Revision Notes/Unit 7 — Consensus & Byzantine Agreement/Crash Consensus + Byzantine Agreement (OM(m), Phase King) + FLP

Crash Consensus + Byzantine Agreement (OM(m), Phase King) + FLP

Intuition

Consensus = a group of nodes agree on a single value despite some being faulty. The difficulty depends on the failure model. Crash-failure (silent halts, no lies): solvable in $f + 1$ rounds with $n > f$ processes. Byzantine (arbitrary lying, conflicting messages): requires $n \geq 3 f + 1$ and at least $f + 1$ rounds — and is impossible in async systems (FLP). Two flagship Byzantine algorithms: OM(m) (exponential messages, recursive) and Phase King (polynomial, needs more processes).

Explanation

Why consensus matters. Used for: committing distributed transactions (2PC/3PC), leader election (Raft/Paxos), agreeing on the current value of a replicated variable, ordering of operations (state-machine replication), atomic broadcast.

Failure models studied (synchronous). Crash failure — node may crash but never lies; once crashed, stays silent. Byzantine failure — node behaves arbitrarily/maliciously: may send wrong values, conflicting values to different peers, stay silent, lie about messages received.

Three problem variants. Consensus — each process broadcasts its own initial value; agree on a single value; if all non-faulty have $v$ , decide $v$ . Interactive Consistency — agree on a *vector* of values $(v_{1}, \dots, v_{n})$ ; if $P_{k}$ is non-faulty with value $v_{k}$ , the $k$ -th vector slot must equal $v_{k}$ . Byzantine Agreement — designated source broadcasts; all non-faulty agree on the source's value (if source non-faulty, agree on source's). BA solves all three.

Crash-failure synchronous consensus algorithm. $n$ processes, up to $f < n$ may crash. $f + 1$ rounds, each: send $v$ to all (if not sent), wait for all msgs this round, set $v := min (v, all received)$ . After final round: decide $v$ .

Correctness of crash algorithm. Termination: $f + 1$ rounds, fixed. Validity: only inputs ever circulated; if all start with same $v$ , that's the only value seen. Agreement: If $P_{j}$ decided smaller $v$ than $P_{i}$ , the chain of crash-faulty nodes hiding $v$ from $P_{i}$ would need length $f + 1$ ; only $f$ can fail. Contradiction.

Crash-failure performance. $f + 1$ rounds. Each round $O (n^{2})$ messages. Total: $(f + 1) \cdot n^{2}$ messages.

Byzantine impossibility — three results. (i) **No solution exists if $n \leq 3 m$ ** where $m$ = max Byzantine faulty. Need $n \geq 3 m + 1$ ( $> 2/3$ non-faulty majority). (ii) No deterministic solution in asynchronous systems even with one crash failure — FLP (Fischer-Lynch-Paterson, 1985). (iii) Lower bound: at least $m + 1$ rounds required.

**Why $N = 3, f = 1$ Byzantine fails.** Source $S$ + lieutenants $T, U$ , exactly one may be faulty. *Scenario 1*: $S$ sends $0$ to both; faulty $U$ lies, tells $T$ that $S$ said $1$ . Loyal $T$ sees 'S said 0, U said S said 1' — must decide $0$ (agree with S since loyal). *Scenario 2*: $S$ faulty, sends $0$ to $T$ and $1$ to $U$ . $T$ sees 'S said 0, U said S said 1' — same view as Scenario 1 — must decide $0$ . $U$ sees 'S said 1, T said S said 0' — same as Scenario 1's $U$ — must decide $1$ . $T$ and $U$ disagree though both loyal — contradicts agreement.

Lamport-Shostak-Pease Oral Messages — OM(m). Recursion with resilience parameter $t = m$ . Base case OM(0): general sends value $x_{g}$ to all lieutenants; each lieutenant decides on the value received (or 'undef' if no msg). **Recursive case OM(t), $t > 0$ **: general sends value to all lieutenants. Each lieutenant $L_{i}$ , on receiving $v$ from the general, acts as the new 'general' running $OM (t - 1)$ to broadcast $v$ to the other $N - 2$ lieutenants. After $t + 1$ rounds, every $L_{i}$ takes the majority of the values it computed from each of these sub-broadcasts as its decision.

OM assumptions. Every message is delivered correctly. Receiver always knows the sender's identity. Absence of a message can be detected (synchronous). Messages can be content-altered by faulty senders but NOT forged in transit.

OM tolerates up to $m$ faulty if $N \geq 3 m + 1$ . Needs $m + 1$ rounds. Message complexity: $O (N^{m + 1})$ — exponential. This is OM's main drawback.

Phase King algorithm. Byzantine consensus with shared values (each has own initial value). Requires $N \geq 4 f + 1$ (more processes than OM, but simpler protocol). ** $f + 1$ phases × 2 rounds each. Polynomial message complexity.**

Phase King — each phase. Round 1: every process broadcasts its current value to all. Each process computes the majority of values received (or a tie-breaker default if no strict majority); also computes the multiplicity (count of the majority value). Round 2: the phase king ( $P_{k}$ for phase $k$ ) broadcasts its value $v_{k}$ to everyone. Each $P_{i}$ updates: if its majority's multiplicity $> N /2 + f$ → keep majority; else → adopt the king's value $v_{k}$ .

Phase King — correctness intuition. Run $f + 1$ phases. At most $f$ processes are Byzantine, so at least one king is non-malicious. After that king's phase, all non-faulty processes agree on a common value; the agreement persists in subsequent phases.

**Why Phase King needs $N \geq 4 f + 1$ .** The decision rule requires multiplicity $> N /2 + f$ to override the king's value. For this rule to give correctness against $f$ Byzantine plus split honest votes, we need $N > 4 f$ , i.e., $N \geq 4 f + 1$ .

OM(m) vs Phase King. Bounds: OM $N \geq 3 f + 1$ , PK $N \geq 4 f + 1$ (PK needs more processes). Rounds: OM $f + 1$ , PK $2 (f + 1)$ . Messages: OM $O (N^{f + 1})$ exponential, PK $O (N^{2} \cdot f)$ polynomial. Simplicity: OM is complex recursion; PK is simple two-round phases. PK is the practical choice for large $f$ .

Definitions

Crash failure — Process halts (crashes) and stops sending msgs; never lies. Once crashed, stays crashed.
Byzantine failure — Process behaves arbitrarily — may lie, send conflicting msgs to different peers, stay silent, replay old msgs, etc.
Consensus — Each process has own initial value; all non-faulty agree on a single value; if all start with $v$ , decide $v$ .
Interactive consistency — Agree on a vector $(v_{1}, \dots, v_{n})$ such that if $P_{k}$ is non-faulty with value $v_{k}$ , the $k$ -th slot is $v_{k}$ .
Byzantine agreement (BA) — Designated source broadcasts; all non-faulty agree on the source's value (or on a default if source faulty). Solves consensus + interactive consistency.
FLP impossibility (Fischer-Lynch-Paterson, 1985) — No deterministic algorithm solves consensus in an asynchronous system, even with just ONE crash failure. Motivates randomised / partially-synchronous algorithms.
Lamport-Shostak-Pease OM(m) — Recursive oral-messages algorithm for Byzantine agreement. OM(0): direct. OM(t): each lieutenant becomes general for OM(t-1); majority at end. $f + 1$ rounds; $n \geq 3 f + 1$ ; $O (N^{f + 1})$ messages.
Phase King — Polynomial Byzantine consensus algorithm. $n \geq 4 f + 1$ ; $f + 1$ phases × 2 rounds; adopt majority if multiplicity $> n /2 + f$ else trust king. At least one honest king guarantees convergence.

Formulas

$Crash-failure rounds: f + 1$
$Crash-failure msgs: (f + 1) \cdot n^{2}$
$Byzantine bounds: n \geq 3 f + 1, rounds \geq f + 1$
$OM tolerance: m faulty iff N \geq 3 m + 1$
$Phase King bounds: N \geq 4 f + 1, phases = f + 1, rounds = 2 (f + 1)$
$Phase King decision: v_{i} := {majority v_{king} if mult > n /2 + f else$

Derivations

Crash consensus correctness. Each round, every process sends its value to all and takes min. If process $P_{j}$ decides smaller $v$ than $P_{i}$ , then somewhere $P_{j}$ saw $v$ that $P_{i}$ didn't. Tracing: $P_{i}$ hasn't seen $v$ means every chain delivering $v$ to $P_{i}$ crashed before completing. A chain of length $f + 1$ requires $f + 1$ crashes — contradiction with $f$ bound.

**Why $n \geq 3 m + 1$ for BA.** Indistinguishability argument (Lamport-Shostak-Pease 1982): with $m$ faulty, a loyal node can see exactly the same view in two scenarios — one with a faulty source, one with a faulty peer — yet must decide differently. Only when honest majority is $> 2/3$ can the loyal nodes break ties via majority.

** $m + 1$ rounds lower bound.** Inductive argument: with $m$ rounds, an adversary can prevent agreement by hiding information from a chain of $m$ processes in successive rounds. Need one more round to force the chain to terminate.

Phase King — at least one honest king ensures agreement. Run $f + 1$ phases. At most $f$ kings are Byzantine. So $\geq 1$ honest king. In that king's phase, the king broadcasts a correct value; the multiplicity rule ensures no process adopts a conflicting majority unless that majority strictly exceeds $n /2 + f$ — impossible against an honest king's broadcast. From that phase on, agreement is invariant.

Examples

**Crash consensus for $n = 4, f = 1$ .** Inputs: 5, 3, 7, 2. Round 1: each sends to all; suppose $P_{3}$ crashes after sending some. After round 1, $P_{1}, P_{2}, P_{4}$ have min of received: 2 (or fewer if $P_{3}$ 's msgs partially delivered). Round 2: re-broadcast min; converge to 2. Decide 2. **Two rounds = $f + 1$ for $f = 1$ .**
**OM(1) for $N = 4, m = 1$ — G faulty case.** $G$ sends $0$ to $L_{1}, L_{2}$ and $1$ to $L_{3}$ . Round 2 (each $L$ acts as general for the others): $L_{1}$ relays 'G said 0' to $L_{2}, L_{3}$ . $L_{2}$ relays 'G said 0'. $L_{3}$ relays 'G said 1'. $L_{1}$ sees ${G : 0, L_{2} : 0, L_{3} : 1}$ → majority 0. $L_{2}$ sees ${G : 0, L_{1} : 0, L_{3} : 1}$ → 0. $L_{3}$ sees ${G : 1, L_{1} : 0, L_{2} : 0}$ → 0. All loyal agree on 0. ** $m + 1 = 2$ rounds; $N = 3 m + 1 = 4$ minimum.**
**OM(1) for $N = 4, m = 1$ — L3 faulty case.** $G$ loyal, sends 0 to all. $L_{3}$ faulty, relays 1 to others. $L_{1}$ sees ${G : 0, L_{2} : 0, L_{3} : 1}$ → majority 0. $L_{2}$ sees ${G : 0, L_{1} : 0, L_{3} : 1}$ → 0. Both loyal lieutenants agree on G's value 0. ✓
**Phase King with $f = 1$ .** $N \geq 4 f + 1 = 5$ , say $N = 5$ . Phases: $f + 1 = 2$ . Round 1 of phase 1: everyone broadcasts; tally majority + multiplicity. Round 2: $P_{1}$ (king of phase 1) broadcasts. Most adopt majority if multiplicity $> 5/2 + 1 = 3.5$ ; if not, adopt $P_{1}$ 's value. Round 1 of phase 2 + round 2 with $P_{2}$ as king. After phase 2 (at least one king honest), all agree.

Diagrams

Crash consensus timeline: $n = 4, f = 1$ , two rounds; each round sends to all + takes min.
Indistinguishability scenario: $N = 3$ with faulty source vs faulty peer; loyal nodes see identical views but must decide differently → impossibility.
OM(2) recursion tree for $N = 7, m = 2$ : General at root; each lieutenant becomes general for OM(1); final majority at leaves.
Phase King flow: phase 1 round 1 (broadcast) + round 2 (king); phase 2 same; at least one honest king ⇒ agreement.
OM vs Phase King comparison table: bounds, rounds, messages, simplicity.

Edge cases

FLP impossibility in async — no deterministic Byzantine solution; production systems use randomised algorithms (Ben-Or, Honey Badger BFT) or partial synchrony assumptions.
Synchronous assumption matters — drop synchrony and bounds change drastically.
OM exponential blowup — $O (N^{m + 1})$ messages; impractical for $m > 2$ in large clusters.
**Phase King's $4 f + 1$ vs OM's $3 f + 1$ ** — PK needs MORE processes to tolerate the same $f$ .
Authenticated Byzantine (signed messages) reduces bound to $n \geq 2 f + 1$ — but assumes cryptographic signing infrastructure.

Common mistakes

**Saying 'Byzantine needs $n \geq 2 f + 1$ '.** That's for authenticated (signed-message) Byzantine. Unauthenticated needs $n \geq 3 f + 1$ .
Saying 'OM is polynomial'. No — OM has $O (N^{m + 1})$ exponential messages. Phase King is the polynomial alternative.
Confusing 'consensus' with 'Byzantine agreement'. Consensus: each has own input. BA: source broadcasts. Interactive Consistency: agree on a vector.
Saying 'FLP shows distributed consensus is always impossible'. No — FLP shows DETERMINISTIC consensus in async systems is impossible. Randomised algorithms work; synchronous algorithms work.
**Phase King needs $3 f + 1$ .** No — Phase King needs $4 f + 1$ . Polynomial cost vs OM, but more processes.

Shortcuts

**Crash: $f + 1$ rounds, $(f + 1) n^{2}$ msgs.**
**Byzantine: $n \geq 3 f + 1$ , $\geq f + 1$ rounds, FLP in async.**
**OM: recursive, exponential msgs, $n \geq 3 f + 1$ , $f + 1$ rounds.**
**Phase King: $n \geq 4 f + 1$ , $2 (f + 1)$ rounds, polynomial msgs.**
N=3, f=1 impossible. Faulty source flips T and U into indistinguishable views.
Three variants: BA solves all.

Proofs / Algorithms

** $N = 3, f = 1$ Byzantine impossibility.** Source $S$ + lieutenants $T, U$ . Scenario A: $S$ loyal sends 0 to both; $U$ faulty tells $T$ that $S$ said 1. $T$ sees (S:0, U:1) — must decide 0 (agree with S). Scenario B: $S$ faulty, sends 0 to $T$ , 1 to $U$ . $T$ sees (S:0, U:1) — INDISTINGUISHABLE from A — must decide 0. $U$ sees (S:1, T:0) — must decide 1 (its view says S said 1). $T$ and $U$ disagree though both loyal. Contradicts agreement. Hence $N = 3, f = 1$ impossible.

** $f + 1$ rounds lower bound (crash and Byzantine).** Adversary strategy: in each round, crash one node mid-broadcast so its value reaches a specific subset only. After $f$ rounds, $f$ nodes crashed; some loyal node has incomplete information. One more round needed to disseminate everywhere. Hence $\geq f + 1$ rounds.

Phase King termination (at least one honest king). $f + 1$ phases; at most $f$ kings can be Byzantine. So $\geq 1$ honest king. In that king's phase, king broadcasts a value $v$ ; processes' majority rule with multiplicity threshold $> n /2 + f$ ensures no process adopts a contrary majority — they take $v$ unless they have a multiplicity-dominant alternative, which is impossible under $n \geq 4 f + 1$ . From that phase on, all loyal agree.

Distributed Systems