Signature-Free Broadcast-Based Intrusion Tolerance: Never Decide a Byzantine Value

Provide application processes with strong agreement guarantees despite failures is a fundamental problem of fault-tolerant distributed computing. Correct processes have not to be “polluted” by the erroneous behavior of faulty processes. This paper considers the consensus agreement problem in a setting where some processes can behave arbitrarily (Byzantine behavior). In such a context it is possible that Byzantine processes collude to direct the correct processes to decide on a “bad” value (a value proposed only by faulty processes). The paper has several contributions. It presents a family of consensus algorithms in which no bad value is ever decided by correct processes. These processes always decide a value they have proposed (and this is always the case when they all propose the same value) or a default value ⊥. These algorithms are called intrusion-free consensus algorithms. To that end, each consensus algorithm is based on an appropriate underlying broadcast algorithm. One of these abstractions, called validated broadcast is new and allows the design of a resilience-optimal consensus algorithm (i.e., it copes with up to t < n/3 faulty processes where n is the total number of processes). All proposed consensus algorithms assume the underlying system is enriched with additional computational power provided by a binary Byzantine consensus algorithm. The paper presents also a resilience-optimal randomized binary consensus algorithm based on the validated broadcast abstraction. An important feature of all these algorithms lies in the fact that they are signature-free (and hence particularly efficient). Key-words: Asynchronous message-passing system, Broadcast abstraction, Byzantine process, Consensus problem, Fault-tolerance, Intrusion-tolerance, Reliable broadcast, Resilience, Signature-free algorithm, Time-free algorithm. Tolerance aux intrusions sans authentification Résumé : Ce rapport propose une famille de protocoles de décision qui assurent que la valeur de décision n’est jamais une valeur proposée par des processus malicieux. Ces protocoles sont fondés sur différentes opérations de diffusion mais sans utiliser la cryptographie. Mots clés : Système à communication par messages, opération de diffusion, processus byzantin, problème de consensus, tolèrance aux fautes, intrusions, diffusion fiable, protocole sans signatures. * Projet ASAP: équipe commune avec l’INRIA, le CNRS, l’université Rennes 1 et l’INSA de Rennes ** Projet ASAP: équipe commune avec l’INRIA, le CNRS, l’université Rennes 1 et l’INSA de Rennes c ©IRISA – Campus de Beaulieu – 35042 Rennes Cedex – France – +33 2 99 84 71 00 – www.irisa.fr in ria -0 04 95 65 3, v er si on 1 28 J un 2 01 0 2 A. Mostefaoui & M. Raynal