New Page 0

This lecture is on fault-tolerance and focused on impossibility results. We motivate and then discuss the FLP impossibility result and then motivate and discuss a simple Byzantine Agreement result. The BA algorithm discussed here is a very simple one that uses digital signatures; this makes it possible for processes to send out "witness" messages telling what they observed in a prior round. The effect is to force a traitor to behave like a normal participant; any other behavior allows the protocol to stop early.

When I cover this material I go slowly on the FLP and BA parts, and hence run out of time before talking about split secrets and other tricks used to protect a system against forms of insider attack. However, you may find it easier to actually skip the FLP and BA protocols and in that case, you'll have more time for the slides at the tail end of the lecture.

In my version of this lecture,by far the most important take-away is that "impossible" means "there is a strategy that can indefinitely delay consensus in asynchronous systems" but also "in practice this strategy involves a degree of knowledge that attackers don't have and hence is of probability zero." Students need to understand that "impossibility" is a formal concept and relates to the existence of at least one run that doesn't terminate in a decision state -- e.g. a protocol might work in every practical setting of interest, and yet could still be unable to guarantee termination because FLP includes a very impractical, unrealistic, kind of a attack.

The key thing that the students need to understand is that despite the theory, which is confusing, consensus is actually a practical tool and that we use agreement all the time. The implication of FLP is not that our solutions are somehow "wrong." Rather, FLP teaches us that there are goals they cannot achieve and guarantees they cannot provide. I like to talk about the idea of systems being probabilistic -- all systems. We like to imagine that we can prove an algorithm correct and then walk away, but of course that assumes the algorithm was coded correctly, that the compiler is correct, the O/S and even the hardware. So while FLP does show that there are some kinds of consensus we can't always, in every possible scenario, manage to achieve, this was really something any engineer should have known in any case!