A Generic Efficient Biased Optimizer for Consensus Protocols
Yehonatan Buchnik, Roy Friedman

TL;DR
This paper introduces a generic optimizer that enhances any consensus protocol to achieve single-round termination under certain conditions, with minimal cryptographic requirements and varying fault tolerance levels.
Contribution
It presents a universal optimizer that converts existing consensus protocols into single-round solutions under specific fault and validity assumptions.
Findings
Achieves single-round consensus when all nodes start with the same value and no Byzantine failures.
Works with benign failures for $f<n/2$ and Byzantine failures for $f<n/4$ or $f<n/3$ depending on validity.
Relies only on oral messages, requiring minimal cryptographic assumptions.
Abstract
Consensus is one of the most fundamental distributed computing problems. In particular, it serves as a building block in many replication based fault-tolerant systems and in particular in multiple recent blockchain solutions. Depending on its exact variant and other environmental assumptions, solving consensus requires multiple communication rounds. Yet, there are known optimistic protocols that guarantee termination in a single communication round under favorable conditions. In this paper we present a generic optimizer than can turn any consensus protocol into an optimized protocol that terminates in a single communication round whenever all nodes start with the same predetermined value and no Byzantine failures occur (although node crashes are allowed). This is regardless of the network timing assumptions and additional oracle capabilities assumed by the base consensus protocol…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
A Generic Efficient Biased Optimizer for Consensus Protocols
Yehonatan Buchnik and Roy Friedman
Computer Science Department
Technion
{yon_b,roy}@cs.technion.ac.il
Abstract
Consensus is one of the most fundamental distributed computing problems. In particular, it serves as a building block in many replication based fault-tolerant systems and in particular in multiple recent blockchain solutions. Depending on its exact variant and other environmental assumptions, solving consensus requires multiple communication rounds. Yet, there are known optimistic protocols that guarantee termination in a single communication round under favorable conditions.
In this paper we present a generic optimizer than can turn any consensus protocol into an optimized protocol that terminates in a single communication round whenever all nodes start with the same predetermined value and no Byzantine failures occur (although node crashes are allowed). This is regardless of the network timing assumptions and additional oracle capabilities assumed by the base consensus protocol being optimized.
In the case of benign failures, our optimizer works whenever the number of faulty nodes . For Byzantine behavior, our optimizer’s resiliency depends on the validity variant sought. In the case of classical validity, it can accommodate Byzantine failures. With the more recent external validity function assumption, it works whenever . Either way, our optimizer only relies on oral messages, thereby imposing very light-weight crypto requirements.
1 Introduction
Consensus [18] is one of the most studied problems in distributed computing [2, 21]. This is because any kind of coordination requires reaching an agreement. Also, in replicated systems, nodes generally need to agree on the order in which updates are applied to the system in order to maintain a consistent state. Yet, despite its simplicity and intuitive appeal, several impossibility results daunt researchers and designers of distributed systems. First and foremost, the seminal FLP results proves that consensus is not solvable in asynchronous distributed environments in which a single process may fail by crashing [12]. Also, lower bounds have been shown on the number of communication rounds needed to solve consensus [15, 19] as well as inherent tradeoffs between the availability and consistency of distributed systems [4].
Yet, it has been noted that in various settings some conditions are more likely to hold than others. This has led to the development of various optimistic consensus protocols that terminate quickly when certain favorable conditions hold. These may include lack of failures, or at least lack of certain types of failures, periods of network synchrony in an asynchronous network, as well as the composition of the proposed values.
In this work we explore the impact of assuming that one specific value is more likely to be proposed by all correct nodes. For example, in several blockchain protocols, the protocol can be viewed as repeatedly having a leader proposing a block and then all nodes running a binary consensus protocol for deciding whether to accept this value [6, 7, 11]. Hence, in the “common case” where there are no failures and the network behaves in a synchronous manner during that block generation process, all nodes will vote to accept the proposed block. Similarly, in a control system one can expect that under normal operating conditions all correct replicas will usually propose taking the same course of action as all are exposed to the same system state and sensor readings [23].
To that end, we develop a generic optimizer for consensus protocols which always terminates in a single communication round when all nodes propose the same a-priory preferred value and no Byzantine failures manifest (yet, they can be tolerated). Specifically, our optimizer can be applied to both the benign failures and Byzantine failures models and is independent of any other network and oracle assumptions needed by the base consensus protocol it optimizes. In the case of benign failures, we only require that the number of faulty nodes is bounded by . Here, whenever all nodes propose the same predefined value, the optimizer will always terminate in a single all-to-all communication round.
For the Byzantine failure model, we distinguish between two definitions of the consensus problem, one that is based on classical Byzantine validity vs. the more recently proposed external validity definition [8]. For classical validity, our optimizer requires and always terminates in one communication round whenever all nodes propose the same anticipated value and no Byzantine failures occur. Further, when Byzantine failure do occur, the termination and safety of the overall construction is upheld.
When the consensus definition requires external validity, our optimizer can tolerate . Under the assumption that either there is only two possible valid proposed values (binary consensus), or that the base protocol satisfies classical validity, our optimizer always terminates in one communication round whenever all nodes propose the same anticipated value and no Byzantine failures occur. As before, the overall correctness is maintained even when Byzantine failures do occur.
Note that sometimes the external validity function requires proposed values to carry a cryptocraphic proof. As cryptographic proofs are expected to be much larger than the value itself, we can further reduce the communication cost of the protocol in the optimistic phase by only broadcasting the values themselves in the first phase. Only if no decision can be made after the first phase, then the proofs are being broadcast so they can be fed to the validity functions. This means an additional communication phase when the first optimistic phase fails, but significantly smaller messages when the first phase succeeds. Hence, this last optimization is beneficial in situations where the first phase is likely to succeed in the vast majority of consensus invocations (and the proofs are substantially larger than values).
One critical requirement when dealing with Byzantine failures is to disallow impersonation, which is often ensured through cryptography. There are two common models for preventing impersonation, namely oral messages and signed messages. Oral messages can only guarantee to a receiver of a message which node has sent the message. Hence, it can be implemented using MAC tags. In practice, this can be made transparent to the application by utilizing transport level secure communication such as TLS, HTTPS, etc. Signed messages, on the other hand, include a publicly verifiable signature of the sender on the value being sent. This enables one node to prove to another node that it has received a certain value from a given third party. Hence, the signature must be explicitly generated by the application’s code, and requires either private/public key signatures and verification, or attaching a vector of MAC tags, one for each node, on each message. In other words, signed messages are more expensive and cumbersome to use. Our optimizer only requires oral messages when dealing with Byzantine failures. Hence, its cryptography related space and CPU time are minimal.
Finally, we also show a lower bound on the minimal resiliency required to terminate in one communication round in the Byzantine failure model subject to classical validity. Specifically, we show that for classical validity there is no asynchronous Byzantine consensus protocol that can ensure termination in one communication round after receiving only messages when .
Summary of contributions:
We develop a generic optimizer that ensures fast termination in one communication round when all processes start with the same value and Byzantine failures do not manifest. We instantiate the optimizer for both the benign and Byzantine failure model with optimal resiliency and formally prove their correctness. We also show a resiliency lower bound for such fast termination in the Byzantine failure model for solving consensus with classical validity.
Paper Organization
The rest of this paper is organized as follows: We survey other optimized consensus protocols in Section 2. The formal model and problems statements appear in Section 3. We present our generic optimizer in Section 4 and show the lower bound in Section 5. Finally, we conclude with a discussion in Section 6.
2 Related Work
The first work to explore one communication round consensus in the benign failure model is [5]. The basic protocol in [5] requires . That protocol is also extended to support a preferred value which improves the resiliency requirement to , similar to our work. The main contribution of this paper compared to [5] is in our exploration of this problem under Byzantine failures and in the fact that we present a single generic optimizer for both failure models.
The work of [14] explored simple Byzantine consensus protocols that can terminate in a single communication round whenever all nodes start with the same value and certain failures do not manifest. Yet, the probabilistic protocol of [14] required while their deterministic protocol needed . In contrast, our optimizer when instantiated to Byzantine failures can withstand up to with the classical validity definition (and with external validity, which was not explored in [14]). This is due to biasing the consensus into preferring a certain value. The price that we pay compared to [14] is that if all nodes start with the non-preferable value and the respective failures do not manifest, the protocol in [14] would terminate in a single communication step while our optimizer would have to invoke the full protocol.
Traditional deterministic Byzantine consensus protocols, most notably PBFT [9] require at least 3 communication rounds to terminate. Multiple works that reduce this number have been published, each presenting a unique optimization. The Q/U work presented a client driven protocol [1] which enables termination in two communication rounds when favorable conditions are met. Yet, its resiliency requirement is , compared to our for the classical validity and for external validity. The HQ work improved the resiliency of Q/U to , yet does not perform well under high network load [10]. Also, our optimizer is generic whereas Q/U and HQ are specialized solutions, each tailored to its intricate protocol.
The Fast Byzantine Consensus (FaB) protocol was the first protocol to implement a Byzantine consensus protocol that terminates in two communication phases in the normal case while requiring [19]. The normal case in [19] is defined as when there is a unique correct leader, all correct acceptors agree on its identity, and the system is in a period of synchrony. This protocol translates into a phase state machine replication protocol. Another variant can accommodate , where is the upper bound on non-leaders suffering Byzantine failures.
Zyzzyva is a client driven protocol [16] which terminates after communication rounds (including the communication between the client and the replicas) whenever the client receives identical replies from all replicas. Our optimizer obtains termination in a single communication round among the replicas even when upto of them may crush or be slow. This is by relying on all-to-all communication, and ensuring fast termination only when the preferred value is included in the first replies. Also, our optimizer is generic while Zyzzyva and FaB are specialized solutions.
A generic construction for optimized Byzantine consensus protocols appears in [3] along with its Aliph and Azyzzyva instantiations. The construction in [3] enables switching between Byzantine consensus protocols depending on the changing environment conditions in a safe manner. In particular, it is possible to switch from an optimistic fast protocol that fails to terminate to a recovery protocol that would ensure overall correctness. Both Aliph and Azyzzyva are client driven protocols, which require receiving timely identical replies from all replicas. Hence, our optimizer can terminate quickly in worse environment conditions if the preferred value is also the one supported by most nodes.
The condition based approach for solving consensus identifies various sets of input values that enable solving consensus fast [20]. This is by treating the set of input values held by all processes as an input vector to the problem. Specifically, the work in [13] showed that when the possible input vectors correspond to error correcting codes, then consensus is solvable in a single communication round regardless of synchrony assumptions.
3 Preliminaries
Basics:
We consider a distributed system consisting of nodes communicating by sending messages over a network. We assume that the network maintains integrity, meaning that messages delivered by the network were indeed sent by their claimed sender and that their content is not corrupted. The level of reliability of the network defines which portions and under which circumstances messages sent between two nodes must be delivered by the network. Additionally, the level of synchrony is the system defines if and what type of bounds exist on the latency between sending a message and its recipient and whether nodes have access to clocks and if so, how synchronized these clocks are. Our optimizer mechanism only requires that during its optimizing phase, messages transmitted between two correct nodes (to be defined shortly) are eventually delivered. In particular, we do not assume anything about the synchrony of the system. When the base protocol we are optimizing is invoked, the network reliability and synchronization assumptions under which that protocol was designed to work must hold.
Failure Modesl and Resiliency:
Out of the nodes in the system, up to nodes may be faulty while the others are correct. In the benign failure model, nodes may only fail by crashing, i.e., they might halt their execution. In the Byzantine failures model, faulty nodes may deviate arbitrarily from their protocol. Yet, given our integrity assumptions, nodes may not impersonate each other. In particular, we assume that there are no Sybil attacks. The ratio between and is known as the resiliency level of the system. The level of synchrony, reliability, failure model, and the problem being addressed all impact the maximal level of resiliency that can be obtained [21].
Cryptography is a common way to thwart impersonation. Here we can distinguish between the oral messages model and the signed messages model. Oral messages can only ensure to the receiver that the message it received from the network was indeed sent by its claimed sender. In practice, this can be implemented using MACs, which are relatively cheap, and is often made transparent to the protocol’s code by relying on secure transport protocols such as TLS or HTTPS. Signed messages enable verifying that a specific value was sent by a specific node, and hence can be used to securely pass values through intermediary nodes, or verify that the same value was sent to all nodes. In practice, the signed messages model is typically implemented through asymmetric key cryptography [22] or attaching vectors of MAC tags [9]. Our optimizer mechanism only requires oral messages (in the Byzantine failures model).
Benign Consensus:
As mentioned before, in this paper we address the consensus problem. We start with the common definition of consensus in the benign failure model and then extend it to the Byzantine failure model. In the consensus problem each node has an initial value , also known as the proposed value of . The nodes must each decide on a value such that:
Validity
Any decided value must be proposed by some process.
Agreement
All correct processes decide on the same value.
Termination
Every correct process eventually decides.
Byzantine Consensus:
When Byzantine failures are considered, the value proposed by a Byzantine process is somewhat meaningless, since a Byzantine node may propose an arbitrary value and even pretend to propose different values to different nodes. Hence, a common approach for defining Byzantine consensus is to require:
Byzantine Validity
If all correct processes propose the same value, then this is the only value that can be decided.
Byzantine Agreement
Same as agreement.
Byzantine Termination
Same as termination.
External Validity Byzantine Consensus:
A shortcoming of Byzantine validity is that whenever not all correct nodes start with the same value, any value may be decided. Further, in some applications, such as blockchains, even a Byzantine node may propose a value that is valid w.r.t. the systems goals. This leads to the definition of external validity Byzantine consensus [8]. Here, one assumes an external boolean validity function valid() whose output is true iff is a valid proposed value and requires:
Byzantine External Validity
Any decided value must satisfy valid() = true.
Byzantine Agreement
Same as agreement.
Byzantine Termination
Same as termination.
4 The Biased Optimizer
We present the generic optimizer in Section 4.1. This is followed by the instantiates to the various failure models: the benign failure model is discussed in Section 4.2, Byzantine failures with classic validity are handled in Section 4.3, while Byzantine failures with external validity are addressed in Section 4.4.
4.1 Generic Optimizer
Algorithm 1 depicts the pseudocode for the generic optimizer algorithm from the point of view of node . Initially, each node broadcast its proposed value to all others (Line 2)111 Here the term broadcast is equivalent to sending the same message point-to-point to all other nodes.. Next, each node waits until it receives at least proposals from distinct nodes. If all these values are the same as the biased value, the node decides and returns. Otherwise, if the received proposals match an adoption criteria (AdoptionCriteria) for the value , the local node invokes the standard consensus protocol with a value (Line 9). Otherwise, the standard consensus protocol is invoked with the originally proposed value for the local node (Line 11). Finally, if a node has already decided in the optimistic phase, but it notices that the standard consensus protocol has been invoked by another process (Line 14), then invokes the consensus with the value (the only one could have decided on). This is in order to ensure that enough nodes participate in the standard consensus protocol to enable its termination.
4.2 Instantiation to Benign Failures
For benign failures, the failure resiliency is , that is, we assume . The AdoptionCriteria is simply to check whether the collection of received votes includes at least one instance of the biased value . Here, if at least one node has received only (the preferred) values in Line 3, the only value it might decide on is . The worst that can happen is that all other nodes started with a different value, as illustrated in Figure 1. Yet, by the resiliency assumption, in this case any other node must have received at least one proposal. Hence, all nodes would invoke the base consensus protocol with and by the validity and termination conditions of the consensus protocol would decide .
In no node receives values of , then it is clear that the standard consensus protocol would be invoked by each node with a value that was proposed by some node. Hence, validity would be preserved as well. The formal proof is given below.
Lemma 4.2.1**.**
The protocol listed in Algorithm 1 satisfies termination as long as .
Proof.
As can be seen from the code, as long as , the protocol either decides and returns in Line 6 or invokes the base consensus protocol in Lines 9 or 11. If at least one node invokes the base consensus protocol, then by Line 14 all nodes invoke this protocol (once). Hence, by the termination of the base consensus protocol, Algorithm 1 also terminates. ∎
Lemma 4.2.2**.**
The protocol listed in Algorithm 1 satisfies validity.
Proof.
Clearly from the code, the value decided in Line 6 is proposed by some (in fact by multiple) node(s). Similarly, if a value is adopted by the AdoptionCriteria, it is also proposed by some node. Hence, all invocations of the base consensus protocol in Lines 9 or 11 are with values proposed by some node. By the validity of the base consensus protocol, overall validity is satisfied. ∎
Lemma 4.2.3**.**
The protocol listed in Algorithm 1 satisfies agreement.
Proof.
Since there is only one preferred value , if all nodes decide in Line 6 then they all decide on the same value (). Similarly, if all nodes decide by invoking the base consensus protocol in Lines 9 or 11, then by the agreement property of this protocol all nodes decide on the same value. Hence, the only potential violation of agreement is if some nodes decide in Line 6 while others invoke the base consensus protocol in Lines 9 or 11. Suppose node decides in Line 6. In this case, it has received at least votes for . Suppose all missing votes are and some other node has received these votes. However, as , must receive at least vote for and therefore would adopt by the AdoptionCriteria222 Notice that if in some execution the number of faulty nodes surpasses the assumed upper bound , then the protocol would be stuck in Line 3 and agreement would be trivially preserved.. As this applies to any , all nodes that invoke the base consensus protocol in Lines 9 or 11 invoke it with . Hence, by the validity property of this protocol only can be decided so overall agreement is also satisfied. ∎
From Lemmas 4.2.1, 4.2.2 and 4.2.3, we immediately have the following theorem:
Theorem 4.2.1**.**
The protocol listed in Algorithm 1 solves consensus when up to nodes may fail by crashing.
4.3 Byzantine Failures with Classical Validity
For the Byzantine failure model with classical validity, we provide a resiliency of , i..e, . Here, the AdoptionCriteria is simply to check whether the collection of received votes includes at least instances of the preferred value .
Intuitively, if at least nodes broadcast , then we know that at least one correct node proposed and therefore can be decided on in terms of validity. On the other hand, if some node decided due to receiving values , then it is possible that the other were simply late but all of them proposed value . In this case, another node might have received these votes first and might have received from all Byzantine nodes, collecting in total votes for . This is illustrated in Figure 2. Yet, as we assumed that , such a node must receive at least votes for and would therefore adopt by the AdoptionCriteria and start the base consensus protocol with .
In conclusion, all correct nodes would either decide in the optimizer phase, or would propose in the standard consensus algorithm. In the latter case, due to its validity property, the decision value must also be . The complete formal proof appears below.
Lemma 4.3.1**.**
The protocol listed in Algorithm 1 satisfies Byzantine termination as long as .
Proof.
The proof is identical to the proof of Lemma 4.2.1. ∎
Lemma 4.3.2**.**
The protocol listed in Algorithm 1 satisfies Byzantine validity.
Proof.
Clearly from the code, the value decided by a correct node in Line 6 must be proposed by at least one correct node given that and that in Line 3 the node collects votes. In particular, if all correct nodes proposed the same value, this is the only value that can be decided at this stage. Similarly, if a value is adopted by the AdoptionCriteria, it is also proposed by some correct node. Hence, all invocations by correct nodes of the base consensus protocol in Lines 9 or 11 are with values proposed by some correct node. By the validity of the base consensus protocol, overall validity is satisfied. ∎
Lemma 4.3.3**.**
The protocol listed in Algorithm 1 satisfies Byzantine agreement when .
Proof.
Since there is only one preferred value , if all correct nodes decide in Line 6 then they all decide on the same value (). Similarly, if all correct nodes decide by invoking the base consensus protocol in Lines 9 or 11, then by the agreement property of this protocol all correct nodes decide on the same value. Hence, the only potential violation of agreement is if some correct nodes decide in Line 6 while others invoke the base consensus protocol in Lines 9 or 11. Suppose correct node decides in Line 6. In this case, it has received at least votes for . Suppose all missing votes are and some other node has received these votes. Further, the worst that can happen is that among the votes for that has received, were sent by Byzantine nodes who send the value to . Putting it all together, as , node must receive at least votes for and therefore would adopt by the AdoptionCriteria. As this applies to any , all correct nodes that invoke the base consensus protocol in Lines 9 or 11 invoke it with . Hence, by the validity property of this protocol only can be decided so overall agreement is also satisfied. ∎
From Lemmas 4.3.1, 4.3.2 and 4.3.3, we immediately have the following theorem:
Theorem 4.3.1**.**
The protocol listed in Algorithm 1 solves Byzantine consensus with classic validity when up to nodes may incur Byzantine failures.
4.4 Byzantine Failures with External Validity
We split the discussion of external validity into two parts. First, we instantiate Algorithm 1 for this failure model in a manner that is oblivious to the proof that each value may carry, which might affect how the external validity function may decide if a value is valid. This is done in Section 4.4.1. Next, in Section 4.4.2 we present another optimization that can reduce the amount of data being communicated in the optimistic case by separating between values and their proofs.
4.4.1 Proof Oblivious Protocol
Here, due to the use of an external validy function, we can raise the resiliency level to . This is because if the preferred value is valid, we can decide on it even if it was proposed by any node, correct or Byzantine. We make the following three assumptions:
Assumption 1
Any value proposed by a correct node is valid (both and are possible).
Assumption 2
The base consensus protocol satisfies classical validity (does not have to satisfy external validity).
Assumption 3
Either () there are only two possible proposed and decision values (known also as binary consensus), or () the base consensus protocol also satisfies external validity.
With these assumptions, the AdoptionCriteria becomes adopting if and is valid.
As shown in Figure 3, with it is possible that some correct node receives instances of the preferred value and some other correct process only receives a single vote for . However, in such a case each correct process that does not decide in the optimizer phase must adopt and propose it to the standard consensus protocol. Hence, the consensus protocol must decide . The complete formal proof follows.
Lemma 4.4.1**.**
The protocol listed in Algorithm 1 satisfies Byzantine termination as long as .
Proof.
The proof is identical to the proof of Lemma 4.2.1. ∎
Lemma 4.4.2**.**
The protocol listed in Algorithm 1 satisfies Byzantine external validity.
Proof.
Clearly from the code, the value decided by a correct node in Line 6 must be proposed by at least one correct node given that and that in Line 3 the node collects votes. By Assumption 1, is valid (w.r.t. external validity). Similarly, if the value is adopted by the AdoptionCriteria, it is also valid. Hence, all invocations by correct nodes of the base consensus protocol in Lines 9 or 11 are with valid values.
We claim that from Assumption 3 (regarding the base consensus protocol), overall validity is also satisfied. Suppose part () of this assumption holds. Then if all correct nodes invoked the base consensus protocol with the same value (which we showed has to be valid), then only this value can be decided. Otherwise, some correct processes invoked consensus with one value and the others with another, both have to be valid, and these are the only two possible decision values. Hence, only valid values can be decided on.
In case part () holds, then by the external validity of the base consensus protocol, overall validity is satisfied. ∎
Lemma 4.4.3**.**
The protocol listed in Algorithm 1 satisfies Byzantine agreement when .
Proof.
As in the proof of Lemma 4.3.3, since there is only one preferred value , if all correct nodes decide in Line 6 then they all decide on the same value (). Similarly, if all correct nodes decide by invoking the base consensus protocol in Lines 9 or 11, then by the agreement property of this protocol all correct nodes decide on the same value. Hence, the only potential violation of agreement is if some correct nodes decide in Line 6 while others invoke the base consensus protocol in Lines 9 or 11.
Suppose correct node decides in Line 6. In this case, it has received at least votes for meaning that at least correct nodes voted . Suppose all missing votes are and some other node has received these votes. Further, the worst that can happen is that among the votes for that has received, were sent by Byzantine nodes who send the value to . Putting it all together, as , node must receive at least one vote for from a correct node, which by Assumption 1 means that is valid, and therefore would adopt by the AdoptionCriteria. As this applies to any , all correct nodes that invoke the base consensus protocol in Lines 9 or 11 invoke it with . Hence, by the validity property of this protocol (Assumption 2), only can be decided so overall agreement is also satisfied. ∎
From Lemmas 4.4.1, 4.4.2 and 4.4.3, we immediately have the following theorem:
Theorem 4.4.1**.**
The protocol listed in Algorithm 1 solves Byzantine consensus with external validity when up to nodes may incur Byzantine failures.
4.4.2 Proof Aware Variant
We now explore another communication optimization when the validity function depends on the cryptographic proof that is part of the value. That is, the initial value of each node is composed of . As the proof is large and would rarely be used, in the first phase we can send just the value ; only if any node needs to check the AdoptionCriteria then nodes would exchange their proofs . With the same Assumptions 1–3 and AdoptionCriteria as in Section 4.4.1, the above described proof aware protocol is listed in Algorithm 2.
As can be seen, the only difference between Algorithm 1 and Algorithm 2 is that nodes initially only exchange the value part of their proposal. Only if it is not enough to decide, then they also exchange the proofs and invoke the base consensus protocol accordingly. The proof is essentially the same as in Section 4.4.1.
5 Lower Bound
In this section, we show that for classical validity, even when there is a preferred value , there is no asynchronous Byzantine consensus protocol that always terminates in a single round when all nodes start with the preferred value and there are no Byzantine failures.
Theorem 5.0.1**.**
When , there does not exist an asynchronous Byzantine consensus protocol that always terminate in a single communication round for nodes that receive messages from only nodes (or fewer) in that round and no Byzantine failures manifest even when there is a preferred value.
Proof.
Assume by way of contradiction that such a protocol exists. Consider an execution of in which correct nodes start with a value while additional nodes are Byzantine whom are started with , as illustrated in Figure 4. Consider a correct node that receives at most messages from correct nodes and at most messages from the Byzantine nodes, yet any message potentially sent by the other nodes is not received by until after time to be defined shortly. The Byzantine processes send to the same messages they would have generated in had they been started with (so Byzantine failures do not manifest in this execution). Since by assumption when executing node must eventually decide without receiving additional messages, then must ultimately decide at time and we set . As all correct nodes started with in , must have decided in .
Next, consider an execution in which all processes that did not receive their messages until time in are started with value , the Byzantine nodes send to exactly the same messages as in , and up until time all timings are identical to . Hence, up until time node cannot distinguish between and and therefore must decide in as well.
Further, in execution there is another correct node such that does not receive any of the messages from a subset of correct nodes that includes until after some time to be defined shortly. The messages sent to by the Byzantine nodes match exactly their prescribed behavior in had they been started with . Since we assume that is an asynchronous Byzantine agreement protocol, then eventually must decide at some time , and we set . Since has decided in , by Byzantine agreement must also decide in .
Finally, consider a third execution of in which one of the correct nodes that started with in is Byzantine in , while all other nodes are correct and start with . Further, all timings are the same between and up until time . Hence, cannot distinguish between and up to time and therefore must decide at time . However, all correct processes proposed in , a violation of classical validity. A contradiction. ∎
Notice that the above lower bound does not hold if we allow nodes in Line 3 of Algorithm 1 to wait on a timeout and at least votes. In such a case, a correct solution with is to decide on the value only if a node collects votes and all received votes are the same while the adoption criteria would be to adopt the value if values are . Yet, this solution only works when the network is in a synchronous period and there is a known upper bound for the usual message latency. Also, it requires receiving messages from all nodes, meaning that it always works at the paste of the slowest node. Further, advancement to the base consensus protocol in case a fast decision cannot be made always waits for the worst case expected network latency.
6 Discussion
In this work, we explored the communication benefits of biasing consensus into preferring a specific decision value whenever that value can be decided on while preserving the standard consensus correctness requirements. To that end, we have presented a generic optimizer code that can take an arbitrary consensus protocol and optimize it so that whenever some favorable conditions occur, then the protocol terminates in a single all-to-all communication round. Locally, the favorable conditions are that the first values a given node receives are all the same preferred value . Globally, if this occurs for all correct processes, then all correct processes terminate quickly and efficiently. This is regardless of any timing assumptions and reliability assumptions (other than that the network cannot generate or modify messages), and regardless of any oracles etc.
In practice, our favorable conditions will hold, e.g., whenever all nodes start with the same value and no Byzantine failures manifest. Yet, up to benign failures can still occur, and the instantiations of the generic construction to the Byzantine failure mode ensure correctness even when Byzantine failure do occur (when Byzantine failures do occur, this may induce extra communication costs). As we mentioned before, guessing the preferred consensus value can be done, e.g., in several recent blockchain protocols [6, 7, 11] (here the biased value is to approve the leader’s block proposal), in strongly consistent primary backup replication [17] (here the biased value is to accept the master’s most recent update), and in various control systems [23]. In case the guessed preferred value cannot be decided on (a “bad guess”), the only harm is additional communication rounds.
Acknowledgements
This work was partially funded by ISF grant #1505/16.
The reference list from the paper itself. Each links out to its DOI / PubMed record.
- 1[1] M. Abd-El-Malek, G. R. Ganger, G. R. Goodson, M. K. Reiter, and J. J. Wylie. Fault-scalable Byzantine Fault-tolerant Services. In Proceedings of the 20th ACM Symposium on Operating Systems Principles , SOSP, pages 59–74, 2005.
- 2[2] H. Attiya and J. Welch. Distributed Computing: Fundamentals, Simulations and Advanced Topics (2nd edition) . John Wiley Interscience, March 2004.
- 3[3] P.-L. Aublin, R. Guerraoui, N. Knežević, V. Quéma, and M. Vukolić. The Next 700 BFT Protocols. ACM Trans. Comput. Syst. , 32(4), Jan. 2015.
- 4[4] K. Birman and R. Friedman. Trading Consistency for Availability in Distributed Systems. Technical Report TR 96-1579, Computer Science Department, Cornell University, Apr. 1996.
- 5[5] F. V. Brasileiro, F. Greve, A. Mostéfaoui, and M. Raynal. Consensus in One Communication Step. In Proceedings of the 6th International Conference on Parallel Computing Technologies , Pa CT, pages 42–50. Springer-Verlag, 2001.
- 6[6] E. Buchman. Tendermint: Byzantine Fault Tolerance in the Age of Blockchains. Master’s thesis, University of Guelph, 2016.
- 7[7] Y. Buchnik and R. Friedman. TOY: a Total ordering Optimistic s Ystem for Permissioned Blockchains. Co RR , abs/1901.03279, January 2019. Full Version.
- 8[8] C. Cachin and M. Vukolic. Blockchain Consensus Protocols in the Wild. Co RR , abs/1707.01873, 2017.
