Fast Byzantine Leader Election in Dynamic Networks

International audienceWe study the fundamental Byzantine leader election problem in dynamic networks where the topology can change from round to round and nodes can also experience heavy churn (i.e., nodes can join and leave the network continuously over time). We assume the full information model where the Byzantine nodes have complete knowledge about the entire state of the network at every round (including random choices made by all the nodes), have unbounded computational power and can deviate arbitrarily from the protocol. The churn is controlled by an adversary that has complete knowledge and control over which nodes join and leave and at what times and also may rewire the topology in every round and has unlimited computational power, but is oblivious to the random choices made by the algorithm.Our main contribution is an O(log^3 n) round algorithm that achieves Byzantine leader election under the presence of up to O(n^(1/2)−ε) Byzantinenodes (for a small constant ε > 0) and a churn of up to O( √n/ polylog(n)) nodes per round (where n is the stable network size). The algorithm elects a leader with probability at least 1 − n^(−Ω(1)) and guarantees that it is an honest node with probability at least 1 − n^(−Ω(1)); assuming the algorithm succeeds, the leader’s identity will be known to a 1 − o(1) fraction of the honest nodes. Our algorithm is fully-distributed, lightweight, and is simple to implement. It is also scalable, as it runs in polylogarithmic (in n) time and requires nodes to send and receive messages of only polylogarithmic size per round. To the best of our knowledge, our algorithm is the first scalable solution for Byzantine leader election in a dynamic network with a high rate of churn; our protocol can also be used to solve Byzantine agreement in a straightforward way. We also show how to implement an (almost-everywhere) public coin with constant bias in a dynamic network with Byzantine nodes and provide a mechanism for enabling honest nodes to store information reliably in the network, which might be of independent interest

Simple and Optimal Randomized Fault-Tolerant Rumor Spreading

We revisit the classic problem of spreading a piece of information in a group of $n$ fully connected processors. By suitably adding a small dose of randomness to the protocol of Gasienic and Pelc (1996), we derive for the first time protocols that (i) use a linear number of messages, (ii) are correct even when an arbitrary number of adversarially chosen processors does not participate in the process, and (iii) with high probability have the asymptotically optimal runtime of $O(\log n)$ when at least an arbitrarily small constant fraction of the processors are working. In addition, our protocols do not require that the system is synchronized nor that all processors are simultaneously woken up at time zero, they are fully based on push-operations, and they do not need an a priori estimate on the number of failed nodes. Our protocols thus overcome the typical disadvantages of the two known approaches, algorithms based on random gossip (typically needing a large number of messages due to their unorganized nature) and algorithms based on fair workload splitting (which are either not {time-efficient} or require intricate preprocessing steps plus synchronization).Comment: This is the author-generated version of a paper which is to appear in Distributed Computing, Springer, DOI: 10.1007/s00446-014-0238-z It is available online from http://link.springer.com/article/10.1007/s00446-014-0238-z This version contains some new results (Section 6

Storage and Search in Dynamic Peer-to-Peer Networks

We study robust and efficient distributed algorithms for searching, storing, and maintaining data in dynamic Peer-to-Peer (P2P) networks. P2P networks are highly dynamic networks that experience heavy node churn (i.e., nodes join and leave the network continuously over time). Our goal is to guarantee, despite high node churn rate, that a large number of nodes in the network can store, retrieve, and maintain a large number of data items. Our main contributions are fast randomized distributed algorithms that guarantee the above with high probability (whp) even under high adversarial churn: 1. A randomized distributed search algorithm that (whp) guarantees that searches from as many as $n - o(n)$ nodes ($n$ is the stable network size) succeed in ${O}(\log n)$-rounds despite ${O}(n/\log^{1+\delta} n)$ churn, for any small constant $\delta > 0$, per round. We assume that the churn is controlled by an oblivious adversary (that has complete knowledge and control of what nodes join and leave and at what time, but is oblivious to the random choices made by the algorithm). 2. A storage and maintenance algorithm that guarantees (whp) data items can be efficiently stored (with only $\Theta(\log{n})$ copies of each data item) and maintained in a dynamic P2P network with churn rate up to ${O}(n/\log^{1+\delta} n)$ per round. Our search algorithm together with our storage and maintenance algorithm guarantees that as many as $n - o(n)$ nodes can efficiently store, maintain, and search even under ${O}(n/\log^{1+\delta} n)$ churn per round. Our algorithms require only polylogarithmic in $n$ bits to be processed and sent (per round) by each node. To the best of our knowledge, our algorithms are the first-known, fully-distributed storage and search algorithms that provably work under highly dynamic settings (i.e., high churn rates per step).Comment: to appear at SPAA 201

Broadcast CONGEST Algorithms against Adversarial Edges

We consider the corner-stone broadcast task with an adaptive adversary that controls a fixed number of $t$ edges in the input communication graph. In this model, the adversary sees the entire communication in the network and the random coins of the nodes, while maliciously manipulating the messages sent through a set of $t$ edges (unknown to the nodes). Since the influential work of [Pease, Shostak and Lamport, JACM'80], broadcast algorithms against plentiful adversarial models have been studied in both theory and practice for over more than four decades. Despite this extensive research, there is no round efficient broadcast algorithm for general graphs in the CONGEST model of distributed computing. We provide the first round-efficient broadcast algorithms against adaptive edge adversaries. Our two key results for $n$-node graphs of diameter $D$ are as follows: 1. For $t=1$, there is a deterministic algorithm that solves the problem within $\widetilde{O}(D^2)$ rounds, provided that the graph is 3 edge-connected. This round complexity beats the natural barrier of $O(D^3)$ rounds, the existential lower bound on the maximal length of $3$ edge-disjoint paths between a given pair of nodes in $G$. This algorithm can be extended to a $\widetilde{O}(D^{O(t)})$-round algorithm against $t$ adversarial edges in $(2t+1)$ edge-connected graphs. 2. For expander graphs with minimum degree of $\Omega(t^2\log n)$, there is an improved broadcast algorithm with $O(t \log ^2 n)$ rounds against $t$ adversarial edges. This algorithm exploits the connectivity and conductance properties of G-subgraphs obtained by employing the Karger's edge sampling technique. Our algorithms mark a new connection between the areas of fault-tolerant network design and reliable distributed communication.Comment: accepted to DISC2

Simple and Optimal Fault-tolerant Rumor Spreading

We present rumor spreading protocols for the complete graph topology that are robust against an arbitrary number of adversarial initial node failures. Our protocols are the first rumor spreading protocols combining the following three properties: they can tolerate any number of failures, they distribute the rumor to all nodes using linear number of messages (actually they use strictly minimal $n-1$ messages), and if an arbitrarily small constant fraction $p$ of nodes (including the initiator of the rumor) are working correctly, our protocols communicate the rumor to all members in the network in $O(\log(n))$ rounds. Our protocols are simpler than previous fault-tolerant rumor spreading protocols in this model, they do not require synchronization (i.e., their correctness is independent on the relative speeds of the nodes), and they do not require a simultaneous wakeup of all nodes at time 0

Consensus in Networks Prone to Link Failures

We consider deterministic distributed algorithms solving Consensus in synchronous networks of arbitrary topologies. Links are prone to failures. Agreement is understood as holding in each connected component of a network obtained by removing faulty links. We introduce the concept of stretch, which is a function of the number of connected components of a network and their respective diameters. Fast and early-stopping algorithms solving Consensus are defined by referring to stretch resulting in removing faulty links. We develop algorithms that rely only on nodes knowing their own names and the ability to associate communication with local ports. A network has $n$ nodes and it starts with $m$ functional links. We give a general algorithm operating in time $n$ that uses messages of $O(\log n)$ bits. If we additionally restrict executions to be subject to a bound $\Lambda$ on stretch, then there is a fast algorithm solving Consensus in time $O(\Lambda)$ using messages of $O(\log n)$ bits. Let $\lambda$ be an unknown stretch occurring in an execution; we give an algorithm working in time $(\lambda+2)^3$ and using messages of $O(n\log n)$ bits. We show that Consensus can be solved in the optimal $O(\lambda)$ time, but at the cost of increasing message size to $O(m\log n)$. We also demonstrate how to solve Consensus by an algorithm that uses only $O(n)$ non-faulty links and works in time $O(n m)$, while nodes start with their ports mapped to neighbors and messages carry $O(m\log n)$ bits. We prove lower bounds on performance of Consensus solutions that refer to parameters of evolving network topologies and the knowledge available to nodes

Doing-it-All with Bounded Work and Communication

We consider the Do-All problem, where $p$ cooperating processors need to complete $t$ similar and independent tasks in an adversarial setting. Here we deal with a synchronous message passing system with processors that are subject to crash failures. Efficiency of algorithms in this setting is measured in terms of work complexity (also known as total available processor steps) and communication complexity (total number of point-to-point messages). When work and communication are considered to be comparable resources, then the overall efficiency is meaningfully expressed in terms of effort defined as work + communication. We develop and analyze a constructive algorithm that has work $O( t + p \log p\, (\sqrt{p\log p}+\sqrt{t\log t}\, ) )$ and a nonconstructive algorithm that has work $O(t +p \log^2 p)$. The latter result is close to the lower bound $\Omega(t + p \log p/ \log \log p)$ on work. The effort of each of these algorithms is proportional to its work when the number of crashes is bounded above by $c\,p$, for some positive constant $c < 1$. We also present a nonconstructive algorithm that has effort $O(t + p ^{1.77})$

Practical Provably Secure Flooding for Blockchains

In recent years, permisionless blockchains have received a lot of attention both from industry and academia, where substantial effort has been spent to develop consensus protocols that are secure under the assumption that less than half (or a third) of a given resource (e.g., stake or computing power) is controlled by corrupted parties. The security proofs of these consensus protocols usually assume the availability of a network functionality guaranteeing that a block sent by an honest party is received by all honest parties within some bounded time. To obtain an overall protocol that is secure under the same corruption assumption, it is therefore necessary to combine the consensus protocol with a network protocol that achieves this property under that assumption. In practice, however, the underlying network is typically implemented by flooding protocols that are not proven to be secure in the setting where a fraction of the considered total weight can be corrupted. This has led to many so-called eclipse attacks on existing protocols and tailor-made fixes against specific attacks. To close this apparent gap, we present the first practical flooding protocol that provably delivers sent messages to all honest parties after a logarithmic number of steps. We prove security in the setting where all parties are publicly assigned a positive weight and the adversary can corrupt parties accumulating up to a constant fraction of the total weight. This can directly be used in the proof-of-stake setting, but is not limited to it. To prove the security of our protocol, we combine known results about the diameter of Erdős–Rényi graphs with reductions between different types of random graphs. We further show that the efficiency of our protocol is asymptotically optimal. The practicality of our protocol is supported by extensive simulations for different numbers of parties, weight distributions, and corruption strategies. The simulations confirm our theoretical results and show that messages are delivered quickly regardless of the weight distribution, whereas protocols that are oblivious of the parties\u27 weights completely fail if the weights are unevenly distributed. Furthermore, the average message complexity per party of our protocol is within a small constant factor of such a protocol