-
Asynchronous BFT Asset Transfer: Quasi-Anonymous, Light, and Consensus-Free
Authors:
Timothé Albouy,
Emmanuelle Anceaume,
Davide Frey,
Mathieu Gestin,
Arthur Rauch,
Michel Raynal,
François Taïani
Abstract:
This article introduces a new asynchronous Byzantine-tolerant asset transfer system (cryptocurrency) with three noteworthy properties: quasi-anonymity, lightness, and consensus-freedom. Quasi-anonymity means no information is leaked regarding the receivers and amounts of the asset transfers. Lightness means that the underlying cryptographic schemes are \textit{succinct}, and each process only stor…
▽ More
This article introduces a new asynchronous Byzantine-tolerant asset transfer system (cryptocurrency) with three noteworthy properties: quasi-anonymity, lightness, and consensus-freedom. Quasi-anonymity means no information is leaked regarding the receivers and amounts of the asset transfers. Lightness means that the underlying cryptographic schemes are \textit{succinct}, and each process only stores data polylogarithmic in the number of its own transfers.Consensus-freedom means the system does not rely on a total order of asset transfers. The proposed algorithm is the first asset transfer system that simultaneously fulfills all these properties in the presence of asynchrony and Byzantine processes. To obtain them, the paper adopts a modular approach combining a new distributed object called agreement proofs and well-known techniques such as vector commitments, universal accumulators, and zero-knowledge proofs. The paper also presents a new non-trivial universal accumulator implementation that does not need knowledge of the underlying accumulated set to generate (non-)membership proofs, which could benefit other crypto-based applications.
△ Less
Submitted 28 May, 2024;
originally announced May 2024.
-
On the Conflict of Robustness and Learning in Collaborative Machine Learning
Authors:
Mathilde Raynal,
Carmela Troncoso
Abstract:
Collaborative Machine Learning (CML) allows participants to jointly train a machine learning model while kee** their training data private. In scenarios where privacy is a strong requirement, such as health-related applications, safety is also a primary concern. This means that privacy-preserving CML processes must produce models that output correct and reliable decisions \emph{even in the prese…
▽ More
Collaborative Machine Learning (CML) allows participants to jointly train a machine learning model while kee** their training data private. In scenarios where privacy is a strong requirement, such as health-related applications, safety is also a primary concern. This means that privacy-preserving CML processes must produce models that output correct and reliable decisions \emph{even in the presence of potentially untrusted participants}. In response to this issue, researchers propose to use \textit{robust aggregators} that rely on metrics which help filter out malicious contributions that could compromise the training process. In this work, we formalize the landscape of robust aggregators in the literature. Our formalization allows us to show that existing robust aggregators cannot fulfill their goal: either they use distance-based metrics that cannot accurately identify targeted malicious updates; or propose methods whose success is in direct conflict with the ability of CML participants to learn from others and therefore cannot eliminate the risk of manipulation without preventing learning.
△ Less
Submitted 21 February, 2024;
originally announced February 2024.
-
Towards Optimal Communication Byzantine Reliable Broadcast under a Message Adversary
Authors:
Timothé Albouy,
Davide Frey,
Ran Gelles,
Carmit Hazay,
Michel Raynal,
Elad Michael Schiller,
Francois Taiani,
Vassilis Zikas
Abstract:
We address the problem of Reliable Broadcast in asynchronous message-passing systems with $n$ nodes, of which up to $t$ are malicious (faulty), in addition to a message adversary that can drop some of the messages sent by correct (non-faulty) nodes.
We present a Message-Adversary-Tolerant Byzantine Reliable Broadcast (MBRB) algorithm that communicates an almost optimal amount of $O(|m|+n^2κ)$ bi…
▽ More
We address the problem of Reliable Broadcast in asynchronous message-passing systems with $n$ nodes, of which up to $t$ are malicious (faulty), in addition to a message adversary that can drop some of the messages sent by correct (non-faulty) nodes.
We present a Message-Adversary-Tolerant Byzantine Reliable Broadcast (MBRB) algorithm that communicates an almost optimal amount of $O(|m|+n^2κ)$ bits per node, where $|m|$ represents the length of the application message and $κ=Ω(\log n)$ is a security parameter. This improves upon the state-of-the-art MBRB solution (Albouy, Frey, Raynal, and Taïani, SSS 2021), which incurs communication of $O(n|m|+n^2κ)$ bits per node.
Our solution sends at most $4n^2$ messages overall, which is asymptotically optimal. Reduced communication is achieved by employing coding techniques that replace the need for all nodes to (re-)broadcast the entire message~$m$. Instead, nodes forward authenticated fragments of the encoding of $m$ using an erasure-correcting code. Under the cryptographic assumptions of PKI and collision-resistant hash, and assuming $n > 3t + 2d$, where the adversary drops at most~$d$ messages per broadcast, our algorithm allows most of the correct nodes to reconstruct~$m$, despite missing fragments caused by the malicious nodes and the message adversary.
△ Less
Submitted 25 December, 2023;
originally announced December 2023.
-
Process-Commutative Distributed Objects: From Cryptocurrencies to Byzantine-Fault-Tolerant CRDTs
Authors:
Davide Frey,
Lucie Guillou,
Michel Raynal,
François Taïani
Abstract:
This paper explores the territory that lies between best-effort Byzantine-Fault-Tolerant Conflict-free Replicated Data Types (BFT CRDTs) and totally ordered distributed ledgers, such as those implemented by Blockchains. It formally characterizes a novel class of distributed objects that only requires a First In First Out (FIFO) order on the object operations from each process (taken individually).…
▽ More
This paper explores the territory that lies between best-effort Byzantine-Fault-Tolerant Conflict-free Replicated Data Types (BFT CRDTs) and totally ordered distributed ledgers, such as those implemented by Blockchains. It formally characterizes a novel class of distributed objects that only requires a First In First Out (FIFO) order on the object operations from each process (taken individually). The formalization leverages Mazurkiewicz traces to define legal sequences of operations and ensure both Strong Eventual Consistency (SEC) and Pipleline Consistency (PC). The paper presents a generic algorithm that implements this novel class of distributed objects both in a crash- and Byzantine setting. It also illustrates the practical interest of the proposed approach using four instances of this class of objects, namely money transfer, Petri nets, multi-sets, and concurrent work stealing dequeues.
△ Less
Submitted 8 March, 2024; v1 submitted 23 November, 2023;
originally announced November 2023.
-
Self-stabilizing Byzantine Multivalued Consensus
Authors:
Romaric Duvignau,
Michel Raynal,
Elad Michael Schiller
Abstract:
Consensus, abstracting a myriad of problems in which processes have to agree on a single value, is one of the most celebrated problems of fault-tolerant distributed computing. Consensus applications include fundamental services for the environments of the Cloud and Blockchain, and in such challenging environments, malicious behaviors are often modeled as adversarial Byzantine faults.
At OPODIS 2…
▽ More
Consensus, abstracting a myriad of problems in which processes have to agree on a single value, is one of the most celebrated problems of fault-tolerant distributed computing. Consensus applications include fundamental services for the environments of the Cloud and Blockchain, and in such challenging environments, malicious behaviors are often modeled as adversarial Byzantine faults.
At OPODIS 2010, Mostefaoui and Raynal (in short MR) presented a Byzantine-tolerant solution to consensus in which the decided value cannot be a value proposed only by Byzantine processes. MR has optimal resilience co** with up to t < n/3 Byzantine nodes over n processes. MR provides this multivalued consensus object (which accepts proposals taken from a finite set of values) assuming the availability of a single Binary consensus object (which accepts proposals taken from the set {0,1}).
This work, which focuses on multivalued consensus, aims at the design of an even more robust solution than MR. Our proposal expands MR's fault-model with self-stabilization, a vigorous notion of fault-tolerance. In addition to tolerating Byzantine, self-stabilizing systems can automatically recover after the occurrence of arbitrary transient-faults. These faults represent any violation of the assumptions according to which the system was designed to operate (provided that the algorithm code remains intact).
To the best of our knowledge, we propose the first self-stabilizing solution for intrusion-tolerant multivalued consensus for asynchronous message-passing systems prone to Byzantine failures. Our solution has a O(t) stabilization time from arbitrary transient faults.
△ Less
Submitted 15 November, 2023;
originally announced November 2023.
-
Context Adaptive Cooperation
Authors:
Timothé Albouy,
Davide Frey,
Mathieu Gestin,
Michel Raynal,
François Taïani
Abstract:
Reliable broadcast and consensus are the two pillars that support a lot of non-trivial fault-tolerant distributed middleware and fault-tolerant distributed systems. While they have close definitions, they strongly differ in the underlying assumptions needed to implement each of them. Reliable broadcast can be implemented in asynchronous systems in the presence of crash or Byzantine failures while…
▽ More
Reliable broadcast and consensus are the two pillars that support a lot of non-trivial fault-tolerant distributed middleware and fault-tolerant distributed systems. While they have close definitions, they strongly differ in the underlying assumptions needed to implement each of them. Reliable broadcast can be implemented in asynchronous systems in the presence of crash or Byzantine failures while Consensus cannot. This key difference stems from the fact that consensus involves synchronization between multiple processes that concurrently propose values, while reliable broadcast simply involves delivering a message from a predefined sender. This paper strikes a balance between these two agreement abstractions in the presence of Byzantine failures. It proposes CAC, a novel agreement abstraction that enables multiple processes to broadcast messages simultaneously, while guaranteeing that (despite potential conflicts, asynchrony, and Byzantine behaviors) the non-faulty processes will agree on messages deliveries. We show that this novel abstraction can enable more efficient algorithms for a variety of applications (such as money transfer where several people can share a same account). This is obtained by focusing the need for synchronization only on the processes that actually need to synchronize.
△ Less
Submitted 15 November, 2023;
originally announced November 2023.
-
Better Sooner Rather Than Later
Authors:
Anaïs Durand,
Michel Raynal,
Gadi Taubenfeld
Abstract:
This article unifies and generalizes fundamental results related to $n$-process asynchronous crash-prone distributed computing. More precisely, it proves that for every $0\leq k \leq n$, assuming that process failures occur only before the number of participating processes bypasses a predefined threshold that equals $n-k$ (a participating process is a process that has executed at least one stateme…
▽ More
This article unifies and generalizes fundamental results related to $n$-process asynchronous crash-prone distributed computing. More precisely, it proves that for every $0\leq k \leq n$, assuming that process failures occur only before the number of participating processes bypasses a predefined threshold that equals $n-k$ (a participating process is a process that has executed at least one statement of its code), an asynchronous algorithm exists that solves consensus for $n$ processes in the presence of $f$ crash failures if and only if $f \leq k$. In a very simple and interesting way, the "extreme" case $k=0$ boils down to the celebrated FLP impossibility result (1985, 1987). Moreover, the second extreme case, namely $k=n$, captures the celebrated mutual exclusion result by E.W. Dijkstra (1965) that states that mutual exclusion can be solved for $n$ processes in an asynchronous read/write shared memory system where any number of processes may crash (but only) before starting to participate in the algorithm (that is, participation is not required, but once a process starts participating it may not fail). More generally, the possibility/impossibility stated above demonstrates that more failures can be tolerated when they occur earlier in the computation (hence the title).
△ Less
Submitted 20 September, 2023;
originally announced September 2023.
-
Self-stabilizing Byzantine-tolerant Recycling
Authors:
Chryssis Georgiou,
Michel Raynal,
Elad M. Schiller
Abstract:
Numerous distributed applications, such as cloud computing and distributed ledgers, necessitate the system to invoke asynchronous consensus objects an unbounded number of times, where the completion of one consensus instance is followed by the invocation of another. With only a constant number of objects available, object reuse becomes vital.
We investigate the challenge of object recycling in t…
▽ More
Numerous distributed applications, such as cloud computing and distributed ledgers, necessitate the system to invoke asynchronous consensus objects an unbounded number of times, where the completion of one consensus instance is followed by the invocation of another. With only a constant number of objects available, object reuse becomes vital.
We investigate the challenge of object recycling in the presence of Byzantine processes, which can deviate from the algorithm code in any manner. Our solution must also be self-stabilizing, as it is a powerful notion of fault tolerance. Self-stabilizing systems can recover automatically after the occurrence of arbitrary transient faults, in addition to tolerating communication and (Byzantine or crash) process failures, provided the algorithm code remains intact.
We provide a recycling mechanism for asynchronous objects that enables their reuse once their task has ended, and all non-faulty processes have retrieved the decided values. This mechanism relies on synchrony assumptions and builds on a new self-stabilizing Byzantine-tolerant synchronous multivalued consensus algorithm, along with a novel composition of existing techniques.
△ Less
Submitted 27 July, 2023;
originally announced July 2023.
-
Good-case Early-Stop** Latency of Synchronous Byzantine Reliable Broadcast: The Deterministic Case (Extended Version)
Authors:
Timothé Albouy,
Davide Frey,
Michel Raynal,
François Taïani
Abstract:
This paper considers the good-case latency of Byzantine Reliable Broadcast (BRB), i.e., the time taken by correct processes to deliver a message when the initial sender is correct. This time plays a crucial role in the performance of practical distributed systems. Although significant strides have been made in recent years on this question, progress has mainly focused on either asynchronous or ran…
▽ More
This paper considers the good-case latency of Byzantine Reliable Broadcast (BRB), i.e., the time taken by correct processes to deliver a message when the initial sender is correct. This time plays a crucial role in the performance of practical distributed systems. Although significant strides have been made in recent years on this question, progress has mainly focused on either asynchronous or randomized algorithms. By contrast, the good-case latency of deterministic synchronous BRB under a majority of Byzantine faults has been little studied. In particular, it was not known whether a goodcase latency below the worst-case bound of t + 1 rounds could be obtained. This work answers this open question positively and proposes a deterministic synchronous Byzantine reliable broadcast that achieves a good-case latency of max(2, t + 3 -- c) rounds, where t is the upper bound on the number of Byzantine processes and c the number of effectively correct processes.
△ Less
Submitted 10 March, 2023; v1 submitted 9 March, 2023;
originally announced March 2023.
-
Can Decentralized Learning be more robust than Federated Learning?
Authors:
Mathilde Raynal,
Dario Pasquini,
Carmela Troncoso
Abstract:
Decentralized Learning (DL) is a peer--to--peer learning approach that allows a group of users to jointly train a machine learning model. To ensure correctness, DL should be robust, i.e., Byzantine users must not be able to tamper with the result of the collaboration. In this paper, we introduce two \textit{new} attacks against DL where a Byzantine user can: make the network converge to an arbitra…
▽ More
Decentralized Learning (DL) is a peer--to--peer learning approach that allows a group of users to jointly train a machine learning model. To ensure correctness, DL should be robust, i.e., Byzantine users must not be able to tamper with the result of the collaboration. In this paper, we introduce two \textit{new} attacks against DL where a Byzantine user can: make the network converge to an arbitrary model of their choice, and exclude an arbitrary user from the learning process. We demonstrate our attacks' efficiency against Self--Centered Clip**, the state--of--the--art robust DL protocol. Finally, we show that the capabilities decentralization grants to Byzantine users result in decentralized learning \emph{always} providing less robustness than federated learning.
△ Less
Submitted 7 March, 2023;
originally announced March 2023.
-
The Synchronization Power (Consensus Number) of Access-Control Objects: The Case of AllowList and DenyList
Authors:
Davide Frey,
Mathieu Gestin,
Michel Raynal
Abstract:
This article studies the synchronization power of AllowList and DenyList objects under the lens provided by Herlihy's consensus hierarchy. It specifies AllowList and DenyList as distributed objects and shows that while they can both be seen as specializations of a more general object type, they inherently have different synchronization properties. While the AllowList object does not require synchr…
▽ More
This article studies the synchronization power of AllowList and DenyList objects under the lens provided by Herlihy's consensus hierarchy. It specifies AllowList and DenyList as distributed objects and shows that while they can both be seen as specializations of a more general object type, they inherently have different synchronization properties. While the AllowList object does not require synchronization between participating processes, a DenyList object requires processes to reach consensus on a specific set of processes. These results are then applied to the analysis of anonymity-preserving systems that use AllowList and DenyList objects. First, a blind-signature-based e-voting is presented. Then DenyList and AllowList objects are used to determine the consensus number of a specific decentralized key management system. Finally, an anonymous money transfer protocol using the association of AllowList and DenyList objects is studied.
△ Less
Submitted 8 August, 2023; v1 submitted 13 February, 2023;
originally announced February 2023.
-
Self-stabilizing Total-order Broadcast
Authors:
Oskar Lundström,
Michel Raynal,
Elad Michael Schiller
Abstract:
The problem of total-order (uniform reliable) broadcast is fundamental in fault-tolerant distributed computing since it abstracts a broad set of problems requiring processes to uniformly deliver messages in the same order in which they were sent. Existing solutions (that tolerate process failures) reduce the total-order broadcast problem to the one of multivalued consensus.
Our study aims at the…
▽ More
The problem of total-order (uniform reliable) broadcast is fundamental in fault-tolerant distributed computing since it abstracts a broad set of problems requiring processes to uniformly deliver messages in the same order in which they were sent. Existing solutions (that tolerate process failures) reduce the total-order broadcast problem to the one of multivalued consensus.
Our study aims at the design of an even more reliable solution. We do so through the lenses of self-stabilization-a very strong notion of fault tolerance. In addition to node and communication failures, self-stabilizing algorithms can recover after the occurrence of arbitrary transient faults; these faults represent any violation of the assumptions according to which the system was designed to operate (as long as the algorithm code stays intact).
This work proposes the first (to the best of our knowledge) self-stabilizing algorithm for total-order (uniform reliable) broadcast for asynchronous message-passing systems prone to process failures and transient faults. As we show, the proposed solution facilitates the elegant construction of self-stabilizing state-machine replication using bounded memory.
△ Less
Submitted 29 September, 2022;
originally announced September 2022.
-
Private Collection Matching Protocols
Authors:
Kasra EdalatNejad,
Mathilde Raynal,
Wouter Lueks,
Carmela Troncoso
Abstract:
We introduce Private Collection Matching (PCM) problems, in which a client aims to determine whether a collection of sets owned by a server matches their interests. Existing privacy-preserving cryptographic primitives cannot solve PCM problems efficiently without harming privacy. We propose a modular framework that enables designers to build privacy-preserving PCM systems that output one bit: whet…
▽ More
We introduce Private Collection Matching (PCM) problems, in which a client aims to determine whether a collection of sets owned by a server matches their interests. Existing privacy-preserving cryptographic primitives cannot solve PCM problems efficiently without harming privacy. We propose a modular framework that enables designers to build privacy-preserving PCM systems that output one bit: whether a collection of server sets matches the client's set. The communication cost of our protocols scales linearly with the size of the client's set and is independent of the number of server elements. We demonstrate the potential of our framework by designing and implementing novel solutions for two real-world PCM problems: determining whether a dataset has chemical compounds of interest, and determining whether a document collection has relevant documents. Our evaluation shows that we offer a privacy gain with respect to existing works at a reasonable communication and computation cost.
△ Less
Submitted 14 December, 2022; v1 submitted 14 June, 2022;
originally announced June 2022.
-
Asynchronous Byzantine Reliable Broadcast With a Message Adversary
Authors:
Timothé Albouy,
Davide Frey,
Michel Raynal,
François Taïani
Abstract:
This paper considers the problem of reliable broadcast in asynchronous authenticated systems, in which n processes communicate using signed messages and up to t processes may behave arbitrarily (Byzantine processes). In addition, for each message m broadcast by a correct (i.e., non-Byzantine) process, a message adversary may prevent up to d correct processes from receiving m. (This message adversa…
▽ More
This paper considers the problem of reliable broadcast in asynchronous authenticated systems, in which n processes communicate using signed messages and up to t processes may behave arbitrarily (Byzantine processes). In addition, for each message m broadcast by a correct (i.e., non-Byzantine) process, a message adversary may prevent up to d correct processes from receiving m. (This message adversary captures network failures such as transient disconnections, silent churn, or message losses.) Considering such a "double" adversarial context and assuming n > 3t + 2d, a reliable broadcast algorithm is presented. Interestingly, when there is no message adversary (i.e., d = 0), the algorithm terminates in two communication steps (so, in this case, this algorithm is optimal in terms of both Byzantine tolerance and time efficiency). It is then shown that the condition n > 3t + 2d is necessary for implementing reliable broadcast in the presence of both Byzantine processes and a message adversary (whether the underlying system is enriched with signatures or not).
△ Less
Submitted 20 May, 2022;
originally announced May 2022.
-
On the (In)security of Peer-to-Peer Decentralized Machine Learning
Authors:
Dario Pasquini,
Mathilde Raynal,
Carmela Troncoso
Abstract:
In this work, we carry out the first, in-depth, privacy analysis of Decentralized Learning -- a collaborative machine learning framework aimed at addressing the main limitations of federated learning. We introduce a suite of novel attacks for both passive and active decentralized adversaries. We demonstrate that, contrary to what is claimed by decentralized learning proposers, decentralized learni…
▽ More
In this work, we carry out the first, in-depth, privacy analysis of Decentralized Learning -- a collaborative machine learning framework aimed at addressing the main limitations of federated learning. We introduce a suite of novel attacks for both passive and active decentralized adversaries. We demonstrate that, contrary to what is claimed by decentralized learning proposers, decentralized learning does not offer any security advantage over federated learning. Rather, it increases the attack surface enabling any user in the system to perform privacy attacks such as gradient inversion, and even gain full control over honest users' local model. We also show that, given the state of the art in protections, privacy-preserving configurations of decentralized learning require fully connected networks, losing any practical advantage over the federated setup and therefore completely defeating the objective of the decentralized approach.
△ Less
Submitted 10 November, 2023; v1 submitted 17 May, 2022;
originally announced May 2022.
-
Co** with Byzantine Processes and a Message Adversary: Modularity Helps!
Authors:
Davide Frey,
Michel Raynal,
François Taïani,
Timothé Albouy
Abstract:
This paper explores how reliable broadcast can be implemented when facing a dual adversary that can both corrupt processes and remove messages.More precisely, we consider an asynchronous $n$-process message-passing systems in which up to $t_b$ processes are Byzantine and where, at the network level, for each message broadcast by a correct process, an adversary can prevent up to $t_m$ processes fro…
▽ More
This paper explores how reliable broadcast can be implemented when facing a dual adversary that can both corrupt processes and remove messages.More precisely, we consider an asynchronous $n$-process message-passing systems in which up to $t_b$ processes are Byzantine and where, at the network level, for each message broadcast by a correct process, an adversary can prevent up to $t_m$ processes from receiving it (the integer $t_m$ defines the power of the message adversary).So, differently from previous works, this work considers that not only computing entities can be faulty (Byzantine processes), but also that the network can lose messages.To this end, the paper first introduces a new basic communication abstraction denoted $k\ell$-cast, and studies its properties in this new bi-dimensional adversary context.Then, the paper deconstructs existing Byzantine-tolerant asynchronous broadcast algorithms and, with the help of the $k\ell$-cast communication abstraction, reconstructs versions of them that tolerate both Byzantine processes and message adversaries.Interestingly, these reconstructed algorithms are also more efficient than the Byzantine-tolerant-only algorithms from which they originate.The paper also shows that the condition $n>3t_b+2t_m$ is necessary and sufficient (with signatures) to design such reliable broadcast algorithms.
△ Less
Submitted 2 June, 2022; v1 submitted 28 April, 2022;
originally announced April 2022.
-
Election in Fully Anonymous Shared Memory Systems: Tight Space Bounds and Algorithms
Authors:
Damien Imbs,
Michel Raynal,
Gadi Taubenfeld
Abstract:
This article addresses election in fully anonymous systems made up of $n$ asynchronous processes that communicate through atomic read-write registers or atomic read-modify-write registers. Given an integer $d\in\{1,\dots, n-1\}$, two elections problems are considered: $d$-election (at least one and at most $d$ processes are elected) and exact $d$-election (exactly $d$ processes are elected). Full…
▽ More
This article addresses election in fully anonymous systems made up of $n$ asynchronous processes that communicate through atomic read-write registers or atomic read-modify-write registers. Given an integer $d\in\{1,\dots, n-1\}$, two elections problems are considered: $d$-election (at least one and at most $d$ processes are elected) and exact $d$-election (exactly $d$ processes are elected). Full anonymity means that both the processes and the shared registers are anonymous. Memory anonymity means that the processes may disagree on the names of the shared registers. That is, the same register name $A$ can denote different registers for different processes, and the register name $A$ used by a process and the register name $B$ used by another process can address the same shared register.
△ Less
Submitted 6 March, 2022;
originally announced March 2022.
-
Self-stabilizing Byzantine Fault-tolerant Repeated Reliable Broadcast
Authors:
Romaric Duvignau,
Michel Raynal,
Elad Michael Schiller
Abstract:
We study a well-known communication abstraction called Byzantine Reliable Broadcast (BRB). This abstraction is central in the design and implementation of fault-tolerant distributed systems, as many fault-tolerant distributed applications require communication with provable guarantees on message deliveries. Our study focuses on fault-tolerant implementations for message-passing systems that are pr…
▽ More
We study a well-known communication abstraction called Byzantine Reliable Broadcast (BRB). This abstraction is central in the design and implementation of fault-tolerant distributed systems, as many fault-tolerant distributed applications require communication with provable guarantees on message deliveries. Our study focuses on fault-tolerant implementations for message-passing systems that are prone to process-failures, such as crashes and malicious behavior.
At PODC 1983, Bracha and Toueg, in short, BT, solved the BRB problem. BT has optimal resilience since it can deal with t < n/3 Byzantine processes, where n is the number of processes. The present work aims at the design of an even more robust solution than BT by expanding its fault-model with self-stabilization, a vigorous notion of fault-tolerance. In addition to tolerating Byzantine and communication failures, self-stabilizing systems can recover after the occurrence of arbitrary transient-faults. These faults represent any violation of the assumptions according to which the system was designed to operate (provided that the algorithm code remains intact).
We propose, to the best of our knowledge, the first self-stabilizing Byzantine fault-tolerant (BFT) solution for repeated BRB in signature-free message-passing systems (that follows BT's problem specifications). Our contribution includes a self-stabilizing variation on a BT that solves a single-instance BRB for asynchronous systems. We also consider the problem of recycling instances of single-instance BRB. Our self-stabilizing BFT recycling for time-free systems facilitates the concurrent handling of a predefined number of BRB invocations and, by this way, can serve as the basis for self-stabilizing BFT consensus.
△ Less
Submitted 3 October, 2022; v1 submitted 30 January, 2022;
originally announced January 2022.
-
Self-stabilizing Byzantine- and Intrusion-tolerant Consensus
Authors:
Romaric Duvignau,
Michel Raynal,
Elad Michael Schiller
Abstract:
One of the most celebrated problems of fault-tolerant distributed computing is the consensus problem. It was shown to abstract a myriad of problems in which processes have to agree on a single value. Consensus applications include fundamental services for the environments of the Cloud or Blockchain. In such challenging environments, malicious behavior is often modeled as adversarial Byzantine faul…
▽ More
One of the most celebrated problems of fault-tolerant distributed computing is the consensus problem. It was shown to abstract a myriad of problems in which processes have to agree on a single value. Consensus applications include fundamental services for the environments of the Cloud or Blockchain. In such challenging environments, malicious behavior is often modeled as adversarial Byzantine faults. At OPODIS 2010, Moste}faoui and Raynal, in short, MR, presented a Byzantine- and intrusion-tolerant solution to consensus in which the decided value cannot be a value proposed only by Byzantine processes. In addition to this validity property, MR has optimal resilience since it can deal with up to t < n/3 Byzantine processes, where n is the number of processes. We note that MR provides this multivalued consensus object (which accepts proposals taken from a set with a finite number of values) assuming the availability of a single Binary consensus object (which accepts proposals taken from the set {0,1}).
This work, which focuses on multivalued consensus, aims at the design of an even more robust solution than MR. Our proposal expands MR's fault-model with self-stabilization, a vigorous notion of fault-tolerance. In addition to tolerating Byzantine and communication failures, self-stabilizing systems can automatically recover after the occurrence of arbitrary transient-faults. These faults represent any violation of the assumptions according to which the system was designed to operate (provided that the algorithm code remains intact).
To the best of our knowledge, we propose the first self-stabilizing solution for intrusion-tolerant multivalued consensus for asynchronous message-passing systems prone to Byzantine failures.
△ Less
Submitted 10 September, 2022; v1 submitted 16 October, 2021;
originally announced October 2021.
-
Leader Election in Arbitrarily Connected Networks with Process Crashes and Weak Channel Reliability
Authors:
Carlos López,
Sergio Rajsbaum,
Michel Raynal,
Karla Vargas
Abstract:
A channel from a process p to a process q satisfies the ADD property if there are constants K and D, unknown to the processes, such that in any sequence of K consecutive messages sent by p to q, at least one of them is delivered to q at most D time units after it has been sent. This paper studies implementations of an eventual leader, namely, an Ω failure detector, in an arbitrarily connected netw…
▽ More
A channel from a process p to a process q satisfies the ADD property if there are constants K and D, unknown to the processes, such that in any sequence of K consecutive messages sent by p to q, at least one of them is delivered to q at most D time units after it has been sent. This paper studies implementations of an eventual leader, namely, an Ω failure detector, in an arbitrarily connected network of eventual ADD channels, where processes may fail by crashing. It first presents an algorithm that assumes that processes initially know n, the total number of processes, sending messages of size O( log n). Then, it presents a second algorithm that does not assume the processes know n. Eventually the size of the messages sent by this algorithm is also O( log n). These are the first implementations of leader election in the ADD model. In this model, only eventually perfect failure detectors were considered, sending messages of size O(n log n).
△ Less
Submitted 6 May, 2021;
originally announced May 2021.
-
Self-stabilizing Multivalued Consensus in Asynchronous Crash-prone Systems
Authors:
Oskar Lundström,
Michel Raynal,
Elad Michael Schiller
Abstract:
The problem of multivalued consensus is fundamental in the area of fault-tolerant distributed computing since it abstracts a very broad set of agreement problems in which processes have to uniformly decide on a specific value v in V, where |V| >1. Existing solutions (that tolerate process failures) reduce the multivalued consensus problem to the one of binary consensus, e.g., Mostefaoui-Raynal-Tro…
▽ More
The problem of multivalued consensus is fundamental in the area of fault-tolerant distributed computing since it abstracts a very broad set of agreement problems in which processes have to uniformly decide on a specific value v in V, where |V| >1. Existing solutions (that tolerate process failures) reduce the multivalued consensus problem to the one of binary consensus, e.g., Mostefaoui-Raynal-Tronel and Zhang-Chen.
Our study aims at the design of an even more reliable solution. We do so through the lenses of self-stabilization -- a very strong notion of fault-tolerance. In addition to node and communication failures, self-stabilizing algorithms can recover after the occurrence of arbitrary transient-faults; these faults represent any violation of the assumptions according to which the system was designed to operate (as long as the algorithm code stays intact).
This work proposes the first (to the best of our knowledge) self-stabilizing algorithm for multivalued consensus for asynchronous message-passing systems prone to process failures and arbitrary transient-faults. Our solution is also the first (to the best of our knowledge) to support wait-freedom. Moreover, using piggybacking techniques, our solution can invoke n binary consensus objects concurrently. Thus, the proposed self-stabilizing wait-free solution can terminate using fewer resources than earlier non-self-stabilizing solutions by Mostefaoui, Raynal, and Tronel, which uses an unbounded number of binary consensus objects, or Zhang and Chen, which is not wait-free.
△ Less
Submitted 7 April, 2021;
originally announced April 2021.
-
Loosely-self-stabilizing Byzantine-tolerant Binary Consensus for Signature-free Message-passing Systems
Authors:
Chryssis Georgiou,
Ioannis Marcoullis,
Michel Raynal,
Elad Michael Schiller
Abstract:
At PODC 2014, A. Mostéfaoui, H. Moumen, and M. Raynal presented a new and simple randomized signature-free binary consensus algorithm (denoted here MMR) that copes with the net effect of asynchrony Byzantine behaviors. Assuming message scheduling is fair and independent from random numbers MMR is optimal in several respects: it deals with up to t Byzantine processes where t < n/3 and n is the numb…
▽ More
At PODC 2014, A. Mostéfaoui, H. Moumen, and M. Raynal presented a new and simple randomized signature-free binary consensus algorithm (denoted here MMR) that copes with the net effect of asynchrony Byzantine behaviors. Assuming message scheduling is fair and independent from random numbers MMR is optimal in several respects: it deals with up to t Byzantine processes where t < n/3 and n is the number of processes, O(n\^2) messages and O(1) expected time. The present article presents a non-trivial extension of MMR to an even more fault-prone context, namely, in addition to Byzantine processes, it considers also that the system can experience transient failures. To this end it considers self-stabilization techniques to cope with communication failures and arbitrary transient faults (such faults represent any violation of the assumptions according to which the system was designed to operate).
The proposed algorithm is the first loosely-self-stabilizing Byzantine fault-tolerant binary consensus algorithm suited to asynchronous message-passing systems. This is achieved via an instructive transformation of MMR to a self-stabilizing solution that can violate safety requirements with probability Pr= O(1/(2M)), where M is a predefined constant that can be set to any positive integer at the cost of 3 M n + log M bits of local memory. In addition to making MMR resilient to transient faults, the obtained self-stabilizing algorithm preserves its properties of optimal resilience and termination, (i.e., t < n/3, and O(1) expected time). Furthermore, it only requires a bounded amount of memory.
△ Less
Submitted 21 January, 2023; v1 submitted 26 March, 2021;
originally announced March 2021.
-
Byzantine-tolerant Distributed Grow-only Sets: Specification and Applications
Authors:
Vicent Cholvi,
Antonio Fernández Anta,
Chryssis Georgiou,
Nicolas Nicolaou,
Michel Raynal,
Antonio Russo
Abstract:
In order to formalize Distributed Ledger Technologies and their interconnections, a recent line of research work has formulated the notion of Distributed Ledger Object (DLO), which is a concurrent object that maintains a totally ordered sequence of records, abstracting blockchains and distributed ledgers. Through DLO, the Atomic Appends problem, intended as the need of a primitive able to append m…
▽ More
In order to formalize Distributed Ledger Technologies and their interconnections, a recent line of research work has formulated the notion of Distributed Ledger Object (DLO), which is a concurrent object that maintains a totally ordered sequence of records, abstracting blockchains and distributed ledgers. Through DLO, the Atomic Appends problem, intended as the need of a primitive able to append multiple records to distinct ledgers in an atomic way, is studied as a basic interconnection problem among ledgers.
In this work, we propose the Distributed Grow-only Set object (DSO), which instead of maintaining a sequence of records, as in a DLO, maintains a set of records in an immutable way: only Add and Get operations are provided. This object is inspired by the Grow-only Set (G-Set) data type which is part of the Conflict-free Replicated Data Types. We formally specify the object and we provide a consensus-free Byzantine-tolerant implementation that guarantees eventual consistency. We then use our Byzantine-tolerant DSO (BDSO) implementation to provide consensus-free algorithmic solutions to the Atomic Appends and Atomic Adds (the analogous problem of atomic appends applied on G-Sets) problems, as well as to construct consensus-free Single-Writer BDLOs. We believe that the BDSO has applications beyond the above-mentioned problems.
△ Less
Submitted 16 March, 2021;
originally announced March 2021.
-
Image Obfuscation for Privacy-Preserving Machine Learning
Authors:
Mathilde Raynal,
Radhakrishna Achanta,
Mathias Humbert
Abstract:
Privacy becomes a crucial issue when outsourcing the training of machine learning (ML) models to cloud-based platforms offering machine-learning services. While solutions based on cryptographic primitives have been developed, they incur a significant loss in accuracy or training efficiency, and require modifications to the backend architecture. A key challenge we tackle in this paper is the design…
▽ More
Privacy becomes a crucial issue when outsourcing the training of machine learning (ML) models to cloud-based platforms offering machine-learning services. While solutions based on cryptographic primitives have been developed, they incur a significant loss in accuracy or training efficiency, and require modifications to the backend architecture. A key challenge we tackle in this paper is the design of image obfuscation schemes that provide enough privacy without significantly degrading the accuracy of the ML model and the efficiency of the training process. In this endeavor, we address another challenge that has persisted so far: quantifying the degree of privacy provided by visual obfuscation mechanisms. We compare the ability of state-of-the-art full-reference quality metrics to concur with human subjects in terms of the degree of obfuscation introduced by a range of techniques. By relying on user surveys and two image datasets, we show that two existing image quality metrics are also well suited to measure the level of privacy in accordance with human subjects as well as AI-based recognition, and can therefore be used for quantifying privacy resulting from obfuscation. With the ability to quantify privacy, we show that we can provide adequate privacy protection to the training image set at the cost of only a few percentage points loss in accuracy.
△ Less
Submitted 20 October, 2020;
originally announced October 2020.
-
Self-Stabilizing Indulgent Zero-degrading Binary Consensus
Authors:
Oskar Lundström,
Michel Raynal,
Elad Michael Schiller
Abstract:
Guerraoui proposed an indulgent solution for the binary consensus problem. Namely, he showed that an arbitrary behavior of the failure detector never violates safety requirements even if it compromises liveness. Consensus implementations are often used in a repeated manner. Dutta and Guerraoui proposed a zero-degrading solution, \ie during system runs in which the failure detector behaves perfectl…
▽ More
Guerraoui proposed an indulgent solution for the binary consensus problem. Namely, he showed that an arbitrary behavior of the failure detector never violates safety requirements even if it compromises liveness. Consensus implementations are often used in a repeated manner. Dutta and Guerraoui proposed a zero-degrading solution, \ie during system runs in which the failure detector behaves perfectly, a node failure during one consensus instance has no impact on the performance of future instances.
Our study, which focuses on indulgent zero-degrading binary consensus, aims at the design of an even more robust communication abstraction. We do so through the lenses of self-stabilization - a very strong notion of fault-tolerance. In addition to node and communication failures, self-stabilizing algorithms can recover after the occurrence of arbitrary transient faults; these faults represent any violation of the assumptions according to which the system was designed to operate (as long as the algorithm code stays intact).
This work proposes the first, to the best of our knowledge, self-stabilizing algorithm for indulgent zero-degrading binary consensus for time-free message-passing systems prone to detectable process failures. The proposed algorithm has an O(1) stabilization time (in terms of asynchronous cycles) from arbitrary transient faults. Since the proposed solution uses an Ω failure detector, we also present the first, to the best of our knowledge, self-stabilizing asynchronous Ω failure detector, which is a variation on the one by Mostéfaoui, Mourgaya, and Raynal.
△ Less
Submitted 12 October, 2020;
originally announced October 2020.
-
$t$-Resilient $k$-Immediate Snapshot and its Relation with Agreement Problems
Authors:
Carole Delporte,
Hugues Fauconnier,
Sergio Rajsbaum,
Michel Raynal
Abstract:
An immediate snapshot object is a high level communication object, built on top of a read/write distributed system in which all except one processes may crash. It allows a process to write a value and obtain a set of values that represent a snapshot of the values written to the object, occurring immediately after the write step.
Considering an $n$-process model in which up to $t$ processes may c…
▽ More
An immediate snapshot object is a high level communication object, built on top of a read/write distributed system in which all except one processes may crash. It allows a process to write a value and obtain a set of values that represent a snapshot of the values written to the object, occurring immediately after the write step.
Considering an $n$-process model in which up to $t$ processes may crash, this paper introduces first the $k$-resilient immediate snapshot object, which is a natural generalization of the basic immediate snapshot (which corresponds to the case $k=t=n-1$). In addition to the set containment properties of the basic immediate snapshot, a $k$-resilient immediate snapshot object requires that each set returned to a process contains at least $(n-k)$ pairs.
The paper first shows that, for $k,t<n-1$, $k$-resilient immediate snapshot is impossible in asynchronous read/write systems. %Then the paper investigates the space of objects that %are impossible to solve in $n$-process $t$-crash read/write systems. Then the paper investigates a model of computation where the processes communicate with each other by accessing $k$-immediate snapshot objects, and shows that this model is stronger than the $t$-crash model. Considering the space of $x$-set agreement problems (which are impossible to solve in systems such that $x\leq t$), the paper shows then that $x$-set agreement can be solved in read/write systems enriched with $k$-immediate snapshot objects for $x=\max(1,t+k-(n-2))$. It also shows that, in these systems, $k$-resilient immediate snapshot and consensus are equivalent when $1\leq t<n/2$ and $t\leq k\leq (n-1)-t$. Hence, %thanks to the problem map it provides, the paper establishes strong relations linking fundamental distributed computing objects (one related to communication, the other to agreement), which are impossible to solve in pure read/write systems.
△ Less
Submitted 30 September, 2020;
originally announced October 2020.
-
Money Transfer Made Simple: a Specification, a Generic Algorithm, and its Proof
Authors:
Alex Auvolat,
Davide Frey,
Michel Raynal,
François Taïani
Abstract:
It has recently been shown that, contrarily to a common belief, money transfer in the presence of faulty (Byzantine) processes does not require strong agreement such as consensus. This article goes one step further: namely, it first proposes a non-sequential specification of the money-transfer object, and then presents a generic algorithm based on a simple FIFO order between each pair of processes…
▽ More
It has recently been shown that, contrarily to a common belief, money transfer in the presence of faulty (Byzantine) processes does not require strong agreement such as consensus. This article goes one step further: namely, it first proposes a non-sequential specification of the money-transfer object, and then presents a generic algorithm based on a simple FIFO order between each pair of processes that implements it. The genericity dimension lies in the underlying reliable broadcast abstraction which must be suited to the appropriate failure model. Interestingly, whatever the failure model, the money transfer algorithm only requires adding a single sequence number to its messages as control information. Moreover, as a side effect of the proposed algorithm, it follows that money transfer is a weaker problem than the construction of a safe/regular/atomic read/write register in the asynchronous message-passing crash-prone model.
△ Less
Submitted 17 February, 2021; v1 submitted 18 June, 2020;
originally announced June 2020.
-
Relaxed Queues and Stacks from Read/Write Operations
Authors:
Armando Castañeda,
Sergio Rajsbaum,
Michel Raynal
Abstract:
Considering asynchronous shared memory systems in which any number of processes may crash, this work identifies and formally defines relaxations of queues and stacks that can be non-blocking or wait-free while being implemented using only read/write operations. Set-linearizability and Interval-linearizability are used to specify the relaxations formally, and precisely identify the subset of execut…
▽ More
Considering asynchronous shared memory systems in which any number of processes may crash, this work identifies and formally defines relaxations of queues and stacks that can be non-blocking or wait-free while being implemented using only read/write operations. Set-linearizability and Interval-linearizability are used to specify the relaxations formally, and precisely identify the subset of executions which preserve the original sequential behavior. The relaxations allow for an item to be returned more than once by different operations, but only in case of concurrency; we call such a property multiplicity. The stack implementation is wait-free, while the queue implementation is non-blocking. Interval-linearizability is used to describe a queue with multiplicity, with the additional relaxation that a dequeue operation can return weak-empty, which means that the queue might be empty. We present a read/write wait-free interval-linearizable algorithm of a concurrent queue. As far as we know, this work is the first that provides formalizations of the notions of multiplicity and weak-emptiness, which can be implemented on top of read/write registers only.
△ Less
Submitted 4 November, 2020; v1 submitted 11 May, 2020;
originally announced May 2020.
-
Appending Atomically in Byzantine Distributed Ledgers
Authors:
Vicent Cholvi,
Antonio Fernandez Anta,
Chryssis Georgiou,
Nicolas Nicolaou,
Michel Raynal
Abstract:
A Distributed Ledger Object (DLO) is a concurrent object that maintains a totally ordered sequence of records, and supports two basic operations: append, which appends a record at the end of the sequence, and get, which returns the sequence of records. In this work we provide a proper formalization of a Byzantine-tolerant Distributed Ledger Object (BDLO), which is a DLO in a distributed system in…
▽ More
A Distributed Ledger Object (DLO) is a concurrent object that maintains a totally ordered sequence of records, and supports two basic operations: append, which appends a record at the end of the sequence, and get, which returns the sequence of records. In this work we provide a proper formalization of a Byzantine-tolerant Distributed Ledger Object (BDLO), which is a DLO in a distributed system in which processes may deviate arbitrarily from their indented behavior, i.e. they may be Byzantine. Our formal definition is accompanied by algorithms to implement BDLOs by utilizing an underlying Byzantine Atomic Broadcast service.
We then utilize the BDLO implementations to solve the Atomic Appends problem against Byzantine processes. The Atomic Appends problem emerges when several clients have records to append, the record of each client has to be appended to a different BDLO, and it must be guaranteed that either all records are appended or none. We present distributed algorithms implementing solutions for the Atomic Appends problem when the clients (which are involved in the appends) and the servers (which maintain the BDLOs) may be Byzantine.
△ Less
Submitted 26 February, 2020;
originally announced February 2020.
-
Self-stabilizing Uniform Reliable Broadcast
Authors:
Oskar Lundström,
Michel Raynal,
Elad M. Schiller
Abstract:
We study a well-known communication abstraction called Uniform Reliable Broadcast (URB). URB is central in the design and implementation of fault-tolerant distributed systems, as many non-trivial fault-tolerant distributed applications require communication with provable guarantees on message deliveries. Our study focuses on fault-tolerant implementations for time-free message-passing systems that…
▽ More
We study a well-known communication abstraction called Uniform Reliable Broadcast (URB). URB is central in the design and implementation of fault-tolerant distributed systems, as many non-trivial fault-tolerant distributed applications require communication with provable guarantees on message deliveries. Our study focuses on fault-tolerant implementations for time-free message-passing systems that are prone to node-failures. Moreover, we aim at the design of an even more robust communication abstraction. We do so through the lenses of self-stabilization---a very strong notion of fault-tolerance. In addition to node and communication failures, self-stabilizing algorithms can recover after the occurrence of arbitrary transient faults; these faults represent any violation of the assumptions according to which the system was designed to operate (as long as the algorithm code stays intact).
This work proposes the first self-stabilizing URB solution for time-free message-passing systems that are prone to node-failures. The proposed algorithm has an O(bufferUnitSize) stabilization time (in terms of asynchronous cycles) from arbitrary transient faults, where bufferUnitSize is a predefined constant that can be set according to the available memory. Moreover, the communication costs of our algorithm are similar to the ones of the non-self-stabilizing state-of-the-art. The main differences are that our proposal considers repeated gossi** of O(1) bits messages and deals with bounded space (which is a prerequisite for self-stabilization). Specifically, each node needs to store up to bufferUnitSize n records and each record is of size O(v + n log n) bits, where n is the number of nodes in the system and v is the number of bits needed to encode a single URB instance.
△ Less
Submitted 9 January, 2020;
originally announced January 2020.
-
Fully Anonymous Shared Memory Algorithms
Authors:
Michel Raynal,
Gadi Taubenfeld
Abstract:
Process anonymity has been studied for a long time. Memory anonymity is more recent. In an anonymous memory system, there is no a priori agreement among the processes on the names of the shared registers they access. This article introduces the fully anonymous model, namely a model in which both the processes and the memory are anonymous. It is shown that fundamental problems such as mutual exclus…
▽ More
Process anonymity has been studied for a long time. Memory anonymity is more recent. In an anonymous memory system, there is no a priori agreement among the processes on the names of the shared registers they access. This article introduces the fully anonymous model, namely a model in which both the processes and the memory are anonymous. It is shown that fundamental problems such as mutual exclusion, consensus, and its weak version called set agreement, can be solved despite full anonymity, the first in a failure-free system, the others in the presence of any number of process crashes.
△ Less
Submitted 2 November, 2019; v1 submitted 12 September, 2019;
originally announced September 2019.
-
Mutex-based Desanonymization of an Anonymous Read/Write Memory
Authors:
Emmanuel Godard,
Damien Imbs,
Michel Raynal,
Gadi Taubenfeld
Abstract:
Anonymous shared memory is a memory in which processes use different names for the same shared read/write register. As an example, a shared register named $A$ by a process $p$ and a shared register named $B$ by another process $q$ can correspond to the very same register $X$, and similarly for the names $B$ at $p$ and $A$ at $q$ which can correspond to the same register $Y\neq X$. Hence, there is…
▽ More
Anonymous shared memory is a memory in which processes use different names for the same shared read/write register. As an example, a shared register named $A$ by a process $p$ and a shared register named $B$ by another process $q$ can correspond to the very same register $X$, and similarly for the names $B$ at $p$ and $A$ at $q$ which can correspond to the same register $Y\neq X$. Hence, there is a permanent disagreement on the register names among the processes. This new notion of anonymity was recently introduced by G. Taubenfeld (PODC 2017), who presented several memory-anonymous algorithms and impossibility results.
This paper introduces a new problem (new to our knowledge), that consists in "desanonymizing" an anonymous shared memory. To this end, it presents an algorithm that, starting with a shared memory made up of $m$ anonymous read/write atomic registers (i.e., there is no a priori agreement on their names), allows each process to compute a local addressing map**, such that all the processes agree on the names of each register. The proposed construction is based on an underlying deadlock-free mutex algorithm for $n\geq 2$ processes (recently proposed in a paper co-authored by some of the authors of this paper), and consequently inherits its necessary and sufficient condition on the size $m$ of the anonymous memory, namely $m$ must belongs to the set $M(n)=\{m:~$ such that $\forall~ \ell: 1<\ell \leq n:~ \gcd(\ell,m)=1\}\setminus \{1\}$. This algorithm, which is also symmetric in the sense process identities can only be compared by equality, requires the participation of all the processes; hence it can be part of the system initialization. Last but not least, the proposed algorithm has a first-class noteworthy property, namely, its simplicity.
△ Less
Submitted 28 March, 2019;
originally announced March 2019.
-
Mastering Concurrent Computing Through Sequential Thinking: A Half-century Evolution
Authors:
Sergio Rajsbaum,
Michel Raynal
Abstract:
Concurrency, the art of doing many things at the same time is slowly becoming a science. It is very difficult to master, yet it arises all over modern computing systems, both when the communication medium is shared memory and when it is by message passing. Concurrent programming is hard because it requires to cope with many possible, unpredictable behaviors of communicating processes interacting w…
▽ More
Concurrency, the art of doing many things at the same time is slowly becoming a science. It is very difficult to master, yet it arises all over modern computing systems, both when the communication medium is shared memory and when it is by message passing. Concurrent programming is hard because it requires to cope with many possible, unpredictable behaviors of communicating processes interacting with each other. Right from the start in the 1960s, the main way of dealing with concurrency has been by reduction to sequential reasoning. We trace this history, and illustrate it through several examples, from early ideas based on mutual exclusion, passing through consensus and concurrent objects, until today ledgers and blockchains. We conclude with a discussion on the limits that this approach encounters, related to fault-tolerance, performance, and inherently concurrent problems.
△ Less
Submitted 14 December, 2018;
originally announced December 2018.
-
Optimal Memory-Anonymous Symmetric Deadlock-Free Mutual Exclusion
Authors:
Zahra Aghazadeh,
Damien Imbs,
Michel Raynal,
Gadi Taubenfeld,
Philipp Woelfel
Abstract:
The notion of an anonymous shared memory (recently introduced in PODC 2017) considers that processes use different names for the same memory location. Hence, there is permanent disagreement on the location names among processes. In this context, the PODC paper presented -among other results- a symmetric deadlock-free mutual exclusion (mutex) algorithm for two processes and a necessary condition on…
▽ More
The notion of an anonymous shared memory (recently introduced in PODC 2017) considers that processes use different names for the same memory location. Hence, there is permanent disagreement on the location names among processes. In this context, the PODC paper presented -among other results- a symmetric deadlock-free mutual exclusion (mutex) algorithm for two processes and a necessary condition on the size $m$ of the anonymous memory for the existence of a symmetric deadlock-free mutex algorithm in an $n$-process system. This condition states that $m$ must be greater than $1$ and belong to the set $M(n)=\{m:\forall~\ell:1<\ell\leq n:~\gcd(\ell,m)=1\}$ (symmetric means that, while each process has its own identity, process identities can only be compared with equality).
The present paper answers several open problems related to symmetric deadlock-free mutual exclusion in an $n$-process system ($n\geq 2$) where the processes communicate through $m$ registers. It first presents two algorithms. The first considers that the registers are anonymous read/write atomic registers and works for any $m$ greater than $1$ and belonging to the set $M(n)$. It thus shows that this condition on $m$ is both necessary and sufficient. The second algorithm considers anonymous read/modify/write atomic registers. It assumes that $m\in M(n)$. These algorithms differ in their design principles and their costs (measured as the number of registers which must contain the identity of a process to allow it to enter the critical section). The paper also shows that the condition $m\in M(n)$ is necessary for deadlock-free mutex on top of anonymous read/modify/write atomic registers. It follows that, when $m>1$, $m\in M(n)$ is a tight characterization of the size of the anonymous shared memory needed to solve deadlock-free mutex, be the anonymous registers read/write or read/modify/write.
△ Less
Submitted 8 October, 2018;
originally announced October 2018.
-
Extending Causal Consistency to any Object Defined by a Sequential Specification
Authors:
Achour Mostéfaoui,
Matthieu Perrin,
Michel Raynal
Abstract:
This paper presents a simple generalization of causal consistency suited to any object defined by a sequential specification. As causality is captured by a partial order on the set of operations issued by the processes on shared objects (concurrent operations are not ordered), it follows that causal consistency allows different processes to have different views of each object history.
This paper presents a simple generalization of causal consistency suited to any object defined by a sequential specification. As causality is captured by a partial order on the set of operations issued by the processes on shared objects (concurrent operations are not ordered), it follows that causal consistency allows different processes to have different views of each object history.
△ Less
Submitted 2 February, 2018;
originally announced February 2018.
-
A Simple Object that Spans the Whole Consensus Hierarchy
Authors:
Achour Mostéfaoui,
Matthieu Perrin,
Michel Raynal
Abstract:
This paper presents a simple generalization of the basic atomic read/write register object, whose genericity parameter spans the whole set of integers and is such that its k-parameterized instance has exactly consensus number k. This object, whose definition is pretty natural, is a sliding window register of size k. Its interest lies in its simplicity and its genericity dimension which provides a…
▽ More
This paper presents a simple generalization of the basic atomic read/write register object, whose genericity parameter spans the whole set of integers and is such that its k-parameterized instance has exactly consensus number k. This object, whose definition is pretty natural, is a sliding window register of size k. Its interest lies in its simplicity and its genericity dimension which provides a global view capturing the whole consensus hierarchy. Hence, this short article must be seen as a simple pedagogical introduction to Herlihy's consensus hierarchy.
△ Less
Submitted 2 February, 2018;
originally announced February 2018.
-
Set-Constrained Delivery Broadcast: Definition, Abstraction Power, and Computability Limits
Authors:
Damien Imbs,
Achour Mostefaoui,
Matthieu Perrin,
Michel Raynal
Abstract:
This paper introduces a new communication abstraction, called Set-Constrained Delivery Broadcast (SCD-broadcast), whose aim is to provide its users with an appropriate abstraction level when they have to implement objects or distributed tasks in an asynchronous message-passing system prone to process crash failures. This abstraction allows each process to broadcast messages and deliver a sequence…
▽ More
This paper introduces a new communication abstraction, called Set-Constrained Delivery Broadcast (SCD-broadcast), whose aim is to provide its users with an appropriate abstraction level when they have to implement objects or distributed tasks in an asynchronous message-passing system prone to process crash failures. This abstraction allows each process to broadcast messages and deliver a sequence of sets of messages in such a way that, if a process delivers a set of messages including a message m and later delivers a set of messages including a message m ' , no process delivers first a set of messages including m ' and later a set of message including m. After having presented an algorithm implementing SCD-broadcast, the paper investigates its programming power and its computability limits. On the "power" side it presents SCD-broadcast-based algorithms, which are both simple and efficient, building objects (such as snapshot and conflict-free replicated data), and distributed tasks. On the "computability limits" side it shows that SCD-broadcast and read/write registers are computationally equivalent.
△ Less
Submitted 15 June, 2017;
originally announced June 2017.
-
Which Broadcast Abstraction Captures $k$-Set Agreement?
Authors:
Damien Imbs,
Achour Mostéfaoui,
Matthieu Perrin,
Michel Raynal
Abstract:
It is well-known that consensus (one-set agreement) and total order broadcast are equivalent in asynchronous systems prone to process crash failures. Considering wait-free systems, this article addresses and answers the following question: which is the communication abstraction that "captures" $k$-set agreement? To this end, it introduces a new broadcast communication abstraction, called $k$-BO-Br…
▽ More
It is well-known that consensus (one-set agreement) and total order broadcast are equivalent in asynchronous systems prone to process crash failures. Considering wait-free systems, this article addresses and answers the following question: which is the communication abstraction that "captures" $k$-set agreement? To this end, it introduces a new broadcast communication abstraction, called $k$-BO-Broadcast, which restricts the disagreement on the local deliveries of the messages that have been broadcast ($1$-BO-Broadcast boils down to total order broadcast). Hence, in this context, $k=1$ is not a special number, but only the first integer in an increasing integer sequence.
This establishes a new "correspondence" between distributed agreement problems and communication abstractions, which enriches our understanding of the relations linking fundamental issues of fault-tolerant distributed computing.
△ Less
Submitted 13 May, 2017;
originally announced May 2017.
-
Another Look at the Implementation of Read/write Registers in Crash-prone Asynchronous Message-Passing Systems (Extended Version)
Authors:
Damien Imbs,
Achour Mostefaoui,
Matthieu Perrin,
Michel Raynal
Abstract:
" Yet another paper on " the implementation of read/write registers in crash-prone asynchronous message-passing systems! Yes..., but, differently from its predecessors, this paper looks for a communication abstraction which captures the essence of such an implementation in the same sense that total order broadcast can be associated with consensus, or message causal delivery can be associated with…
▽ More
" Yet another paper on " the implementation of read/write registers in crash-prone asynchronous message-passing systems! Yes..., but, differently from its predecessors, this paper looks for a communication abstraction which captures the essence of such an implementation in the same sense that total order broadcast can be associated with consensus, or message causal delivery can be associated with causal read/write registers. To this end, the paper introduces a new communication abstraction, named SCD-broadcast (SCD standing for " Set Constrained Delivery "), which, instead of a single message, delivers to processes sets of messages (whose size can be arbitrary), such that the sequences of message sets delivered to any two processes satisfies some constraints. The paper then shows that: (a) SCD-broadcast allows for a very simple implementation of a snapshot object (and consequently also of atomic read/write registers) in crash-prone asynchronous message-passing systems, (b) SCD-broadcast can be built from snapshot objects (hence SCD-broadcast and snapshot objects --or read/write registers-- are " computationally equivalent "), (c) SCD-broadcast can be built in message-passing systems where any minority of processes may crash (which is the weakest assumption on the number of possible process crashes needed to implement a read/write register).
△ Less
Submitted 27 February, 2017;
originally announced February 2017.
-
DBFT: Efficient Byzantine Consensus with a Weak Coordinator and its Application to Consortium Blockchains
Authors:
Tyler Crain,
Vincent Gramoli,
Mikel Larrea,
Michel Raynal
Abstract:
This paper introduces a deterministic Byzantine consensus algorithm that relies on a new weak coordinator. As opposed to previous algorithms that cannot terminate in the presence of a faulty or slow coordinator, our algorithm can terminate even when its coordinator is faulty, hence the name weak coordinator. The key idea is to allow processes to complete asynchronous rounds as soon as they receive…
▽ More
This paper introduces a deterministic Byzantine consensus algorithm that relies on a new weak coordinator. As opposed to previous algorithms that cannot terminate in the presence of a faulty or slow coordinator, our algorithm can terminate even when its coordinator is faulty, hence the name weak coordinator. The key idea is to allow processes to complete asynchronous rounds as soon as they receive a threshold of messages, instead of having to wait for a message from a coordinator that may be slow.
The resulting algorithm assumes partial synchrony, is resilience optimal, time optimal and does not need signatures. Our presentation is didactic: we first present a simple safe binary Byzantine consensus algorithm, modify it to ensure termination, and finally present an optimized reduction from multivalue consensus to binary consensus that may terminate in 4 message delays. To evaluate our algorithm, we deployed it on 100 machines distributed in 5 datacenters across different continents and compared its performance against the randomized solution from Mostefaoui, Moumem and Raynal [PODC14] that terminates in O(1) rounds in expectation. Our algorithm always outperforms the latter even in the presence of Byzantine behaviors. Our algorithm has a subsecond average latency in most of our geo-distributed experiments, even when attacked by a well-engineered coalition of Byzantine processes.
△ Less
Submitted 25 July, 2018; v1 submitted 10 February, 2017;
originally announced February 2017.
-
Atomic Read/Write Memory in Signature-free Byzantine Asynchronous Message-passing Systems
Authors:
Achour Mosteafoui,
Matoula Petrolia,
Michel Raynal,
Claude Jard
Abstract:
This article presents a signature-free distributed algorithm which builds an atomic read/write shared memory on top of an $n$-process asynchronous message-passing system in which up to $t<n/3$ processes may commit Byzantine failures. From a conceptual point of view, this algorithm is designed to be as close as possible to the algorithm proposed by Attiya, Bar-Noy and Dolev (JACM 1995), which build…
▽ More
This article presents a signature-free distributed algorithm which builds an atomic read/write shared memory on top of an $n$-process asynchronous message-passing system in which up to $t<n/3$ processes may commit Byzantine failures. From a conceptual point of view, this algorithm is designed to be as close as possible to the algorithm proposed by Attiya, Bar-Noy and Dolev (JACM 1995), which builds an atomic register in an $n$-process asynchronous message-passing system where up to $t<n/2$ processes may crash. The proposed algorithm is particularly simple. It does not use cryptography to cope with Byzantine processes, and is optimal from a $t$-resilience point of view ($t<n/3$). A read operation requires $O(n)$ messages, and a write operation requires $O(n^2)$ messages.
△ Less
Submitted 7 December, 2015;
originally announced April 2016.
-
Vertex Coloring with Communication and Local Memory Constraints in Synchronous Broadcast Networks
Authors:
Hicham Lakhlef,
Michel Raynal,
François Taïani
Abstract:
The vertex coloring problem has received a lot of attention in the context of synchronous round-based systems where, at each round, a process can send a message to all its neighbors, and receive a message from each of them. Hence, this communication model is particularly suited to point-to-point communication channels. Several vertex coloring algorithms suited to these systems have been proposed.…
▽ More
The vertex coloring problem has received a lot of attention in the context of synchronous round-based systems where, at each round, a process can send a message to all its neighbors, and receive a message from each of them. Hence, this communication model is particularly suited to point-to-point communication channels. Several vertex coloring algorithms suited to these systems have been proposed. They differ mainly in the number of rounds they require and the number of colors they use. This paper considers a broadcast/receive communication model in which message collisions and message conflicts can occur (a collision occurs when, during the same round, messages are sent to the same process by too many neighbors; a conflict occurs when a process and one of its neighbors broadcast during the same round). This communication model is suited to systems where processes share communication bandwidths. More precisely,the paper considers the case where, during a round, a process may either broadcast a message to its neighbors or receive a message from at most $m$ of them. This captures communication-related constraints or a local memory constraint stating that, whatever the number of neighbors of a process, its local memory allows it to receive and store at most $m$ messages during each round. The paper defines first the corresponding generic vertex multi-coloring problem (a vertex can have several colors). It focuses then on tree networks, for which it presents a lower bound on the number of colors $K$ that are necessary (namely, $K=\lceil\fracΔ{m}\rceil+1$, where $Δ$ is the maximal degree of the communication graph), and an ssociated coloring algorithm, which is optimal with respect to $K$.
△ Less
Submitted 12 April, 2016;
originally announced April 2016.
-
Two-Bit Messages are Sufficient to Implement Atomic Read/Write Registers in Crash-prone Systems
Authors:
Achour Mostéfaoui,
Michel Raynal
Abstract:
Atomic registers are certainly the most basic objects of computing science. Their implementation on top of an n-process asynchronous message-passing system has received a lot of attention. It has been shown that t \textless{} n/2 (where t is the maximal number of processes that may crash) is a necessary and sufficient requirement to build an atomic register on top of a crash-prone asynchronous mes…
▽ More
Atomic registers are certainly the most basic objects of computing science. Their implementation on top of an n-process asynchronous message-passing system has received a lot of attention. It has been shown that t \textless{} n/2 (where t is the maximal number of processes that may crash) is a necessary and sufficient requirement to build an atomic register on top of a crash-prone asynchronous message-passing system. Considering such a context, this paper presents an algorithm which implements a single-writer multi-reader atomic register with four message types only, and where no message needs to carry control information in addition to its type. Hence, two bits are sufficient to capture all the control information carried by all the implementation messages. Moreover, the messages of two types need to carry a data value while the messages of the two other types carry no value at all. As far as we know, this algorithm is the first with such an optimality property on the size of control information carried by messages. It is also particularly efficient from a time complexity point of view.
△ Less
Submitted 8 February, 2016;
originally announced February 2016.
-
Time-Efficient Read/Write Register in Crash-prone Asynchronous Message-Passing Systems
Authors:
Achour Mostefaoui,
Michel Raynal
Abstract:
The atomic register is certainly the most basic object of computing science. Its implementation on top of an n-process asynchronous message-passing system has received a lot of attention. It has been shown that t \textless{} n/2 (where t is the maximal number of processes that may crash) is a necessary and sufficient requirement to build an atomic register on top of a crash-prone asynchronous mess…
▽ More
The atomic register is certainly the most basic object of computing science. Its implementation on top of an n-process asynchronous message-passing system has received a lot of attention. It has been shown that t \textless{} n/2 (where t is the maximal number of processes that may crash) is a necessary and sufficient requirement to build an atomic register on top of a crash-prone asynchronous message-passing system. Considering such a context, this paper visits the notion of a fast implementation of an atomic register, and presents a new time-efficient asynchronous algorithm. Its time-efficiency is measured according to two different underlying synchrony assumptions. Whatever this assumption, a write operation always costs a round-trip delay, while a read operation costs always a round-trip delay in favorable circumstances (intuitively, when it is not concurrent with a write). When designing this algorithm, the design spirit was to be as close as possible to the one of the famous ABD algorithm (proposed by Attiya, Bar-Noy, and Dolev).
△ Less
Submitted 19 January, 2016;
originally announced January 2016.
-
Optimal Collision/Conflict-free Distance-2 Coloring in Synchronous Broadcast/Receive Tree Networks
Authors:
Davide Frey,
Hicham Lakhlef,
Michel Raynal
Abstract:
This article is on message-passing systems where communication is (a) synchronous and (b) based on the "broadcast/receive" pair of communication operations. "Synchronous" means that time is discrete and appears as a sequence of time slots (or rounds) such that each message is received in the very same round in which it is sent. "Broadcast/receive" means that during a round a process can either bro…
▽ More
This article is on message-passing systems where communication is (a) synchronous and (b) based on the "broadcast/receive" pair of communication operations. "Synchronous" means that time is discrete and appears as a sequence of time slots (or rounds) such that each message is received in the very same round in which it is sent. "Broadcast/receive" means that during a round a process can either broadcast a message to its neighbors or receive a message from one of them. In such a communication model, no two neighbors of the same process, nor a process and any of its neighbors, must be allowed to broadcast during the same time slot (thereby preventing message collisions in the first case, and message conflicts in the second case). From a graph theory point of view, the allocation of slots to processes is know as the distance-2 coloring problem: a color must be associated with each process (defining the time slots in which it will be allowed to broadcast) in such a way that any two processes at distance at most 2 obtain different colors, while the total number of colors is "as small as possible". The paper presents a parallel message-passing distance-2 coloring algorithm suited to trees, whose roots are dynamically defined. This algorithm, which is itself collision-free and conflict-free, uses $Δ+ 1$ colors where $Δ$ is the maximal degree of the graph (hence the algorithm is color-optimal). It does not require all processes to have different initial identities, and its time complexity is $O(d Δ)$, where d is the depth of the tree. As far as we know, this is the first distributed distance-2 coloring algorithm designed for the broadcast/receive round-based communication model, which owns all the previous properties.
△ Less
Submitted 13 January, 2016;
originally announced January 2016.
-
A Necessary Condition for Byzantine $k$-Set Agreement
Authors:
Zohir Bouzid,
Damien Imbs,
Michel Raynal
Abstract:
This short paper presents a necessary condition for Byzantine $k$-set agreement in (synchronous or asynchronous) message-passing systems and asynchronous shared memory systems where the processes communicate through atomic single-writer multi-reader registers. It gives a proof, which is particularly simple, that $k$-set agreement cannot be solved $t$-resiliently in an $n$-process system when…
▽ More
This short paper presents a necessary condition for Byzantine $k$-set agreement in (synchronous or asynchronous) message-passing systems and asynchronous shared memory systems where the processes communicate through atomic single-writer multi-reader registers. It gives a proof, which is particularly simple, that $k$-set agreement cannot be solved $t$-resiliently in an $n$-process system when $n \leq 2t + \frac{t}{k}$. This bound is tight for the case $k=1$ (Byzantine consensus) in synchronous message-passing systems.
△ Less
Submitted 19 December, 2015;
originally announced December 2015.
-
From Byzantine Failures to Crash Failures in Message-Passing Systems: a BG Simulation-based approach
Authors:
Damien Imbs,
Michel Raynal,
Julien Stainer
Abstract:
The BG-simulation is a powerful reduction algorithm designed for asynchronous read/write crash-prone systems. It allows a set of $(t+1)$ asynchronous sequential processes to wait-free simulate (i.e., despite the crash of up to $t$ of them) an arbitrary number $n$ of processes under the assumption that at most $t$ of them may crash. The BG simulation shows that, in read/write systems, the crucial p…
▽ More
The BG-simulation is a powerful reduction algorithm designed for asynchronous read/write crash-prone systems. It allows a set of $(t+1)$ asynchronous sequential processes to wait-free simulate (i.e., despite the crash of up to $t$ of them) an arbitrary number $n$ of processes under the assumption that at most $t$ of them may crash. The BG simulation shows that, in read/write systems, the crucial parameter is not the number $n$ of processes, but the upper bound $t$ on the number of process crashes.
The paper extends the concept of BG simulation to asynchronous message-passing systems prone to Byzantine failures. Byzantine failures are the most general type of failure: a faulty process can exhibit any arbitrary behavior. Because of this, they are also the most difficult to analyze and to handle algorithmically. The main contribution of the paper is a signature-free reduction of Byzantine failures to crash failures. Assuming $t<\min(n',n/3)$, the paper presents an algorithm that simulates a system of $n'$ processes where up to $t$ may crash, on top of a basic system of $n$ processes where up to $t$ may be Byzantine. While topological techniques have been used to relate the computability of Byzantine failure-prone systems to that of crash failure-prone ones, this simulation is the first, to our knowledge, that establishes this relation directly, in an algorithmic way.
In addition to extending the basic BG simulation to message-passing systems and failures more severe than process crashes, being modular and direct, this simulation provides us with a deeper insight in the nature and understanding of crash and Byzantine failures in the context of asynchronous message-passing systems. Moreover, it also allows crash-tolerant algorithms, designed for asynchronous read/write systems, to be executed on top of asynchronous message-passing systems prone to Byzantine failures.
△ Less
Submitted 14 July, 2016; v1 submitted 30 October, 2015;
originally announced October 2015.
-
Trading off $t$-Resilience for Efficiency in Asynchronous Byzantine Reliable Broadcast
Authors:
Damien Imbs,
Michel Raynal
Abstract:
This paper presents a simple and efficient reliable broadcast algorithm for asynchronous message-passing systems made up of $n$ processes, among which up to $t<n/5$ may behave arbitrarily (Byzantine processes). This algorithm requires two communication steps and $n^2-1$ messages. When compared to Bracha's algorithm, which is resilience optimal ($t<n/3$) and requires three communication steps and…
▽ More
This paper presents a simple and efficient reliable broadcast algorithm for asynchronous message-passing systems made up of $n$ processes, among which up to $t<n/5$ may behave arbitrarily (Byzantine processes). This algorithm requires two communication steps and $n^2-1$ messages. When compared to Bracha's algorithm, which is resilience optimal ($t<n/3$) and requires three communication steps and $2n^2-n-1$ messages, the proposed algorithm shows an interesting tradeoff between communication efficiency and $t$-resilience.
△ Less
Submitted 28 September, 2021; v1 submitted 23 October, 2015;
originally announced October 2015.
-
Anonymous Obstruction-free $(n,k)$-Set Agreement with $n-k+1$ Atomic Read/Write Registers
Authors:
Zohir Bouzid,
Michel Raynal,
Pierre Sutra
Abstract:
The $k$-set agreement problem is a generalization of the consensus problem. Namely, assuming each process proposes a value, each non-faulty process has to decide a value such that each decided value was proposed, and no more than $k$ different values are decided. This is a hard problem in the sense that it cannot be solved in asynchronous systems as soon as $k$ or more processes may crash. One…
▽ More
The $k$-set agreement problem is a generalization of the consensus problem. Namely, assuming each process proposes a value, each non-faulty process has to decide a value such that each decided value was proposed, and no more than $k$ different values are decided. This is a hard problem in the sense that it cannot be solved in asynchronous systems as soon as $k$ or more processes may crash. One way to circumvent this impossibility consists in weakening its termination property, requiring that a process terminates (decides) only if it executes alone during a long enough period. This is the well-known obstruction-freedom progress condition.
Considering a system of $n$ {\it anonymous asynchronous} processes, which communicate through atomic {\it read/write registers only}, and where {\it any number of processes may crash}, this paper addresses and solves the challenging open problem of designing an obstruction-free $k$-set agreement algorithm with $(n-k+1)$ atomic registers only. From a shared memory cost point of view, this algorithm is the best algorithm known so far, thereby establishing a new upper bound on the number of registers needed to solve the problem (its gain is $(n-k)$ with respect to the previous upper bound). The algorithm is then extended to address the repeated version of $(n,k)$-set agreement. As it is optimal in the number of atomic read/write registers, this algorithm closes the gap on previously established lower/upper bounds for both the anonymous and non-anonymous versions of the repeated $(n,k)$-set agreement problem. Finally, for $1 \leq x\leq k \textless{} n$, a generalization suited to $x$-obstruction-freedom is also described, which requires $(n-k+x)$ atomic registers only.
△ Less
Submitted 2 July, 2015;
originally announced July 2015.
-
Specifying Concurrent Problems: Beyond Linearizability
Authors:
Armando Castaneda,
Michel Raynal,
Sergio Rajsbaum
Abstract:
Tasks and objects are two predominant ways of specifying distributed problems. A task is specified by an input/output relation, defining for each set of processes that may run concurrently, and each assignment of inputs to the processes in the set, the valid outputs of the processes. An object is specified by an automaton describing the outputs the object may produce when it is accessed sequential…
▽ More
Tasks and objects are two predominant ways of specifying distributed problems. A task is specified by an input/output relation, defining for each set of processes that may run concurrently, and each assignment of inputs to the processes in the set, the valid outputs of the processes. An object is specified by an automaton describing the outputs the object may produce when it is accessed sequentially. Thus, tasks explicitly state what may happen only when sets of processes run concurrently, while objects only specify what happens when processes access the object sequentially. Each one requires its own implementation notion, to tell when an execution satisfies the specification. For objects linearizability is commonly used, a very elegant and useful consistency condition. For tasks implementation notions are less explored.
The paper introduces the notion of interval-sequential object. The corresponding implementation notion of interval-linearizability generalizes linearizability, and allows to associate states along the interval of execution of an operation. Interval-linearizability allows to specify any task, however, there are sequential one-shot objects that cannot be expressed as tasks, under the simplest interpretation of a task. It also shows that a natural extension of the notion of a task is expressive enough to specify any interval-sequential object.
△ Less
Submitted 30 June, 2015;
originally announced July 2015.