Bosco: OneStep Byzantine Asynchronous Consensus.
ABSTRACT Asynchronous Byzantine consensus algorithms are an important primitive for building Byzantine faulttolerant systems. Algorithms for Byzantine consensus typically require at least two communication steps for decision; in many systems, this imposes a significant performance overhead. In this paper, we show that it is possible to design Byzantine faulttolerant consensus algorithms that decide in one message latency under contentionfree scenarios and still provide strong consistency guarantees when contention occurs. We define two variants of onestep asynchronous Byzantine consensus and show a lower bound on the number of processors needed for each. We present a Byzantine consensus algorithm, Bosco, for asynchronous networks that meets these bounds, even in the face of a strong network adversary.

Conference Paper: A leaderfree Byzantine consensus algorithm
[Show abstract] [Hide abstract]
ABSTRACT: The paper considers the consensus problem in a partially synchronous system with Byzantine faults. It turns out that, in the partially synchronous system, all deterministic algorithms that solve consensus with Byzantine faults are leaderbased. This is not the case of benign faults, which raises the following fundamental question: is it possible to design a deterministic Byzantine consensus algorithm for a partially synchronous system that is not leaderbased? The paper gives a positive answer to this question, and presents a leaderfree algorithm that is resilientoptimal and signaturefree.Proceedings of the 11th international conference on Distributed computing and networking; 01/2010  SourceAvailable from: Achour Mostéfaoui
Conference Paper: Synchronous byzantine agreement with nearly a cubic number of communication bits: synchronous byzantine agreement with nearly a cubic number of communication bits
[Show abstract] [Hide abstract]
ABSTRACT: This paper studies the problem of Byzantine consensus in a synchronous messagepassing system of n processes. The first deterministic algorithm, and also the simplest in its principles, was the Exponential Information Gathering protocol (EIG) proposed by Pease, Shostak and Lamport in [19]. The algorithm requires processes to send exponentially long messages. Many followup works reduced the cost of the algorithm. However, they had to either lower the maximum number of faulty processes t from the optimal range t n/3 to some smaller range of t [4, 11, 18], or increase the maximum worstcase number of rounds needed for termination (the lower bound being t + 1) [3, 9, 20]. Garay and Moses [13] were the first and only who solved the problem by using a polynomial number of communication bits, for the whole optimal range t n/3 of the number of Byzantine processes and within the optimal number (t+1) of communication rounds. Their solution, though very complex and sophisticated, requires processes to send O(n9) bits in total. In this work, we present much simpler solution that also holds for the whole optimal range t n/3 and the optimal number t + 1 of communication rounds, and at the same time lowers the number of exchanged communication bits to O(n3 log n). For achieving such an improvement, processes no more exchange relayed proposed values, but information on suspicions "who suspects who", the size of which is quadratic in n in the worst case.Proceedings of the 2013 ACM symposium on Principles of distributed computing; 07/2013  SourceAvailable from: Achour Mostéfaoui[Show abstract] [Hide abstract]
ABSTRACT: This paper presents a new roundbased asynchronous consensus algorithm that copes with up to t07/2014;
Page 1
Bosco: OneStep Byzantine Asynchronous
Consensus?
Yee Jiun Song and Robbert van Renesse
Cornell University, Ithaca, NY 14850, USA
Abstract. Asynchronous Byzantine consensus algorithms are an impor
tant primitive for building Byzantine faulttolerant systems. Algorithms
for Byzantine consensus typically require at least two communication
steps for decision; in many systems, this imposes a significant perfor
mance overhead. In this paper, we show that it is possible to design
Byzantine faulttolerant consensus algorithms that decide in one mes
sage latency under contentionfree scenarios and still provide strong con
sistency guarantees when contention occurs. We define two variants of
onestep asynchronous Byzantine consensus and show a lower bound on
the number of processors needed for each. We present a Byzantine con
sensus algorithm, Bosco, for asynchronous networks that meets these
bounds, even in the face of a strong network adversary.
1 Introduction
Informally, the consensus problem is the task of getting a set of processors to
agree on a common value. This simple primitive can be used to implement atomic
broadcast, replicated state machines, and view synchrony, thus making consensus
an important building block in distributed systems.
Many variants of the consensus problem have been proposed. The differences
between them lie mainly in the failure assumptions and the synchronicity as
sumptions. In this paper, we are concerned with Byzantine consensus in an
asynchronous environment, i.e., faulty processors can behave in an arbitrary
manner and there are no assumptions about the relative speed of processors nor
about the timely delivery of messages.
Consensus algorithms allow processors to converge on a value by exchanging
messages. Previous results have shown that algorithms that solve asynchronous
Byzantine consensus must have correct executions that require at least two com
munication steps even in the absence of faults [1], where a single communication
step is defined as a period of time where each processor can i) send messages;
ii) receive messages; and iii) do local computations, in that order. However, this
?The authors were supported by AFRL award FA87500620060 (CASTOR), NSF
award 0424422 (TRUST), AFOSR award FA95500610244 (AFTRUST), DHS
award 2006CS001000001 (I3P), as well as by ISF, ISOC, CCR, and Intel Cor
poration. The views and conclusions herein are those of the authors.
G. Taubenfeld (Ed.): DISC 2008, LNCS 5218, pp. 438–450, 2008.
c ? SpringerVerlag Berlin Heidelberg 2008
Page 2
Bosco: OneStep Byzantine Asynchronous Consensus 439
does not mean that such algorithms must always take two or more communica
tion steps. We show that when there is no contention, it is possible for processors
to decide a value in one communication step.
Onestep decisions can improve performance for applications where contention
is rare. Consider a replicated state machine: if a client broadcasts its operation
to all machines, and there is no contention with other clients, then all correct
machines propose the same operation and can respond to the client immediately.
Thus an operation completes in just two message latencies, the same as for a
Remote Procedure Call to an unreplicated service.
Previously such onestep asynchronous consensus algorithms have been pro
posed for crash failure assumptions [2,3,4,5,6,7]; Friedman et al. proposed a
common coinbased onestep consensus algorithm that tolerates Byzantine fail
ures and terminates with probability 1 but requires that the network scheduler
has no knowledge of the common coin oracle [8]. In this paper, we consider
onestep algorithms for Byzantine asynchronous consensus in the presence of a
strong network adversary. We define two different notions of onestep Byzantine
asynchronous algorithms and prove a lower bound for the number of processors
that are required for each. Next we show that the lower bounds are tight by
extending the work presented in [2] to handle Byzantine failures, resulting in
Bosco, an algorithm that meets these bounds.
The rest of the paper is organized as follows: Section 2 defines the model and
the Byzantine consensus problem; Section 3 proves lower bounds for the two
versions of onestep Byzantine consensus; Section 4 describes Bosco, a onestep
consensus algorithm; Section 5 discusses some properties of Bosco; Section 6
presents a brief survey of some related work; finally, Section 7 concludes.
2 The Byzantine Consensus Problem
The Byzantine consensus problem was first posed in [9], albeit for a synchronous
environment. In this paper we focus on an asynchronous environment.
In this problem, there is a set of n processors P = {p,q,...} each of which have
an initial value, 0 or 1. An unknown subset T of P contains faulty processors.
These faulty processors may exhibit arbitrary (aka Byzantine) behavior, and
may collude maliciously. Processors in P − T are correct and behave according
to some protocol. Processors communicate with each other by sending messages
via a network. The network is assumed to be fully asynchronous but reliable, that
is, messages may be arbitrarily delayed but between two correct processors, will
be eventually be delivered. Links between processors are private so a Byzantine
processor cannot forge a message from a correct processor.
In addition, we assume a strong network adversary. By this, we mean that the
network is controlled by an adversary that, with full knowledge of the contents
of messages, may choose to arbitrarily delay messages as long as between any
two correct processes, messages are eventually delivered.
Page 3
440Y.J. Song and R. van Renesse
The goal of a Byzantine consensus protocol is to allow all correct processors
to eventually decide some value. Specifically, a protocol that solves Byzantine
consensus must satisfy:
Definition 1. Agreement. If two correct processors decide, then they decide the
same value. Also, if a correct processor decides more than once, it decides the
same value each time.
Definition 2. Unanimity. If all correct processors have the same initial value
v, then a correct processor that decides must decide v.
Definition 3. Validity. If a correct processor decides v, then v was the initial
value of some processor.
Definition 4. Termination. All correct processors must eventually decide.
Note that algorithms that satisfy all of the above requirements are not possible
in asynchronous environments when even a single crash failure must be toler
ated [10]. In practice, algorithms circumvent this limitation by assuming some
limitation in the extent of asynchrony in the system, or by relaxing the Termina
tion property to a probabilistic one where all correct processors terminate with
probability 1.
Unanimity requires that the outcome be predetermined when the initial values
of all correct processors are unanimous. A onestep algorithm takes advantage
of such favorable initial conditions to allow correct processors to decide in one
communication step.
We define two notions of onestep protocols:
Definition 5. Strongly onestep. If all correct processors have the same initial
value v, a strongly onestep Byzantine consensus algorithm allows all correct
processors to decide v in one communication step.
Definition 6. Weakly onestep. If there are no faulty processors in the system
and all processors have the same initial value v, a weakly onestep Byzantine
consensus algorithm allows all correct processors to decide v in one communica
tion step.
While both can decide in one step, strongly onestep algorithms make fewer as
sumptions about the required conditions and in particular cannot be slowed down
by Byzantine failures when all correct processors have the same initial value.
Strongly onestep algorithms optimize for the case where some processors may
be faulty, but there is no contention among correct processors, and weakly one
step algorithms optimize for cases that are both contentionfree and failurefree.
3 Lower Bounds
We show that a Byzantine consensus algorithm that tolerates t Byzantine fail
ures among n processors requires n > 7t to be strongly onestep and n > 5t to be
Page 4
Bosco: OneStep Byzantine Asynchronous Consensus 441
weakly onestep.1These results are for the best case scenario in which each
correct processor broadcasts its initial value to all other processors in the first
communication step and thus they hold for any algorithm.
3.1 Lower Bound for Strongly OneStep Byzantine Consensus
Lemma 1. A strongly onestep Byzantine consensus algorithm must allow a
correct processor to decide v after receiving the same initial value v from n −2t
processors.
Proof. Assume otherwise, that there exists a run in which a strongly onestep
ByzantinealgorithmAdoesnotallowacorrectprocessorptodecidev afterreceiv
ing the same initial value v from n−2t processors. Since A is a strongly onestep
algorithm, the fact that processor p does not decide after the first round implies
that some correct processor q has an initial value v?, v??= v. Now consider a sec
ond run, in which all correct processors do have the same initial value v. Without
blocking, p can wait for messages from at most n − t processors. Among these, t
can be Byzantine and send arbitrary initial values. This means that processor p is
only guaranteed to receive n−2t messages indicating that n−2t processors have
the initial value v. Given that A is a strongly onestep algorithm, p must decide
v at this point. However, from the point of view of p, this second run is indistin
guishable from the first run. This is a contradiction.
? ?
Theorem 1. Any strongly onestep Byzantine consensus protocol that tolerates
t failures requires at least 7t + 1 processors.
Proof. Assume that there exists a strongly onestep Byzantine consensus algo
rithm A that tolerates up to t Byzantine faults and requires only 7t processors.
We divide the processors into three groups: G0and G1each contain 3t proces
sors, of which the correct processors have initial values 0 and 1 respectively; G∗
contain the remaining t processors.
Now consider the following configurations C0and C1. In C0, t of the processors
in G1are Byzantine, and processors in G∗have the initial value 0. Assume that
Byzantine processors act as if they are correct processors with initial value 0
when communicating with processors in G∗, and initial value 1 when communi
cating with processors not in G∗. Now consider that a correct processor p0∈ G∗
collects messages from n − t processors in the first communication step. Given
that the network adversary controls the order of message delivery, p0 can be
made to receive messages from all processors in G0and G∗, and the t Byzantine
processors in G1. p0 thus receives n − 2t messages indicating that the n − 2t
senders have initial value 0. By Lemma 1, p0must decide 0 after that first com
munication step. In order to satisfy Agreement, A must ensure that any correct
processor that ever decides in C0decides 0. We say that C0is 0valent.
In C1, t of the processors in G0 are Byzantine, and processors in G∗ have
the initial value 1. In addition, Byzantine processors act as if they are correct
1These results are for threshold quorum systems, but may be generalized to use
arbitrary quorum systems.
Page 5
442 Y.J. Song and R. van Renesse
processors with initial value 1 when communicating with processors from G∗
and initial value 0 when communicating with processors not in G∗. A correct
processor p1∈ G∗collects messages from n − t in the first communication step.
Suppose that the network adversary chooses to deliver messages from G1 and
G∗, as well as from the t Byzantine processors. Now p1collects n −2t messages
indicating that n−2t senders have initial value 1. By Lemma 1, p1must decide 1
after the first communication step. In order to satisfy Agreement, A must ensure
that any correct processor that ever decides in C1decides 1. We say that C1is
1valent.
Further assume that for both configurations, messages from any processor in
G∗ to any processor not in G∗ are arbitrarily delayed such that in any asyn
chronous round, when a processor that is not in G∗ awaits n − t messages, it
receives messages from every processor that is not in G∗. Now, any correct pro
cess q0 / ∈ G∗executing A in C0will be communicating with 3t processors that
behave as if they are correct processors with initial value 0 and 3t processors that
behave as if they are correct processors with initial value 1. As we have shown
above, C0is a 0valent configuration, so A must ensure that q0 decides 0, if it
ever decides. Similarly, a correct processor q1 / ∈ G∗executing A in C1will also be
communicating with 3t processors that behave as if they are correct processors
with initial value 0 and 3t processors that behave as if they are correct proces
sors with initial value 1. However, since we have shown that C1 is a 1valent
configuration, A must ensure that q1decides 1, even though it sees exactly the
same inputs as q0. This is a contradiction.
? ?
3.2 Lower Bound for Weakly OneStep Byzantine Consensus
We now show the corresponding lower bound for weakly onestep algorithms.
The lower bound for weakly onestep algorithms happens to be identical to that
for twostep algorithms. The bound for twostep algorithms was shown in [11].
We show a corresponding bound for weakly onestep algorithm for completeness,
but note that this is not a new result.
We weaken the requirement on Lemma 1 as follows:
Lemma 2. A weakly onestep Byzantine consensus algorithm must allow a pro
cessor to decide v after learning that n−t processors have the same initial value v.
Proof. A processor can only wait for messages from n − t processors without
risking having to wait indefinitely. Since a weakly onestep Byzantine consensus
algorithm must decide in one communication step if all correct processors have
the same initial value and there are no Byzantine processors, it must decide if
all of the n − t messages claim the same initial value.
Theorem 2. A weakly onestep Byzantine consensus protocol that tolerates t
failures requires at least 5t + 1 processors.
? ?
Proof. We provide only a sketch of the proof since it is similar to that of The
orem 1. Proof by contradiction. Assume that a Byzantine consensus algorithm
Page 6
Bosco: OneStep Byzantine Asynchronous Consensus443
A is weakly onestep and requires only 5t processors. We divide the 5t pro
cessors into three groups, G0, G1, and G∗, containing 2t, 2t, and t processors
respectively. All correct processors in G0have the initial value 0 and all correct
processors in G1have the initial value 1.
As in the proof of Theorem 1, we construct two configurations C0and C1. In
C0, processors in G∗have the initial value 0 and t processors in G1are Byzantine.
Correspondingly, in C1, processors in G∗have the initial value 1 and t processors
in G0are Byzantine. These Byzantine processors behave as they do in the proof
of Theorem 1. It is thus possible for processors in G∗ to decide 0 and 1 in C0
and C1respectively. Therefore, correct processors in G0and G1must not decide
any value other than 0 and 1 respectively. However, if all messages from any
processor in G∗to any processor not in G∗are delayed, then correct processors
in C0and C1see exactly the same inputs. This is a contradiction.
? ?
4Bosco
We now present Bosco (Byzantine OneStep COnsensus), an algorithm that
meets the bounds presented in the previous section. To the best of our knowledge,
Bosco is the first strongly onestep algorithm that solves asynchronous Byzantine
consensus with optimal resilience. The idea behind Bosco is simple, and resembles
the one presented in [2]. We simply extend the results of [2] to handle Byzantine
failures. The Bosco algorithm is shown in Algorithm 1.
Algorithm 1. Bosco: a onestep asynchronous Byzantine consensus algo
rithm
Input: vp
broadcast ?VOTE,vp? to all processors
wait until n − t VOTE messages have been received
if more than
2
VOTE messages contain the same value v then
3
DECIDE(v)
4
if more than
2
VOTE messages contain the same value v,
5
and there is only one such value v then
6
vp ← v
UnderlyingConsensus(vp)
8
1
2
n+3t
n−t
7
Bosco is an asynchronous Byzantine consensus algorithm that satisfies Agree
ment, Unanimity, Validity, and Termination. Bosco requires n > 3t, where n
is the number of processors in the system, and t is the maximum number of
Byzantine failures that can be tolerated, in order to provide these correctness
properties. In addition, Bosco is weakly onestep when n > 5t and strongly
onestep when n > 7t.
The main idea behind Bosco is that if all processors have the same initial
value, then given enough processors in the system, a correct processor is able to
observe sufficient information to safely decide in the first communication round.
Additional mechanisms ensure that if such an early decision ever happens, all
Page 7
444 Y.J. Song and R. van Renesse
correct processors must either i) early decide the same value; or ii) set their local
estimates to the value that has been decided.
When the algorithm starts, each processor p receives an input value vp, that
is the value that the processor is trying to get decided and the value that it
will use for its local estimate. Each processor broadcasts this initial value in a
VOTE message, and then waits for VOTE messages from n − t processors (likely
including itself). Since at most t processors can fail, votes from n−t processors
will eventually be delivered to each correct processor.
Among the votes that are collected, each processor checks two thresholds: if
more thann+3t
2
of the votes are for some value v, then a processor decides v; if
more thann−t
2
of the votes are for some value v, then a processor sets its local
estimate to v. Each processor then invokes UnderlyingConsensus, a protocol
that solves asynchronous Byzantine consensus (satisfies Agreement, Unanimity,
Validity, and Termination), but is not necessarily onestep.
We first prove that Bosco satisfies Agreement, Unanimity, Validity, and Ter
mination, when n > 3t.
Lemma 3. If two correct processors p and q decide values v and v?in line 4,
then v = v?.
Proof. Assume otherwise, that two correct processors p and q decide values v
and v?in line 4 such that v ?= v?. p and q must have collected more thann+3t
votes for v and v?each. Since there are only n processors in the system, these
two sets of votes share more than3t
senders can be Byzantine, more of
Since a correct processor must send the same vote to all processors (in line 1),
v = v?. This is a contradiction.
2
2common senders. Given that only t of these
t
2of these senders are correct processors.
? ?
Lemma 4. If a correct processor p decides a value v in line 4, then any correct
processor q must set its local estimate to v in line 6.
Proof. Assume otherwise, that a correct processor p decides a value v in line 4,
and a correct processor q does not set its local estimate to v in line 6. Since
processor p decides in line 4, it must have collected more thann+3t
in line 2. Since processor q does not set its local estimate to v in line 6, it must
have collected no more thann−t
2
votes for v, or collected more thann−t
for some value v?, v??= v. For the first case, consider that since there are only
n processors in the system, processor q must have collected votes from at least
n − 2t of the senders that processor p collected from. Among these, more than
n+t
2
sent a vote for v to q. Since at most t of these processors can be Byzantine,
processor q must have received more thann−t
For the second case, if q collects more thann−t
then more than t of these senders must be among those that sent a vote for v to
processor q. This is a contradiction, since, no more than t of the processors in
the system can be Byzantine.
2
votes for v
2
votes
2
votes for v. This is a contradiction.
votes for some value v?, v??= v,
2
? ?
Page 8
Bosco: OneStep Byzantine Asynchronous Consensus 445
Theorem 3. Bosco satisfies Agreement.
Proof. There are two cases to consider. In the first case, no processor collects suf
ficient votes containing the same value to decide in line 4. This means that all de
cisions occur in UnderlyingConsensus. Since UnderlyingConsensus satisfies
Agreement, Bosco satisfies Agreement. In the second case, some correct processor
p decides some value v in line 4. By Lemma 3, any other processor that decides
in line 4 must decide the same value. By Lemma 4, all correct processors must
change their local estimates to v in line 6. Therefore, all correct processors will
invoke UnderlyingConsensus with the value v. Since UnderlyingConsensus
satisfies Unanimity, all correct processors that decide in UnderlyingConsensus
must also decide v.
? ?
Theorem 4. Bosco satisfies Unanimity.
Proof. Proof by contradiction. Suppose a processor p decides v?, but all correct
processors have the same initial value v, v??= v. Since only t Byzantine processors
can broadcast vote messages that contain v ?= v?, no correct processor can collect
sufficient votes to either decide in line 4 or to set its local estimate in line 6.
Therefore, in order for a processor to decide v, UnderlyingConsensus must
allow correct processors to decide v even though all correct processors start
UnderlyingConsensus with the initial value v?. This is a contradiction since
UnderlyingConsensus satisfies Unanimity.
? ?
Theorem 5. Bosco satisfies Validity.
Proof. If a processor decides v in line 4, more thann+3t
more thann+t
2
of these processors are correct and had initial value v. Similarly,
if a processor sets its local estimate to v in line 6, more than
voted v and more thann−3t
2
of these processors are correct and had initial value
v. Combined with the fact that UnderlyingConsensus satisfies Validity, Bosco
satisfies Validity.
2
processors voted v and
n−t
2
processors
? ?
Note that satisfying Validity in general in a consensus protocol is nontrivial,
particularly if the range of initial values is large. A thorough examination of
the hardness of satisfying Validity is beyond the scope of this paper; we simply
assume that UnderlyingConsensus satisfies Validity for the range of initial
values that it allows.
Theorem 6. Bosco satisfies Termination.
Proof. Since each processor awaits messages from n − t processors in line 2, and
there can only be t failures, line 2 is guaranteed not to block forever. Each proces
sor will therefore invoke the underlying consensus protocol at some point. There
fore, Bosco inherits the Termination property of UnderlyingConsensus.
? ?
Next, we show that Bosco offers strongly and weakly onestep properties when
n > 7t and n > 5t respectively.
Page 9
446 Y.J. Song and R. van Renesse
Theorem 7. Bosco is Strongly OneStep if n > 7t.
Proof. Assume that all correct processors have the same initial value v. Now
consider any correct processor that collects n − t votes in line 2. At most t of
these votes can be from Byzantine processors and contain values other than v.
Therefore, all correct processors must obtain at least n − 2t votes for v. Since
n > 7t, 2n − 4t > n + 3t. This means that n − 2t >n+3t
processors will collect sufficient votes and decide in line 4.
2
. Therefore, all correct
? ?
Theorem 8. Bosco is Weakly OneStep if n > 5t.
Proof. Assume that there are no failures in the system and that all processors
have the same initial value v. Then any correct processor must collect n−t votes
that contain v in line 2. Given that n > 5t, 2n − 2t > n + 3t. This means that
n − t >
decide in line 4.
n+3t
2. Therefore, all correct processors will collect sufficient votes and
? ?
5 Discussion
One important feature of Bosco, from which it draws its simplicity, is its depen
dence on an underlying consensus protocol that it invokes as a subroutine. This
allows the specification of Bosco to be free of complicated mechanisms typically
found in consensus protocols to ensure correctness. While it is clear that any
Byzantine faulttolerant consensus protocol that provides Agreement, Unanim
ity, Validity, and Termination can be used for the subroutine in Bosco, the FLP
impossibility result [10] states that such a protocol cannot actually exist! Two
common approaches have been used to sidestep the FLP result: assuming par
tial synchrony or relaxing the termination property to a probabilistic termination
property. Thankfully, such algorithms can be used as subroutines to Bosco, re
sulting in onestep algorithms that either require partial synchrony assumptions,
or provide probabilistic termination properties (or both). An example of an al
gorithm that can be used as a subroutine in Bosco is the BenOr algorithm [12].
Algorithms that do not provide validity, such as PBFT [13], cannot be used by
Bosco.
While abstracting away the underlying consensus protocol simplifies the speci
fication and correctness proof of Bosco, for practical purposes it may be advanta
geous to unroll the subroutine. This potentially allows piggybacking of messages
and improves the efficiency of implementations. As an example, Algorithm 2
shows RSBosco, a randomized strongly onestep version of Bosco which does
not depend on any underlying consensus protocol. RSBosco is strongly onestep
and requires that n > 7t. It does not satisfy Termination as defined in section 2,
but instead provides Probabilistic Termination:
Definition 7. Probabilistic Termination. All correct processors decide with prob
ability 1.
Page 10
Bosco: OneStep Byzantine Asynchronous Consensus 447
Algorithm 2. RSBosco: a randomized strongly onestep asynchronous
Byzantine consensus algorithm
Initialization
xp ← vp
rp ← 0
Round rp
Broadcast ?VOTE,rp,xp? to all processors
Collect n − t ?VOTE,rp,∗? messages
if more than
2
VOTE msgs contain v then
DECIDE(v)
if more than
2
VOTE msgs contain v then
Broadcast ?CANDIDATE,rp,v?
else
Broadcast ?CANDIDATE,rp,⊥?
end
Collect n − t ?CANDIDATE,rp,∗? messages
if at least t + 1 msgs are NOT of the form ?CANDIDATE,rp,xp? then
xp ←RANDOM() // pick randomly from {0,1}
rp ← rp+ 1
1
2
3
4
5
6
n+3t
7
8
n−t
9
10
11
12
13
14
15
16
17
For brevity, the proof of correctness of RSBosco is omitted. We note that RS
Bosco suffers from two limitations as currently constructed. First, RSBosco
solves only binary consensus. Second, RSBosco uses a local coin to randomly
update local estimates when a threshold of identical votes cannot be obtained.
This mechanism is similar to that in the BenOr algorithm and causes the algo
rithm to require an exponential number of rounds for decision when contention
is present. We believe that these limitations can be overcome in practical imple
mentations, but a thorough discussion is beyond the scope of this paper.
6 Related Work
Onestep consensus algorithms for crash failures have previously been studied.
Brasileiro et al. [2] proposed a general technique for converting any crashtolerant
consensus algorithm into a crashtolerant consensus algorithm that terminates
in one communication step if all correct processors have the same initial value.
Bosco is an extension of the ideas presented in that work to handle Byzantine
failures. The key difference between handling crashed failures and Byzantine
failures is that when Byzantine failures need to be tolerated, equivocation must
be handled correctly.
A simple and elegant crashtolerant consensus algorithm of the same fla
vor, OneThirdRule, appears in [4]. This work has been extended to handle
Byzantine faults by considering transmission faults where messages can be cor
rupted in addition to being dropped [14]. The algorithms in [4,14] differ from the
Page 11
448 Y.J. Song and R. van Renesse
algorithms we have presented because they use a different failure model, where
failures are attributed to message transmissions, rather than to processors.
Friedman et al. [8] proposed a weakly onestep algorithm that tolerates Byzan
tine faults and terminates with probability 1 but does not tolerate a strong net
work adversary. In particular, their protocol is dependent on a common coin
oracle and assumes that the network adversary has no access to this common
coin; a strong network adversary with access to the common coin can prevent
termination. In comparison, Bosco does not explicitly depend on any oracles,
although the subroutine invoked by Bosco may have such dependencies. With a
judicious choice of the consensus subroutine, Bosco can tolerate a strong network
adversary that can arbitrarily reorder messages and collude with Byzantine pro
cessors. In particular, RSBosco does not require any oracles and tolerates strong
network adversaries.
Zielinski [15] presents a framework for expressing various consensus proto
cols using an abstraction called Optimistically Terminating Consensus (OTC).
Among the algorithms constructed by Zielinski are two Byzantine consensus al
gorithms with onestep characteristics that require n > 5t and n > 3t. The
first of these algorithms is a weakly onestep algorithm that requires partial
synchrony; the second algorithm, while appearing to violate the lower bounds
we have shown in this paper, is neither weakly nor strongly onestep because
processors can only decide in the first communication step when, in addition to
the system being failurefree and contentionfree, all processors are fast enough
that the timeout mechanism in the algorithm is not triggered.
Many techniques have been proposed to improve the performance and reduce
the overhead of providing Byzantine fault tolerance. AbdElMalek et al. [16]
proposed the optimistic use of quorums rather than agreement protocols to ob
tain higher throughput. However, in the face of contention, optimistic quorum
systems perform poorly. HQ combines the use of quorums and consensus tech
niques to provide high performance during normal operation and minimize over
head during periods of contention [17]. Probabilistic techniques have also been
proposed to reduce the overhead of using quorum systems to provide Byzantine
faulttolerance [18,19]. Hendricks et al. [20] proposed the use of erasure coding
to minimize the overhead of a Byzantine faulttolerant storage system. Zyzzyva,
another recently proposed Byzantine faulttolerant system, uses optimistic spec
ulation to decrease the latency observed by clients [21]. In comparison, the one
step Byzantine consensus algorithms presented in this paper aims to improve
performance by exploiting contentionfree and failurefree situations to provide
decisions in one communication step.
Lamport [5] presents lower bounds for the number of message delays and the
number of processors needed for several kinds of asynchronous nonByzantine
consensus algorithm in; in particular, Fast Learning algorithms are onestep
algorithms for nonByzantine settings. A onestep version of Paxos [22], Fast
Paxos, is presented in [3,6]. Fast Paxos tolerates only crash failures, although [6]
alludes to the possibility of a Byzantine faulttolerant version of Fast Paxos.
Page 12
Bosco: OneStep Byzantine Asynchronous Consensus 449
7 Conclusion
Byzantine fault tolerance has drawn significant interest from both academia and
the industry recently. While Byzantine fault tolerance aims to provide resilience
against arbitrary failures, in many applications, failures and contention are not
the norm. This paper explores optimization opportunities in contentionfree and
failurefree situations.
Overall, this paper makes three contributions: 1) we provide two definitions of
onestep asynchronous Byzantine consensus algorithms that provide low latency
performance in favorable conditions while guaranteeing strong consistency when
failures and contention occur; 2) we prove lower bounds in the number of proces
sors required for such algorithms; and 3) we present Bosco, a onestep algorithm
for Byzantine asynchronous consensus that meets these bounds.
References
1. Keidar, I., Rajsbaum, S.: On the cost of faulttolerant consensus when there are
no faults. SIGACT News 32(2), 45–63 (2001)
2. Brasileiro, F.V., Greve, F., Most´ efaoui, A., Raynal, M.: Consensus in one commu
nication step. In: Proc. of the 6th International Conference on Parallel Computing
Technologies, pp. 42–50. Springer, London (2001)
3. Boichat, R., Dutta, P., Frolund, S., Guerraoui, R.: Reconstructing Paxos. ACM
SIGACT News 34 (2003)
4. CharronBost, B., Schiper, A.: The HeardOf model: Unifying all benign failures.
Technical Report LSRREPORT2006004, EPFL (2006)
5. Lamport, L.: Lower bounds for asynchronous consensus. Technical Report MSR
TR200472, Microsoft Research (2004)
6. Lamport, L.: Fast Paxos. Distributed Computing 19(2), 79–103 (2006)
7. Dobre, D., Suri, N.: Onestep consensus with zerodegradation. In: DSN 2006:
Proceedings of the International Conference on Dependable Systems and Networks,
pp. 137–146. IEEE Computer Society, Washington (2006)
8. Friedman, R., Mostefaoui, A., Raynal, M.: Simple and efficient oraclebased con
sensus protocols for asynchronous Byzantine systems. IEEE Transactions on De
pendable and Secure Computing 2(1), 46–56 (2005)
9. Lamport, L., Shostak, R., Pease, M.: The Byzantine generals problem. ACM Trans
actions on Programming Languages and Systems 4(3), 382–401 (1982)
10. Fischer, M., Lynch, N., Patterson, M.: Impossibility of distributed consensus with
one faulty process. J. ACM 32(2), 374–382 (1985)
11. Martin, J.P., Alvisi, L.: Fast Byzantine consensus. In: Proceedings of the Interna
tional Conference on Dependable Systems and Networks, pp. 402–411 (June 2005)
12. BenOr, M.: Another advantage of free choice: Completely asynchronous agreement
protocols. In: Proc. of the 2nd ACM Symp. on Principles of Distributed Computing,
Montreal, Quebec, ACM SIGOPSSIGACT, pp. 27–30 (August 1983)
13. Castro, M., Liskov, B.: Practical Byzantine fault tolerance. In: Proc. of the 3rd
Symposium on Operating Systems Design and Implementation (OSDI), New Or
leans, LA (February 1999)
Page 13
450 Y.J. Song and R. van Renesse
14. Biely, M., Widder, J., CharronBost, B., Gaillard, A., Hutle, M., Schiper, A.: Toler
ating corrupted communication. In: PODC 2007: Proceedings of the twentysixth
annual ACM symposium on Principles of Distributed Computing, pp. 244–253.
ACM, New York (2007)
15. Zielinski, P.: Optimistically terminating consensus: All asynchronous consensus
protocols in one framework. In: ISPDC ’06: Proceedings of the Proceedings of The
Fifth International Symposium on Parallel and Distributed Computing, Washing
ton, DC, pp. 24–33. IEEE Computer Society Press, Los Alamitos (2006)
16. AbdElMalek, M., Ganger, G.R., Goodson, G.R., Reiter, M.K., Wylie, J.J.:
Faultscalable Byzantine faulttolerant services. SIGOPS Operating Systems Re
view 39(5), 59–74 (2005)
17. Cowling, J., Myers, D., Liskov, B., Rodrigues, R., Shrira, L.: HQ replication: a
hybrid quorum protocol for Byzantine fault tolerance. In: OSDI 2006: Proceedings
of the 7th symposium on Operating Systems Design and Implementation, pp. 177–
190. USENIX Association, Berkeley (2006)
18. Merideth, M.G., Reiter, M.K.: Probabilistic opaque quorum systems. In: Pelc, A.
(ed.) DISC 2007. LNCS, vol. 4731, pp. 403–419. Springer, Heidelberg (2007)
19. Malkhi, D., Reiter, M.K., Wool, A., Wright, R.N.: Probabilistic quorum systems.
Information and Computation 170(2), 184–206 (2001)
20. Hendricks, J., Ganger, G.R., Reiter, M.K.: Lowoverhead Byzantine faulttolerant
storage. In: Proc. of twentyfirst ACM SIGOPS Symposium on Operating Systems
Principles, pp. 73–86. ACM, New York (2007)
21. Kotla, R., Alvisi, L., Dahlin, M., Clement, A., Wong, E.: Zyzzyva: speculative
Byzantine fault tolerance. In: Proc. of twentyfirst ACM SIGOPS symposium on
Operating Systems Principles, pp. 45–58. ACM, New York (2007)
22. Lamport, L.: The parttime parliament. Trans. on Computer Systems 16(2), 133–
169 (1998)