol for Byzantine Fault Tolerance". Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation. pp. 177–190. ISBN 1-931971-47-1.
- Kotla, Ramakrishna; Alvisi, Lorenzo; Dahlin, Mike; Clement, Allen; Wong, Edmund (December 2009). "Zyzzyva: Speculative Byzantine Fault Tolerance". ACM Transactions on Computer Systems (Association for Computing Machinery) 27 (4). doi:10.1145/1658357.1658358.
- Guerraoui, Rachid; Knežević, Nikola; Vukolić, Marko; Quéma, Vivien (2010). "The Next 700 BFT Protocols". Proceedings of the 5th European conference on Computer systems. EuroSys.
- Clement, A.; Wong, E.; Alvisi, L.; Dahlin, M.; Marchetti, M. (April 22–24, 2009). "Making Byzantine Fault Tolerant Systems Tolerate Byzantine Faults". Symposium on Networked Systems Design and Implementation. USENIX.
- Aublin, P.-L.; Ben Mokhtar, S.; Quéma, V. (July 8–11, 2013). "RBFT: Redundant Byzantine Fault Tolerance". 33rd IEEE International Conference on Distributed Computing Systems. International Conference on Distributed Computing Systems.
- UpRight. Google Code repository for the UpRight replication library.
- bitcointalk.org The Byzantine Generals' Problem
- BFT-SMaRt. Google Code repository for the BFT-SMaRt replication library.
- Archistar. github repository for the Archistar project.
- Archistar-bft BFT state-machine. github repository for the Archistar project.