amaury_joly/bwconsistency
1
0
Fork 0
Code Issues 5 Pull Requests Packages Projects 3 Releases Wiki Activity

Compare commits

base: amaury_joly:main
Branches Tags
amaury_joly:main amaury_joly:main_old amaury_joly:master
..
compare: amaury_joly:main_old
Branches Tags
amaury_joly:main amaury_joly:main_old amaury_joly:master

3 Commits
main ... main_old

Author SHA1 Message Date
Amaury JOLY
18448b481e fix du devcontainer 2026-03-02 12:22:40 +00:00
Amaury JOLY
94b22408e5 Install party 2026-03-02 12:22:15 +00:00
Amaury JOLY
8f51a7eed6 je rajoute un mecanisme de detection d'equivocation 2026-02-23 15:01:43 +01:00
15 changed files with 880 additions and 1667 deletions
Expand all files Collapse all files

2
.devcontainer/devcontainer.json
View File

@@ -6,7 +6,7 @@
"containerEnv": { //Add your build arguments here
"DEBIAN_FRONTEND": "noninteractive"
},
"runArgs": ["--net=host"], //Add you docker run arguments here
// "runArgs": ["--net=host"], //Add you docker run arguments here
"updateContentCommand": ".devcontainer/install-tools.sh", //Path to the installation script run inside the DevContainer
// "customizations": {
// //Add your customizations here

11
Recherche/BFT-ARBover/2_Primitives/index.tex
View File

@@ -1,6 +1,15 @@
\subsection{Reliable Broadcast (RB)}
\RB provides the following properties in the model.
\begin{itemize}[leftmargin=*]
\item \textbf{Integrity}: Every message received was previously sent. $\forall p_i:\ m = \RBreceived_i() \Rightarrow \exists p_j:\ \RBcast_j(m)$.
\item \textbf{No-duplicates}: No message is received more than once at any process.
\item \textbf{Validity}: If a correct process broadcasts $m$, every correct process eventually receives $m$.
\end{itemize}
\subsection{DenyList Object}
We assume a linearizable DenyList (\DL) object, following the specification in~\cite{frey:disc23}, with the following properties.
We assume a linearizable DenyList (\DL) object as in~\cite{frey:disc23} with the following properties.
The DenyList object type supports three operations: $\APPEND$, $\PROVE$, and $\READ$. These operations appear as if executed in a sequence $\Seq$ such that:
\begin{itemize}

13
Recherche/BFT-ARBover/3_ARB_Def/index.tex
View File

@@ -1,11 +1,6 @@
Processes export \ABbroadcast$(m)$ and $m = \ABdeliver()$. We adopt the standard Atomic Broadcast specification of~\cite{Defago2004}. \ARB requires the following properties:
\begin{itemize}[leftmargin=*]
\item \textbf{Total Order}:
\begin{equation*}
Processes export \ABbroadcast$(m)$ and $m = \ABdeliver()$. \ARB requires total order:
\begin{equation*}
\forall m_1,m_2,\ \forall p_i,p_j:\ \ (m_1 = \ABdeliver_i()) \prec (m_2 = \ABdeliver_i()) \Rightarrow (m_1 = \ABdeliver_j()) \prec (m_2 = \ABdeliver_j())
\end{equation*}
\item \textbf{Integrity}: Every message delivered was previously broadcast. $\forall p_i:\ m = \ABdeliver_i() \Rightarrow \exists p_j:\ \ABbroadcast_j(m)$.
\item \textbf{No-duplicates}: No message is delivered more than once at any process.
\item \textbf{Validity}: If a correct process broadcasts $m$, every correct process eventually delivers $m$.
\end{itemize}
\end{equation*}
plus Integrity/No-duplicates/Validity (inherited from \RB and the construction).

371
Recherche/BFT-ARBover/4_ARB_with_RB_DL/index.tex
View File

@@ -1,75 +1,83 @@
We present below an example of implementation of Atomic Reliable Broadcast (\ARB) using point-to-point reliable, error-free channels and a DenyList (\DL) object according to the model and notations defined in Section 2.
We present below an example of implementation of Atomic Reliable Broadcast (\ARB) using a Reliable Broadcast (\RB) primitive and a DenyList (\DL) object according to the model and notations defined in Section 2.
\subsection{Algorithm}
% granularité diff commentaire de code et paragraphe pre algo
\begin{definition}[Closed round]\label{def:closed-round}
Given a \DL{} linearization $H$, a round $r\in\mathcal{R}$ is \emph{closed} in $H$ if $H$ contains an operation $\APPEND(r)$.
Equivalently, there exists a time after which every $\PROVE(r)$ is invalid in $H$.
\end{definition}
\subsubsection{Variables}
Each process $p_i$ maintains:
\LinesNotNumbered
\begin{algorithm}
$\received \gets \emptyset$\; %\Comment{Messages received via \RB but not yet delivered}
$\delivered \gets \emptyset$\; %\Comment{Messages already delivered}
$\prop[r][j] \gets \bot,\ \forall r,j$\; %\Comment{Proposal from process $j$ for round $r$}
$\current \gets 0$\;
\end{algorithm}
% \paragraph{DenyList.} The \DL is initialized empty. We assume $\Pi_M = \Pi_V = \Pi$ (all processes can invoke \APPEND and \PROVE).
\subsubsection{Handlers and Procedures}
\LinesNumbered
\begin{algorithm}[H]
\caption{ARB at process $p_i$}\label{alg:arb-crash}
% \SetAlgoLined
\SetKwBlock{LocalVars}{Local Variables:}{}
\LocalVars{
$\unordered \gets \emptyset$,
$\ordered \gets \epsilon$,
$\delivered \gets \epsilon$\;
$\prop[r][j] \gets \bot,\ \forall r,j$\;
\caption{\RB handler (at process $p_i$)}\label{alg:rb-handler}
\Fn{RBreceived($S, r, j$)}{
$\received \leftarrow \received \cup \{S\}$\;\nllabel{code:receivedConstruction}
$\prop[r][j] \leftarrow S$\;\nllabel{code:prop-set} % \Comment{Record sender $j$'s proposal $S$ for round $r$}
}
\vspace{0.3em}
\For{$r = 1, 2, \ldots$}{
\textbf{wait until} $\unordered \setminus \ordered \neq \emptyset$\;
$S \leftarrow (\unordered \setminus \ordered)$\;\nllabel{code:Sconstruction}
\lForEach{$j \in \Pi$}{
$\send(\texttt{PROP}, S, \langle r, i \rangle) \textbf{ to } p_j$
}
$\PROVE(r)$; $\APPEND(r)$\;\nllabel{code:submit-proposition}
$\winners[r] \gets \{ j : (j, r) \in \READ() \}$\;\nllabel{code:Wcompute}
\textbf{wait until} $\forall j \in \winners[r],\ \prop[r][j] \neq \bot$\;\nllabel{code:check-winners-ack}
$M \gets \bigcup_{j \in \winners[r]} \prop[r][j]$\;\nllabel{code:Mcompute-dl}
$\ordered \leftarrow \ordered \cdot \order(M)$\;\nllabel{code:next-msg-extraction}
}
\vspace{0.3em}
\Upon{$\ABbroadcast(m)$}{
$\unordered \gets \unordered \cup \{m\}$\;\nllabel{code:abbroadcast-add}
}
\vspace{0.3em}
\Upon{$\receive(\texttt{PROP}, S, \langle r, j \rangle)$ from process $p_j$}{
$\unordered \leftarrow \unordered \cup \{S\}$\;\nllabel{code:receivedConstruction}
$\prop[r][j] \leftarrow S$\;\nllabel{code:prop-set}
}
\vspace{0.3em}
\Upon{$\ABdeliver()$}{
\lIf{$\ordered \setminus \delivered = \emptyset$}{
\Return{$\bot$}
}
let $m$ be the first element in $(\ordered \setminus \delivered$)\;\nllabel{code:adeliver-extract}
$\delivered \gets \delivered \cdot m$\;\nllabel{code:adeliver-mark}
\Return{$m$}
}
\end{algorithm}
\paragraph{Algorithm intuition.}
The crash-tolerant algorithm is organized around round closure and winner extraction. By \Cref{def:closed-round,def:first-append,lem:closure-view,lem:winners}, once a round is closed, every correct process eventually reads the same winner set $\Winners_r$. By \Cref{lem:nonempty}, this set is never empty, and by \Cref{lem:winners-propose} every winner has necessarily sent its proposal to all processes before becoming a winner, exactly because sending precedes $\PROVE(r)$ and $\APPEND(r)$ at line~\ref{code:submit-proposition}. Under reliable channels, these winner proposals are eventually received by every correct process, so the waiting condition at line~\ref{code:check-winners-ack} eventually becomes true, which is formalized by \Cref{lem:eventual-closure}. Then, by \Cref{lem:convergence}, all correct processes compute the same set $M$ at line~\ref{code:Mcompute-dl}, and because line~\ref{code:next-msg-extraction} applies the same deterministic ordering function, they append messages in the same order; this is exactly the core mechanism later used in \Cref{lem:validity,lem:no-duplication,lem:total-order}.
% \paragraph{} An \ABbroadcast$(m)$ chooses the next open round from the \DL view, proposes all pending messages together with the new $m$, disseminates this proposal via \RB, then executes $\PROVE(r)$ followed by $\APPEND(r)$ to freeze the winners of the round. The loop polls \DL until (i) some winners proposal includes $m$ in a \emph{closed} round and (ii) all winners' proposals for closed rounds are known locally, ensuring eventual inclusion and delivery.
\begin{algorithm}[H]\label{alg:ABroadcast}
\caption{\ABbroadcast$(m)$ (at process $p_i$)}\label{alg:ab-bcast}
\Fn{ABbroadcast($m$)}{
$P \leftarrow \READ()$\;\nllabel{code:set-up-read} %\Comment{Fetch latest \DL state to learn recent $\PROVE$ operations}
$r_{max} \leftarrow \max(\{ r' : \exists j,\ (j,r') \in P \})$\;\nllabel{code:rmax-compute} %\Comment{Pick current open round}
$S \leftarrow (\received \setminus \delivered) \cup \{m\}$\;\nllabel{code:Sconstruction}
%\Comment{Propose all pending messages plus the new $m$}
\vspace{1em}
$r \gets r_{max} - 1$\;
\While{$((i, r) \not\in P\ \wedge (\nexists j, r': (j, r') \in P \wedge m \in \prop[r'][j]))$}{\nllabel{code:sumbited-check-loop}
$r \gets r + 1$\;\nllabel{code:round-increment}
$\RBcast(S, r, i)$; $\PROVE(r)$; $\APPEND(r)$;\;\nllabel{code:submit-proposition}
$P \leftarrow \READ()$\; % \Comment{Refresh local view of \DL}
}
}
\end{algorithm}
\begin{algorithm}[H]\label{alg:ADeliver}
\caption{\ABdeliver() at process $p_i$}\label{alg:delivery}
\Fn{ABdeliver($\bot$)}{
$r \gets \current$\;
$P_r \gets \{(j,r): (j,r) \in \READ()\}$ \;
\If{$P_r = \emptyset$}{\nllabel{code:check-if-winners}
\Return{$\bot$}
}
$\APPEND(r)$; $P \gets \READ()$\; \nllabel{code:append-read}
$W_r \gets \{ j : (j, \PROVEtrace(r)) \in P \}$\;\nllabel{code:Wcompute}
\If{$\exists j \in W_r,\ \prop[r][j] = \bot$}{ \nllabel{code:check-winners-ack}
\Return{$\bot$}
}
$M_r \gets \bigcup_{j \in W_r} \prop[r][j]$\;\nllabel{code:Mcompute}
$m \gets \ordered(M_r \setminus \delivered)[0]$\;\nllabel{code:next-msg-extraction}
%\Comment{Set $m$ as the smaller message not already delivered}
$\delivered \leftarrow \delivered \cup \{m\}$\;
\If{$M_r \setminus \delivered = \emptyset$}{ %\Comment{Check if all messages from round $r$ have been delivered}
$\current \leftarrow \current + 1$
}
\Return{$m$}
}
\end{algorithm}
% ------------------------------------------------------------------------------
\subsection{Correctness}
\begin{definition}[First APPEND]\label{def:first-append}
@@ -94,17 +102,45 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\end{lemma}
\begin{proof}
\emph{Base.} For a closed round $r=0$, the set $\{r' \in \mathcal{R} : r' < r\}$ is empty, so the claim holds.
\emph{Base.} For a closed round $r=0$, the set $\{r' \in \mathcal{R},\ r' < r\}$ is empty, hence the lemma is true.
\emph{Induction step.} Assume $r+1$ is closed. By \cref{def:first-append}, there exists an earliest operation $\APPEND^{(\star)}(r+1)$ in the \DL linearization $H$. Let $p_j$ be the process that invokes this operation.
\emph{Induction.} Assume the lemma is true for round $r\geq 0$, we prove it for round $r+1$.
In Algorithm~\ref{alg:arb-crash}, the call to $\APPEND(\cdot)$ appears at line~\ref{code:submit-proposition}, inside the loop indexed by rounds $1,2,\ldots$. Therefore, if $p_j$ reaches line~\ref{code:submit-proposition} for round $r+1$, then in the previous loop iteration (round $r$) process order implies that $p_j$ has already invoked $\APPEND(r)$ at the same line.
\smallskip
Assume $r+1$ is closed and by \cref{def:first-append} $\APPEND^{(\star)}(r+1)$ be the earliest $\APPEND(r+1)$ in the DL linearization $H$.
By Lemma 1, after an $\APPEND(r)$ were in $H$, any later $\PROVE(r)$ will be invalid also, a processs program order is preserved in $H$.
Hence an $\APPEND(r)$ exists in $H$, so round $r$ is closed by \cref{def:closed-round}. We proved:
\[
(r+1\ \text{closed}) \Rightarrow (r\ \text{closed}).
\]
By repeated application, if some round $r$ is closed, then every round $r' < r$ is also closed.
There are two possibilities for where $\APPEND^{(\star)}(r+1)$ is invoked.
\begin{itemize}
\item \textbf{Case Algorithm \ref{alg:ABroadcast} :}
Some process executes the loop at \ref{code:sumbited-check-loop} and invokes $\PROVE(r+1);\APPEND^{(\star)}(r+1)$ at line~\ref{code:submit-proposition}. Let $p_i$ be this process.
Immediately before line~\ref{code:submit-proposition}, line~\ref{code:round-increment} sets $r\leftarrow r+1$, so the previous loop iteration targeted $r$. We consider two sub-cases.
\begin{itemize}
\item \emph{(i) $p_i$ is not in its first loop iteration.}
In the previous iteration, $p_i$ executed $\PROVE_i(r)$ at \ref{code:submit-proposition}, followed (in program order) by $\APPEND_i(r)$.
If round $r$ wasn't closed when $p_i$ execute $\PROVE_i(r)$ at \ref{code:submit-proposition}, then the condition at \ref{code:sumbited-check-loop} would be true hence the tuple $(i, r)$ should be visible in P which implies that $p_i$ should leave the loop at round $r$, contradicting the assumption that $p_i$ is now executing another iteration.
Since the tuple is not visible, the $\PROVE_i(r)$ was invalid which implies by definition that an $\APPEND(r)$ already exists in $H$. Thus in this case $r$ is closed.
\item \emph{(ii) $p_i$ is in its first loop iteration.}
To compute the value $r_{max}$, $p_i$ must have observed one or many $(\_ , r+1)$ in $P$ at \ref{code:rmax-compute}, issued by some processes (possibly different from $p_i$). Let's call $p_j$ the issuer of the first $\PROVE_j(r+1)$ in the linearization $H$. \\
When $p_j$ executed $P \gets \READ()$ at \ref{code:set-up-read} and compute $r_{max}$ at \ref{code:rmax-compute}, he observed no tuple $(\_,r+1)$ in $P$ because he's the issuer of the first one. So when $p_j$ executed the loop (\ref{code:sumbited-check-loop}), he run it for the round $r$, didn't seen any $(j,r)$ in $P$ at B6, and then executed the first $\PROVE_j(r+1)$ at \ref{code:submit-proposition} in a second iteration. \\
If round $r$ wasn't closed when $p_j$ execute $\PROVE_j(r)$ at \ref{code:submit-proposition}, then the $(j, r)$ will be in $P$ and the condition at \ref{code:sumbited-check-loop} should be true which implies that $p_j$ sould leave the loop at round $r$, contradicting the assumption that $p_j$ is now executing $\PROVE_j(r+1)$. In this case $r$ is closed.
\end{itemize}
\item \textbf{Case Algorithm \ref{alg:ADeliver} :}
Some process invokes $\APPEND(r+1)$ at \ref{code:append-read}. Let $p_i$ be this process.
Line~\ref{code:append-read} is guarded by the condition at \ref{code:check-if-winners}, which ensures that $p_i$ observed some $(\_,r+1)$ in $P$. Let $p_j$ be the issuer of the first $\PROVE_j(r+1)$ in the linearization $H$.
When $p_j$ executed $\PROVE_j(r+1)$ at \ref{code:submit-proposition}, he observed no tuple $(\_,r+1)$ in $P$ at \ref{code:check-if-winners} because he's the issuer of the first one. By the same reasoning as in the Case Algorithm \ref{alg:ABroadcast} (ii), $p_j$ must have observed that the round $r$ was closed.
% Line C7 is guarded by the presence of $\PROVE(r)$ in $P$ with $r=r+1$ (C5).
% Moreover, the local pointer $\textit{next}$ grow by increment of 1 and only advances after finishing the current round (C17), so if a process can reach $\textit{next}=r+1$ it implies that he has completed round $r$, which includes closing $r$ at C8 when $\PROVE(r)$ is observed.
% Hence $\APPEND^\star(r+1)$ implies a prior $\APPEND(r)$ in $H$, so $r$ is closed.
\end{itemize}
\smallskip
In all cases, $r+1$ closed implies $r$ closed. By induction on $r$, if the lemma is true for a closed $r$ then it is true for a closed $r+1$.
Therefore, the lemma is true for all closed rounds $r$.
\end{proof}
\begin{definition}[Winner Invariant]\label{def:winner-invariant}
@@ -116,7 +152,7 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\end{definition}
\begin{lemma}[Invariant view of closure]\label{lem:closure-view}
For any closed round $r$, all correct processes eventually observe the same set of valid tuples $(\ \cdot,r)$ in their \DL view.
For any closed round $r$, all correct processes eventually observe the same set of valid tuples $(\_,\PROVEtrace(r))$ in their \DL view.
\end{lemma}
\begin{proof}
@@ -124,50 +160,65 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
Consider any correct process $p_i$ that invokes $\READ()$ after $\APPEND^\star(r)$ in the DL linearization. Since $\APPEND^\star(r)$ invalidates all subsequent $\PROVE(r)$, the set of valid tuples $(\_,r)$ retrieved by a $\READ()$ after $\APPEND^\star(r)$ is fixed and identical across all correct processes.
Therefore, for any closed round $r$, all correct processes eventually observe the same set of valid tuples $(\ \cdot,r )$ in their \DL view.
Therefore, for any closed round $r$, all correct processes eventually observe the same set of valid tuples $(\_,\PROVEtrace(r))$ in their \DL view.
\end{proof}
\begin{lemma}[Well-defined winners]\label{lem:winners}
For any correct process $p_i$ and round $r$, if $p_i$ computes $\winners[r]$ at line~\ref{code:Wcompute}, then :
For any correct process $p_i$ and round $r$, if $p_i$ computes $W_r$ at line~\ref{code:Wcompute}, then :
\begin{itemize}
\item $\Winners_r$ is defined;
\item the computed $\winners[r]$ is exactly $\Winners_r$.
\item the computed $W_r$ is exactly $\Winners_r$.
\end{itemize}
\end{lemma}
\begin{proof}
Lets consider a correct process $p_i$ that reach line~\ref{code:Wcompute} to compute $\winners[r]$. \\
By program order, $p_i$ must have executed $\APPEND_i(r)$ at line~\ref{code:submit-proposition} before, which implies by \Cref{def:closed-round} that round $r$ is closed at that point. So by \Cref{def:winner-invariant}, $\Winners_r$ is defined. \\
By \Cref{lem:closure-view}, all correct processes eventually observe the same set of valid tuples $(\ \cdot,r)$ in their \DL view. Hence, when $p_i$ executes the $\READ()$ at line~\ref{code:Wcompute} after the $\APPEND_i(r)$, it observes a set $P$ that includes all valid tuples $(\ \cdot ,r)$ such that
Lets consider a correct process $p_i$ that reach line~\ref{code:Wcompute} to compute $W_r$. \\
By program order, $p_i$ must have executed $\APPEND_i(r)$ at line~\ref{code:append-read} before, which implies by \Cref{def:closed-round} that round $r$ is closed at that point. So by \Cref{def:winner-invariant}, $\Winners_r$ is defined. \\
By \Cref{lem:closure-view}, all correct processes eventually observe the same set of valid tuples $(\_,r)$ in their \DL view. Hence, when $p_i$ executes the $\READ()$ at line~\ref{code:append-read} after the $\APPEND_i(r)$, it observes a set $P$ that includes all valid tuples $(\_,r)$ such that
\[
\winners[r] = \{ j : (j,r) \in P \} = \{j : \PROVE_j(r) \prec \APPEND^{(\star)}(r) \} = \Winners_r
W_r = \{ j : (j,r) \in P \} = \{j : \PROVE_j(r) \prec \APPEND^{(\star)}(r) \} = \Winners_r
\]
\end{proof}
\begin{lemma}[Winners are non-empty]\label{lem:nonempty}
For any closed round $r$, there exists at least one process $p_j$ that invoked $\PROVE_j(r) \prec \APPEND^\star(r)$, so $\Winners_r \neq \emptyset$.
\begin{lemma}[No APPEND without PROVE]\label{lem:append-prove}
If some process invokes $\APPEND(r)$, then at least a process must have previously invoked $\PROVE(r)$.
\end{lemma}
\begin{proof}[Proof]
Let $r$ be a closed round. By \Cref{def:closed-round}, some $\APPEND(r)$ occurs in the \DL linearization $H$. Let $p_i$ be the process invoking the earliest such operation, $\APPEND^{(\star)}(r)$.
Consider the round $r$ such that some process invokes $\APPEND(r)$. There are two possible cases
By program order in Algorithm~\ref{alg:arb-crash}, the call to $\APPEND(\cdot)$ at line~\ref{code:submit-proposition} is immediately preceded by $\PROVE(r)$. Thus $p_i$ must have invoked $\PROVE_i(r)$ before $\APPEND^{(\star)}(r)$, and by the sequence of code at line~\ref{code:submit-proposition}, this $\PROVE_i(r)$ executes before $\APPEND^{(\star)}(r)$ in the linearization.
\begin{itemize}
\item \textbf{Case (\ref{code:submit-proposition}) :}
There exists a process $p_i$ who's the issuer of the earliest $\APPEND^{(\star)}(r)$ in the DL linearization $H$. By program order, $p_i$ must have previously invoked $\PROVE_i(r)$ before invoking $\APPEND^{(\star)}(r)$ at line~\ref{code:submit-proposition}. In this case, there is at least one $\PROVE(r)$ valid in $H$ issued by a correct process before $\APPEND^{(\star)}(r)$.
By \Cref{def:winner-invariant}, $p_i \in \Winners_r$. Hence $\Winners_r \neq \emptyset$.
\item \textbf{Case (\ref{code:append-read}) :}
There exists a process $p_i$ that invoked $\APPEND^{(\star)}(r)$ at . Line~\ref{code:append-read} is guarded by the condition at \ref{code:check-if-winners}, which ensures that $p$ observed some $(\_,r)$ in $P$. In this case, there is at least one $\PROVE(r)$ valid in $H$ issued by some process before $\APPEND^{(\star)}(r)$.
\end{itemize}
In both cases, if some process invokes $\APPEND(r)$, then some process must have previously invoked $\PROVE(r)$.
\end{proof}
\begin{lemma}[No empty winners]\label{lem:nonempty}
Let $r$ be a closed round, then $\Winners_r \neq \emptyset$.
\end{lemma}
\begin{proof}[Proof]
By \Cref{def:closed-round}, some $\APPEND(r)$ occurs in the DL linearization. \\
By \Cref{lem:append-prove}, at least one process must have invoked a valid $\PROVE(r)$ before $\APPEND^{(\star)}(r)$. Hence, there exists at least one $p_j$ such that $p_j$ invoked $\PROVE_j(r) \prec \APPEND^\star(r)$, so $\Winners_r \neq \emptyset$.
\end{proof}
\begin{lemma}[Winners must propose]\label{lem:winners-propose}
For any closed round $r$, $\forall i \in \Winners_r$, process $p_i$ must have sent messages to all processes $j \in \Pi$, and hence any correct process $p_j$ will eventually receive $p_i$'s message for round $r$ and set $\prop[r][i]$ to a non-$\bot$ value.
For any closed round $r$, $\forall i \in \Winners_r$, process $p_i$ must have invoked a $\RBcast(S^{(i)}, r, i)$ and hence any correct will eventually set $\prop[r][i]$ to a non-$\bot$ value.
\end{lemma}
\begin{proof}[Proof]
Fix a closed round $r$. By \Cref{def:winner-invariant}, for any $i \in \Winners_r$, there exists a valid $\PROVE_i(r)$ such that $\PROVE_i(r) \prec \APPEND^\star(r)$ in the DL linearization. By program order in Algorithm~\ref{alg:arb-crash}, $p_i$ must have sent messages to all $j \in \Pi$ at line~\ref{code:submit-proposition} before invoking $\PROVE(r)$.
Fix a closed round $r$. By \Cref{def:winner-invariant}, for any $i \in \Winners_r$, there exist a valid $\PROVE_i(r)$ such that $\PROVE_i(r) \prec \APPEND^\star(r)$ in the DL linearization. By program order, if $i$ invoked a valid $\PROVE_i(r)$ at line~\ref{code:submit-proposition} he must have invoked $\RBcast(S^{(i)}, r, i)$ directly before.
If $p_i$ is a correct process that completed sending to all processes, then by the reliable and error-free nature of the communication channels, every correct process $p_j$ will eventually receive $p_i$'s message, which sets $\prop[r][i] \leftarrow S$ at line~\ref{code:prop-set}. If $p_i$ crashes before sending to all processes, then $p_i$ cannot invoke a valid $\PROVE_i(r)$ afterwards, contradicting the assumption that $i \in \Winners_r$. Hence $p_i$ must have completed sending to all processes.
Let take a correct process $p_j$, by \RB \emph{Validity}, every correct process eventually receives $i$'s \RB message for round $r$, which sets $\prop[r][i]$ to a non-$\bot$ value at line~\ref{code:prop-set}.
\end{proof}
\begin{definition}[Messages invariant]\label{def:messages-invariant}
For any closed round $r$ and any correct process $p_i$ such that $\forall j \in \Winners_r : prop^{(i)}[r][j] \neq \bot$, define
For any closed round $r$ and any correct process $p_i$ such that $\forall j \in \Winners_r : prop^{[i)}[r][j] \neq \bot$, define
\[
\Messages_r \triangleq \bigcup_{j\in\Winners_r} \prop^{(i)}[r][j]
\]
@@ -175,67 +226,73 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\end{definition}
\begin{lemma}[Eventual proposal closure]\label{lem:eventual-closure}
If a correct process $p_i$ define $M$ at line~\ref{code:Mcompute-dl}, then for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$.
If a correct process $p_i$ define $M_r$ at line~\ref{code:Mcompute}, then for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$.
\end{lemma}
\begin{proof}[Proof]
Let take a correct process $p_i$ that computes $M$ at line~\ref{code:Mcompute-dl}. By \Cref{lem:winners}, $p_i$ computation is the winner set $\Winners_r$.
Let take a correct process $p_i$ that computes $M_r$ at line~\ref{code:Mcompute}. By \Cref{lem:winners}, $p_i$ computation is the winner set $\Winners_r$.
By \Cref{lem:nonempty}, $\Winners_r \neq \emptyset$. The instruction at line~\ref{code:Mcompute-dl} where $p_i$ computes $M$ is guarded by the condition at line~\ref{code:check-winners-ack}, which ensures that $p_i$ has received messages from every winner $j \in \Winners_r$. By \Cref{lem:winners-propose}, each winner $j$ has sent messages to all processes including $p_i$. Thus, by the reliable and error-free nature of the channels, if $p_i$ is correct, it will eventually receive $j$'s message, setting $\prop^{(i)}[r][j] \neq \bot$ at line~\ref{code:prop-set}. Hence, $\prop^{(i)}[r][j] \neq \bot$ for all $j \in \Winners_r$.
By \Cref{lem:nonempty}, $\Winners_r \neq \emptyset$. The instruction at line~\ref{code:Mcompute} where $p_i$ computes $M_r$ is guarded by the condition at line~\ref{code:check-winners-ack}, which ensures that $p_i$ has received all \RB messages from every winner $j \in \Winners_r$. Hence, $M_r = \bigcup_{j\in\Winners_r} \prop^{(i)}[r][j]$, we have $\prop^{(i)}[r][j] \neq \bot$ for all $j \in \Winners_r$.
\end{proof}
\begin{lemma}[Unique proposal per sender per round]\label{lem:unique-proposal}
For any round $r$ and any process $p_i$, $p_i$ sends messages to all processes at most once for each round.
For any round $r$ and any process $p_i$, $p_i$ invokes at most one $\RBcast(S, r, i)$.
\end{lemma}
\begin{proof}[Proof]
In Algorithm~\ref{alg:arb-crash}, the only place where a process $p_i$ can send messages to all processes is at line~\ref{code:submit-proposition}, which appears inside the main loop indexed by rounds $r = 1, 2, \ldots$.
Each iteration of this loop processes exactly one round value $r$, and within that iteration, messages are sent at most once (before the $\PROVE(r)$ and $\APPEND(r)$ calls). Since the loop variable $r$ takes each value $1, 2, \ldots$ at most once during the execution, process $p_i$ sends messages at most once for any given round $r$.
By program order, any process $p_i$ invokes $\RBcast(S, r, i)$ at line~\ref{code:submit-proposition} must be in the loop \ref{code:sumbited-check-loop}. No matter the number of iterations of the loop, line~\ref{code:sumbited-check-loop} always uses the current value of $r$ which is incremented by 1 at each turn. Hence, in any execution, any process $p_i$ invokes $\RBcast(S, r, j)$ at most once for any round $r$.
\end{proof}
\begin{lemma}[Proposal convergence]\label{lem:convergence}
For any round $r$, for any correct processes $p_i$ that execute line~\ref{code:Mcompute-dl}, we have
For any round $r$, for any correct processes $p_i$ that execute line~\ref{code:Mcompute}, we have
\[
M^{(i)} = \Messages_r
M_r^{(i)} = \Messages_r
\]
\end{lemma}
\begin{proof}[Proof]
Let take a correct process $p_i$ that compute $M$ at line~\ref{code:Mcompute-dl}. That implies that $p_i$ has defined $\winners r$ at line~\ref{code:Wcompute}. It implies that, by \Cref{lem:winners}, $r$ is closed and $\winners_r = \Winners_r$. \\
By \Cref{lem:eventual-closure}, for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$. By \Cref{lem:unique-proposal}, each winner $j$ sends messages to all processes at most once per round. Thus, $\prop^{(i)}[r][j] = S^{(j)}$ is uniquely defined as the messages sent by $j$ in that round. Hence, when $p_i$ computes
Let take a correct process $p_i$ that compute $M_r$ at line~\ref{code:Mcompute}. That implies that $p_i$ has defined $W_r$ at line~\ref{code:Wcompute}. It implies that, by \Cref{lem:winners}, $r$ is closed and $W_r = \Winners_r$. \\
By \Cref{lem:eventual-closure}, for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$. By \Cref{lem:unique-proposal}, each winner $j$ invokes at most one $\RBcast(S^{(j)}, r, j)$, so $\prop^{(i)}[r][j] = S^{(j)}$ is uniquely defined. Hence, when $p_i$ computes
\[
M^{(i)} = \bigcup_{j\in\Winners_r} \prop^{(i)}[r][j] = \bigcup_{j\in\Winners_r} S^{(j)} = \Messages_r.
M_r^{(i)} = \bigcup_{j\in\Winners_r} \prop^{(i)}[r][j] = \bigcup_{j\in\Winners_r} S^{(j)} = \Messages_r.
\]
\end{proof}
\begin{lemma}[Inclusion]\label{lem:inclusion}
If some correct process invokes $\ABbroadcast(m)$, then there exist a round $r$ and a process $j\in\Winners_r$ such that $p_j$ sends a proposal $S$ to all processes at line~\ref{code:submit-proposition} with $m\in S$.
If some correct process invokes $\ABbroadcast(m)$, then there exist a round $r$ and a process $j\in\Winners_r$ such that $p_j$ invokes
\[
\RBcast(S, r, j)\quad\text{for same S with}\quad m\in S.
\]
\end{lemma}
\begin{proof}
Let $p_i$ be a correct process that invokes $\ABbroadcast(m)$. By the handler at line~\ref{code:abbroadcast-add}, $m$ is added to $\unordered$. Since $p_i$ is correct, it continues executing the main loop.
Fix a correct process $p_i$ that invokes $\ABbroadcast(m)$ and eventually exits the loop (\ref{code:sumbited-check-loop}) at some round $r$. There are two possible cases.
Consider any iteration of the loop where $p_i$ executes line~\ref{code:Sconstruction} while $m \in (\unordered \setminus \ordered)$. At that iteration, for some round $r$, process $p_i$ constructs $S$ containing $m$ and sends $S$ to all processes at line~\ref{code:submit-proposition}.
We distinguish two cases:
\begin{itemize}
\item \textbf{Case 1: $p_i$ is a winner.} If $p_i \in \Winners_r$ for this round $r$, then by \Cref{def:winner-invariant} and program order, $p_i$ has sent proposal $S$ to all processes with $m \in S$, and the lemma holds with $j = i$.
\item \textbf{Case 1:} $p_i$ exits the loop because $(i, r) \in P$. In this case, by \Cref{def:winner-invariant}, $p_i$ is a winner in round $r$. By program order, $p_i$ must have invoked $\RBcast(S, r, i)$ at \ref{code:submit-proposition} before invoking $\PROVE_i(r)$. By line~\ref{code:Sconstruction}, $m \in S$. Hence there exist a closed round $r$ and $p_i$ is a correct process such that $i\in\Winners_r$. Hence, $i$ invokes $\RBcast(S, r, i)$ with $m\in S$.
\item \textbf{Case 2: $p_i$ is not a winner.} If $p_i \notin \Winners_r$, then $p_i$ is still a correct process, so it has sent its proposal $S$ (containing $m$) to all processes in $\Pi$. By the reliable and error-free nature of the communication channels, all correct processes will eventually receive $p_i$'s message. By line~\ref{code:receivedConstruction}, each correct process $p_k$ adds $m$ to its own $\unordered$ set. Hence every correct process will eventually attempt to broadcast $m$ in some subsequent round.
Since there are infinitely many rounds and finitely many processes, and by \Cref{lem:nonempty} every closed round has at least one winner, there must exist a round $r'$ and a correct process $p_j \in \Winners_{r'}$ such that $m \in (\unordered \setminus \ordered)$ when $p_j$ constructs its proposal $S$ at line~\ref{code:Sconstruction} for round $r'$. Hence $p_j$ sends messages $S$ with $m \in S$ at line~\ref{code:submit-proposition}.
\item \textbf{Case 2:} $p_i$ exits the loop because $\exists j, r': (j, r') \in P \wedge m \in \prop[r'][j]$. In this case, by \Cref{lem:winners-propose} and \Cref{lem:unique-proposal} $p_j$ must have invoked a unique $\RBcast(S, r', j)$. Which set $\prop^{(i)}[r'][j] = S$ with $m \in S$.
\end{itemize}
In both cases, there exists a round and a winner whose proposal includes $m$.
In both cases, if some correct process invokes $\ABbroadcast(m)$, then there exist a round $r$ and a correct process $j\in\Winners_r$ such that $j$ invokes
\[
\RBcast(S, r, j)\quad\text{with}\quad m\in S.
\]
\end{proof}
\begin{lemma}[Broadcast Termination]\label{lem:bcast-termination}
A correct process which invokes $\ABbroadcast(m)$ eventually exits the function and returns.
A correct process which invokes $\ABbroadcast(m)$, eventually exits the function and returns.
\end{lemma}
\begin{proof}[Proof]
By Algorithm~\ref{alg:arb-crash}, the handler for $\ABbroadcast(m)$ at line~\ref{code:abbroadcast-add} performs a single local operation: adding $m$ to the local set $\unordered$. This operation terminates immediately and the function returns.
Consider a correct process $p_i$ that invokes $\ABbroadcast(m)$. The statement is true if $\exists r_1$ such that $r_1 \geq r_{max}$ and if $(i, r_1) \in P$; or if $\exists r_2$ such that $r_2 \geq r_{max}$ and if $\exists j: (j, r_2) \in P \wedge m \in \prop[r_2][j]$ (like guarded at B8).
Consider that there exists no round $r_1$ such that $p_i$ invokes a valid $\PROVE(r_1)$. In this case $p_i$ invokes infinitely many $\RBcast(S, \_, i)$ at line~\ref{code:submit-proposition} with $m \in S$ (line~\ref{code:Sconstruction}).\\
The assumption that no $\PROVE(r_1)$ invoked by $p$ is valid implies by \DL \emph{Validity} that for every round $r' \geq r_{max}$, there exists at least one $\APPEND(r')$ in the DL linearization, hence by \Cref{lem:nonempty} for every possible round $r'$ there at least a winner. Because there is an infinite number of rounds, and a finite number of processes, there exists at least one process $p_k$ that invokes infinitely many valid $\PROVE(r')$ and by extension infinitely many $\ABbroadcast(\_)$. By \RB \emph{Validity}, $p_k$ eventually receives $p_i$ 's \RB messages. Let call $t_0$ the time when $p_k$ receives $p_i$ 's \RB message. \\
At $t_0$, $p_k$ executes Algorithm \ref{alg:rb-handler} and sets $\received \leftarrow \received \cup \{S\}$ with $m \in S$ (line~\ref{code:receivedConstruction}).
For the first invocation of $\ABbroadcast(\_)$ by $p_k$ after the execution of \texttt{RReceived()}, $p_k$ must include $m$ in his proposal $S$ at line~\ref{code:Sconstruction} (because $m$ is pending in $j$'s $\received \setminus \delivered$ set). There exists a minimum round $r_2$ such that $p_k \in \Winners_{r_2}$ after $t_0$. By \Cref{lem:winners-propose}, eventually $\prop^{(i)}[r_2][k] \neq \bot$. By \Cref{lem:unique-proposal}, $\prop^{(i)}[r_2][k]$ is uniquely defined as the set $S$ proposed by $p_k$ at B6, which by \Cref{lem:inclusion} includes $m$. Hence eventually $m \in \prop^{(i)}[r_2][k]$ and $k \in \Winners_{r_2}$.
So if $p_i$ is a winner he satisfies the condition $(i, r_1) \in P$. And we show that if the first condition is never satisfied, the second one will eventually be satisfied. Hence either the first or the second condition will eventually be satisfied, and $p_i$ eventually exits the loop and returns from $\ABbroadcast(m)$.
\end{proof}
\begin{lemma}[Validity]\label{lem:validity}
@@ -243,13 +300,16 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\end{lemma}
\begin{proof}[Proof]
Let $p_i$ a correct process that invokes $\ABbroadcast(m)$ and $p_q$ a correct process that infinitely invokes $\ABdeliver()$. By \Cref{lem:inclusion}, there exist a closed round $r$ and a correct process $j\in\Winners_r$ such that $p_j$ sends a proposal $S$ to all processes with $m\in S$.
By \Cref{lem:eventual-closure}, when $p_q$ computes $M$ at line~\ref{code:Mcompute-dl}, $\prop[r][j]$ is non-$\bot$ because $j \in \Winners_r$. By \Cref{lem:unique-proposal}, $p_j$ sends messages at most once per round, so $\prop[r][j]$ is uniquely defined as the proposal sent by $j$. Hence, when $p_q$ computes
Let $p_i$ a correct process that invokes $\ABbroadcast(m)$ and $p_q$ a correct process that infinitely invokes $\ABdeliver()$. By \Cref{lem:inclusion}, there exist a closed round $r$ and a correct process $j\in\Winners_r$ such that $p_j$ invokes
\[
M = \bigcup_{k\in\Winners_r} \prop[r][k],
\RBcast(S, r, j)\quad\text{with}\quad m\in S.
\]
we have $m \in \prop[r][j] = S$, so $m \in M$. By \Cref{lem:convergence}, $M$ is invariant so each computation of $M$ by a correct process includes $m$. At each invocation of $m' = \ABdeliver()$, $m'$ is added to $\delivered$ until $M \subseteq \delivered$. Once this happens we're assured that there exists an invocation of $\ABdeliver()$ which return $m$. Hence $m$ is well delivered.
By \Cref{lem:eventual-closure}, when $p_q$ computes $M_r$ at line~\ref{code:Mcompute}, $\prop[r][j]$ is non-$\bot$ because $j \in \Winners_r$. By \Cref{lem:unique-proposal}, $p_j$ invokes at most one $\RBcast(S, r, j)$, so $\prop[r][j]$ is uniquely defined. Hence, when $p_q$ computes
\[
M_r = \bigcup_{k\in\Winners_r} \prop[r][k],
\]
we have $m \in \prop[r][j] = S$, so $m \in M_r$. By \Cref{lem:convergence}, $M_r$ is invariant so each computation of $M_r$ by a correct process includes $m$. At each invocation of $m' = \ABdeliver()$, $m'$ is added to $\delivered$ until $M_r \subseteq \delivered$. Once this happens we're assured that there exists an invocation of $\ABdeliver()$ which return $m$. Hence $m$ is well delivered.
\end{proof}
\begin{lemma}[No duplication]\label{lem:no-duplication}
@@ -259,7 +319,7 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\begin{proof}
Let consider two invokations of $\ABdeliver()$ made by the same correct process which returns $m$. Let call these two invocations respectively $\ABdeliver^{(A)}()$ and $\ABdeliver^{(B)}()$.
When $\ABdeliver^{(A)}()$ occurs, by program order and because it reached line~\ref{code:adeliver-mark} to return $m$, the process must have add $m$ to $\delivered$. Hence when $\ABdeliver^{(B)}()$ reached line~\ref{code:adeliver-extract} to extract the next message to deliver, it can't be $m$ because $m \not\in (\ordered \setminus \delivered)$. So a $\ABdeliver^{(B)}()$ which delivers $m$ can't occur.
When $\ABdeliver^{(A)}()$ occurs, by program order and because it reached line C18 to return $m$, the process must have add $m$ to $\delivered$. Hence when $\ABdeliver^{(B)}()$ reached line~\ref{code:next-msg-extraction} to extract the next message to deliver, it can't be $m$ because $m \not\in (M_r \setminus \{..., m, ...\})$. So a $\ABdeliver^{(B)}()$ which delivers $m$ can't occur.
\end{proof}
\begin{lemma}[Total order]\label{lem:total-order}
@@ -267,45 +327,71 @@ The crash-tolerant algorithm is organized around round closure and winner extrac
\end{lemma}
\begin{proof}
Consider a correct process that delivers both $m_1$ and $m_2$. By \Cref{lem:validity}, there exists closed rounds $r_1$ and $r_2$ and correct processes $k_1 \in \Winners_{r_1}$ and $k_2 \in \Winners_{r_2}$ such that $p_{k_1}$ and $p_{k_2}$ send proposals $S_1$ and $S_2$ respectively, with $m_1\in S_1$ and $m_2\in S_2$.
Consider a correct process that delivers both $m_1$ and $m_2$. By \Cref{lem:validity}, there exists a closed rounds $r'_1$ and $r'_2$ and correct processes $k_1 \in \Winners_{r'_1}$ and $k_2 \in \Winners_{r'_2}$ such that
\[
\RBcast(S_1, r'_1, k_1)\quad\text{with}\quad m_1\in S_1,
\]
\[
\RBcast(S_2, r'_2, k_2)\quad\text{with}\quad m_2\in S_2.
\]
Let consider two cases :
Let consider three cases :
\begin{itemize}
\item \textbf{Case 1:} $r_1 < r_2$. By program order, any correct process must have waited to append in $\delivered$ every messages in $M$ (which contains $m_1$) to increment $\current$ and eventually set $\current = r_2$ to compute $M$ and then invoke the $ m_2 = \ABdeliver()$. Hence, for any correct process that delivers both $m_1$ and $m_2$, it delivers $m_1$ before $m_2$.
\item \textbf{Case 1:} $r_1 < r_2$. By program order, any correct process must have waited to append in $\delivered$ every messages in $M_{r_1}$ (which contains $m_1$) to increment $\current$ and eventually set $\current = r_2$ to compute $M_{r_2}$ and then invoke the $ m_2 = \ABdeliver()$. Hence, for any correct process that delivers both $m_1$ and $m_2$, it delivers $m_1$ before $m_2$.
\item \textbf{Case 2:} $r_1 = r_2$. By \Cref{lem:convergence}, any correct process that computes $M$ at line~\ref{code:Mcompute-dl} computes the same set of messages $\Messages_{r_1}$. By line~\ref{code:next-msg-extraction} the messages are pull in a deterministic order defined by $\ordered(\_)$. Hence, for any correct process that delivers both $m_1$ and $m_2$, it delivers $m_1$ and $m_2$ in the deterministic order defined by $\ordered(\_)$.
\item \textbf{Case 2:} $r_1 = r_2$. By \Cref{lem:convergence}, any correct process that computes $M_{r_1}$ at line~\ref{code:Mcompute} computes the same set of messages $\Messages_{r_1}$. By line~\ref{code:next-msg-extraction} the messages are pull in a deterministic order defined by $\ordered(\_)$. Hence, for any correct process that delivers both $m_1$ and $m_2$, it delivers $m_1$ and $m_2$ in the deterministic order defined by $\ordered(\_)$.
\end{itemize}
In all possible cases, any correct process that delivers both $m_1$ and $m_2$ delivers $m_1$ and $m_2$ in the same order.
\end{proof}
\begin{theorem}[\ARB]
In a crash asynchronous message-passing system with reliable, error-free communication channels, assuming a synchronous DenyList ($\DL$) object, the algorithm implements Atomic Reliable Broadcast.
\begin{lemma}[Fifo Order]\label{lem:fifo-order}
For any two distints messages $m_1$ and $m_2$ broadcast by the same correct process $p_i$, if $p_i$ invokes $\ABbroadcast(m_1)$ before $\ABbroadcast(m_2)$, then any correct process $p_j$ that delivers both $m_1$ and $m_2$ delivers $m_1$ before $m_2$.
\end{lemma}
\begin{proof}
Let take $m_1$ and $m_2$ broadcast by the same correct process $p_i$, with $p_i$ invoking $\ABbroadcast(m_1)$ before $\ABbroadcast(m_2)$. By \Cref{lem:validity}, there exist closed rounds $r_1$ and $r_2$ such that $r_1 \leq r_2$ and correct processes $k_1 \in \Winners_{r_1}$ and $k_2 \in \Winners_{r_2}$ such that
\[
\RBcast(S_1, r_1, k_1)\quad\text{with}\quad m_1\in S_1,
\]
\[
\RBcast(S_2, r_2, k_2)\quad\text{with}\quad m_2\in S_2.
\]
By program order, $p_i$ must have invoked $\RBcast(S_1, r_1, i)$ before $\RBcast(S_2, r_2, i)$. By \Cref{lem:unique-proposal}, any process invokes at most one $\RBcast(S, r, i)$ per round, hence $r_1 < r_2$. By \Cref{lem:total-order}, any correct process that delivers both $m_1$ and $m_2$ delivers them in a deterministic order.
In all possible cases, any correct process that delivers both $m_1$ and $m_2$ delivers $m_1$ before $m_2$.
\end{proof}
\begin{theorem}[FIFO-\ARB]
Under the assumed $\DL$ synchrony and $\RB$ reliability, the algorithm implements FIFO Atomic Reliable Broadcast.
\end{theorem}
\begin{proof}
We show that the algorithm satisfies the properties of Atomic Reliable Broadcast under the assumed $\DL$ synchrony and reliable channel assumption.
We show that the algorithm satisfies the properties of FIFO Atomic Reliable Broadcast under the assumed $\DL$ synchrony and $\RB$ reliability.
First, by \Cref{lem:bcast-termination}, if a correct process invokes $\ABbroadcast(m)$, then it eventually returns from this invocation.
Moreover, \Cref{lem:validity} states that if a correct process invokes $\ABbroadcast(m)$, then every correct process that invokes $\ABdeliver()$ infinitely often eventually delivers $m$.
This gives the usual Validity property of $\ARB$.
Concerning Integrity and No-duplicates, the construction only ever delivers messages that have been obtained from processes that constructed and sent them in the algorithm.
Every delivered message was previously sent by some process at line~\ref{code:submit-proposition}, so no spurious messages are delivered.
Concerning Integrity and No-duplicates, the construction only ever delivers messages that have been obtained from the underlying $\RB$ primitive.
By the Integrity property of $\RB$, every such message was previously $\RBcast$ by some process, so no spurious messages are delivered.
In addition, \Cref{lem:no-duplication} states that no correct process delivers the same message more than once.
Together, these arguments yield the Integrity and No-duplicates properties required by $\ARB$.
For the ordering guarantees, \Cref{lem:total-order} shows that for any two messages $m_1$ and $m_2$ delivered by correct processes, every correct process that delivers both $m_1$ and $m_2$ delivers them in the same order.
Hence all correct processes share a common total order on delivered messages.
Furthermore, \Cref{lem:fifo-order} states that for any two messages $m_1$ and $m_2$ broadcast by the same correct process, any correct process that delivers both messages delivers $m_1$ before $m_2$ whenever $m_1$ was broadcast before $m_2$.
Thus the global total order extends the per-sender FIFO order of $\ABbroadcast$.
All the above lemmas are proved under the assumptions that $\DL$ satisfies the required synchrony properties and that the communication channels are reliable and error-free (no message loss or corruption).
Therefore, under these assumptions, the algorithm satisfies Validity, Integrity/No-duplicates, and total order, and hence implements Atomic Reliable Broadcast, as claimed.
All the above lemmas are proved under the assumptions that $\DL$ satisfies the required synchrony properties and that the underlying primitive is a Reliable Broadcast ($\RB$) with Integrity, No-duplicates and Validity.
Therefore, under these assumptions, the algorithm satisfies Validity, Integrity/No-duplicates, total order and per-sender FIFO order, and hence implements FIFO Atomic Reliable Broadcast, as claimed.
\end{proof}
\subsection{Reciprocity}
% ------------------------------------------------------------------------------
So far, we assumed the existence of a synchronous DenyList ($\DL$) object and showed how to build an Atomic Reliable Broadcast ($\ARB$) primitive using reliable, error-free point-to-point channels. We now briefly argue that, conversely, an $\ARB$ primitive is strong enough to implement a synchronous $\DL$ object.
So far, we assumed the existence of a synchronous DenyList ($\DL$) object and showed how to upgrade a Reliable Broadcast ($\RB$) primitive into FIFO Atomic Reliable Broadcast ($\ARB$). We now briefly argue that, conversely, an $\ARB$ primitive is strong enough to implement a synchronous $\DL$ object.
\xspace
@@ -318,7 +404,8 @@ history of operations) are uniquely determined.
\paragraph{State machine replication over \ARB.}
Assume a system that exports a FIFO-\ARB primitive with the guarantees that if a correct process invokes $\ABbroadcast(m)$, then every correct process eventually $\ABdeliver(m)$ and the invocation eventually returns.
Following the classical \emph{state machine replication} approach described by Schneider~\cite{Schneider90}, we can implement a fault-tolerant service by ensuring the following properties:
Following the classical \emph{state machine replication} approach
such as described in Schneider~\cite{Schneider90}, we can implement a fault-tolerant service by ensuring the following properties:
\begin{quote}
\textbf{Agreement.} Every nonfaulty state machine replica receives every request. \\
\textbf{Order.} Every nonfaulty state machine replica processes the requests it receives in
@@ -331,7 +418,7 @@ Which are cover by our FIFO-\ARB specification.
\begin{theorem}[From \ARB to synchronous \DL]\label{thm:arb-to-dl}
In an asynchronous message-passing system with crash failures, assume a FIFO Atomic Reliable Broadcast primitive (in the standard Total Order / Atomic Broadcast sense of~\cite{Defago2004}) with Integrity, No-duplicates, Validity, and the liveness of $\ABbroadcast$. Then there exists an implementation of a DenyList object that satisfies Termination, Validity, and Anti-flickering properties.
In an asynchronous message-passing system with crash failures, assume a FIFO Atomic Reliable Broadcast primitive with Integrity, No-duplicates,Validity, and the liveness of $\ABbroadcast$. Then there exists an implementation of a DenyList object that satisfies Termination, Validity, and Anti-flickering properties.
\end{theorem}
\begin{proof}
@@ -340,7 +427,7 @@ Which are cover by our FIFO-\ARB specification.
\begin{itemize}[leftmargin=*]
\item \textbf{Termination.} The liveness of \ARB ensures that each $\ABbroadcast$ invocation by a correct process eventually returns, and the corresponding operation is eventually delivered and applied at all correct processes. Thus every $\APPEND$, $\PROVE$, and $\READ$ operation invoked by a correct process eventually returns.
\item \textbf{APPEND/PROVE/READ Validity.} The local code that forms \ABbroadcast requests can achieve the same preconditions as in the abstract \DL specification (e.g., $p\in\Pi_M$, $x\in S$ for $\APPEND(x)$). Once an operation is delivered, its effect and return value are exactly those of the sequential \DL specification applied in the common order.
\item \textbf{PROVE Anti-Flickering.} In the sequential \DL specification, once an element $x$ has been appended, all subsequent $\PROVE(x)$ are invalid forever. Since all replicas apply operations in the same order, this property holds in every execution of the replicated implementation: after the first linearization point of $\APPEND(x)$, no later $\PROVE(x)$ can return valid at any correct process.
\item \textbf{PROVE Anti-Flickering.} In the sequential \DL specification, once an element $x$ has been appended, all subsequent $\PROVE(x)$ are invalid forever. Since all replicas apply operations in the same order, this property holds in every execution of the replicated implementation: after the first linearization point of $\APPEND(x)$, no later $\PROVE(x)$ can return ``valid'' at any correct process.
\end{itemize}
Formally, we can describe the \DL object with the state machine approach for
@@ -350,25 +437,19 @@ Which are cover by our FIFO-\ARB specification.
\subsubsection{Example executions}
% \begin{figure}
% \centering
% \resizebox{0.4\textwidth}{!}{
% \input{diagrams/nonBFT_behaviour.tex}
% }
% \caption{Example execution of the ARB algorithm in a non-BFT setting}
% \end{figure}
\begin{figure}
\centering
\resizebox{0.4\textwidth}{!}{
\input{diagrams/nonBFT_behaviour.tex}
}
\caption{Example execution of the ARB algorithm in a non-BFT setting}
\end{figure}
% \begin{figure}
% \centering
% \resizebox{0.4\textwidth}{!}{
% \input{diagrams/BFT_behaviour.tex}
% }
% \caption{Example execution of the ARB algorithm with a byzantine process}
% \end{figure}
% font en fonctin de lusage
% winner invariant
% order invariant
\begin{figure}
\centering
\resizebox{0.4\textwidth}{!}{
\input{diagrams/BFT_behaviour.tex}
}
\caption{Example execution of the ARB algorithm with a byzantine process}
\end{figure}

487
Recherche/BFT-ARBover/5_BFT_ARB/index.tex
View File

@@ -1,15 +1,15 @@
\subsection{Model extension}
We extend the crash model of Section 1 (same process universe, asynchronous setting, uniquely identifiable messages, and reliable point-to-point channels) with Byzantine faults and Byzantine-resilient dissemination primitives.
We consider a static set $\Pi$ of $n$ processes with known identities, communicating by reliable point-to-point channels, in a complete graph. Messages are uniquely identifiable. At most $f$ processes may be Byzantine, and we assume $n > 3f$.
\paragraph{Failure threshold.} At most $t$ processes may be Byzantine, and we assume $n > 3t$, following standard asynchronous Byzantine assumptions~\cite{Bracha87}.
\paragraph{Synchrony.} The network is asynchronous.
\paragraph{Additional communication primitive.} In addition to reliable point-to-point channels, processes use Reliable Broadcast ($\RB$) with operations $\RBcast(m)$ and $m=\rdeliver()$. We use Bracha's Byzantine RB specification~\cite{Bracha87}: for a fixed sender and broadcast instance, all correct processes that deliver, deliver the same payload, and Byzantine equivocation on that instance is prevented.
\paragraph{Communication.} Processes can exchange through a Reliable Broadcast ($\RB$) primitive (defined below) which is invoked with the functions $\RBcast(m)$ and $m = \RBreceived()$. There exists a shared object called DenyList ($\DL$) (defined below) that is interfaced with a set $O$ of operations. There exist three types of these operations: $\APPEND(x)$, $\PROVE(x)$ and $\READ()$.
\paragraph{Byzantine behaviour}
A Byzantine process may deviate arbitrarily from the algorithm (malformed inputs, selective omission, collusion, inconsistent timing, etc.).
A process is said to exhibit Byzantine behaviour if it deviates arbitrarily from the prescribed algorithm. Such deviations may, for instance, consist in invoking primitives ($\RBcast$, $\APPEND$, $\PROVE$, etc.) with invalid inputs or inputs crafted maliciously, colluding with other Byzantine processes in an attempt to manipulate the system state or violate its guarantees, deliberately delaying or accelerating the delivery of messages to selected nodes so as to disrupt the expected timing of operations, or withholding messages and responses in order to induce inconsistencies in the system state.
Byzantine processes are still constrained by the assumed primitives: they cannot violate the safety/liveness guarantees of $\DL$ and cannot break the Integrity, No-duplicates, and Validity guarantees of $\RB$.
Byzantine processes are constrained by the following. They cannot forge valid cryptographic signatures or threshold shares without access to the corresponding private keys. They cannot violate the termination, validity, or anti-flickering properties of the $\DL$ object. They also cannot break the integrity, no-duplicates, or validity properties of the $\RB$ primitive.
\paragraph{Notation.} For any indice $k$ we defined by $\DL[k]$ as the $k$-th DenyList object. For a given $\DL[k]$ and any indice $x$ we defined by $\Pi_x^k$ a subset of $\Pi$. Still for a given $k$ we consider $\Pi_M^k \subseteq \Pi$ and $\Pi_V^k \subseteq \Pi$ two authorization subsets for $\DL[k]$. Indice $i \in \Pi$ refer to processes, and $p_i$ denotes the process with identifier $i$. Let $\mathcal{M}$ denote the universe of uniquely identifiable messages, with $m \in \mathcal{M}$. Let $\mathcal{R} \subseteq \mathbb{N}$ be the set of round identifiers; we write $r \in \mathcal{R}$ for a round. We use the precedence relation $\prec_k$ for the $\DL[k]$ linearization: $x \prec_k y$ means that operation $x$ appears strictly before $y$ in the linearized history of $\DL[k]$. For any finite set $A \subseteq \mathcal{M}$, \ordered$(A)$ returns a deterministic total order over $A$ (e.g., lexicographic order on $(\textit{senderId},\textit{messageId})$ or on message hashes).
@@ -18,15 +18,6 @@ For any operation $F \in O$,$F_i(...)$ denotes that the operation $F$ is invoked
% ------------------------------------------------------------------------------
\subsection{Primitives}
\subsection{Reliable Broadcast (RB)}
\RB provides the following properties in this model (cf.~\cite{Bracha87}).
\begin{itemize}[leftmargin=*]
\item \textbf{Integrity}: Every message received was previously sent. $\forall p_i:\ m = \rbreceived_i() \Rightarrow \exists p_j:\ \RBcast_j(m)$.
\item \textbf{No-duplicates}: No message is received more than once at any process.
\item \textbf{Validity}: If a correct process broadcasts $m$, every correct process eventually receives $m$.
\end{itemize}
\subsubsection{t-BFT-DL}
We consider a t-Byzantine Fault Tolerant DenyList (t-$\BFTDL$) with the following properties.
@@ -38,7 +29,7 @@ There are 3 operations : $\BFTPROVE(x), \BFTAPPEND(x), \BFTREAD()$ such that :
\paragraph{PROVE Anti-Flickering.} If the invocation of a operation $op = \BFTPROVE(x)$ by a correct process $p \in \Pi_V$ is invalid, then any $\BFTPROVE(x)$ operation that appears after $op$ in $\Seq$ is invalid.
\paragraph{READ Liveness.} Let $op = \BFTREAD()$ invoke by a correct process such that $R$ is the result of $op$. For all $(i, x) \in R$ there exist a valid invocation of $\BFTPROVE(x)$ by $p_i$.
\paragraph{READ Liveness.} Let $op = \BFTREAD()$ invoke by a correct process such that $R$ is the result of $op$. For all $(i, \PROVEtrace(x)) \in R$ there exist a valid invocation of $\BFTPROVE(x)$ by $p_i$.
\paragraph{READ Anti-Flickering.} Let $op_1, op_2$ two $\BFTREAD()$ operations that returns respectively $R_1, R_2$. Iff $op_1 \prec op_2$ then $R_2 \subseteq R_1$. Otherwise $R_1 \subseteq R_2$.
@@ -74,27 +65,24 @@ For each $U \in \mathcal{U}$, we instantiate one DenyList object $DL_U$ whose au
\vspace{1em}
\Fn{$\BFTPROVE(x)$}{
$\state \gets false$\;
$state \gets false$\;
\For{\textbf{each } $U \in \mathcal{U}$}{
$\state \gets \state \textbf{ OR } DL_U.\PROVE(x)$\;\nllabel{code:prove-or}
$state \gets state \textbf{ OR } DL_U.\PROVE(x)$\;\nllabel{code:prove-or}
}
\Return{$\state$}\;
\Return{$state$}\;
}
\vspace{1em}
\Fn{$\BFTREAD()$}{
$\results \gets \emptyset$\;
$results \gets \emptyset$\;
\For{\textbf{each } $U \in \mathcal{U}$}{
$\results \gets \results \cup DL_U.\READ()$\;
$results \gets results \cup DL_U.\READ()$\;
}
\Return{$\results$}\;
\Return{$results$}\;
}
\end{algorithm}
\paragraph{Algorithm intuition.}
In the Byzantine setting, a process identifier $j$ is selected in $\winners[r]$ only when it accumulates at least $t+1$ proofs for round $r$ in $\validated(r)$. A process emits such a proof for $j$ only after receiving $j$'s $\texttt{PROP}$ payload (handler $\rdeliver(\texttt{PROP},\cdot)$). Therefore, if $j$ is a winner, at least one correct process has received $j$'s proposal. By RB agreement/validity, once one correct process receives that proposal for the instance, all correct processes eventually receive the same payload, so winner proposals eventually become available everywhere and can be merged consistently.
\begin{lemma}[BFT-PROVE Validity]\label{lem:bft-prove-validity}
The invocation of $op = \BFTPROVE(x)$ by a correct process is invalid iff there exist at least $t+1$ distinct processes in $M$ that invoked a valid $\BFTAPPEND(x)$ before $op$ in $\Seq$.
\end{lemma}
@@ -104,7 +92,7 @@ In the Byzantine setting, a process identifier $j$ is selected in $\winners[r]$
\begin{itemize}
\item \textbf{Case (i): $|A|\ge t+1$.}
Fix any $U\in\mathcal{U}$. $A\cap U\neq\emptyset$. Pick $j\in A\cap U$. Since $j\in U$, the call $\BFTAPPEND_j(x)$ triggers $DL_U.\APPEND(x)$, and because $\BFTAPPEND_j(x)\prec op$ in $\Seq$, this induces a valid $DL_U.\APPEND(x)$ that appears before the induced $DL_U.\PROVE(x)$ by $p_i$. By \textbf{PROVE Validity} of $\DL$, the induced $DL_U.\PROVE(x)$ is invalid. As this holds for every $U\in\mathcal{U}$, there is \emph{no} component $DL_U$ where $\PROVE(x)$ is valid, so the field $\state$ at line~\ref{code:prove-or} is never becoming true, and $op$ return false.
Fix any $U\in\mathcal{U}$. $A\cap U\neq\emptyset$. Pick $j\in A\cap U$. Since $j\in U$, the call $\BFTAPPEND_j(x)$ triggers $DL_U.\APPEND(x)$, and because $\BFTAPPEND_j(x)\prec op$ in $\Seq$, this induces a valid $DL_U.\APPEND(x)$ that appears before the induced $DL_U.\PROVE(x)$ by $p_i$. By \textbf{PROVE Validity} of $\DL$, the induced $DL_U.\PROVE(x)$ is invalid. As this holds for every $U\in\mathcal{U}$, there is \emph{no} component $DL_U$ where $\PROVE(x)$ is valid, so the field $state$ at line~\ref{code:prove-or} is never becoming true, and $op$ return false.
\item \textbf{Case (ii): $|A|\le t$.}
There exists $U^\star\in\mathcal{U}$ such that $A\cap U^\star=\emptyset$. For any $j\in A$, we have $j\notin U^\star$, so $\BFTAPPEND_j(x)$ does \emph{not} call $DL_{U^\star}.\APPEND(x)$. Hence no valid $DL_{U^\star}.\APPEND(x)$ appears before the induced $DL_{U^\star}.\PROVE(x)$. Since also $i\in \Pi_V(DL_{U^\star})$, by \textbf{PROVE Validity} of $\DL$ the induced $DL_{U^\star}.\PROVE(x)$ is valid. Therefore, there exists a component with a valid $\PROVE(x)$, so $op$ is valid.
@@ -114,7 +102,7 @@ In the Byzantine setting, a process identifier $j$ is selected in $\winners[r]$
Combining the cases yields the claimed characterization of invalidity.
\end{proof}
\begin{lemma}[BFT-PROVE Anti-Flickering]\label{lem:bft-prove-anti-flickering}
\begin{lemma}[BFT-PROVE Anti-Flickering]
If the invocation of a operation $op = \BFTPROVE(x)$ by a correct process $p \in \Pi_V$ is invalid, then any $\BFTPROVE(x)$ operation that appears after $op$ in $\Seq$ is invalid.
\end{lemma}
@@ -136,14 +124,14 @@ In the Byzantine setting, a process identifier $j$ is selected in $\winners[r]$
\end{lemma}
\begin{proof}
Let $R$ the result of a $READ()$ operation submit by any correct process. $(i, x) \in R$ implie that $\exists U^\star \in \mathcal{U}$ such that $(i, x) \in R^{U^\star}$ with $R^{U^\star}$ the result of $DL_{U^\star}.\READ()$. By \textbf{READ Validity} $(i, x) \in R^{U^\star}$ implie that there exist a valid $DL_{U^\star}.\PROVE_i(x)$. The for loop in the $\BFTPROVE(x)$ implementation return true iff there at least one valid $DL_{U}.\PROVE_i(x)$ for any $U \in \mathcal{U}$.
Let $R$ the result of a $READ()$ operation submit by any correct process. $(i, \PROVEtrace(x)) \in R$ implie that $\exists U^\star \in \mathcal{U}$ such that $(i, x) \in R^{U^\star}$ with $R^{U^\star}$ the result of $DL_{U^\star}.\READ()$. By \textbf{READ Validity} $(i, x) \in R^{U^\star}$ implie that there exist a valid $DL_{U^\star}.\PROVE_i(x)$. The for loop in the $\BFTPROVE(x)$ implementation return true iff there at least one valid $DL_{U}.\PROVE_i(x)$ for any $U \in \mathcal{U}$.
Hence because there exist a $U^\star$ such that $DL_{U^\star}.\PROVE_i(x)$, there exist a valid $\BFTPROVE_i(x)$.
$(i, x) \in R \implies \exists \BFTPROVE_i(x)$
\end{proof}
\begin{lemma}[BFT-READ Anti-Flickering]\label{lem:bft-read-anti-flickering}
\begin{lemma}[BFT-READ Anti-Flickering]
Let $op_1, op_2$ two $\BFTREAD()$ operations that returns respectively $R_1, R_2$. Iff $op_1 \prec op_2$ then $R_2 \subseteq R_1$. Otherwise $R_1 \subseteq R_2$.
\end{lemma}
@@ -184,163 +172,187 @@ In the Byzantine setting, a process identifier $j$ is selected in $\winners[r]$
\subsection{Algorithm}
\begin{algorithm}[H]
\caption{t-BFT ARB at process $p_i$}\label{alg:bft-arb}
\SetKwBlock{LocalVars}{Local Variables:}{}
\LocalVars{
$\unordered \gets \emptyset$,
$\ordered \gets \epsilon$,
$\delivered \gets \epsilon$\;
$\prop[r][j] \gets \bot, \forall j, r \in \Pi \times \mathbb{N}$\;
$\done[r] \gets \emptyset, \forall r \in \mathbb{N}$\;
}
\vspace{0.3em}
\For{$r = 1, 2, \ldots$}{\nllabel{alg:main-loop}
\textbf{wait until} $\unordered \setminus \ordered \neq \emptyset$\;
$S \gets \unordered \setminus \ordered$;
$\RBcast(\texttt{PROP}, S, \langle i, r \rangle)$\;
\textbf{wait until} $|\validated(r)| \geq n - t$\;\nllabel{alg:check-validated}
\BlankLine
\lForEach{$j \in \Pi$}{
$\BFTAPPEND(\langle j, r\rangle)$\nllabel{alg:append}
}
\lForEach{$j \in \Pi$}{
$\send(\texttt{DONE}, r)$ \textbf{ to } $p_j$
}
\BlankLine
\textbf{wait until} $|\done[r]| \geq n - t$\;\nllabel{alg:check-done}
\textbf{wait until} $\forall j \in \winners[r],\ \prop[r][j] \neq \bot$ \textbf{ with } $\winners[r] \gets \validated(r)$\;
\BlankLine
$M \gets \bigcup_{j \in \winners[r]} \prop[r][j]$\;\nllabel{code:Mcompute}
$\ordered \gets \ordered \cdot \order(M)$\;
}
\vspace{0.3em}
\Fn{\validated($r$)}{
\Return{$\{j: |\{k: (k, r) \in \BFTREAD()\}| \geq t+1\}$}\;
}
\vspace{0.3em}
\Upon{$\ABbroadcast(m)$}{
$\unordered \gets \unordered \cup \{m\}$\;
}
\vspace{0.3em}
\Upon{$\rdeliver(\texttt{PROP}, S, \langle j, r \rangle)$ from process $p_j$}{
$\unordered \gets \unordered \cup S$;
$\prop[r][j] \gets S$\;
$\BFTPROVE(\langle j, r\rangle)$\;
}
\vspace{0.3em}
\Upon{$\receive(\texttt{DONE}, r)$ from process $p_j$}{
$\done[r] \gets \done[r] \cup \{j\}$\;
}
\vspace{0.3em}
\Upon{$\ABdeliver()$}{
\lIf{$\ordered \setminus \delivered = \emptyset$}{
\Return{$\bot$}
}
let $m$ be the first message in $(\ordered \setminus \delivered)$\;
$\delivered \gets \delivered \cdot \{m\}$\;
\Return{$m$}
}
\subsubsection{Variables}
Each process $p_i$ maintains the following local variables:
\LinesNotNumbered
\begin{algorithm}
$\texttt{last\_commited} \gets 0$\;
$\texttt{last\_delivered} \gets 0$\;
$\received \gets \emptyset$\;
$\delivered \gets \emptyset$\;
$\prop[r][j] \gets \bot, \forall r, j$\;
$W[r] \gets \bot, \forall r$; this is the set of the winners for the round $r$\\
$B[r] \gets \bot, \forall r$; this is the set of processes who have bahaved maliciously for round $r$\\
$\resolved[r] \gets \bot, \forall r$\;
$Y$ a $\BFTDL$ such that the value space is $\mathcal{R} \times \Pi$\;
$V$ a $\BFTDL$ such that the value space is $(\mathcal{R} \times \mathcal{M} \times \Pi)$\;
\end{algorithm}
\paragraph{Algorithm intuition.}
The Byzantine-tolerant construction combines threshold evidence and RB agreement to make winner selection robust. A sender $j$ appears in $\validated(r)$ only when at least $t+1$ proofs for $\langle j,r\rangle$ are observed through $\BFTREAD()$, and by \Cref{lem:bft-prove-validity} this threshold means that $j$ cannot be certified without broad enough support from the system. Once a round is closed, the winner set becomes stable by \Cref{lem:winners-stability}, so correct processes stop diverging on who contributes to the round outcome. For each stable winner, the associated proposal payload is unique at correct receivers by \Cref{lem:bft-unique-proposal}, which prevents equivocation from creating distinct local values for the same winner identity. Consequently, when correct processes wait for all winner proposals and compute the union at line~\ref{code:Mcompute}, they obtain the same message set by \Cref{lem:message-content-invariance}. Progress is then ensured by \Cref{lem:bft-eventual-closure}, which guarantees that if new messages remain unordered, a new round eventually closes with at least $n-t$ winners. Finally, once rounds are commonly closed, appending $\order(M)$ at each round yields a common delivery sequence, exactly formalized by \Cref{lem:bft-total-order}.
\LinesNumbered
\begin{algorithm}[H]
\caption{$\ABbroadcast(m)$ at process $p_i$}\label{alg:broadcast-bft}
\SetAlgoLined
\Fn{ABroadcast($m$)}{
$\received \gets \received \cup \{m\}$\;
Propose()\;
}
\end{algorithm}
% \textbf{Everything below has to be updated}
% \begin{definition}[BFT Closed round for $k$]
% Given $Seq^{k}$ the linearization of the $\BFTDL$ $Y[k]$, a round $r \in \mathcal{R}$ is \emph{closed} in $\Seq$ iff there exist at least $n - f$ distinct processes $j \in \Pi$ such that $\BFTAPPEND_j(r)$ appears in $\Seq^k$. Let call $\BFTAPPEND(r)^\star$ the $(n-f)^{th}$ $\BFTAPPEND(r)$.
% \end{definition}
\begin{algorithm}[H]
\caption{Propose($\bot$) at process $p_i$}\label{alg:propose-bft}
\SetAlgoLined
% \Statex \textbf{Proposer Job}
\Fn{Propose($\bot$)}{
$r \gets \texttt{last\_commited}$\;
\While{$S \neq \emptyset$ with $S \gets \received \setminus (\delivered \cup (\bigcup_{r' < r} \bigcup_{\substack{(j,S')\in W[r']\\ j\notin B[r']\\ S' \in \prop[r'][j]}} S'))$}{
% \Comment{PROP PHASE}\;
\tcc*[f]{PROP PHASE}\\
$V.\BFTPROVE((r, S, i))$\;
$\RBcast(i, \texttt{PROP}, S, r)$\;
\textbf{wait} until $|\{j: \exists S, |\{k: (k,(r, S, j)) \in V.\BFTREAD()\}| \geq t+1\}| \geq n - t$\;
% \Comment{COMMIT PHASE}
\tcc*[f]{COMMIT PHASE}\\
\For{\textbf{each} $j \in \Pi$}{
% $Y[j].\BFTAPPEND(r)$\;
$V.\BFTAPPEND((r, S, j))$\;
$Y.\BFTAPPEND((r, j))$\;
}
$\RBcast(i, \texttt{COMMIT}, r)$\;
\textbf{wait} until $|\resolved[r]| \geq n - t$\;
% \Comment*{X PHASE}
% \tcc*[f]{X PHASE}\\
\BlankLine
$W[r] \gets \{(j, S): |\{k: (k, (r, S, j)) \in V.\BFTREAD()\}| \geq t+1\}$\;
$B[r] \gets \{j: |\{k: (k, (r, j)) \in Y.\BFTREAD()\}| \geq t+1\}$\;
$r \gets r + 1$\;
}
$\texttt{last\_commited} \gets r$\;
}
\end{algorithm}
% \begin{definition}[BFT Closed round]\label{def:bft-closed-round}
% A round $r \in \mathcal{R}$ is \emph{closed} iff for all $\DL[k]$, $r$ is closed in $\Seq^k$.
% \end{definition}
\begin{algorithm}[H]
\caption{$\ABdeliver()$ at process $p_i$}\label{alg:deliver-bft}
\SetAlgoLined
\Fn{ADeliver($\bot$)}{
$r \gets \texttt{last\_delivered}$\;
\If{$|\resolved[r]| < n - t$}{
\Return{$\bot$}
}
$W \gets \{(j, S): |\{k: (k, (r, S, j)) \in V.\BFTREAD()\}| \geq t+1\}$\;
$B \gets \{j: |\{k: (k, (r, j)) \in Y.\BFTREAD()\}| \geq t+1\}$\;
% \subsection{Proof of correctness}
\If{$\exists (j, S) \in W, j \notin B, S \notin \prop[r][j]$}{
\Return{$\bot$}
}
\BlankLine
$M \gets \bigcup_{\substack{(j,S)\in W\\ j\notin B\\ S \in prop[r][j]}} S$\;\nllabel{code:Mcompute}
$m \gets \ordered(M \setminus \delivered)[0]$\;
% \Comment*{Set $m$ as the smaller message not already delivered}
$\delivered \leftarrow \delivered \cup \{m\}$\;
\If{$M \setminus \delivered = \emptyset$}{
$\texttt{last\_delivered} \gets \texttt{last\_delivered} + 1$\;
}
% \Comment*{Check if all messages from round $r$ have been delivered}
\Return{$m$}
}
\end{algorithm}
% \begin{remark}[BFT Stable round closure]\label{rem:bft-stable-round-closure}
% If a round $r$ is closed, no more $\BFTPROVE(r)$ can be valid and thus linearized. In other words, once $\BFTAPPEND(r)^\star$ is linearized, no more process can make a proof on round $r$, and the set of valid proofs for round $r$ is fixed. Therefore $\Winners_r$ is fixed.
% \end{remark}
\begin{algorithm}[H]
\caption{RB handler at process $p_i$}\label{alg:rb-handler-bft}
\SetAlgoLined
\Upon{$Rdeliver(j, \texttt{PROP}, S, r)$}{
$\received \gets \received \cup \{S\}$\;
\uIf{$\prop[r][j] = \bot \vee (\{S' : (j, (r, S', j)) \in V.\BFTREAD()\} = \{S\})$}{
$V.\BFTPROVE((r, S, j))$\;
}
\Else{
$Y.\BFTPROVE((r, j))$\;
}
$\prop[r][j] \gets \prop[r][j] \cup S$\;
Propose()\;
}
% \begin{proof}
% By definition $r$ closed means that for all process $p_i$, there exist at least $n - f$ distinct processes $j \in \Pi$ such that $\BFTAPPEND_j(r)$ appears in $\Seq^k$. By BFT-PROVE Validity, any subsequent $\BFTPROVE(r)$ is invalid because at least $n - f$ processes already invoked a valid $\BFTAPPEND(r)$ before it. Thus no new valid $\BFTPROVE(r)$ can be linearized after $\BFTAPPEND(r)^\star$. Hence the set of valid proofs for round $r$ is fixed, and so is $\Winners_r$.
% \end{proof}
\vspace{1em}
% \begin{lemma}[BFT Across rounds]\label{lem:bft-across-rounds}
% For any $r, r'$ such that $r < r'$, if $r'$ is closed, $r$ is also closed.
% \end{lemma}
\Upon{$Rdeliver(j, \texttt{COMMIT}, r)$}{
$\resolved[r] \gets \resolved[r] \cup \{j\}$\;
}
\end{algorithm}
% \begin{proof}
% Let $r \in \mathcal{R}$. By \cref{def:bft-closed-round}, if $r + 1$ is closed, then for all $\DL[k]$, $r + 1$ is closed in $\Seq^k$. By the implementation, a process can only invoke $\BFTAPPEND(r + 1)$ after observing at least $n - f$ valid $\BFTPROVE(r)$, which means that for all $\DL[k]$, $r$ is closed in $\Seq^k$. Hence by \cref{def:bft-closed-round}, $r$ is closed.
\textbf{Everything below has to be updated}
% Because $r$ is monotonically increasing, we can reccursively apply the same argument to conclude that for any $r, r'$ such that $r < r'$, if $r'$ is closed, $r$ is also closed.
% \end{proof}
\begin{definition}[BFT Closed round for $k$]
Given $Seq^{k}$ the linearization of the $\BFTDL$ $Y[k]$, a round $r \in \mathcal{R}$ is \emph{closed} in $\Seq$ iff there exist at least $n - f$ distinct processes $j \in \Pi$ such that $\BFTAPPEND_j(r)$ appears in $\Seq^k$. Let call $\BFTAPPEND(r)^\star$ the $(n-f)^{th}$ $\BFTAPPEND(r)$.
\end{definition}
% \begin{lemma}[BFT Progress]\label{lem:bft_progress}
% For any correct process $p_i$ such that
% \[
% \received \setminus (\delivered \cup (\cup_{r' < r} \cup_{j \in W[r'] \prop[r'][j]})) \neq \emptyset
% \]
% with $r$ the highest closed round in the $\DL$ linearization. Eventually $r+1$ will be closed.
% \end{lemma}
\begin{definition}[BFT Closed round]\label{def:bft-closed-round}
A round $r \in \mathcal{R}$ is \emph{closed} iff for all $\DL[k]$, $r$ is closed in $\Seq^k$.
\end{definition}
% \begin{lemma}[BFT Winners invariant]\label{lem:bft-winners-invariant}
% For any closed round $r$, define
% \[
% \Winners_r = \{j: \BFTPROVE_j(r) \prec \BFTAPPEND^\star(r)\}
% \]
% called the unique set of winners of round $r$.
% \end{lemma}
\subsection{Proof of correctness}
% \begin{lemma}[BFT n-f lower-bounded Winners]
% Let $r$ a closed round, $|W[r]| \geq n-f$.
% \end{lemma}
\begin{remark}[BFT Stable round closure]\label{rem:bft-stable-round-closure}
If a round $r$ is closed, no more $\BFTPROVE(r)$ can be valid and thus linearized. In other words, once $\BFTAPPEND(r)^\star$ is linearized, no more process can make a proof on round $r$, and the set of valid proofs for round $r$ is fixed. Therefore $\Winners_r$ is fixed.
\end{remark}
% \begin{remark}\label{rem:correct-in-winners}
% Because we assume $n \geq 2f+ 1$, if $|W[r]| \geq n-f$ at least 1 correct have to be in $W[r]$ to progress.
% \end{remark}
\begin{proof}
By definition $r$ closed means that for all process $p_i$, there exist at least $n - f$ distinct processes $j \in \Pi$ such that $\BFTAPPEND_j(r)$ appears in $\Seq^k$. By BFT-PROVE Validity, any subsequent $\BFTPROVE(r)$ is invalid because at least $n - f$ processes already invoked a valid $\BFTAPPEND(r)$ before it. Thus no new valid $\BFTPROVE(r)$ can be linearized after $\BFTAPPEND(r)^\star$. Hence the set of valid proofs for round $r$ is fixed, and so is $\Winners_r$.
\end{proof}
% \begin{lemma}[BFT Winners must purpose]\label{lem:bft-winners-purpose}
% Let $r$ a closed round, for all process $p_j$ such that $j \in W[r]$, $p_j$ must have executed $\RBcast(j, PROP, \_, r)$ and hence any correct will eventually set $\prop[r][j]$ to a non-$\bot$ value.
% \end{lemma}
\begin{lemma}[BFT Across rounds]\label{lem:bft-across-rounds}
For any $r, r'$ such that $r < r'$, if $r'$ is closed, $r$ is also closed.
\end{lemma}
% \begin{lemma}[BFT Messages Incariant]\label{lem:bft-messages-invariant}
% For any closed round $r$ and any correct process $p_i$ such that $\forall j \in \Winners_r$: $\prop^{(i)}[r][j] \neq \bot$ define
% \[
% \Messages_r = \cup_{j \in \Winners_r} prop^{(i)}[r][j]
% \]
% as the set of messages proposed by the winners of round $r$
% \end{lemma}
\begin{proof}
Let $r \in \mathcal{R}$. By \cref{def:bft-closed-round}, if $r + 1$ is closed, then for all $\DL[k]$, $r + 1$ is closed in $\Seq^k$. By the implementation, a process can only invoke $\BFTAPPEND(r + 1)$ after observing at least $n - f$ valid $\BFTPROVE(r)$, which means that for all $\DL[k]$, $r$ is closed in $\Seq^k$. Hence by \cref{def:bft-closed-round}, $r$ is closed.
% \begin{lemma}[BFT EVentual proposal closure]\label{lem:bft-eventual-proposal-closure}
% If a correct process $p_i$ define $M$ at line~\ref{code:Mcompute}, then for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$.
% \end{lemma}
Because $r$ is monotonically increasing, we can reccursively apply the same argument to conclude that for any $r, r'$ such that $r < r'$, if $r'$ is closed, $r$ is also closed.
\end{proof}
% \begin{lemma}[BFT Unique proposal per sender per round]\label{lem:bft-unique-proposal}
% For any round $r$ and any process $p_i$, if $p_i$ invokes two $\RBcast$ call for the same round, such that $\RBcast(i, PROP, S, r) \prec \RBcast(i, PROP, S', r)$. Then for any correct process $p_j$, $\prop^{(j)}[r][i] \in \{\bot, S\}$
% \end{lemma}
\begin{lemma}[BFT Progress]\label{lem:bft_progress}
For any correct process $p_i$ such that
\[
\received \setminus (\delivered \cup (\cup_{r' < r} \cup_{j \in W[r'] \prop[r'][j]})) \neq \emptyset
\]
with $r$ the highest closed round in the $\DL$ linearization. Eventually $r+1$ will be closed.
\end{lemma}
\begin{lemma}[BFT Winners invariant]\label{lem:bft-winners-invariant}
For any closed round $r$, define
\[
\Winners_r = \{j: \BFTPROVE_j(r) \prec \BFTAPPEND^\star(r)\}
\]
called the unique set of winners of round $r$.
\end{lemma}
\begin{lemma}[BFT n-f lower-bounded Winners]
Let $r$ a closed round, $|W[r]| \geq n-f$.
\end{lemma}
\begin{remark}\label{rem:correct-in-winners}
Because we assume $n \geq 2f+ 1$, if $|W[r]| \geq n-f$ at least 1 correct have to be in $W[r]$ to progress.
\end{remark}
\begin{lemma}[BFT Winners must purpose]\label{lem:bft-winners-purpose}
Let $r$ a closed round, for all process $p_j$ such that $j \in W[r]$, $p_j$ must have executed $\RBcast(j, PROP, \_, r)$ and hence any correct will eventually set $\prop[r][j]$ to a non-$\bot$ value.
\end{lemma}
\begin{lemma}[BFT Messages Incariant]\label{lem:bft-messages-invariant}
For any closed round $r$ and any correct process $p_i$ such that $\forall j \in \Winners_r$: $\prop^{(i)}[r][j] \neq \bot$ define
\[
\Messages_r = \cup_{j \in \Winners_r} prop^{(i)}[r][j]
\]
as the set of messages proposed by the winners of round $r$
\end{lemma}
\begin{lemma}[BFT EVentual proposal closure]\label{lem:bft-eventual-proposal-closure}
If a correct process $p_i$ define $M$ at line~\ref{code:Mcompute}, then for every $j \in \Winners_r$, $\prop^{(i)}[r][j] \neq \bot$.
\end{lemma}
\begin{lemma}[BFT Unique proposal per sender per round]\label{lem:bft-unique-proposal}
For any round $r$ and any process $p_i$, if $p_i$ invokes two $\RBcast$ call for the same round, such that $\RBcast(i, PROP, S, r) \prec \RBcast(i, PROP, S', r)$. Then for any correct process $p_j$, $\prop^{(j)}[r][i] \in \{\bot, S\}$
\end{lemma}
@@ -411,149 +423,6 @@ The Byzantine-tolerant construction combines threshold evidence and RB agreement
% Since $p_i$ is correct, seeing that $m \in \prop[r'][j]$ for some $j \in W_{r'}$ implies that $p_i$ received a $Rdeliver(j, \texttt{PROP}, S, r')$ message from $p_j$ such that $m \in S$. And because $p_j$ is in $W_{r'}$, at least $n - f$ correct processes invoked a valid $Y[j].\BFTPROVE(r')$ before the round $r'$ were closed. By the reliable broadcast properties, the $Rdeliver(j, \texttt{PROP}, S, r')$ message will eventually be delivered to every correct process, hence eventually for any correct process $m \in \prop[r'][j]$ with $j \in W_{r'}$. Hence $m$ will eventually be included in the set $\Messages_{r'}$ defined in \Cref{def:bft-message-invariant} and thus eventually be ADelivered by any correct process.
% \end{proof}
\subsection{Correctness Lemmas}
\begin{definition}[Closed Round]
A round $r \in \mathcal{R}$ is said to be \emph{closed} for a correct process $p_i$ if at the moment $p_i$ computes $\winners[r]$, it satisfies $|\{k : (k, r) \in \BFTREAD()\}| \geq n - t$.
\end{definition}
\begin{lemma}[Round Monotonicity]\label{lem:round-monotonicity}
If a round $r$ is closed, then every round $r_1 < r$ is also closed.
\end{lemma}
\begin{proof}
\textbf{Base:} $r = 0$. Suppose round $1$ is closed, the set $\{r' \in \mathcal{R}: r' < r\}$ is empty, so the claim holds.
\textbf{Inductive step:} Let $r \geq 1$. Assume that the property holds for all rounds $r' < r$: whenever round $r'$ is closed, all rounds $r_2 < r'$ are also closed. We show that if round $r$ is closed, then all rounds $r_1 < r$ are closed.
Suppose round $r$ is closed. This means at least one correct process $p_i$ has reached line \ref{alg:check-validated} and satisfied the condition $|\validated(r)| \geq n - t$. Consequently, $p_i$ has invoked $\BFTAPPEND(\langle j, r \rangle)$ for each $j \in \Pi$ at line \ref{alg:append}. Since these operations are invoked by a correct process, and they depend on valid proofs in the byzantine fault tolerant deny list, at least one of these operations must have succeeded in the DL object.
Moreover, by the algorithm structure, a correct process can only reach the beginning of round $r$ after completing round $r-1$. In particular, process $p_i$ reaches line \ref{alg:main-loop} for round $r$ only after having completed round $r-1$, which requires the process to have observed at least $|\done[r-1]| \geq n - t$ (line \ref{alg:check-done} for round $r-1$). This condition can only be satisfied if round $r-1$ is closed: at least $n - t$ processes must have issued DONE messages, and since $n > 3f$, at least one of these is correct.
Since $n - t > 2f + 1$, among the $n - t$ processes satisfying the condition for round $r-1$, at least one is correct. A correct process that issued a DONE message for round $r-1$ must have previously completed its execution of lines \ref{alg:append} for round $r-1$, which in turn required observing $|\validated(r-1)| \geq n - t$ from line \ref{alg:check-validated}. Thus, round $r-1$ is closed.
Now, considering any round $r_1 < r-1$: by the inductive hypothesis applied to round $r-1$, since round $r-1$ is closed and $r_1 < r-1$, we have that $r_1$ is also closed.
By strong induction, if round $r$ is closed, all rounds $r_1 < r$ are closed.
\end{proof}
\begin{lemma}[Uniqueness of Winners' Proposals]\label{lem:bft-unique-proposal}
For any closed round $r$ and any process $p_j \in \winners[r]$, there exists a unique set $S_j \subseteq \mathcal{M}$ such that every correct process $p_i$ that has received a reliable delivery of a $\texttt{PROP}$ message from $p_j$ for round $r$ receives exactly this set $S_j$.
\end{lemma}
\begin{proof}
Let $r$ be a closed round and $p_j \in \winners[r]$. Since $j \in \winners[r]$, it means that $(j, r) \in \BFTREAD()$, i.e., at least $t+1$ distinct processes have invoked a valid $\BFTPROVE(\langle j, r \rangle)$ before the round $r$ closed.
By the algorithm, a correct process $p_i$ invokes $\BFTPROVE(\langle j, r \rangle)$ only upon receiving a reliable delivery of a $\texttt{PROP}$ message from $p_j$ for round $r$ at line \ref{alg:append}. Let $S_j^{(i)}$ denote the set received by $p_i$.
Since at least $t+1$ distinct processes have performed a valid $\BFTPROVE(\langle j, r \rangle)$, and since $t < n/3$, at least one of these processes is correct. Thus, at least one correct process must have received a reliable broadcast from $p_j$ for round $r$.
Now, by Bracha's Byzantine Reliable Broadcast specification, for any message broadcast instance by process $p_j$ in round $r$, all correct processes that deliver this broadcast either receive the identical message or none at all. Formally, for all correct processes $p_i, p_i'$ that received a delivery from $p_j$ for round $r$, we have $S_j^{(i)} = S_j^{(i')}$.
Therefore, there exists a unique set $S_j$ such that every correct process $p_i$ that receives a reliable delivery from $p_j$ for round $r$ receives exactly $S_j$.
\end{proof}
\begin{lemma}[Winners Stability]\label{lem:winners-stability}
For any closed round $r$, the set $\winners[r]$ is stable.
\end{lemma}
\begin{proof}
Let $r$ be a closed round. By definition, a closed round $r$ means that at least one correct process $p_i$ has observed $|\{k : (k, r) \in \BFTREAD()\}| \geq n - t$ and computed $\winners[r]$ at line \ref{alg:check-done}.
When round $r$ becomes closed, this implies that at least $n - t$ distinct processes have invoked $\BFTAPPEND(\langle j, r \rangle)$ for $j \in \Pi$ (by the algorithm structure, since $\done[r]$ contains DONE messages from processes that completed line \ref{alg:append}). Since $n > 3f$, we have $n - t > 2f + 1 > t + 1$.
Consider a fixed $j \in \Pi$. Since at least $n - t > t + 1$ processes have invoked a valid $\BFTAPPEND(\langle j, r \rangle)$, by \cref{lem:bft-prove-validity}, any subsequent invocation of $\BFTPROVE(\langle j, r \rangle)$ will be invalid.
By \cref{lem:bft-prove-anti-flickering}, once a $\BFTPROVE(\langle j, r \rangle)$ operation becomes invalid, all subsequent $\BFTPROVE(\langle j, r \rangle)$ operations are also invalid.
This holds for all $j \in \Pi$. Therefore, after the round $r$ is closed, the set of valid $\BFTPROVE(\langle j, r \rangle)$ operations for each $j$ cannot grow. By \cref{lem:bft-read-anti-flickering}, any subsequent $\BFTREAD()$ invocation will not return any new $(k, r)$ pairs beyond those already returned. Thus, $\winners[r] = \{j : (j, r) \in \BFTREAD()\}$ becomes stable and cannot change.
Since this reasoning applies to all correct processes that compute $\winners[r]$ after round $r$ is closed, all correct processes will compute the same stable set $\winners[r]$.
\end{proof}
\begin{lemma}[Message Content Invariance]\label{lem:message-content-invariance}
For any closed round $r$ and any correct process $p_i$, the set $M$ computed at line \ref{code:Mcompute} by $p_i$ is identical to the set computed by any other correct process $p_j$ for the same round $r$.
\end{lemma}
\begin{proof}
Let $r$ be a closed round and let $p_i, p_{i'}$ be two correct processes. By the algorithm, both processes compute $M$ as:
\[
M^{(i)} = \bigcup_{j \in \winners[r]} \prop^{(i)}[r][j]
\]
and
\[
M^{(i')} = \bigcup_{j \in \winners[r]} \prop^{(i')}[r][j]
\]
at line \ref{code:Mcompute}.
By \cref{lem:winners-stability}, the set $\winners[r]$ is stable once round $r$ is closed. Therefore, both $p_i$ and $p_{i'}$ compute the same set of winners $\winners[r]$.
Now, consider any winner $j \in \winners[r]$. By \cref{lem:bft-unique-proposal}, there exists a unique set $S_j \subseteq \mathcal{M}$ such that every correct process that receives a reliable delivery of a $\texttt{PROP}$ message from $p_j$ for round $r$ receives exactly $S_j$.
By the algorithm, each correct process stores this received set in its local variable: $\prop^{(i)}[r][j] = S_j$ and $\prop^{(i')}[r][j] = S_j$.
Since both processes compute the union over the same set of winners, and each winner's proposal is identical for all correct processes:
\[
M^{(i)} = \bigcup_{j \in \winners[r]} \prop^{(i)}[r][j] = \bigcup_{j \in \winners[r]} S_j = \bigcup_{j \in \winners[r]} \prop^{(i')}[r][j] = M^{(i')}
\]
Therefore, all correct processes compute the same set $M$ for any closed round $r$.
\end{proof}
\begin{lemma}[Inclusion]\label{lem:bft-inclusion}
If a correct process $p_i$ invokes $\ABbroadcast(m)$, then there exist a closed round $r$ and a winner $j \in \winners[r]$ such that $p_j$ invoked $\RBcast(j, \texttt{PROP}, S, r)$ with $m \in S$.
\end{lemma}
\begin{proof}
Let $p_i$ be a correct process that invokes $\ABbroadcast(m)$. By the algorithm, $p_i$ adds $m$ to $\unordered$. Consequently, $\unordered \setminus \ordered \neq \emptyset$, and the process enters the main loop and eventually invokes $\RBcast(i, \texttt{PROP}, S_i^{(1)}, r_1)$ for some round $r_1$ where $m \in S_i^{(1)}$.
We distinguish two cases:
\textbf{Case 1: $p_i$ becomes a winner in round $r_1$.}
If $p_i$ is elected as a winner for round $r_1$ (i.e., $i \in \winners[r_1]$), then the claim holds with $r = r_1$ and $j = i$.
\textbf{Case 2: $p_i$ does not become a winner in round $r_1$.}
If $p_i$ is not elected as a winner, by the properties of Reliable Broadcast (Bracha's specification), at least one correct process $p_{i_1}$ will eventually receive the reliable delivery of the $\texttt{PROP}$ message from $p_i$ for round $r_1$. Process $p_{i_1}$ adds all messages from $S_i^{(1)}$ to its $\unordered$ set at line \ref{alg:append}. In particular, $m$ is now in $p_{i_1}$'s $\unordered$ set.
In round $r_2 > r_1$ (and any subsequent round), process $p_{i_1}$ computes $S_{i_1}^{(2)} = \unordered \setminus \ordered$ and invokes $\RBcast(i_1, \texttt{PROP}, S_{i_1}^{(2)}, r_2)$ with $m \in S_{i_1}^{(2)}$.
This process repeats: either $p_{i_1}$ becomes a winner and the claim holds, or another correct process receives $p_{i_1}$'s proposal and includes $m$ in its own proposal.
Since $n > 3f$, we have $n - t > t + 1 > f$. By the pigeonhole principle, there eventually exists a round $r$ where at least $n - t$ distinct processes have proposed sets containing $m$. Since more than $2f$ processes have proposed $m$, at least one of them must be correct and be elected as a winner. Therefore, there exist a round $r$ and a winner $j \in \winners[r]$ such that $m \in S_j$ was broadcast by $p_j$.
\end{proof}
\begin{lemma}[Eventual Closure]\label{lem:bft-eventual-closure}
For any correct process $p_i$, if $\unordered \setminus \ordered \neq \emptyset$ and if $r$ is the highest closed round observed by $p_i$, then eventually round $r+1$ will be closed with $|\winners[r+1]| \geq n - t$.
\end{lemma}
\begin{proof}
Let $p_i$ be a correct process such that $\unordered \setminus \ordered \neq \emptyset$ after round $r$ is the highest closed round it observed. By the main loop of Algorithm~\ref{alg:bft-arb}, $p_i$ eventually enters round $r+1$, computes $S=\unordered\setminus\ordered$, and invokes $\RBcast(\texttt{PROP},S,\langle i,r+1\rangle)$.
By RB Validity, every correct process eventually $\rdeliver(\texttt{PROP},S,\langle i,r+1\rangle)$. Upon this delivery, each correct process executes $\BFTPROVE(\langle i,r+1\rangle)$. Hence at least $n-t$ correct processes issue a proof for candidate $i$ in round $r+1$, and in particular the threshold $t+1$ used in $\validated(r+1)$ is eventually met for that candidate.
The same argument applies to each correct process that broadcasts in round $r+1$: once its proposal is RB-delivered, at least $n-t$ correct processes issue the corresponding proofs, so that sender is eventually included in $\validated(r+1)$. Since there are at least $n-t$ correct processes, eventually $|\validated(r+1)| \geq n-t$, and the wait at line~\ref{alg:check-validated} is eventually released for every correct process in that round.
After this point, each correct process executes the $\BFTAPPEND$ loop (line~\ref{alg:append}) and sends $\texttt{DONE}$ to all processes. By reliability of point-to-point channels, every correct process eventually receives at least $n-t$ DONE messages, so the wait at line~\ref{alg:check-done} is also eventually released. At that moment, the process computes $\winners[r+1] \gets \validated(r+1)$, and by the previous bound we have $|\winners[r+1]| \geq n-t$.
Therefore round $r+1$ eventually becomes closed with at least $n-t$ winners.
\end{proof}
\begin{lemma}[Total Order]\label{lem:bft-total-order}
For any two correct processes $p_i$ and $p_j$, the sequence $\ordered$ maintained locally by $p_i$ and the sequence maintained by $p_j$ contain the same messages in the same order, provided that both have reached the same set of closed rounds.
\end{lemma}
\begin{proof}
We prove the claim by induction on the number of closed rounds completed by both processes.
\textbf{Base case.} Before any closed round is completed, both local sequences are initialized to $\epsilon$, hence identical.
\textbf{Induction step.} Assume that after all closed rounds up to $r-1$, processes $p_i$ and $p_j$ have identical $\ordered$ prefixes. Consider round $r$.
By \Cref{lem:winners-stability}, once round $r$ is closed, both processes use the same stable winner set $\winners[r]$. By \Cref{lem:message-content-invariance}, the set $M$ computed at line~\ref{code:Mcompute} is identical at all correct processes for that round. Both processes then apply the same deterministic ordering function $\order(M)$ and append that same ordered block to their current sequence.
Since they started round $r$ from identical prefixes and append the same ordered suffix for round $r$, their resulting sequences after round $r$ are identical. The induction concludes that for any common set of closed rounds, both correct processes maintain the same messages in the same order.
\end{proof}
\begin{theorem}
The algorithm implements a BFT Atomic Reliable Broadcast.
\end{theorem}

BIN
Recherche/BFT-ARBover/main.pdf
View File

Binary file not shown.

340
Recherche/BFT-ARBover/main.tex
View File

@@ -44,59 +44,54 @@
\newtheorem{remark}{Remark}
\newcommand{\RB}{\textsf{RB}\xspace}
\newcommand{\res}{\mathsf{res}}
\newcommand{\ARB}{\textsf{ARB}\xspace}
\newcommand{\DL}{\textsf{DL}}
\newcommand{\append}{\ensuremath{\mathsf{append}}}
\newcommand{\prove}{\ensuremath{\mathsf{prove}}}
% \newcommand{\PROVEtrace}{\ensuremath{\mathsf{prove}}}
\newcommand{\readop}{\ensuremath{\mathsf{read}}}
\newcommand{\APPEND}{\textsf{APPEND}}
\newcommand{\PROVE}{\textsf{PROVE}}
\newcommand{\PROVEtrace}{\textsf{prove}}
\newcommand{\READ}{\textsf{READ}}
% Backward compatibility aliases
\newcommand{\APPEND}{\append}
\newcommand{\PROVE}{\prove}
\newcommand{\READ}{\readop}
\newcommand{\BFTAPPEND}{\textsf{BFT\text{-}APPEND}}
\newcommand{\BFTPROVE}{\textsf{BFT\text{-}PROVE}}
\newcommand{\BFTREAD}{\textsf{BFT\text{-}READ}}
\newcommand{\BFTAPPEND}{\textsc{bft-append}}
\newcommand{\BFTPROVE}{\textsc{bft-prove}}
\newcommand{\BFTREAD}{\textsc{bft-read}}
\newcommand{\ABbroadcast}{\textsc{abroadcast}}
\newcommand{\ABdeliver}{\textsc{adeliver}}
\newcommand{\validated}{\ensuremath{\textsc{validated}}}
\newcommand{\rbcast}{\ensuremath{\mathsf{rbcast}}}
\newcommand{\rbreceived}{\ensuremath{\mathsf{rreceived}}}
\newcommand{\order}{\ensuremath{\mathsf{order}}}
% Backward compatibility aliases
\newcommand{\RBcast}{\rbcast}
\newcommand{\rdeliver}{\ensuremath{\mathsf{rdeliver}}}
\newcommand{\send}{\ensuremath{\mathsf{send}}}
\newcommand{\receive}{\ensuremath{\mathsf{receive}}}
% Local variables
\newcommand{\unordered}{\ensuremath{\mathit{unordered}}}
\newcommand{\ordered}{\ensuremath{\mathit{ordered}}}
\newcommand{\delivered}{\ensuremath{\mathit{delivered}}}
\newcommand{\prop}{\ensuremath{\mathit{prop}}}
\newcommand{\winners}{\ensuremath{\mathit{winners}}}
\newcommand{\done}{\ensuremath{\mathit{done}}}
\newcommand{\res}{\ensuremath{\mathit{res}}}
\newcommand{\flag}{\ensuremath{\mathit{flag}}}
%% Used in BFT-DL implementation
\newcommand{\state}{\ensuremath{\mathit{state}}}
\newcommand{\results}{\ensuremath{\mathit{results}}}
% Invariant/concept names (used in proofs)
\newcommand{\ABbroadcast}{\textsf{ABroadcast}}
\newcommand{\ABdeliver}{\textsf{ADeliver}}
\newcommand{\RBcast}{\textsf{RBroadcast}}
\newcommand{\RBreceived}{\textsf{RReceived}}
\newcommand{\ordered}{\textsf{ordered}}
\newcommand{\Winners}{\mathsf{Winners}}
\newcommand{\Messages}{\mathsf{Messages}}
\newcommand{\received}{\ensuremath{\mathsf{received}}}
\newcommand{\current}{\ensuremath{\mathsf{current}}}
\newcommand{\ABlisten}{\textsf{AB-listen}}
\newcommand{\CANDIDATE}{\textsf{VOTE}}
\newcommand{\CLOSE}{\textsf{COMMIT}}
\newcommand{\READGE}{\textsf{RESULT}}
\newcommand{\SHARE}{\mathsf{SHARE}}
\newcommand{\COMBINE}{\mathsf{COMBINE}}
\newcommand{\VERIFY}{\mathsf{VERIFY}}
\newcommand{\RETRIEVE}{\mathsf{RETRIEVE}}
\newcommand{\SUBMIT}{\mathsf{SUBMIT}}
\newcommand{\delivered}{\mathsf{delivered}}
\newcommand{\received}{\mathsf{received}}
\newcommand{\prop}{\mathsf{prop}}
\newcommand{\resolved}{\mathsf{resolved}}
\newcommand{\current}{\mathsf{current}}
\newcommand{\Seq}{\mathsf{Seq}}
\newcommand{\GE}{\mathsf{GE}}
\newcommand{\BFTDL}{\textsf{BFT\text{-}DL}}
\newcommand{\BFTGE}{\textsf{BFT\text{-}GE}}
\newcommand{\BFTVOTE}{\textsf{BFT\text{-}VOTE}}
\newcommand{\BFTCOMMIT}{\textsf{BFT\text{-}COMMIT}}
\newcommand{\BFTRESULT}{\textsf{BFT\text{-}RESULT}}
\crefname{theorem}{Theorem}{Theorems}
\crefname{lemma}{Lemma}{Lemmas}
@@ -113,11 +108,11 @@
\begin{document}
\section{Model 1: Crash}
We consider a static set $\Pi$ of $n$ processes with known identities, communicating by reliable point-to-point channels, in a complete graph. Messages are uniquely identifiable. At most $f$ processes can crash, with $n \geq f$, in the standard asynchronous crash-failure message-passing model~\cite{ChandraToueg96}.
We consider a static set $\Pi$ of $n$ processes with known identities, communicating by reliable point-to-point channels, in a complete graph. Messages are uniquely identifiable. At most $f$ processes can crash, with $n \geq f$.
\paragraph{Synchrony.} The network is asynchronous.
\paragraph{Communication.} Processes communicate through reliable, error-free point-to-point channels. Messages sent by a correct process to another correct process are eventually delivered without loss or corruption. There exists a shared object called DenyList ($\DL$) (defined below) that is interfaced with a set $O$ of operations. There exist three types of these operations: $\APPEND(x)$, $\PROVE(x)$ and $\READ()$.
\paragraph{Communication.} Processes can exchange through a Reliable Broadcast ($\RB$) primitive (defined below) which is invoked with the functions $\RBcast(m)$ and $m = \RBreceived()$. There exists a shared object called DenyList ($\DL$) (defined below) that is interfaced with a set $O$ of operations. There exist three types of these operations: $\APPEND(x)$, $\PROVE(x)$ and $\READ()$.
\paragraph{Notation.} For any indice $x$ we defined by $\Pi_x$ a subset of $\Pi$. We consider two subsets $\Pi_M$ and $\Pi_V$ two authorization subsets. Indices $i \in \Pi$ refer to processes, and $p_i$ denotes the process with identifier $i$. Let $\mathcal{M}$ denote the universe of uniquely identifiable messages, with $m \in \mathcal{M}$. Let $\mathcal{R} \subseteq \mathbb{N}$ be the set of round identifiers; we write $r \in \mathcal{R}$ for a round. We use the precedence relation $\prec$ for the \DL{} linearization: $x \prec y$ means that operation $x$ appears strictly before $y$ in the linearized history of \DL. For any finite set $A \subseteq \mathcal{M}$, \ordered$(A)$ returns a deterministic total order over $A$ (e.g., lexicographic order on $(\textit{senderId},\textit{messageId})$ or on message hashes).
For any operation $F \in O$,$F_i(...)$ denotes that the operation $F$ is invoked by process $p_i$.
@@ -132,7 +127,7 @@ For any operation $F \in O$,$F_i(...)$ denotes that the operation $F$ is invoked
\input{3_ARB_Def/index.tex}
\section{ARB using DL}
\section{ARB over RB and DL}
\input{4_ARB_with_RB_DL/index.tex}
@@ -143,182 +138,161 @@ For any operation $F \in O$,$F_i(...)$ denotes that the operation $F$ is invoked
% \section{Implementation of BFT-DenyList and Threshold Cryptography}
\section{Implementation of BFT-DenyList and Threshold Cryptography}
% \subsection{DenyList}
\subsection{DenyList}
% \paragraph{BFT-DenyList}
% In our algorithm we use multiple DenyList as follows:
\paragraph{BFT-DenyList}
In our algorithm we use multiple DenyList as follows:
% \begin{itemize}
% \item Let $\mathcal{DL} = \{DL_1, \dots, DL_k\}$ be the set of DenyList used by the algorithm.
% \item We set $k = \binom{n}{f}$.
% \item For each $i \in \{1,\dots,k\}$, let $M_i$ be the set of moderators associated with $DL_i$ according to the DenyList definition, so that $|M_i| = n-f$.
% \item Let $\mathcal{M} = \{M_1, \dots, M_k\}$. We require that the $M_i$ are pairwise distinct:
% \[
% \forall i,j \in \{1,\dots,k\},\ i \neq j \implies M_i \neq M_j.
% \]
% \end{itemize}
\begin{itemize}
\item Let $\mathcal{DL} = \{DL_1, \dots, DL_k\}$ be the set of DenyList used by the algorithm.
\item We set $k = \binom{n}{f}$.
\item For each $i \in \{1,\dots,k\}$, let $M_i$ be the set of moderators associated with $DL_i$ according to the DenyList definition, so that $|M_i| = n-f$.
\item Let $\mathcal{M} = \{M_1, \dots, M_k\}$. We require that the $M_i$ are pairwise distinct:
\[
\forall i,j \in \{1,\dots,k\},\ i \neq j \implies M_i \neq M_j.
\]
\end{itemize}
% \begin{lemma}
% $\exists M_i \in M : \forall p \in M_i$ $p$ is correct.
% \end{lemma}
\begin{lemma}
$\exists M_i \in M : \forall p \in M_i$ $p$ is correct.
\end{lemma}
% \begin{proof}
% Let consider the set $F$ of faulty processes, with $|F| = f$. We can construct the set $M_i = \Pi \setminus F$ such that $|M_i| = n - |F| = n - f$. By construction, $\forall p \in M_i$ $p$ is correct.
% \end{proof}
\begin{proof}
Let consider the set $F$ of faulty processes, with $|F| = f$. We can construct the set $M_i = \Pi \setminus F$ such that $|M_i| = n - |F| = n - f$. By construction, $\forall p \in M_i$ $p$ is correct.
\end{proof}
% \begin{lemma}
% $\forall M_i \in M, \exists p \in M_i$ such that $p$ is correct.
% \end{lemma}
\begin{lemma}
$\forall M_i \in M, \exists p \in M_i$ such that $p$ is correct.
\end{lemma}
% \begin{proof}
% $\forall i \in \{1, \dots, k\}, |M_i| = n-f$ with $n \geq 2f+1$. We can say that $|M_i| \geq 2f+1-f = f+1 > f$
% \end{proof}
\begin{proof}
$\forall i \in \{1, \dots, k\}, |M_i| = n-f$ with $n \geq 2f+1$. We can say that $|M_i| \geq 2f+1-f = f+1 > f$
\end{proof}
% Each process can invoke the following functions :
Each process can invoke the following functions :
% \begin{itemize}
% \item $\READ' : () \rightarrow \mathcal{L}(\mathbb{R} \times \PROVEtrace(\mathbb{R}))$
% \item $\APPEND' : \mathbb{R} \rightarrow ()$
% \item $\PROVE' : \mathbb{R} \rightarrow \{0, 1\}$
% \end{itemize}
\begin{itemize}
\item $\READ' : () \rightarrow \mathcal{L}(\mathbb{R} \times \PROVEtrace(\mathbb{R}))$
\item $\APPEND' : \mathbb{R} \rightarrow ()$
\item $\PROVE' : \mathbb{R} \rightarrow \{0, 1\}$
\end{itemize}
% Such that :
% % \begin{algorithm}[H]
% % \caption{$\READ'() \rightarrow \mathcal{L}(\mathbb{R} \times \PROVEtrace(\mathbb{R}))$}
% % \begin{algorithmic}
% % \Function{READ'}{}
% % \State $j \gets$ the process invoking $\READ'()$
% % \State $res \gets \emptyset$
% % \ForAll{$i \in \{1, \dots, k\}$}
% % \State $res \gets res \cup DL_i.\READ()$
% % \EndFor
% % \State \Return $res$
% % \EndFunction
% % \end{algorithmic}
% % \end{algorithm}
% % \begin{algorithm}[H]
% % \caption{$\APPEND'(\sigma) \rightarrow ()$}
% % \begin{algorithmic}
% % \Function{APPEND'}{$\sigma$}
% % \State $j \gets$ the process invoking $\APPEND'(\sigma)$
% % \ForAll{$M_i \in \{M_k \in M : j \in M_k\}$}
% % \State $DL_i.\APPEND(\sigma)$
% % \EndFor
% % \EndFunction
% % \end{algorithmic}
% % \end{algorithm}
% % \begin{algorithm}[H]
% % \caption{$\PROVE'(\sigma) \rightarrow \{0, 1\}$}
% % \begin{algorithmic}
% % \Function{PROVE'}{$\sigma$}
% % \State $j \gets$ the process invoking $\PROVE'(\sigma)$
% % \State $flag \gets false$
% % \ForAll{$i \in \{1, \dots, k\}$}
% % \State $flag \gets flag$ OR $DL_i.\PROVE(\sigma)$
% % \EndFor
% % \State \Return $flag$
% % \EndFunction
% % \end{algorithmic}
% % \end{algorithm}
Such that :
% \begin{algorithm}[H]
% \caption{$\READ'() \rightarrow \mathcal{L}(\mathbb{R} \times \PROVEtrace(\mathbb{R}))$}
% $j \gets$ the process invoking $\READ'()$\;
% $\res \gets \emptyset$\;
% \ForAll{$i \in \{1, \dots, k\}$}{
% $\res \gets \res \cup DL_i.\READ()$\;
% }
% \Return{$\res$}\;
% \begin{algorithmic}
% \Function{READ'}{}
% \State $j \gets$ the process invoking $\READ'()$
% \State $res \gets \emptyset$
% \ForAll{$i \in \{1, \dots, k\}$}
% \State $res \gets res \cup DL_i.\READ()$
% \EndFor
% \State \Return $res$
% \EndFunction
% \end{algorithmic}
% \end{algorithm}
% \begin{algorithm}[H]
% \caption{$\APPEND'(\sigma) \rightarrow ()$}
% $j \gets$ the process invoking $\APPEND'(\sigma)$\;
% \ForAll{$M_i \in \{M_k \in M : j \in M_k\}$}{
% $DL_i.\APPEND(\sigma)$\;
% }
% \begin{algorithmic}
% \Function{APPEND'}{$\sigma$}
% \State $j \gets$ the process invoking $\APPEND'(\sigma)$
% \ForAll{$M_i \in \{M_k \in M : j \in M_k\}$}
% \State $DL_i.\APPEND(\sigma)$
% \EndFor
% \EndFunction
% \end{algorithmic}
% \end{algorithm}
% \begin{algorithm}[H]
% \caption{$\PROVE'(\sigma) \rightarrow \{0, 1\}$}
% $j \gets$ the process invoking $\PROVE'(\sigma)$\;
% $\flag \gets false$\;
% \ForAll{$i \in \{1, \dots, k\}$}{
% $\flag \gets \flag$ OR $DL_i.\PROVE(\sigma)$\;
% }
% \Return{$\flag$}\;
% \begin{algorithmic}
% \Function{PROVE'}{$\sigma$}
% \State $j \gets$ the process invoking $\PROVE'(\sigma)$
% \State $flag \gets false$
% \ForAll{$i \in \{1, \dots, k\}$}
% \State $flag \gets flag$ OR $DL_i.\PROVE(\sigma)$
% \EndFor
% \State \Return $flag$
% \EndFunction
% \end{algorithmic}
% \end{algorithm}
% \subsection{Threshold Cryptography}
\begin{algorithm}[H]
\caption{$\READ'() \rightarrow \mathcal{L}(\mathbb{R} \times \PROVEtrace(\mathbb{R}))$}
$j \gets$ the process invoking $\READ'()$\;
$res \gets \emptyset$\;
\ForAll{$i \in \{1, \dots, k\}$}{
$res \gets res \cup DL_i.\READ()$\;
}
\Return{$res$}\;
\end{algorithm}
% We are using the Boneh-Lynn-Shacham scheme as cryptography primitive to our threshold signature scheme.
% With :
\begin{algorithm}[H]
\caption{$\APPEND'(\sigma) \rightarrow ()$}
$j \gets$ the process invoking $\APPEND'(\sigma)$\;
\ForAll{$M_i \in \{M_k \in M : j \in M_k\}$}{
$DL_i.\APPEND(\sigma)$\;
}
\end{algorithm}
% \begin{itemize}
% \item $G : \mathbb{R} \rightarrow \mathbb{R} \times \mathbb{R} $
% \item $S : \mathbb{R} \times \mathcal{R} \rightarrow \mathbb{R} $
% \item $V : \mathbb{R} \times \mathcal{R} \times \mathbb{R} \rightarrow \{0, 1\} $
% \end{itemize}
\begin{algorithm}[H]
\caption{$\PROVE'(\sigma) \rightarrow \{0, 1\}$}
$j \gets$ the process invoking $\PROVE'(\sigma)$\;
$flag \gets false$\;
\ForAll{$i \in \{1, \dots, k\}$}{
$flag \gets flag$ OR $DL_i.\PROVE(\sigma)$\;
}
\Return{$flag$}\;
\end{algorithm}
% Such that :
\subsection{Threshold Cryptography}
% \begin{itemize}
% \item $G(x) \rightarrow (pk, sk)$ : where $x$ is a random value such that $\nexists x_1, x_2: x_1 \neq x_2, G(x_1) = G(x_2)$
% \item $S(sk, m) \rightarrow \sigma_m$
% \item $V(pk, m_1, \sigma_{m_2}) \rightarrow k$ : with $k = 1$ iff $m_1 == m_2$ and $\exists x \in \mathbb{R}$ such that $G(x) \rightarrow (pk, sk)$; otherwise $k = 0$
% \end{itemize}
We are using the Boneh-Lynn-Shacham scheme as cryptography primitive to our threshold signature scheme.
With :
% \paragraph{threshold Scheme}
\begin{itemize}
\item $G : \mathbb{R} \rightarrow \mathbb{R} \times \mathbb{R} $
\item $S : \mathbb{R} \times \mathcal{R} \rightarrow \mathbb{R} $
\item $V : \mathbb{R} \times \mathcal{R} \times \mathbb{R} \rightarrow \{0, 1\} $
\end{itemize}
% In our algorithm we are only using the following functions :
Such that :
% \begin{itemize}
% \item $G' : \mathbb{R} \times \mathbb{N} \times \mathbb{N} \rightarrow \mathbb{R} \times (\mathbb{R} \times \mathbb{R})^n$ : with $n \triangleq |\Pi|$
% \item $S' : \mathbb{R} \times \mathcal{R} \rightarrow \mathbb{R}$
% \item $C' : \mathbb{R}^n \times \mathcal{R} \times \mathbb{R} \times \mathbb{R}^t \rightarrow \{\mathbb{R}, \bot\}$ : with $t \leq n$
% \item $V' : \mathbb{R} \times \mathcal{R} \times \mathbb{R} \rightarrow \{0, 1\}$
% \end{itemize}
\begin{itemize}
\item $G(x) \rightarrow (pk, sk)$ : where $x$ is a random value such that $\nexists x_1, x_2: x_1 \neq x_2, G(x_1) = G(x_2)$
\item $S(sk, m) \rightarrow \sigma_m$
\item $V(pk, m_1, \sigma_{m_2}) \rightarrow k$ : with $k = 1$ iff $m_1 == m_2$ and $\exists x \in \mathbb{R}$ such that $G(x) \rightarrow (pk, sk)$; otherwise $k = 0$
\end{itemize}
% Such that :
\paragraph{threshold Scheme}
% \begin{itemize}
% \item $G'(x, n, t) \rightarrow (pk, pk_1, sk_1, \dots, pk_n, sk_n)$ : let define $pkc = {pk_1, \dots, pk_n}$
% \item $S'(sk_i, m) \rightarrow \sigma_m^i$
% \item $C'(pkc, m_1, J, \{\sigma_{m_2}^j\}_{j \in J}) \rightarrow \sigma$ : with $J \subseteq \Pi$; and $\sigma = \sigma_{m_1}$ iff $|J| \geq t, \forall j \in J: V(pk_j, m_1, \sigma_{m_2}^j) == 1$; otherwise $\sigma = \bot$.
% \item $V'(pk, m_1, \sigma_{m_2}) \rightarrow V(pk, m_1, \sigma_{m_2})$
% \end{itemize}
In our algorithm we are only using the following functions :
\begin{itemize}
\item $G' : \mathbb{R} \times \mathbb{N} \times \mathbb{N} \rightarrow \mathbb{R} \times (\mathbb{R} \times \mathbb{R})^n$ : with $n \triangleq |\Pi|$
\item $S' : \mathbb{R} \times \mathcal{R} \rightarrow \mathbb{R}$
\item $C' : \mathbb{R}^n \times \mathcal{R} \times \mathbb{R} \times \mathbb{R}^t \rightarrow \{\mathbb{R}, \bot\}$ : with $t \leq n$
\item $V' : \mathbb{R} \times \mathcal{R} \times \mathbb{R} \rightarrow \{0, 1\}$
\end{itemize}
Such that :
\begin{itemize}
\item $G'(x, n, t) \rightarrow (pk, pk_1, sk_1, \dots, pk_n, sk_n)$ : let define $pkc = {pk_1, \dots, pk_n}$
\item $S'(sk_i, m) \rightarrow \sigma_m^i$
\item $C'(pkc, m_1, J, \{\sigma_{m_2}^j\}_{j \in J}) \rightarrow \sigma$ : with $J \subseteq \Pi$; and $\sigma = \sigma_{m_1}$ iff $|J| \geq t, \forall j \in J: V(pk_j, m_1, \sigma_{m_2}^j) == 1$; otherwise $\sigma = \bot$.
\item $V'(pk, m_1, \sigma_{m_2}) \rightarrow V(pk, m_1, \sigma_{m_2})$
\end{itemize}
\bibliographystyle{plain}
\begin{thebibliography}{9}
% (left intentionally blank)
\bibitem{frey:disc23}
Davide Frey, Mathieu Gestin, and Michel Raynal.
\newblock The synchronization power (consensus number) of access-control objects: The case of allowlist and denylist.
\newblock {\em LIPIcs, DISC 2023}, 281:21:1--21:23, 2023.
\newblock doi:10.4230/LIPIcs.DISC.2023.21.
\bibitem{Bracha87}
Gabriel Bracha.
\newblock Asynchronous byzantine agreement protocols.
\newblock {\em Information and Computation}, 75(2):130--143, 1987.
\bibitem{Defago2004}
Xavier Defago, Andre Schiper, and Peter Urban.
\newblock Total order broadcast and multicast algorithms: Taxonomy and survey.
\newblock {\em ACM Computing Surveys}, 36(4):372--421, 2004.
\bibitem{ChandraToueg96}
Tushar Deepak Chandra and Sam Toueg.
\newblock Unreliable failure detectors for reliable distributed systems.
\newblock {\em Journal of the ACM}, 43(2):225--267, 1996.
\bibitem{Schneider90}
Fred B.~Schneider.
\newblock Implementing fault-tolerant services using the state machine

1006
Recherche/Ma bibliothèque.bib
View File

File diff suppressed because it is too large Load Diff

BIN
misc/InstalParty2026/imgs/canonical.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 327 KiB

BIN
misc/InstalParty2026/imgs/i3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.5 KiB

BIN
misc/InstalParty2026/imgs/logo-6011e.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 47 KiB

BIN
misc/InstalParty2026/imgs/plasma.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 748 KiB

BIN
misc/InstalParty2026/imgs/xfce.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 306 KiB

BIN
misc/InstalParty2026/main.pdf Normal file
View File

Binary file not shown.

291
misc/InstalParty2026/main.tex Normal file
View File

@@ -0,0 +1,291 @@
\documentclass[aspectratio=43,10pt]{beamer}
\usetheme{Madrid}
\usecolortheme{default}
\usefonttheme{professionalfonts}
\setbeamertemplate{navigation symbols}{}
\usepackage[T1]{fontenc}
\usepackage[utf8]{inputenc}
\usepackage[french]{babel}
\usepackage{lmodern}
\usepackage{microtype}
\usepackage{tikz}
\usetikzlibrary{positioning,fit,calc,arrows.meta}
\title{}
\subtitle{}
\author{}
\institute{}
\date{}
\begin{document}
\begin{frame}{Install Party Linux}
\framesubtitle{Luminy - 18 fevrier 2026}
\centering
\includegraphics[width=\linewidth,height=0.34\textheight,keepaspectratio]{imgs/logo-6011e.png}
\end{frame}
\begin{frame}{Architecture d'un système d'exploitation}
Un OS c'est :
\begin{itemize}
\item Un Noyau (Kernel) : Ordonnancement, gestion de la mémoire, intéraction entre les composants physiques.
\item Des Bibliothèques (Drivers) : UN driver est UNE interface avec un composant physique. (Carte Graphique, carte réseau, imprimante, \dots)
\item Une Interface Graphique : Comment sont agenceés et gérées les fenetres
\item Des Application : Les logiciels à utiliser
\end{itemize}
\end{frame}
\begin{frame}{Architecture d'un système d'exploitation}
Un OS c'est :
\vspace{1em}
\centering
\begin{tikzpicture}[
box/.style={draw, rounded corners, align=center, minimum width=6cm, minimum height=0.9cm},
arrow/.style={-{Latex[length=3mm,width=2mm]}, thick}
]
\pause
\node[box] at (0, 5) (Noyau) {Noyau \\ (XNU, Windows NT, Linux, BSD, \dots)};
\pause
\node[box] at (0, 4) (Drivers) {Drivers \\ (Carte Graphique, disques durs, carte réseau, \dots)};
\node[box, red] at (0, 3) (Drivers) {Materiel};
\pause
\node[box] at (0, 6) (GUI) {GUI \\ (DWM, Quartz Compositor + WindowServer, X11 + Gnome, Wayland + Swayne)};
\pause
\node[box] at (0, 7) (Apps) {Applications};
\end{tikzpicture}
\end{frame}
\begin{frame}{Architecture d'un système d'exploitation}
Dans le cas de Windows, une version de windows = un package Noyau/GUI/Drivers définit et immuable + quelques applications par defaut
\vspace{1em}
\centering
\begin{tikzpicture}[
box/.style={draw, rounded corners, align=center, minimum width=6cm, minimum height=0.9cm},
arrow/.style={-{Latex[length=3mm,width=2mm]}, thick}
]
\node[box] at (0, 5) (Noyau) {Noyau \\ Windows NT};
\node[box] at (0, 4) (Drivers) {Drivers};
\node[box] at (0, 3) (Drivers) {Materiel};
\node[box] at (0, 6) (GUI) {GUI \\ DWM};
\node[box] at (0, 7) (Apps) {Applications \\ Microsoft Edge, Outlook, Skype, \dots};
\end{tikzpicture}
\pause
\textcolor{red}{Une distribution Linux c'est pareil !} \\
\pause
Une distribution = un package Noyau/GUI/Drivers définit + quelques applications par defaut
\end{frame}
\begin{frame}{Allons un peu plus en détail - L'interface graphique}
D'un point de vue de "à quoi ca ressemble", une distribution linux peut jouer sur 3 facteurs :
\begin{itemize}
\item Le serveur d'affichage (Xorg ou Weston principalement)
\item Le gestionnaire de fenetres (flottant ou tiling)
\item L'interface graphique (Gnome, KDE)
\end{itemize}
\begin{center}
\resizebox{0.8\width}{!}{
\begin{tikzpicture}[
box/.style={draw, rounded corners, align=center, minimum width=6cm, minimum height=0.9cm},
arrow/.style={-{Latex[length=3mm,width=2mm]}, thick}
]
\node[box] at (0, 5) (Noyau) {Noyau \\ Linux};
\node[box] at (0, 4) (Drivers) {Drivers};
\node[box] at (0, 3) (Drivers) {Materiel};
\node[box] at (0, 6) (GUI) {Serveur d'affichage \\ Xorg, Weston};
\node[box] at (6, 6) (GUI) {Windows Manager \\ Compiz, KWin, Awesome, I3};
\node[box] at (0, 7) (GUI) {Interface Graphique \\ Gnome, KDE};
\node[box] at (0, 8) (Apps) {Applications};
\end{tikzpicture}
}
\end{center}
\end{frame}
\begin{frame}{Allons un peu plus en détail - L'interface graphique}
\begin{center}
\begin{minipage}{0.49\textwidth}
\centering
\includegraphics[width=\linewidth,height=0.34\textheight,keepaspectratio]{imgs/canonical.png}
\par\smallskip
\small GNOME
\end{minipage}
\hfill
\begin{minipage}{0.49\textwidth}
\centering
\includegraphics[width=\linewidth,height=0.34\textheight,keepaspectratio]{imgs/xfce.jpg}
\par\smallskip
\small Xfce
\end{minipage}
\vspace{4mm}
\begin{minipage}{0.49\textwidth}
\centering
\includegraphics[width=\linewidth,height=0.34\textheight,keepaspectratio]{imgs/plasma.png}
\par\smallskip
\small KDE Plasma
\end{minipage}
\hfill
\begin{minipage}{0.49\textwidth}
\centering
\includegraphics[width=\linewidth,height=0.34\textheight,keepaspectratio]{imgs/i3.png}
\par\smallskip
\small i3 (tiling)
\end{minipage}
\end{center}
\end{frame}
\begin{frame}{Allons un peu plus en détail - La gestion des paquets}
Pour installer une applications sous windows :
\pause
\begin{itemize}
\item On execute un installeur (.msi ou .exe)
\item On execute une version "portable" (.exe)
\end{itemize}
\pause
\vspace{1em}
Sous linux c'est pareil :
\begin{itemize}
\item On execute un installeur (.dnf ou .deb)
\item On execute une version portable (Snap, Appimage, Flatpak, \dots)
\end{itemize}
\pause
\vspace{1em}
Le support des format d'installer dependent des distribution. \\
Les version portable (ou conteneurisé) sont a priori universel.
\end{frame}
\begin{frame}{Allons un peu plus en détail - La gestion des paquets}
On distingue donc deux grandes familles (en vrai y'en a plus que ca) \\
RPM Package Manager et dpkg.
\pause
\begin{center}
\begin{tikzpicture}[
font=\small,
n/.style={draw, rounded corners, align=center, minimum height=8mm, inner sep=3pt},
a/.style={-{Latex[length=3mm,width=2mm]}, thick},
node distance=10mm and 14mm
]
\node[n] (rpm) {RPM\\DNF};
\node[n, below=5mm of rpm] (dpkg) {DPKG\\APT};
\node[n, right=10mm of rpm] (redhat) {Red Hat};
\node[n, right=10mm of redhat] (fedora) {Fedora};
\node[n, right=10mm of fedora] (nobara) {Nobara};
\node[n, right=10mm of dpkg] (debian) {Debian};
\node[n, right=10mm of debian] (ubuntu) {Ubuntu};
\node[n, right=10mm of ubuntu] (mint) {Linux Mint};
\draw[a] (rpm) -- (redhat);
\draw[a] (redhat) -- (fedora);
\draw[a] (fedora) -- (nobara);
\draw[a] (dpkg) -- (debian);
\draw[a] (debian) -- (ubuntu);
\draw[a] (ubuntu) -- (mint);
\pause
\node[n, below=5mm of dpkg] (tar) {tar.xx \\ PacMan};
\node[n, right=10mm of tar] (arch) {Arch Linux};
\node[n, right=10mm of arch] (manjaro) {Manjaro};
\draw[a] (tar) -- (arch);
\draw[a] (arch) -- (manjaro);
\end{tikzpicture}
\end{center}
\end{frame}
\begin{frame}{Allons un peu plus en détail - La gestion des paquets}
Les grosses différences de chaque gestionnaire sont plutot philosophique :
\begin{itemize}
\pause
\item APT : Image de stabilité et de grand publique.
\begin{itemize}
\item + : Très stable, grosse communauté donc beaucoup de ressources dont en francais.
\item - : Souvent plus en retard sur des versions très recentes de certains logiciels.
\end{itemize}
\pause
\item DNF : Image de robustesse avec une image plus d'usage professionel
\begin{itemize}
\item + : Très robuste, moins de chance de casser le système même pour des configurations exotiques
\item - : Le processus de mise à jour peut être plus lent, et plus compliqué à prendre en main que APT.
\end{itemize}
\pause
\item PacMan : Minimaliste et ultra à jour.
\begin{itemize}
\item + : Systeme de "Rolling Release" qui permet d'avoir les mise à jour en continu.
\item - : Necessite un plus grand travail de veille sur les mise à jour.
\end{itemize}
\end{itemize}
\end{frame}
\begin{frame}{Quelques autres trucs à savoir}
\begin{itemize}
\item /bin (binaries): Exécutables essentiels au système, utilisables par tous les utilisateurs
\pause
\item /boot: fichiers permettant à Linux de démarrer
\pause
\item /dev (device): Fichiers spéciaux représentant les point d'entrées de tous les périphériques (fichiers spéciaux des disques durs, écrans, partitions, consoles TTY, webcam, clavier, ...)
\pause
\item /etc (editing text config): Contient les fichiers de configuration du système et des setvices (*.conf, passwd, inittab, fstab)
\pause
\item /home: Répertoire personnel des utilisateurs
\pause
\item /mnt (mount) /media: Là où les ressources peuvent être montées de manière permanente (/media) ou temporaire (/mnt)
\pause
\item /root: Répertoire personnel du super utilisateur
\pause
\item /sbin (super binaries): Contient les programmes système essentiels utilisables par l'admin uniquement.
\pause
\item /tmp (temporary): Répertoire fichier temporaires
\pause
\item /usr (Unix System Resources): Contient des programmes, des librairies et des données utilisés par tous les utilisateurs du système
\pause
\item /var (variable): contient les données variables qui varient en fonction de l'utilisation du système. (logs, bdd, mails)
\end{itemize}
\end{frame}
\begin{frame}{Comment ca s'installe}
\begin{itemize}
\item Faire un backup
\item Avoir une clé usb bootable
\item Rentrer dans la selection du disque de boot en trouvant le bon FX
\item Tester en execution "live" que tout fonctionne bien
\item Choisir si on veut du mono ou dual-boot
\item Allouer ses partitions en fonction des ses usages
\end{itemize}
\end{frame}
\end{document}