Impossibility of FLP

Foundations of Blockchain

Suyash Bagad

Impossibility of FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

consensus

message-relaying

asynchronous

crashing

  • Unbounded delay in processing and delivering messages
  • Undetectable faulty process
  • Agreement
  • Termination
  • Validity
  • No byzantine failures

\((p,m)\)

  • \(\texttt{send}(e), \ e=(p,m)\)

Impossibility of FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

consensus

message-relaying

asynchronous

crashing

  • Unbounded delay in processing and delivering messages
  • Undetectable faulty process
  • Agreement
  • Termination
  • Validity

\((p,m)\)

  • \(\texttt{send}(e), \ e=(p,m)\)
  • \(\texttt{receive}(p)\)
  • No byzantine failures

Impossibility of FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

consensus

message-relaying

asynchronous

crashing

  • Unbounded delay in processing and delivering messages
  • Undetectable faulty process
  • Agreement
  • Termination
  • Validity

\(p\)

  • \(\texttt{send}(e), \ e=(p,m)\)
  • \(\texttt{receive}(p)\)

\(m\)

  • No byzantine failures

Impossibility of FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

consensus

message-relaying

asynchronous

crashing

  • Unbounded delay in processing and delivering messages
  • Undetectable faulty process
  • Agreement
  • Termination
  • Validity

\(p\)

  • \(\texttt{send}(e), \ e=(p,m)\)
  • \(\texttt{receive}(p)\)

\((p,m)\)

\(\perp\)

  • No byzantine failures

Impossibility of FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

consensus

message-relaying

asynchronous

crashing

  • Unbounded delay in processing and delivering messages
  • Undetectable faulty process
  • Agreement
  • Termination
  • Validity

\(p\)

  • \(\texttt{send}(e), \ e=(p,m)\)
  • \(\texttt{receive}(p)\)

\((p,m)\)

\(\perp\)

deterministic

  • No byzantine failures

Model

\(i_1, o_1\)

\(i_2, o_2\)

\(i_3, o_3\)

\(i_4, o_4\)

\(i_5, o_5\)

\(i_6, o_6\)

  • Configuration \(C = (s, M)\)

\(M\)

  • Internal state \(s = \Big\{I_k, i_k, o_k\Big\}_{k \in [N]} \)
  • Each \(i_k \in \{0,1\}, o_k \in \{b,0,1\}\)
  • Step \(C \longrightarrow C' = (s', M')\) where
  • Event \(e = (p,m)\)
  • \(C' = e(C)\)

\((p_3, m)\)

\(C\)

Model

\(i_1, o_1\)

\(i_2, o_2\)

\(i_3, o_3\)

\(i_4, o_4\)

\(i_5, o_5\)

\(i_6, o_6\)

  • Configuration \(C = (s, M)\)

\(M\)

  • Internal state \(s = \Big\{I_k, i_k, o_k\Big\}_{k \in [N]} \)
  • Each \(i_k \in \{0,1\}, o_k \in \{b,0,1\}\)
  • Step \(C \longrightarrow C' = (s', M')\) where
  • Event \(e = (p,m)\)
  • \(C' = e(C)\)

\(m\)

\(C\)

Model

\(i_1, o_1\)

\(i_2, o_2\)

\(i_3, o_3^{\prime}\)

\(i_4, o_4\)

\(i_5, o_5\)

\(i_6, o_6\)

  • Configuration \(C = (s, M)\)

\(M\)

  • Internal state \(s = \Big\{I_k, i_k, o_k\Big\}_{k \in [N]} \)
  • Each \(i_k \in \{0,1\}, o_k \in \{b,0,1\}\)
  • Step \(C \longrightarrow C' = (s', M')\) where
  • Event \(e = (p,m)\)
  • \(C' = e(C)\)

\(m\)

\(C\)

Model

\(i_1, o_1\)

\(i_2, o_2\)

\(i_3, o_3^{\prime}\)

\(i_4, o_4\)

\(i_5, o_5\)

\(i_6, o_6\)

  • Configuration \(C = (s, M)\)

\(M\)

  • Internal state \(s = \Big\{I_k, i_k, o_k\Big\}_{k \in [N]} \)
  • Each \(i_k \in \{0,1\}, o_k \in \{b,0,1\}\)
  • Step \(C \longrightarrow C' = (s', M')\) where
  • Event \(e = (p,m)\)
  • \(C' = e(C)\)

\(C\)

\((p_1,m_1),\)

\((p_4,m_4)\)

\(\texttt{send}\big\{\)

\(\big\}\)

Model

\(i_1, o_1\)

\(i_2, o_2\)

\(i_3, o_3^{\prime}\)

\(i_4, o_4\)

\(i_5, o_5\)

\(i_6, o_6\)

  • Configuration \(C = (s, M)\)

\(M\)

  • Internal state \(s = \Big\{I_k, i_k, o_k\Big\}_{k \in [N]} \)
  • Each \(i_k \in \{0,1\}, o_k \in \{b,0,1\}\)
  • Step \(C \longrightarrow C' = (s', M')\) where
  • Event \(e = (p,m)\)
  • \(C' = e(C)\)

\(C'\)

\((p_1,m_1),\)

\((p_4,m_4)\)

  • Schedule \(\sigma = (e_1, e_2, \dots, e_J)\) - finite or infinite sequence of events
  • \(\sigma(C) = e_J\bigg(\dots\Big(e_2\big(e_1(C)\big)\Big)\bigg)\)
  • Run \(R = (C,\sigma)\)

Commutativity of Schedules

\(C\)

\(C\)

\(C_1\)

\(C_2\)

\(C_3\)

\(\sigma_1\)

\(\sigma_2\)

\(\sigma_2\)

\(\sigma_1\)

  • If the steps in schedules \(\sigma_1\) and \(\sigma_2\) are mutually disjoint, then 
\sigma_2\big(\sigma_1(C)\big) = \sigma_1\big(\sigma_2(C)\big)

Proof Sketch

  • For a protocol \(P\), there is an initial configuration that is bivalent.
  • On applying some event to a bivalent initial configuration, it is possible to reach another bivalent configuration.
  • Continue to another bivalent configuration... \(\implies\) infinite undecided run!

\(C\)

\(C_1\)

\(C_M\)

\(C_2\)

\(\sigma_1\)

\(\sigma_M\)

\(\sigma_2\)

\(o_p = 0\)

\(\vdots\)

\(o_p = 0\)

\(o_p = 0\)

\(o_p = 0\)

\(C\)

\(C_1\)

\(\sigma_1\)

\(C_2\)

\(\sigma_2\)

\(C_M\)

\(\sigma_M\)

\(\vdots\)

\(o_p = 0\)

\(o_p = 1\)

\(o_p = 1\)

\(0\)-valent

Bivalent/Undecided

Bivalent Initial Configuration

  • Protocol \(P\) has a bivalent initial configuration. 

\(\rightarrow\) Suppose not. By validity, all initial configurations must be \(0\)-valent or \(1\)-valent. 

\(p_1\)

\(p_2\)

\(p_3\)

\(p_4\)

\(p_5\)

\(p_6\)

\(0\)

\(0\)

\(0\)

\(0\)

\(0\)

\(0\)

\(C_0\)

\(0\)

\(C_1\)

\(1\)

\(0\)

\(0\)

\(0\)

\(0\)

\(1\)

\(0\)

\(0\)

\(C_2\)

\(0\)

\(0\)

\(0\)

\(1\)

\(0\)

\(0\)

\(0\)

\(C_i\)

\(0\)

\(1\)

\(0\)

\(1\)

\(0\)

\(1\)

\(0\)

\(C_{i+1}\)

\(0\)

\(1\)

\(0\)

\(1\)

\(1\)

\(0\)

\(\vdots\)

\(\vdots\)

\(\vdots\)

\(\vdots\)

\(\vdots\)

\(\vdots\)

Contradiction!

\(1\)

Procrastination Lemma

  • Let \(C\) be bivalent, and let \(e\) be a step applicable to \(C\). Then, there is a (possibly empty) schedule \(\sigma\) not containing \(e\) s.t. \(e\big(\sigma(C)\big)\) is bivalent

\(\rightarrow\) We'll prove this too by contraction.

\(C\)

\(\sigma_1\)

\(C_1\)

\(C_2\)

\(\sigma_2\)

\(C_i\)

\(\sigma_i\)

\(\vdots\)

\(\vdots\)

\(C_{M}\)

\(\sigma_{M}\)

\(D_1\)

\(\mathbb{C}\)

\(D_2\)

\(D_i\)

\(D_{M}\)

\(e\)

\(e\)

\(e\)

\(e\)

\(\vdots\)

\(\vdots\)

\(\mathbb{D}\)

\mathbb{C} = \big\{ \ \sigma_i(C) \ | \ e \notin \sigma_i \ \forall i \in [M] \ \big\}
\mathbb{D} = \big\{ \ e(C_i) \ | \ C_i \in \mathbb{C} \ \forall i \in [M] \ \big\}

\(C_i\)

\(D_i\)

  1. Assume \(\mathbb{D}\) has no bivalent configurations, so it must contain both \(0\)-valent and \(1\)-valent configurations 

Procrastination Lemma

  • Let \(C\) be bivalent, and let \(e\) be a step applicable to \(C\). Then, there is a (possibly empty) schedule \(\sigma\) not containing \(e\) s.t. \(e\big(\sigma(C)\big)\) is bivalent

\(C\)

\(\sigma(\bar{e})\)

\(E_0\)

\(D_0\)

\(e\)

Assume \(\mathbb{D}\) has no bivalent configurations, so it must contain both \(0\)-valent and \(1\)-valent configurations 

\(\rightarrow\)

\(D_0\)

\(E_0\)

\(\sigma(\bar{e})\)

\(e\)

\(0\)

\(C\) is bivalent \(\implies  \exists E_0, E_1 \) reachable from \(C\) which is \(0,1\)-valent resp.

\(\mathbb{C}\)

\(0\)

\(\mathbb{D}\)

\(\mathbb{D}\)

\(0\)

\(0\)

\(D_0 \in \mathbb{D}\) is \(0\)-valent!

Similarly, we can show that \(\exists D_1 \in \mathbb{D}\) is \(1\)-valent!

Procrastination Lemma

  • Let \(C\) be bivalent, and let \(e\) be a step applicable to \(C\). Then, there is a (possibly empty) schedule \(\sigma\) not containing \(e\) s.t. \(e\big(\sigma(C)\big)\) is bivalent

Consider neighbours \(C_0, C_1 \in \mathbb{C}\) s.t. \(C_1 = e'(C_0), \ e' = (p',m')\)

\(\rightarrow\)

\(C\)

\(\sigma(\bar{e})\)

\(C_0\)

\(C_{1}\)

\(D_0\)

\(D_{1}\)

\(e\)

\(e\)

\(e'\)

\(\mathbb{C}\)

\(\mathbb{D}\)

Let \(D_0, D_1 \in \mathbb{D}\) be \(0,1\)-valent resp.

Case I: \(p' \neq p\)

  1. Apply \(e'\) to \(D_0\)
  2. By commutativity, we have \(e'(D_0) = D_1\)
  3. But \(D_0\) was \(0\)-valent! Contradiction!

\(0\)

\(1\)

\(e'\)

Procrastination Lemma

  • Let \(C\) be bivalent, and let \(e\) be a step applicable to \(C\). Then, there is a (possibly empty) schedule \(\sigma\) not containing \(e\) s.t. \(e\big(\sigma(C)\big)\) is bivalent

Consider neighbours \(C_0, C_1 \in \mathbb{C}\) s.t. \(C_1 = e'(C_0), \ e' = (p',m')\)

\(\rightarrow\)

\(C\)

\(\sigma(\bar{e})\)

\(C_0\)

\(C_{1}\)

\(D_0\)

\(D_{1}\)

\(e\)

\(e\)

\(e'\)

\(\mathbb{C}\)

\(\mathbb{D}\)

Let \(D_0, D_1 \in \mathbb{D}\) be \(0,1\)-valent resp.

Case II: \(p' = p\)

\(0\)

\(1\)

  1. Let \(R\) be a deciding run from \(C_0\)      in which \(p\) fails
  2. Apply \(R\) to \(D_0, D_1\)
  3. Apply \(e, (e, e')\) to A to reach \(E_0, E_1\)
  4. Thus, \(A\) is bivalent. Contradiction!

\(R(\bar{p})\)

\(A\)

\(E_0\)

\(E_1\)

\(R(\bar{p})\)

\(R(\bar{p})\)

\(e\)

\(e,e'\)

\(0\)

\(1\)

Circumventing FLP

  • No deterministic protocol solves consensus in a message-relaying  asynchronous system in which at most one process may fail by crashing 

deterministic

asynchronous

one

crashing

  1. Use randomization to terminate with arbitrarily high probability
  2. Use failure detectors
  3. Agreement within a range of values with some tolerance
  4. \(\ldots\)
Made with Slides.com