scispace - formally typeset
Search or ask a question
Journal ArticleDOI

The Byzantine Generals Problem

Leslie Lamport1, Robert E. Shostak1, Marshall C. Pease1
SRI International1
01 Jul 1982-ACM Transactions on Programming Languages and Systems (ACM)-Vol. 4, Iss: 3, pp 382-401
TL;DR: The Albanian Generals Problem as mentioned in this paper is a generalization of Dijkstra's dining philosophers problem, where two generals have to come to a common agreement on whether to attack or retreat, but can communicate only by sending messengers who might never arrive.
Abstract: I have long felt that, because it was posed as a cute problem about philosophers seated around a table, Dijkstra’s dining philosopher’s problem received much more attention than it deserves. (For example, it has probably received more attention in the theory community than the readers/writers problem, which illustrates the same principles and has much more practical importance.) I believed that the problem introduced in [41] was very important and deserved the attention of computer scientists. The popularity of the dining philosophers problem taught me that the best way to attract attention to a problem is to present it in terms of a story. There is a problem in distributed computing that is sometimes called the Chinese Generals Problem, in which two generals have to come to a common agreement on whether to attack or retreat, but can communicate only by sending messengers who might never arrive. I stole the idea of the generals and posed the problem in terms of a group of generals, some of whom may be traitors, who have to reach a common decision. I wanted to assign the generals a nationality that would not offend any readers. At the time, Albania was a completely closed society, and I felt it unlikely that there would be any Albanians around to object, so the original title of this paper was The Albanian Generals Problem. Jack Goldberg was smart enough to realize that there were Albanians in the world outside Albania, and Albania might not always be a black hole, so he suggested that I find another name. The obviously more appropriate Byzantine generals then occurred to me. The main reason for writing this paper was to assign the new name to the problem. But a new paper needed new results as well. I came up with a simpler way to describe the general 3n+1-processor algorithm. (Shostak’s 4-processor algorithm was subtle but easy to understand; Pease’s generalization was a remarkable tour de force.) We also added a generalization to networks that were not completely connected. (I don’t remember whose work that was.) I also added some discussion of practical implementation details.

Summary (2 min read)

Jump to: [1. INTRODUCTION][Byzantine Generals Problem.][2. IMPOSSIBILITY RESULTS][y/][3. A SOLUTION WITH ORAL MESSAGES][4. A SOLUTION WITH SIGNED MESSAGES][Algorithm SM (rn).][Algorithm OM (rn, p).][6. RELIABLE SYSTEMS] and [7. CONCLUSION]

1. INTRODUCTION

  • Conditions 1' and 2 are both conditions on the single value sent by the ith general.
  • The authors can therefore restrict their consideration to the problem of how a single general sends his value to the others.

Byzantine Generals Problem.

  • All loyal lieutenants obey the same order.
  • If the commanding general is loyal, then every loyal lieutenant obeys the order he sends.
  • Conditions IC1 and IC2 are called the interactive consistency conditions.
  • Note that if the commander is loyal, then IC1 follows from IC2.
  • To solve their original problem, the ith general sends his value of v(i) by using a solution to the Byzantine Generals Problem to send the order "use v (i) as my value", with the other generals acting as the lieutenants.

2. IMPOSSIBILITY RESULTS

  • In particular, with only three generals, no solution can work in the presence of a single traitor.
  • An oral message is one whose contents are completely under the control of the sender, so a traitorous sender can transmit any possible message.
  • In Section 4 the authors consider signed, written messages, for which this is not true.
  • The authors now show that with oral messages no solution for three generals can handle a single traitor.
  • Hence, whenever Lieutenant 1 receives an "attack" order from the commander, he must obey it.

y/

  • A similar argument shows that if Lieutenant 2 receives a "retreat" order from the commander then he must obey it even if Lieutenant 1 tells him that the commander said "attack".
  • The authors have seen equally plausible "proofs" of invalid results.
  • If the commanding general is loyal, then every loyal lieutenant attacks within 10 minutes of the time given in the commander's order.
  • It follows from IC2' that if the commander is loyal, then a loyal lieutenant will obtain the correct order in step (1), so IC2 is satisfied.
  • The authors have therefore constructed a three-general solution to the Byzantine Generals Problem that handles one traitor, which is impossible.

3. A SOLUTION WITH ORAL MESSAGES

  • The authors may therefore apply the induction hypothesis to conclude that OM(m -1) satisfies conditions IC1 and IC2.
  • Hence, for each j, any two loyal lieutenants get the same value for vj in step (3) .
  • (This follows from IC2 if one of the two lieutenants is Lieutenant j, and from IC1 Otherwise.).

4. A SOLUTION WITH SIGNED MESSAGES

  • Each lieutenant i maintains a set Vi, containng the set of properly signed orders he has received so far.
  • (If the commander is loyal, then this set should never contain more than a single element.).
  • Do not confuse Vi, the set of orders he has received, with the set of messages that he has received.
  • There may be many different messages with the same order.

Algorithm SM (rn).

  • Initially Vi = 0. (1) The commander signs and sends his value to every lieutenant.
  • If the authors require that Lieutenant Jk either send such a message or else send a message reporting that he will not send such a message, then it is easy to decide when all messages have been received.
  • Observe that here, unlike the situation in appears on two different orders, and A4 states that only he could have generated those signatures.
  • THEOREM 2. For any m, Algorithm SM(m) solves the Byzantine Generals Problem if there are at most m traitors.
  • Two loyal lieutenants i and j obey the same order in step (3) if the sets of orders Vi and Vj that they receive in step (2) are the same.

Algorithm OM (rn, p).

  • (0) Choose a regular set N of neighbors of the commander consisting ofp lieutenants.
  • (1) The commander sends his value to every lieutenant in N.
  • Note that removing a single node from a p-regular graph leaves a (p -1)regular graph.
  • The authors now prove that OM(m, 3m) solves the Byzantine Generals Problem if there are at most m traitors.

6. RELIABLE SYSTEMS

  • Note that it is easy to generate the signature Si (M) if the process has already seen that signature.
  • Hence, it is important that the same message never have to be signed twice.
  • This means that, when using SM(m) repeatedly to distribute a sequence of values, sequence numbers should be appended to the values to guarantee uniqueness.

7. CONCLUSION

  • The only way to reduce the cost is to make assumptions about the type of failure that may occur.
  • It is often assumed that a computer may fail to respond but will never respond incorrectly.
  • When extremely high reliability is required, such assumptions cannot be made, and the full expense of a Byzantine Generals solution is required.

Did you find this useful? Give us your feedback

Content maybe subject to copyright    Report

The Byzantine Generals Problem
LESLIE LAMPORT, ROBERT SHOSTAK, and MARSHALL PEASE
SRI International
Reliable computer systems must handle malfunctioning components that give conflicting information
to different parts of the system. This situation can be expressed abstractly in terms of a group of
generals of the Byzantine army camped with their troops around an enemy city. Communicating only
by messenger, the generals must agree upon a common battle plan. However, one or more of them
may be traitors who will try to confuse the others. The problem is to find an algorithm to ensure that
the loyal generals will reach agreement. It is shown that, using only oral messages, this problem is
solvable if and only if more than two-thirds of the generals are loyal; so a single traitor can confound
two loyal generals. With unforgeable written messages, the problem is solvable for any number of
generals and possible traitors. Applications of the solutions to reliable computer systems are then
discussed.
Categories and Subject Descriptors: C.2.4. [Computer-Communication Networks]: Distributed
Systems--network operating systems; D.4.4 [Operating Systems]: Communications Management--
network communication; D.4.5 [Operating Systems]: Reliability--fault tolerance
General Terms: Algorithms, Reliability
Additional Key Words and Phrases: Interactive consistency
/
1. INTRODUCTION
A reliable computer system must be able to cope with the failure of one or more
of its components. A failed component may exhibit a type of behavior that is
often overlooked--namely, sending conflicting information to different parts of
the system. The problem of coping with this type of failure is expressed abstractly
as the Byzantine Generals Problem. We devote the major part of the paper to a
discussion of this abstract problem and conclude by indicating how our solutions
can be used in implementing a reliable computer system.
We imagine that several divisions of the Byzantine army are camped outside
an enemy city, each division commanded by its own general. The generals can
communicate with one another only by messenger. After observing the enemy,
they must decide upon a common plan of action. However, some of the generals
This research was supported in part by the National Aeronautics and Space Administration under
contract NAS1-15428 Mod. 3, the Ballistic Missile Defense Systems Command under contract
DASG60-78-C-0046, and the Army Research Office under contract DAAG29-79-C-0102.
Authors' address: Computer Science Laboratory, SRI International, 333 Ravenswood Avenue, Menlo
Park, CA 94025.
Permission to copy without fee all or part of this material is granted provided that the copies are not
made or distributed for direct commercial advantage, the ACM copyright notice and the title of the
publication and its date appear, and notice is given that copying is by permission of the Association
for Computing Machinery. To copy otherwise, or to republish, requires a fee and/or specific
permission.
© 1982 ACM 0164-0925/82/0700-0382 $00.75
ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982, Pages 382-401.
The Byzantine Generals Problem 383
may be traitors, trying to prevent the loyal generals from reaching agreement.
The generals must have an algorithm to guarantee that
A. All loyal generals decide upon the same plan of action.
The loyal generals will all do what the algorithm says they should, but the
traitors may do anything they wish. The algorithm must guarantee condition A
regardless of what the traitors do.
The loyal generals should not only reach agreement, but should agree upon a
reasonable plan. We therefore also want to insure that
B. A small number of traitors cannot cause the loyal generals to adopt a bad
plan.
Condition B is hard to formalize, since it requires saying precisely what a bad
plan is, and we do not attempt to do so. Instead, we consider how the generals
reach a decision. Each general observes the enemy and communicates his obser-
vations to the others. Let
v(i)
be the information communicated by the ith
general. Each general uses some method for combining the values v (1) ..... v (n)
into a single plan of action, where n is the number of generals. Condition A is
achieved by having all generals use the same method for combining the infor-
mation, and Condition B is achieved by using a robust method. For example, if
the only decision to be made is whether to attack or retreat, then
v(i)
con be
General i's opinion of which option is best, and the final decision can be based
upon a majority vote among them. A small number of traitors can affect the
decision only if the loyal generals were almost equally divided between the two
possibilities, in which case neither decision could be called bad.
While this approach may not be the only way to satisfy conditions A and B, it
is the only one we know of. It assumes a method by which the generals
communicate their values v (i) to one another. The obvious method is for the ith
general to send v (i) by messenger to each other general. However, this does not
work, because satisfying condition A requires that every loyal general obtain the
same values v(1) .....
v(n),
and a traitorous general may send different values to
different generals. For condition A to be satisfied, the following must be true:
1. Every loyal general must obtain the same information v (1) .... , v (n).
Condition 1 implies that a general cannot necessarily use a value of
v(i)
obtained directly from the ith general, since a traitorous ith general may send
different values to different generals. This means that unless we are careful, in
meeting condition 1 we might introduce the possibility that the generals use a
value of v (i) different from the one sent by the ith general--even though the ith
general is loyal. We must not allow this to happen if condition B is to be met. For
example, we cannot permit a few traitors to cause the loya~ generals to base their
decision upon the values "retreat",..., "retreat" if every loyal general sent the
value "attack". We therefore have the following requirement for each i:
2. If the ith general is loyal, then the value that he sends must be used by every
loyal general as the value of v (i).
ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982.
384 L. Lamport, R. Shostak, and M. Pease
We can rewrite condition I as the condition that for every i (whether or not the
ith general is loyal),
1'. Any two loyal generals use the same value of
v(i).
Conditions 1' and 2 are both conditions on the single value sent by the ith
general. We can therefore restrict our consideration to the problem of how a
single general sends his value to the others. We phrase this in terms of a
commanding general sending an order to his lieutenants, obtaining the following
problem.
Byzantine Generals Problem.
A commanding general must send an order to
his n - 1 lieutenant generals such that
IC1. All loyal lieutenants obey the same order.
IC2. If the commanding general is loyal, then every loyal lieutenant obeys the
order he sends.
Conditions IC1 and IC2 are called the
interactive consistency
conditions. Note
that if the commander is loyal, then IC1 follows from IC2. However, the com-
mander need not be loyal.
To solve our original problem, the ith general sends his value of
v(i)
by using
a solution to the Byzantine Generals Problem to send the order "use v (i) as my
value", with the other generals acting as the lieutenants.
2. IMPOSSIBILITY RESULTS
The Byzantine Generals Problem seems deceptively simple. Its difficulty is
indicated by the surprising fact that if the generals can send only oral messages,
then no solution will work unless more than two-thirds of the generals are loyal.
In particular, with only three generals, no solution can work in the presence of a
single traitor. An oral message is one whose contents are completely under the
control of the sender, so a traitorous sender can transmit any possible message.
Such a message corresponds to the type of message that computers normally
send to one another. In Section 4 we consider signed, written messages, for which
this is not true.
We now show that with oral messages no solution for three generals can handle
a single traitor. For simplicity, we consider the case in which the only possible
decisions are "attack" or "retreat". Let us first examine the scenario pictured in
Figure 1 in which the commander is loyal and sends an "attack" order, but
Lieutenant 2 is a traitor and reports to Lieutenant 1 that he received a "retreat"
order. For IC2 to be satisfied, Lieutenant 1 must obey the order to attack.
Now consider another scenario, shown in Figure 2, in which the commander is
a traitor and sends an "attack" order to Lieutenant 1 and a "retreat" order to
Lieutenant 2. Lieutenant 1 does not know who the traitor is, and he cannot tell
what message the commander actually sent to Lieutenant 2. Hence, the scenarios
in these two pictures appear exactly the same to Lieutenant 1. If the traitor lies
consistently, then there is no way for Lieutenant 1 to distinguish between these
two situations, so he must obey the "attack" order in both of them. Hence,
whenever Lieutenant 1 receives an "attack" order from the commander, he must
obey it.
ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982.
The Byzantine Generals Problem 385
f
,, t,
"he said 'retreat'"
Fig. 1. Lieutenant 2 a traitor.
y/
"he said 'retreat'"
Fig. 2. The commander a traitor.
However, a similar argument shows that if Lieutenant 2 receives a "retreat"
order from the commander then he must obey it even if Lieutenant 1 tells him
that the commander said "attack". Therefore, in the scenario of Figure 2,
Lieutenant 2 must obey the "retreat" order while Lieutenant 1 obeys the "attack"
order, thereby violating condition IC1. Hence, no solution exists for three generals
that works in the presence of a single traitor.
This argument may appear convincing, but we strongly advise the reader to be
very suspicious of such nonrigorous reasoning. Although this result is indeed
correct, we have seen equally plausible "proofs" of invalid results. We know of no
area in computer science or mathematics in which informal reasoning is more
likely to lead to errors than in the study of this type of algorithm. For a rigorous
proof of the impossibility of a three-general solution that can handle a single
traitor, we refer the reader to [3].
Using this result, we can show that no solution with fewer than 3m + 1 generals
can cope with m traitorsJ The proof is by contradiction--we assume such a
' More precisely, no such solution exists for three or more generals, since the problem is trivial for two
generals.
ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982.
386 L. Lamport, R. Shostak, and M. Pease
solution for a group of 3m or fewer and use it to construct a three-general solution
to the Byzantine Generals Problem that works with one traitor, which we know
to be impossible. To avoid confusion between the two algorithms, we call the
generals of the assumed solution Albanian generals, and those of the constructed
solution Byzantine generals. Thus, starting from an algorithm that allows 3m or
fewer Albanian generals to cope with m traitors, we construct a solution that
allows three Byzantine generals to handle a single traitor.
The three-general solution is obtained by having each of the Byzantine generals
simulate approximately one-third of the Albanian generals, so that each Byzan-
tine general is simulating at most m Albanian generals. The Byzantine com-
mander simulates the Albanian commander plus at most m - 1 Albanian
lieutenants, and each of the two Byzantine lieutenants simulates at most m
Albanian lieutenants. Since only one Byzantine general can be a traitor, and he
simulates at most m Albanians, at most m of the Albanian generals are traitors.
Hence, the assumed solution guarantees that IC1 and IC2 hold for the Albanian
generals. By IC1, all the Albanian lieutenants being simulated by a loyal Byzan-
tine lieutenant obey the same order, which is the order he is to obey. It is easy to
check that conditions IC1 and IC2 of the Albanian generals solution imply the
corresponding conditions for the Byzantine generals, so we have constructed the
required impossible solution.
One might think that the difficulty in solving the Byzantine Generals Problem
stems from the requirement of reaching exact agreement. We now demonstrate
that this is not the case by showing that reaching approximate agreement is just
as hard as reaching exact agreement. Let us assume that instead of trying to agree
on a precise battle plan, the generals must agree only upon an approximate time
of attack. More precisely, we assume that the commander orders the time of the
attack, and we require the following two conditions to hold:
IC1 '. All loyal lieutenants attack within 10 minutes of one another.
IC2'. If the commanding general is loyal, then every loyal lieutenant attacks
within 10 minutes of the time given in the commander's order.
(We assume that the orders are given and processed the day before the attack
and that the time at which an order is received is irrelevant--only the attack
time given in the order matters.}
Like the Byzantine Generals Problem, this problem is unsolvable unless more
than two-thirds of the generals are loyal. We prove this by first showing that if
there were a solution for three generals that coped with one traitor, then we could
construct a three-general solution to the Byzantine Generals Problem that also
worked in the presence of one traitor. Suppose the commander wishes to send an
"attack" or "retreat" order. He orders an attack by sending an attack time of 1:00
and orders a retreat by sending an attack time of 2:00, using the assumed
algorithm. Each lieutenant uses the following procedure to obtain his order.
(1) After receiving the attack time from the commander, a lieutenant does one
of the following:
(a) If the time is 1:10 or earlier, then attack.
(b) If the time is 1:50 or later, then retreat.
(c) Otherwise, continue to step (2).
ACM Transactions on Programming Languages and Systems, Vol. 4, No. 3, July 1982.
Citations
More filters
Book ChapterDOI
The Sybil Attack

[...]

John R. Douceur1
Microsoft1
07 Mar 2002
TL;DR: It is shown that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.
Abstract: Large-scale peer-to-peer systems face security threats from faulty or hostile remote computing elements. To resist these threats, many such systems employ redundancy. However, if a single faulty entity can present multiple identities, it can control a substantial fraction of the system, thereby undermining this redundancy. One approach to preventing these "Sybil attacks" is to have a trusted agency certify identities. This paper shows that, without a logically centralized authority, Sybil attacks are always possible except under extreme and unrealistic assumptions of resource parity and coordination among entities.

4,816 citations

Journal ArticleDOI
Basic concepts and taxonomy of dependable and secure computing

[...]

Algirdas Avizienis1, Jean-Claude Laprie2, Brian Randell3, Carl E. Landwehr
Vytautas Magnus University1, Centre national de la recherche scientifique2, University of Newcastle3
01 Jan 2004-IEEE Transactions on Dependable and Secure Computing
TL;DR: The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of systems failures.
Abstract: This paper gives the main definitions relating to dependability, a generic concept including a special case of such attributes as reliability, availability, safety, integrity, maintainability, etc. Security brings in concerns for confidentiality, in addition to availability and integrity. Basic definitions are given first. They are then commented upon, and supplemented by additional definitions, which address the threats to dependability and security (faults, errors, failures), their attributes, and the means for their achievement (fault prevention, fault tolerance, fault removal, fault forecasting). The aim is to explicate a set of general concepts, of relevance across a wide range of situations and, therefore, helping communication and cooperation among a number of scientific and technical communities, including ones that are concentrating on particular types of system, of system failures, or of causes of system failures.

4,695 citations

Journal ArticleDOI
Impossibility of distributed consensus with one faulty process

[...]

Michael J. Fischer1, Nancy Lynch2, Mike Paterson3
Yale University1, Massachusetts Institute of Technology2, University of Warwick3
01 Apr 1985-Journal of the ACM
TL;DR: In this paper, it is shown that every protocol for this problem has the possibility of nontermination, even with only one faulty process.
Abstract: The consensus problem involves an asynchronous system of processes, some of which may be unreliable The problem is for the reliable processes to agree on a binary value In this paper, it is shown that every protocol for this problem has the possibility of nontermination, even with only one faulty process By way of contrast, solutions are known for the synchronous case, the “Byzantine Generals” problem

4,389 citations

Proceedings ArticleDOI
Practical Byzantine fault tolerance

[...]

Miguel Castro1, Barbara Liskov1
Massachusetts Institute of Technology1
22 Feb 1999
TL;DR: A new replication algorithm that is able to tolerate Byzantine faults that works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude.
Abstract: This paper describes a new replication algorithm that is able to tolerate Byzantine faults. We believe that Byzantinefault-tolerant algorithms will be increasingly important in the future because malicious attacks and software errors are increasingly common and can cause faulty nodes to exhibit arbitrary behavior. Whereas previous algorithms assumed a synchronous system or were too slow to be used in practice, the algorithm described in this paper is practical: it works in asynchronous environments like the Internet and incorporates several important optimizations that improve the response time of previous algorithms by more than an order of magnitude. We implemented a Byzantine-fault-tolerant NFS service using our algorithm and measured its performance. The results show that our service is only 3% slower than a standard unreplicated NFS.

3,562 citations

Journal ArticleDOI
OceanStore: an architecture for global-scale persistent storage

[...]

John Kubiatowicz1, David Bindel1, Yan Chen1, Steven E. Czerwinski1, Patrick Eaton1, Dennis Geels1, Ramakrishna Gummadi1, Sean Rhea1, Hakim Weatherspoon1, Westley Weimer1, Chris Wells1, Ben Y. Zhao1 
University of California, Berkeley1
12 Nov 2000
TL;DR: OceanStore monitoring of usage patterns allows adaptation to regional outages and denial of service attacks; monitoring also enhances performance through pro-active movement of data.
Abstract: OceanStore is a utility infrastructure designed to span the globe and provide continuous access to persistent information. Since this infrastructure is comprised of untrusted servers, data is protected through redundancy and cryptographic techniques. To improve performance, data is allowed to be cached anywhere, anytime. Additionally, monitoring of usage patterns allows adaptation to regional outages and denial of service attacks; monitoring also enhances performance through pro-active movement of data. A prototype implementation is currently under development.

3,376 citations

References
More filters
Journal ArticleDOI
New Directions in Cryptography

[...]

Whitfield Diffie1, Martin E. Hellman1
Stanford University1
01 Nov 1976-IEEE Transactions on Information Theory
TL;DR: This paper suggests ways to solve currently open problems in cryptography, and discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.
Abstract: Two kinds of contemporary developments in cryptography are examined. Widening applications of teleprocessing have given rise to a need for new types of cryptographic systems, which minimize the need for secure key distribution channels and supply the equivalent of a written signature. This paper suggests ways to solve these currently open problems. It also discusses how the theories of communication and computation are beginning to provide the tools to solve cryptographic problems of long standing.

14,980 citations

Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems

[...]

Ronald L. Rivest1, Adi Shamir1, Leonard M. Adleman1
Massachusetts Institute of Technology1
01 Feb 1978-Communications of The ACM
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Abstract: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key. This has two important consequences: (1) Couriers or other secure means are not needed to transmit keys, since a message can be enciphered using an encryption key publicly revealed by the intented recipient. Only he can decipher the message, since only he knows the corresponding decryption key. (2) A message can be “signed” using a privately held decryption key. Anyone can verify this signature using the corresponding publicly revealed encryption key. Signatures cannot be forged, and a signer cannot later deny the validity of his signature. This has obvious applications in “electronic mail” and “electronic funds transfer” systems. A message is encrypted by representing it as a number M, raising M to a publicly specified power e, and then taking the remainder when the result is divided by the publicly specified product, n, of two large secret primer numbers p and q. Decryption is similar; only a different, secret, power d is used, where e * d ≡ 1(mod (p - 1) * (q - 1)). The security of the system rests in part on the difficulty of factoring the published divisor, n.

14,659 citations

Journal ArticleDOI
Reaching Agreement in the Presence of Faults

[...]

Marshall C. Pease1, Robert E. Shostak1, Leslie Lamport1
SRI International1
01 Apr 1980-Journal of the ACM
TL;DR: It is shown that the problem is solvable for, and only for, n ≥ 3m + 1, where m is the number of faulty processors and n is the total number and this weaker assumption can be approximated in practice using cryptographic methods.
Abstract: The problem addressed here concerns a set of isolated processors, some unknown subset of which may be faulty, that communicate only by means of two-party messages. Each nonfaulty processor has a private value of information that must be communicated to each other nonfaulty processor. Nonfaulty processors always communicate honestly, whereas faulty processors may lie. The problem is to devise an algorithm in which processors communicate their own values and relay values received from others that allows each nonfaulty processor to infer a value for each other processor. The value inferred for a nonfaulty processor must be that processor's private value, and the value inferred for a faulty one must be consistent with the corresponding value inferred by each other nonfaulty processor.It is shown that the problem is solvable for, and only for, n ≥ 3m + 1, where m is the number of faulty processors and n is the total number. It is also shown that if faulty processors can refuse to pass on information but cannot falsely relay information, the problem is solvable for arbitrary n ≥ m ≥ 0. This weaker assumption can be approximated in practice using cryptographic methods.

2,457 citations

Journal ArticleDOI
The Byzantine Generals strike again

[...]

Danny Dolev1
Stanford University1
01 Mar 1981-Journal of Algorithms
TL;DR: The results obtained in the present paper prove that unanimity is achievable in any distributed system if and only if the number of faulty processors in the system is less than one third of the total number of processors and less than half of the connectivity of the system''s network.

612 citations

Related Papers (5)
Impossibility of distributed consensus with one faulty process

[...]

01 Apr 1985-Journal of the ACM
Michael J. Fischer, Nancy Lynch, Mike Paterson
Practical Byzantine fault tolerance

[...]

22 Feb 1999
Miguel Castro, Barbara Liskov
Implementing fault-tolerant services using the state machine approach: a tutorial

[...]

01 Dec 1990-ACM Computing Surveys
Fred B. Schneider
Distributed algorithms

[...]

01 Jan 1996
Nancy Lynch
The part-time parliament

[...]

01 May 1998-ACM Transactions on Computer Systems
Leslie Lamport