1.1 Model and Definition

RUBI - 2014 - Exercices

Maria Potop-Butucaru, Franck Petit, S´ ebastien Tixeuil

1 Byzantine broadcast in a triangular network

1.1 Model and Definition

In this exercice, we consider atriangular network:

We study an algorithm that enables a particular correct process (the source) to communicate an information m0 to the rest of the network, despite the presence of Byzantine processes. We assume that the distance between two Byzantine processes is more than 2.

Let sbe the source. The other processes know the identity of the source. Each node pholds a value vp, that the neighbors ofpcan read. The initial configuration is the following: vs=m0, and for each other correct nodep, vp=null. We assume a weakly fair scheduler.

Let there be the following predicates:

– LetA(p, m)≡(s∈Np)∧(vs=m)

– LetB(p, m)≡ ∃q∈N_p,∃r∈N_p, (q6=r)∧(v_q =m)∧(v_r=m) – LetC(p, m)≡A(p, m)∨B(p, m)

Each correct process pobeys to the following rule:

(R) :: (v_p=null)∧(∃m, C(p, m))−→v_p:=m

Acorrect triangle is a set of 3 correct processes{a, b, c}such thataandbare neighbors,bandc are neighbors, andc andaare neighbors.

A correct triangular path is a sequence of correct triangles (T1, . . . , Tn) such that, ∀i ∈ {1, . . . , n−1}, Ti and Ti+1 have two processes in common. We say the this pathconnectspandqifp∈T1 andq∈Tn.

We admit the following property: in a triangular network where the distance between Byzantine processes is more than 2, there always exists a correct triangular path connecting two correct processespandq.

1.2 Exercise 1

Questions:

1. Prove that a correct process can only take the valuem₀.

2. Prove that we always reach a terminal configuration where each correct process has the valuem0.

1

2 Strict Stabilization

2.1 Model and Definition

Model. The model used in this section is identical to the one described in the previous Exercise sheet. The only difference is that some processors are Byzantine, that is they can exhibit an arbitrary behavior. Obviously, no correct (i.e. not Byzantine) processor can detect if it neighbor is Byzantine or not.

Definition. In this section, we consider strict-stabilizing algorithms, that is algorithms that tolerate both transient failures and permanent Byzantine failures. The formal definition of strict stabilization follows.

Definition 1 ((f, r)−Containment) A configuration γ ∈Γ is (f, r)−contained for a specificationS if and only if, given at mostf Byzantine processors, any execution starting fromγ, always satisfiesS on the subgraph induced by processors which are at distance strictly greater thanr from any Byzantine processor.

Definition 2 (Strict-Stabilization) A protocol P is strict-stabilizing with radius r for f Byzantine processors (and denoted by(f, r)−strict-stabilizing) for a specification S if and only if, given at most f Byzantine processors, for any configuration γ0∈Γ, for any execution=γ0γ1. . ., there exists a finite prefix γ0γ1. . . γl of such that γl

is(f, r)−contained for specification S.

2.2 Exercise 2

In this exercise, we consider the problem of coloring. Specification of this problem follows.

Specification 1 (Coloring)

Liveness: The protocol ends in a finite time.

Safety: In the terminal configuration, any processor holds a color and there are no two neighbor processors which hold the same color.

The network is an arbitrary graph. We assume a central weakly fair scheduling. Each processorphas a variable cp which belongs to the set{0, . . . ,∆}. We refer to the set of processors which are at distance at least 2 from any Byzantine processor asV^∗. For any correct processorp, we define the following set of predicates over the system:

coloredp ≡ ∀q∈Np, cq 6=cp

f aultyp ≡ ∃q∈Np, cq =cp

It is easy to verify that for any configurationγand for any processorp, exactly one of these predicates holds for pinγ. The algorithm follows.

Algorithm 1Strict-stabilizing coloring for processorp Rule:

(C) ::∃q∈N_pr, c_p=c_q −→c_p:=choose({0, . . . ,∆} \ {cq|q∈N_p})

Questions:

1. Prove that any processorpofV^∗ which satisfiescoloredpin a configurationγalways satisfiescoloredp in any execution starting fromγ.

2. Prove that any processorpofV^∗ which satisfiesf aultyp in a configurationγsatisfiescoloredpin a finite time in any execution starting fromγ.

3. Conclude.

2