auto

notes/pbft.md

@@ -7,9 +7,9 @@
 
 ## Differences from fail-stop consensus
 - 3*f*+1 replicas instead of 2*f*+1 (non-byzantine consensus):
-  - must be possible to make progress w/ only *n - f* replicas (because *f* might be faulty and choose not to respond)
-  - however, the *f* not responding might be correct but slow (asynchrony), so there might be *f* bad responses out of the *n - f*
-  - implies *(n - f - f) > f*, or *n >= 3f + 1*
+  - must be possible to make progress w/ only *n - f* replicas (because *f* might be faulty and respond)
+  - however, the *f* not responding might be correct but slow (asynchrony), so there might be *f* bad responses in the *n - f* responses
+  - implies *(n - f - f) > f*, or *n >= 3f + 1* in order to guarantee majority
 - 3 phases instead of two
 - cryptographic signatures
 
@@ -17,7 +17,7 @@
 - safety, liveness (*n >= 3f+1*)
   - can't prove both in async environment
   - safety guaranteed through protocol
-  - liveness "guaranteed" with reasonable assumption on msg delays
+  - so liveness must be "guaranteed" by limits on asynchrony (e.g., reasonable assumption on msg delays)
   - performance
     - one round trip for reads
     - 2 round trips for read/write
@@ -26,16 +26,14 @@
 - different security provisions (root passwd etc)
 - different implementations  !!
 
-
-**byzantine faults**
-- adversary(s) can
+## Definitions
+- a **view** is a configuration of the system w/ one replica the *primary* and the others *backups*.
+- **byzantine faults**: adversary(s) can
   - coordinate faulty nodes
   - delay communication of non-faulty nodes (but not indefinitely)
-- equivocation
-  - saying "yes" to Larry, "no" to "Moe"
-- lying about received messages
-- guarantees:
-  - safety and liveness (assuming only *floor(n-1/3)* faulty, *delay(t)* does not grow faster than *t* indefinitely
+  - equivocation
+  - say "yes" to Larry, "no" to "Moe"
+  - lie about received messages
 
 **cool things**
 - much more robust/secure than paxos
@@ -43,23 +41,33 @@
   - little other cost
 - authenticators
 
+## Rough outline
+1. client sends request to invoke an operation to the primary
+1. Primary multicasts request to backups
+1. Replicas execute the request and send replies to the client
+1. Client waits for $f+1$ replies from different reqplicas w/ same result
 
+- guarantees:
+  - safety and liveness (assuming only $\lfloor{\frac{n-1}{3}}\rfloor$ faulty, *delay(t)* does not grow faster than *t* indefinitely
 
 ![pbft normal case](pbftNormal.png)
 
 ## Phases
-- *pre-prepare* and *prepare* phases order request even if primary lying
+- *pre-prepare* and *prepare* phases order request even if primary faulty
   - replica tells all others what the primary told it
+- *prepare* and *commit* phases ensure commits are totally ordered across views
+
+
 - a replica is *prepared* when:
   - has received a proper pre-prepare from primary, signature, current *view*
   - 2*f* "prepares" from other replicas that match it
   - Such a replica then:
     - multicasts "commit" to other replicas
-  - a replica is committed-local iff:
-	- *committed*, and 
-    - has accepted 2*f*+1 commit msgs (possibly including it's own)
-  - system is *committed* iff *prepared* true for *f*+1 replicas
-    - *committed* true iff *committed-local* true for some non-faulty replica
+- a replica is committed-local iff:
+  - *committed*, and 
+  - has accepted 2*f*+1 commit msgs (possibly including it's own)
+- system is *committed* iff *prepared* true for *f*+1 replicas
+  - *committed* true iff *committed-local* true for some non-faulty replica
 	
 
 ## Optimizations