nach oben

Distributed Computing

Erschienen in:

10.03.2022

Asynchronous reconfiguration with Byzantine failures

verfasst von: Petr Kuznetsov, Andrei Tonkikh

Erschienen in: Distributed Computing | Ausgabe 6/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Replicated services are inherently vulnerable to failures and security breaches. In a long-running system, it is, therefore, indispensable to maintain a reconfiguration mechanism that would replace faulty replicas with correct ones. An important challenge is to enable reconfiguration without affecting the availability and consistency of the replicated data: the clients should be able to get correct service even when the set of service replicas is being updated. In this paper, we address the problem of reconfiguration in the presence of Byzantine failures: faulty replicas or clients may arbitrarily deviate from their expected behavior. We describe a generic technique for building asynchronous and Byzantine fault-tolerant reconfigurable objects: clients can manipulate the object data and issue reconfiguration calls without reaching consensus on the current configuration. With the help of forward-secure digital signatures, our solution makes sure that superseded and possibly compromised configurations are harmless, that slow clients cannot be fooled into reading stale data, and that Byzantine clients cannot cause a denial of service by flooding the system with reconfiguration requests. Our approach is modular and based on dynamic Byzantine lattice agreement abstraction, and we discuss how to extend it to enable Byzantine fault-tolerant implementations of a large class of reconfigurable replicated services.

Vorheriger Artikel Special issue on DISC 2020

Nächster Artikel Making Byzantine consensus live

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

T is a parameter of the scheme and can be set arbitrarily large (with a modest overhead). We believe that \(T = 2^{32}\) or \(T = 2^{64}\) should be sufficient for most applications.

We assume that anyone who knows the id of a process also knows its public key. For example, the public key can be directly embedded into the identifier.

Additional care is needed to prevent the “slow reader” attack. See Sect. 6 for more details.

Recall that, unlike an operation, a function can be computed locally, without communicating with other processes, and the result only depends on the function’s input.

The analogy for the number of verifiable input configurations in crash fault-tolerant systems is the number of reconfiguration requests. In the context of Byzantine fault-tolerant systems, we have to talk about the number of verifiable input configurations instead because a single Byzantine client can simulate an infinite sequence of requests.

Indeed, set \( curVals \) at each correct replica can only grow, and the replicas only sign messages with the same set of verifiable input values as \( curVals \) (see lines 75–76)

If either p or q eventually halts or becomes Byzantine, their local histories are not required to converge.

Aguilera, M.K., Keidar, I., Malkhi, D., Martin, J.-P., Shraer, A., et al.: Reconfiguring replicated atomic storage: a tutorial. Bull. EATCS 102, 84–108 (2010)MathSciNetMATH

Aguilera, M.K., Keidar, I., Malkhi, D., Shraer, A.: Dynamic atomic storage without consensus. J. ACM 58(2), 7:1-7:32 (2011)MathSciNetCrossRefMATH

Alchieri, E., Bessani, A., Greve, F., da Silva Fraga, J: Efficient and modular consensus-free reconfiguration for fault-tolerant storage. In: OPODIS, pp. 26:1–26:17 (2017)

Alvisi, L., Malkhi, D., Pierce, E., Reiter, M.K., Wright, R.N.: Dynamic byzantine quorum systems. In: Proceeding International Conference on Dependable Systems and Networks. DSN 2000, pp. 283–292. IEEE (2000)

Aspnes, J., Attiya, H., Censor, K..: Max registers, counters, and monotone circuits. In: PODC, pp. 36–45 (2009)

Attiya, H., Bar-Noy, A., Dolev, D.: Sharing memory robustly in message-passing systems. J. ACM (JACM) 42(1), 124–142 (1995)CrossRefMATH

Attiya, H., Chung, H.C., Ellen, F., Kumar, S., Welch, J.L.: Emulating a shared register in a system that never stops changing. IEEE Trans. Parallel Distrib. Syst. 30(3), 44–559 (2019)CrossRefMATH

Attiya, H., Herlihy, M., Rachman, O.: Atomic snapshots using lattice agreement. Distrib. Comput. 8(3), 121–132 (1995)CrossRefMATH

Baldoni, R., Bonomi, S., Kermarrec, A.-M., Raynal, M.: Implementing a register in a dynamic distributed system. In: ICDCS, pp. 639–647 (2009)

10.

Bellare, M., Miner, S.K.: A forward-secure digital signature scheme. In: Annual International Cryptology Conference, pp. 431–448. Springer (1999)

11.

Boyen, X., Shacham, H., Shen, E., Waters, B.: Forward-secure signatures with untrusted update. In: Proceedings of the 13th ACM conference on Computer and communications security, pp. 191–200 (2006)

12.

Brewer, E.A.: Towards robust distributed systems (abstract). In: PODC, p. 7 (2000)

13.

Cachin, C., Guerraoui, R., Rodrigues, L.: Introduction to reliable and secure distributed programming. Springer (2011)

14.

Canetti, R., Halevi, S., Katz, J.: A forward-secure public-key encryption scheme. J. Cryptol. 20(3), 265–294 (2007)MathSciNetCrossRefMATH

15.

Douceur, J.R.: The sybil attack. In: International workshop on peer-to-peer systems, pp. 251–260. Springer (2002)

16.

Drijvers, M., Gorbunov, S., Neven, G., Wee, H..: Pixel: Multi-signatures for consensus. In: 29th USENIX Security Symposium (USENIX Security 20), August (2020)

17.

Faleiro, J., Rajamani, S., Rajan, K., Ramalingam, G., Vaswani, K.: Generalized lattice agreement. In: PODC, pp. 125–134 (2012)

18.

Fischer, M.J., Lynch, N.A., Paterson, M.S.: Impossibility of distributed consensus with one faulty process. J. ACM (JACM) 32(2), 374–382 (1985)MathSciNetCrossRefMATH

19.

Gafni, E.: Round-by-round fault detectors: unifying synchrony and asynchrony. In: PODC, pp. 143–152 (1998)

20.

Gafni, E., Malkhi, D.: Elastic configuration maintenance via a parsimonious speculating snapshot solution. In: DISC, pp. 140–153 (2015)

21.

Gifford, D.K.: Weighted voting for replicated data. In: SOSP, pp. 150–162 (1979)

22.

Gilbert, S., Lynch, N.: Brewer’s conjecture and the feasibility of consistent, available, partition-tolerant web services. SIGACT News 33(2), 51–59 (2002)

23.

Gilbert, S., Lynch, N.A., Shvartsman, A.A.: Rambo a robust, reconfigurable atomic memory service for dynamic networks. Distrib. Comput. 23(4), 225–272 (2010)CrossRefMATH

24.

Jehl, L., Vitenberg, R., Meling, H.: Smartmerge: a new approach to reconfiguration for atomic storage. In: DISC, pp. 154–169 (2015)

25.

Kermarrec, A.-M., Van Steen, M.: Gossiping in distributed systems. ACM SIGOPS Oper. Syst. Rev. 41(5), 2–7 (2007)

26.

Kumar, S., Welch, J.L.: Byzantine-tolerant register in a system with continuous churn. Preprint arXiv:1910.06716 (2019)

27.

Kuznetsov, P., Rieutord, T., Tucci-Piergiovanni, S.: Reconfigurable lattice agreement and applications. In: OPODIS (2019)

28.

Kuznetsov, P., Tonkikh, A..: Asynchronous reconfiguration with byzantine failures. In: 34th International Symposium on Distributed Computing, DISC 2020, October 12–16, 2020, Virtual Conference, vol. 179 of LIPIcs, pp. 27:1–27:17 (2020)

29.

Lamport, L., Malkhi, D., Zhou, L.: Reconfiguring a state machine. SIGACT News 41(1), 63–73 (2010)CrossRef

30.

Malkhi, D., Reiter, M.: Byzantine quorum systems. Distrib. Comput. 11(4), 203–213 (1998)CrossRefMATH

31.

Malkin, T., Micciancio, D., Miner, S.: Efficient generic forward-secure signatures with an unbounded number of time periods. In: International Conference on the Theory and Applications of Cryptographic Techniques, pp. 400–417. Springer (2002)

32.

Martin, J.-P., Alvisi, L.: A framework for dynamic byzantine storage. In: International Conference on Dependable Systems and Networks, 2004, pp. 325–334. IEEE (2004)

33.

Shapiro, M., Preguiça, N.M., Baquero, C., Zawirski, M.: Conflict-free replicated data types. In: SSS, pp. 386–400 (2011)

34.

Spiegelman, A., Keidar, I.: On liveness of dynamic storage. In: Structural Information and Communication Complexity—24th International Colloquium, SIROCCO 2017, Porquerolles, France, June 19–22, 2017, Revised Selected Papers, pp. 356–376 (2017)

35.

Spiegelman, A., Keidar, I., Malkhi, D.: Dynamic reconfiguration: abstraction and optimal asynchronous solution. In: DISC, pp. 40:1–40:15 (2017)

36.

Zheng, X., Hu, C., Garg, V.K.: Lattice agreement in message passing systems. In: DISC, pp. 41:1–41:17 (2018)

Titel: Asynchronous reconfiguration with Byzantine failures
verfasst von: Petr Kuznetsov
Andrei Tonkikh
Publikationsdatum: 10.03.2022
Verlag: Springer Berlin Heidelberg
Erschienen in: Distributed Computing / Ausgabe 6/2022
Print ISSN: 0178-2770
Elektronische ISSN: 1432-0452
DOI: https://doi.org/10.1007/s00446-022-00421-1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 6/2022

Special issue on DISC 2020

Making Byzantine consensus live

Distributed computation with continual population growth

Linial for lists

Premium Partner