Ad Hoc Networks 10 (2012) 388–400 Contents lists available at ScienceDirect Ad Hoc Networks journal homepage: www.elsevier.com/locate/adhoc Eventually Byzantine Agreement on CDS-based mobile ad hoc network Mao-Lun Chiang ⇑ Department of Information and Communication Engineering, Chaoyang University of Technology, 168 Gifeng E. Rd., Wufeng, Taichung County 413, Taiwan, ROC a r t i c l e i n f o Article history: Received 10 October 2010 Received in revised form 20 December 2010 Accepted 11 July 2011 Available online 30 July 2011 Keywords: Eventual Byzantine Agreement Fault-tolerant Consensus Mobile ad hoc network a b s t r a c t Reliability is an important research topic in the study of distributed systems. Under many circumstances, a healthy processor in a distributed system needs to reach a common agreement before performing some special tasks even if the faults exist. In order to achieve fault-tolerance in distributed systems, one must deal with the Byzantine Agreement (BA) problem. Most BA problem require all the healthy processors to obtain an agreement at the same round, this kind of agreement is called an Immediate Byzantine Agreement (IBA). Another kind of agreement, Eventual Byzantine Agreement (EBA), allows its participants to reach a common agreement at different rounds when the fact < fp (fact is the number of actual arbitrary faulty processors; fp is the number of tolerate arbitrary faulty processors). However, the traditional EBA problem is solved in well-defined networks, but the Mobile Ad hoc NETworks (MANETs) are increasing in popularity. Therefore, EBA problem is revisited under dual failure mode (processors and transmission media) in the MANET. The proposed protocol, Early Dual Agreement Protocol (EDAP), can achieve agreement while tolerating the maximum number of faulty processors and transmission media in a MANET by using the minimum number of message exchanges. Furthermore, our protocol can manage and organize the network efficiently even if the processors move around the network. Ó 2011 Elsevier B.V. All rights reserved. 1. Introduction A distributed computing system consists of a set of processors, which can communicate with each other by exchanging messages. In order to provide a reliable computer system, a mechanism to allow a given set of processors to agree on a common value is needed [10,11,14, 15,17]. Some examples of applications emphasizing this fact are: a commitment problem in a distributed database system [12], a clock synchronization problem [7,17], and a landing task controlled by a flight control system [4]. Such a unanimity problem was first studied by Lamport et al. [10], and called Byzantine Agreement (BA) [1,3,9,10,14, 15,17]. It requires a number of independent processors to reach agreement in cases where some of those processors ⇑ Tel.: +886 4 23323000x7243; fax: +886 4 23305539. E-mail address: mlchiang@cyut.edu.tw 1570-8705/$ - see front matter Ó 2011 Elsevier B.V. All rights reserved. doi:10.1016/j.adhoc.2011.07.005 might be faulty. Furthermore, the goal of BA is making the healthy processors to reach a common value. A closely related sub-problem, the consensus problem, has been extensively studied [7,17] as well. The consensus problem has k initial values in a k-processor system and subsequently achieves a common value even if certain processors fail [7,11,17]. Therefore, the consensus problem is similar to the BA problem such as executing k copies BA processes. Subsequently, the results of previous works [7,14,17] showed that agreement is impossible in an asynchronous environment if even one processor has failed and that failure is a crash failure. Therefore, the BA problem is most applicable to a synchronous network and the bounds on the processing and transmission delays of healthy components are assumed to be finite [3,9]. Lamport argues for the consensus problem under the assumption of synchronous behavior BA, showing that 3fp + 1 processors can tolerate fp failures where fp is the maximum number of faulty processors in a network [10]. To clarify this study, the M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 assumptions of the BA are used to explain the concept of consensus problem. Traditionally, BA problem as defined by Lamport et al. [10], is as follows: (1) There are k (k > 3) processors, of which at most one-third of the total number of processors can fail without completely disrupting a workable network. (2) The processors communicate with each other by message exchange in a fully connected network (or well-defined network). (3) The message’s sender is always identifiable by the receiver. (4) A processor is chosen as a source randomly and broadcasting its initial value to other processors as well as itself. Agreement is reached if all healthy processors agree on a common value. Based on these assumptions, various protocols for the BA problem have been developed in order to meet the following requirements [1,3,4,8–10,14,15,17]: (BA1) Agreement: All healthy processors agree on a common value v. (BA2) Validity: If the initial value of the source is vs and the source is healthy, then all healthy processors shall agree on the value vs; i.e., v = vs. In general, some protocols require that each healthy processor stop in the same round (fp + 1) and achieve agreement immediately when the system can tolerate the number of arbitrary processor (fp) faults. This kind of agreement is called Immediate Byzantine Agreement (IBA) [3,9]. However, if there is no faulty processor in the system, or the number of faulty processors is less than fp, fp + 1 rounds of message exchange are still needed to reach a common agreement. It is unreasonable and inefficient in practical work. Therefore, an improvement algorithm is need to be invoked, the Eventual Byzantine Agreement (EBA) [9], that allows individual processors to stop during rounds in which the received messages are sufficient to reach a common agreement. However, the network technology grows rapidly, traditional network topology is improved with wireless topology. One such area of improvement is the wireless topology known as a Mobile Ad hoc NETwork (MANET) showing in Fig. 1 [2,16]. MANET consists of wireless processors that communicate with each other in the absence of a fixed infrastructure. Unfortunately, previous litera- Fig. 1. The topology of MANET in unit-disk graphs. 389 tures [1,10,12,17] mostly focus on fixed networks that use an infrastructure, such as fully connected networks, broadcast networks, or well-defined networks. Besides, the fallible processors and transmission media are not to be discussed simultaneously in a MANET. The traditional protocol cannot be used to achieve agreement in MANET due to its dynamic nature. Therefore, this paper revisits the EBA problem with respect to dual failure mode on both processors and transmission media and tolerates the maximum number of faulty components by using the minimum number of message exchanges in a MANET environment. The rest of this paper is organized as follows: Section 2 illustrates the related works of environment and assumptions. The details of the proposed protocol are shown in Section 3. Section 4 illustrates the examples we have devised in detail. Subsequently, the correctness and complexity of our method is illustrated in Section 5. Finally, the conclusion is presented in Section 6. 2. Related works Before the describing the previous protocol [3,9], two basic assumptions must be defined: the network environment and the failure types of faulty components. 2.1. Network environment As the network technology continues to grow at a high rate of speed, Mobile Ad hoc NETwork (MANET) [2,16] has enjoyed an amazing rise in popularity. MANET, consisting of wireless processors that communicate with each other in the absence of a fixed infrastructure, is different from the traditional network structures. Its topology, as shown in Fig. 1, can be modeled as a unit-disk graph [2] according to the range of transmission power of the members of the network. Besides, the MANET can easy to be used flexibly and quickly in automated battlefields, disaster relief, and rescue. There exist several challenges to the MANET due to its dynamic nature, such as low battery power, limited bandwidth, and unrestraint mobility. However, traditional routing protocols included hierarchical routing, link state, and distance vector [13,16] need to be reinvestigated. The previous routing path is destroyed when the processors immigrate into or emigrate out of the network at any time. Therefore, some research [2,13] has proposed a concept of a virtual backbone for organizing the MANET and classifying processors as gateway or non-gateway processors. In this hierarchical topology, one gateway processor can handle non-gateway processors in its own group and the routing process is simplified with respect to gateway processors. Namely, only gateway processors need to maintain the routing table and the search space is reduced to itself. Non-gateway processors can also change their status to sleep mode to conserve their battery power. Therefore, the virtual backbone is being adapted for organize a MANET. The Connected Dominating Set (CDS) is a popular algorithm proposed by Wu [16], to build the virtual backbone 390 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 Fig. 2. The proposed protocol EDAP. of a MANET. The CDS-based virtual backbone is related to the concept of dominating in graph theory. A subset of vertices on a graph is a dominating set if every vertex not in the subset is adjacent to at least one vertex in the subset. Therefore, the processors of the dominating set should be connected for building the routing path of transmission. Subsequently, the algorithm removes all locally redundant gateway processors during the re-marking phase to obtain a minimal CDS. Bharghavan and Das [2], proposed another famous distributed algorithm to build a virtual backbone. Their algorithm first finds an approximation to the minimum dominating set by a greedy algorithm; and then, in the second stage, constructs a spanning forest F. Subsequently, the third stage expands the spanning forest F into a spanning tree T and forms a minimum CDS. Besides, Stojmenovic et al. [13] showed a synchronized distributed constructions of CDS. Their methods classify the processors in a CDS into clusterhead processors and border processors. Processors are divided into clusters with one of them serving as the clusterhead processor in each cluster. That processor can also connect to any of the processors in its cluster directly; but the clusterhead processors are not adjacent to each other. Based on the reason above, traditional famous papers [8,10,14,15,17] cannot solve the EBA problem in a MANET due to its unrestraint mobility. The EBA problem is revised in this paper under a MANET environment using a CDS-based virtual backbone. It is because that we can facilitate saving the routing information and reducing the spaces required to search for a route to the gateway processor in a CDS-based virtual backbone. The gateway M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 processor can govern and maintain its group when processors immigrate into or move out of the network at any time. Therefore, the CDS-based virtual backbone is suitable to the real world and is used to configure the MANET in this paper. 2.2. Failure types In general, we can divide failure into three types: processor failure, transmission medium failure, and generalized failure [7,8,10,15,17]. The symptoms of processor failure can be classified into two categories, the dormant fault and the arbitrary fault. The dormant faults of processors include broken processors (crash faults) and message misses (omission faults). However, the dormant fault can easy to be detected and solved. By contrast, the arbitrary fault is a more serious problem; its behavior is unpredictable and damaging. The symptoms of transmission medium failure can also be classified into two categories, the dormant fault and arbitrary fault. The dormant faults of transmission media are crashes and stuck-at. The crash fault represents the transmission medium being broken. However, stuck-at faults occur when the message received from a certain transmission medium is always a constant value. Likewise, with processor faults, the arbitrary fault of transmission media is also the most damaging failure type of all problems due to its behavior being unrestricted. In this paper, we solve the EBA problem in generalized failure mode while accounting for dual failures (including the dormant fault and arbitrary fault simultaneously) in a MANET. According to the previous literature [10,14,15,17], the total number of allowable faulty components (processors/ transmission media) in a k-processor fully connected network is fc (fc: faulty component 6 bk/2c 1), in which the number of allowable faulty processors is fp (fp 6 b(k 1)/ 3c). The remainder is the number of allowable faulty transmission media. Based on those results [14,15,17], fp + 2 rounds of message exchange are required to make all healthy processors reach agreement. This is because that the influence of faulty processors and faulty transmission media produced before fp + 1 rounds of message exchange can be removed by fp + 2 rounds of message exchange. Therefore, healthy processors can reach an agreement by requiring fp + 2 rounds of message exchange if the faulty components do not exceed bk/2c 1, in which case the number of allowable faulty processors is b(k 1)/3c. 2.3. Eventual Byzantine Agreement In general, IBA [3,9] protocols require all healthy processors to reach a common agreement during the same round. The previous works states that IBA cannot be achieved for k (k > fp + 1) processors with at most fp faults within fp or fewer rounds. However, the EBA [3,9] protocols allow the healthy processors to achieve agreement during different rounds when they receive enough information. In EBA protocols, the processors may stop the protocol in round r < fp (fp 6 b(k 1)/3c) due to the number of actual faulty components (fact) being less than the maximum number of fault tolerant fp; thus a lower bound of number 391 of rounds of message exchange is min{fact + 2, fp + 1} for EBA. However, this paper revisited the EBA problem with a dual failure type (arbitrary fault and dormant fault) in processors and transmission media in a MANET environment. The lower bound of our proposed protocol is changed to min{fact + 3, fp + 2} and subsequently the basic concepts and approaches of the proposed protocol are shown in Section 3. 2.4. The failure components elimination sequence In generalized cases, both processors and transmission media may fail simultaneously. For healthy processors to reach a common agreement, the influence from dormant faulty transmission media and processors must be removed first. Subsequently, the influence from arbitrarily faulty transmission media and processors can be eliminated based on the work of Yan et al. [17]. The details are illustrated as follows. Our protocol can remove dormant faulty processors and dormant faulty transmission media because the receiver can always identify faulty messages produced by dormant components such as crash, omissions, and stuck-at faults, if the Manchester code [6,15,17] is used in encoding before transmission. This is because Manchester encoding is a synchronous clock encoding technique; thus, the receiver can easily distinguish between the dormant faulty components. The values sent from dormant faulty components are replaced by k in our protocol. After removing the influence of dormant faulty components, the protocol must collect fp rounds of message exchange; where fp denotes the maximum number of allowable faulty processors that cannot exceed b(N 1)/ 3c. Subsequently, the collected messages are stored into a data structure, called a message storage tree (ms-tree) is shown in Fig. 3c. When each processor collects enough messages from other processors, the effects of arbitrary faulty transmission media can be eliminated. In last step, the influence of arbitrarily faulty processor must be removed. To achieve this goal, two tree structures will be constructed, the message storage tree (ms-tree) and the information collection tree (ic-tree: Ti) are shown in Fig. 3c and Fig. 3d [14,15,17]. The vertex of the ms-tree is labeled with a list of processor names, and the value received from the source processor is denoted as val(s) at the root of the ms-tree. The processor name list contains the names of the processors through which the stored message was transferred. For example, the statement val(sac) represents the processor having received the value sa from processor c which was sent from source processor s to processor a. Subsequently, an ic-tree is constructed by following reorganization rules: (1) The leaves at level fp + 2 of the ms-tree are deleted. (2) The vertices with repeated processor’s names are deleted. According to reorganization rules, the ic-tree can be constructed to avoid cyclical influences from the faulty processors. It is because that the messages of faulty processors may be stored repeatedly in the vertices, resulting in 392 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 an incorrect common value caused by taking a simple majority. Eventually, each processor can apply the VOTE function (a detailed description is presented in Fig. 3e) to its ic-tree to compute a common value. Subsequently, the detail of our proposed protocol is shown as follows. 3. Protocol EDAP Before to introduce the proposed protocol is shown in Fig. 2, Early Dual Agreement Protocol (EDAP), the parameters in this synchronous MANET are assumed as follows: (1) N: The total number of gateway processors in a MANET. (2) n: The total number of non-gateway processors in a MANET. (3) ni: The total number of processors in group i. (4) di: The decision value of gateway processor i. (5) Vk: The vector in processor k. (6) vs: The initial value of processor i broadcasting to all other processors. (7) MAJi: The majority value of processor i. (8) MATi: The gateway processor i collects all received vectors from other processors. (9) k: The value that instead of the received value from a dormant faulty processor. (10) c: The connectivity of MANET. Based on the Menger theorem [5], at least c disjoint paths must exist between any pairs of processor A and B when the connectivity of the network is c. (11) Npa: The number of gateway processors with an arbitrary fault. (12) Npd: The number of gateway processors with a dormant fault. (13) npa: The number of non-gateway processors with an arbitrary fault. (14) npd: The number of non-gateway processors with a dormant fault. (15) Ta: The number of arbitrary faulty transmission media among the gateway processors. (16) Td: The number of dormant faulty transmission media among the gateway processors. (17) U: The default value, and U 2 {0, 1}. (18) fp: The number of allowable faulty gateway processors. (19) fact: The actual number of faulty gateway processors. (20) r: The required rounds of message exchange. (21) r: The actual number of rounds of message exchange. (22) Dvik: The number of values which are equal to MAJvi; 1 6 k 6 fp + 2. To achieve the efficient management, the CDS-based virtual backbone is used to organize a MANET in this paper. Besides, EDAP requires fp + 2 rounds of message exchange to reach an agreement and the connectivity of MANET needs to satisfy the Menger theorem [5]. Based on the [7,14,15,17], all healthy processors can reach agreement in a MANET environment where N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and c > 2(Npa + Ta) + Npd + Td. The definitions of parameters are listed as Section 2.2. EDAP has two parts: group agreement process and consensus agreement process. The main work of the group agreement process is collecting initial values from nongateway processors. Each gateway processor takes the majority (MAJ) of collected values as its initial value as shown in Fig. 3a. Subsequently, each gateway processor forwards its value to other gateway processors in the consensus agreement process. The consensus agreement process consists of the message exchange phase and the decision making phase. The message exchange phase must collect enough messages from gateway processors for all healthy gateway processors to reach an agreement. When a healthy gateway processor receives the values from other gateway processors, these values are stored in its vertex Vi (1 < i < N). Then, each gateway processor broadcasts its vertex again and constructs MATi (1 < i < N) when r > 1. The details of MATi are shown in Fig. 3b. During the message exchange phase, a tree structure, the ms-tree [14,15,17] is constructed by taking the local majority on each row k of MATi for each round and the value The function MAJ(α) 1. The majority value in the set of {val(αj)|1≤j≤(N, n)} MAJ(α)= 2. The complement value of val(α), denoted as ¬val(α), is chosen otherwise. Fig. 3a. The function MAJ. Fig. 3b. The function MATi on processor i. 393 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 received from the source processor, denoted as val(s) at the root of ms-tree. This is convenient data structure for collecting a majority value from the MATi. The details of the ms-tree are shown as Fig. 3c. The vertex of an ms-tree is labeled with a list of processor names. The processor name list contains the names of the processors through which the stored message has been transferred. Subsequently, an ic-tree [14,15,17] is constructed by ic-tree conversion function which is improvement of reorganization rules to remove the vertices with repeated processor names of ms-tree. The cyclical influence from the faulty processors can be avoided in ic-tree. The detail of ic-tree shown in Fig. 3d. In last step of the message exchange phase, each gateway processor executes the early stopping function to check whether the protocol can be stopped. This function uses the concept of [9] to modify to reduce the number of message exchange under the generalized failure mode in MANET. During the early stopping function, we first apply the MAJ function to the ic-tree of each processor i (1 6 i 6 N) to obtain the MAJvi. Subsequently, the numbers of Dv ki (1 6 k 6 fp + 2) are computed when the values of the ic-tree of each processor are equal to MAJvi. Finally, the protocol can be stopped early if the following constraint can be satisfied: Dv ki > ðfp ðr 1ÞÞ þ Level 1 root s val(s) ðn ðr 1Þ kÞ 2 Level 2 (leaf) sa val(sa) sb val (sb) sc val (sc) sd val (sd) se val (se) Fig. 3c. The ms-tree. Level 3 (sub_leaf) saa val(saa) sab val(sab) sac val(sac) sad val(sad) sae val(sae) sba val (sba) sbb val (sbb) sbc val (sbc) sbd val (sbd) sbe val (sbe) sca val (sba) scb val (scb) scc val (scc) scd val (scd) sce val (sce) sda val (sda) sdb val (sdb) sdc val (sdc) sdd val (sdd) sde val (sde) sea val (sea) seb val (seb) sec val (sec) sed val (sdd) see val (see) Finally, the second phase of the consensus agreement process, the decision making phase, is invoked to make each healthy gateway processor compute a common value by applying the voting function VOTE to the root of an ic-tree is shown as Fig. 3e. Therefore, the proposed protocol EDAP, can reach agreement when the numbers of messages are sufficient under dual failure mode (processors and transmission media). Besides, the CDS-based virtual backbone is used to manage and organize the MANET efficiently even if the processors move around the network. Therefore, EDAP protocol is more efficient and reasonable in the MANET environment than previous protocols [8,10,14] where N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and c > 2(Npa + Ta) + Npd + Td. Furthermore, the round of message exchange in our protocol is more suitable for a MANET environment than those of previous results [8,10,14]. 4. Example of executing EDAP In this section, an example is shown to illustrate how the protocol EDAP is to be executed in practice. There are 24 processors in the original MANET in Fig. 4a–4k. In this paper, the CDS construction algorithm [13] is used to elect 8 gateway processors as a gateway layer and 16 nongateway processors as a non-gateway layer in a MANET. The relationship between the gateway processors and non-gateway processors is shown as Table 1. Our EDAP protocol requires r = b(8 1)/3c + 2 = 4 rounds to exchange messages and the complete steps are Level 1 root s val(s) Level 2 (leaf) sa val(sa) sb val (sb) sc val (sc) sd val (sd) se val (se) Fig. 3d. The ic-tree (Ti). Level 3 (sub_leaf) saa val(saa) sab val(sab) sac val(sac) sad val(sad) sae val(sae) sba val (sba) sbb val (sbb) sbc val (sbc) sbd val (sbd) sbe val (sbe) sca val (sba) scb val (scb) scc val (scc) scd val (scd) sce val (sce) sda val (sda) sdb val (sdb) sdc val (sdc) sdd val (sdd) sde val (sde) sea val (sea) seb val (seb) sec val (sec) sed val (sed) see val (see) 394 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 VOTE(α)= 1. val(α), if α is a leaf. 2. The majority value in the set of {VOTE( αi)|1≤i≤N, and vertex αi is a child of vertex α}, if such majority values exists. 3. A default value φ is chosen, otherwise. Fig. 3e. The functions of protocol EDAP. The VOTE function. V a Vb V c V d V e 1 1 1 0 0 λ λ λ λ λ 0 0 0 0 Vf Vg V h 0 0 0 λ λ λ 0 0 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 Fig. 4d. The vector received from each gateway processor in the first round of the consensus agreement process. s val(s) Fig. 4a. The original MANET environment. Level 1 sa val(sa) 0 sb val (sb) λ sc val (sc) 0 sd val (sd) se val (se) sf val (sf) sg val (sg) sh val (sh) 0 s val(s) ic-treed,e, f, g, h Level 1 sa val(sa) 1 sb val (sb) λ sc val (sc) 0 sd val (sd) se val (se) sf val (sf) sg val (sg) sh val (sh) 0 ic-treec Fig. 4e. The ic-trees of the first round. Δvc1 =4 < ( f g − (r − 1)) + (n − (r − 1) − λ ) = 5.5 (cannot stop) 2 Δvd1 =5 < ( f g − (r − 1)) + (n − (r − 1) − λ ) = 5.5 (cannot stop) 2 Δve1 =5 < ( f g − (r − 1)) + (n − (r − 1) − λ ) = 5.5 (cannot stop) 2 ( n − ( r − 1) − λ ) Δvf =5 < ( f g − (r − 1)) + = 5.5 (cannot stop) 2 Δvg1 =5 < ( f g − (r − 1)) + (n − (r − 1) − λ ) = 5.5 (cannot stop) 2 ( n − ( r − 1) − λ ) 1 Δvh =5 < ( f g − (r − 1)) + = 5.5 (cannot stop) 2 1 Fig. 4b. The first round in the group agreement process. Va Vb Vc Vd Ve Vf Vg 1 0 1 0 0 1 Vh 0 Fig. 4f. Execution of the early stopping function in the first round of message exchange phase. Fig. 4c. The results of the group agreement process. shown as Fig. 4a shows that the processors a, l, k, t, v, and x are arbitrarily faulty processors, and processors b and n are dormant faulty processors, respectively. In beginning of the protocol, we assume x as the arbitrary source processor; it broadcasts initial values to groups Ga, Gb, Gc, Gd, Ge, Gf, Gg and Gh as 1, 0, 0, 1, 0, 0, 1, and 0, respectively. Subsequently, each gateway processor uses the MAJ function to obtain a majority value and stores it to its vector. The vector of each gateway processor is shown as Fig. 4c. After the group agreement process, each gateway processor has an initial value to broadcast to other gateway processors during the consensus agreement process. During the consensus agreement process, each gateway processor must exchange its value with other gateway processors during message exchange phase. The result of healthy gateway processors executing the first round of 395 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 Level 1 MATd,g Va 1 λ 1 0 1 1 0 1 Vb λ λ λ λ λ λ λ λ Vc 1 λ 0 Vd 0 λ 0 Ve 0 λ 0 Vf 0 λ 0 Vg 0 λ 0 Vh 0 λ 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 sa val(sa) 1 s val(s) sb val (sb) λ Fig. 4g. The result of processors d and g executing the second round of the message exchange phase in the consensus agreement process. sc val (sc) 0 MATc,e,f,h Va 0 λ 1 1 0 1 1 1 Vb λ λ λ λ λ λ λ λ Vc 1 λ 0 Vd 0 λ 0 Ve 0 λ 0 Vf 0 λ 0 Vg 0 λ 0 Vh 0 λ 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 0 0 1 0 Fig. 4h. The result of processors c, e, f, and h executing the second round of the message exchange phase in the consensus agreement process. the consensus agreement process is shown as Fig. 4d. Subsequently, the ic-tree of each gateway processor can be constructed from each vertex as shown in Fig. 4e. Therefore, the early stopping function can be invoked during the first round of message exchange, and this is shown as Fig. 4f. In our example, the agreement value of gateway processors a and b is unimportant due to the fact that they are an arbitrary gateway processor and a dormant gateway processor, respectively. According to the early stopping function of the EDAP protocol, each gateway processor cannot stop early and the number of messages is insufficient to achieve agreement in the first round. Therefore, each gateway processor must execute the next round of message exchange. Each gateway processor continuously broadcasts its value to other gateway processors during the second round of message exchange. The gateway processors d and g build the corresponding MATd and MATg in Fig. 4g. The MATc, MATe, MATf, and MATh are shown as Fig. 4h. The difference between Fig. 4g and Fig. 4h is caused by the faulty gateway processor a sending different messages to them. Subsequently, we show the ic-tree of each gateway processor during the second round of message exchange in Figs. 4i and 4j. The ic-tree is constructed from the MATi and is eliminated the repeated vertices by means of the ic-tree conversion function. In next step, as in the procedure above, the early stopping function is invoked again to test whether the procedure can stop or not. The results are shown as Fig. 4k, the Fig. 4k represents the message exchange of each gateway processor being able to stop. The collected sd val (sd) se val (se) sf val (sf) sg val (sg) sh val (sh) 0 Level 2 sab val(sab) λ sac val(sac) 1 sad val(sad) sae val(sae) 0 saf val(saf) 0 sag val(sag) 0 sah val(sah) 0 sba val(sba) λ sbc val(sbc) λ sbd val(sbd) λ sbe val(sbe) λ sbf val(sbf) λ sbg val(sbg) λ sbh val(sbh) λ sca val(sca) 1 scb val(scb) λ scd val(scd) 0 sce val(sce) 0 scf val(scf) 0 scg val(scg) 0 sch val(sch) 0 sda val(sda) 0 sdb val(sdb) λ sdc val(sdc) 1 sde val(sde 1 sdf val(sdf) 1 sdg val(sdg) 1 sdh val(sdh) 1 sea val(sea) 1 seb val(seb) λ sec val(sec) 0 sed val(sed) 0 sef val(sef) 0 seg val(seg) 0 seh val(seh) 0 sfa val(sfa) 1 sfb val(sfb) λ sfc val(sfc) 0 sfd val(sfd) sfe val(sfe) 0 sfg val(sfg) 0 sfh val(sfh) 0 sga val(sga) 0 sgb val(sgb) λ sgc val(sgc) 1 sgd val(sgd) sge val(sge) 1 sgf val(sgf) 1 sgh val(sgh) 1 sha val(sha) 1 shb val(shb) λ shc val(shc) 0 shd val(shd) she val(she) 0 shf val(shf) 0 shg val(shg)0 Fig. 4i. The ic-treed,g. messages of each gateway processor are enough to achieve consensus and move into next phase, the decision making 396 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 Level 1 sa val(sa) 1 s val(s) sb val (sb) 0 sc val (sc) 0 sd val (sd) λ se val (se) λ sf val (sf ) λ sg val (sg) λ sh val (sh) 0 Level 2 sab val(sab) λ sac val(sac) 1 sad val(sad) sae val(sae) 0 saf val(saf) 0 sag val(sag) 0 sah val(sah) 0 sba val(sba) λ sbc val(sbc) λ sbd val(sbd) λ sbe val(sbe) λ sbf val(sbf) λ sbg val(sbg) λ sbh val(sbh) λ sca val(sca) 1 scb val(scb) λ scd val(scd) 0 sce val(sce) 0 scf val(scf) 0 scg val(scg) 0 sch val(sch) 0 sda val(sda) 1 sdb val(sdb) λ sdc val(sdc) 0 sde val(sde 1 sdf val(sdf) 1 sdg val(sdg) 1 sdh val(sdh) 1 sea val(sea) 0 seb val(seb) λ sec val(sec) 0 sed val(sed) 0 sef val(sef) 0 seg val(seg) 0 seh val(seh) 0 sfa val(sfa) 1 sfb val(sfb) λ sfc val(sfc) 0 sfd val(sfd) sfe val(sfe) 0 sfg val(sfg) 0 sfh val(sfh) 0 sga val(sga) 1 sgb val(sgb) λ sgc val(sgc) 1 sgd val(sgd) sge val(sge) 1 sgf val(sgf) 1 sgh val(sgh) 1 sha val(sha) 1 shb val(shb) λ shc val(shc) 0 shd val(shd) she val(she) 0 shf val(shf) 0 shg val(shg)0 Fig. 4j. The ic-treec,e,f,h. process. This process uses the function VOTE to obtain a common value, and the common value (‘‘0’’) of gateway processors can be reached if N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td where the connectivity of the network is c > 2(Npa + Ta) + Npd + Td. In general, the BA protocol needs four rounds of message exchange to achieve agreement when faulty components exist. Based on the results above, the EDAP protocol only needs two rounds of message exchange to achieve consensus. Therefore, the EDAP protocol is more efficient than previous BA protocols [10,12,17] in a MANET environment. 5. The correctness and complexity of EDAP In general, our paper compares with the most famous paper [8,10,14,15,17] of previous works. Therefore, proofs for the agreement and validity property are given to prove the EDAP is optimal solution in this section. Lemmas and theorems are used to prove the correctness and complexity of EDAP. 5.1. Correctness of EDAP In this section, we prove the correctness of EDAP if N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and c > 2(Npa + Ta) + Npd + Td where Npa is the number of arbitrary faulty processors, Ta is the number of arbitrary faulty transmission media, Npd is the number of dormant faulty processors, and Td is the number of dormant faulty transmission media existing simultaneously. Only fp + 2 rounds of message exchange are required to make all healthy processors reach a common agreement. To prove the correctness of our protocol, a tree structure, ic-tree is used to explain our procedures. The ic-tree collected enough complete messages to eliminate the influence of faulty components and solve the cyclical influence from the faulty processors by eliminating the repeated names. The function VOTE also must obtain a common value from the ic-tree during the consensus agreement process. Therefore, this paper proves the correctness of our protocol by means of the ic-tree structure. This paper defined a vertex a as common [4,17] if each healthy processor computes the same value for a. In other words, the value stored in vertex a of each healthy processor’s ic-tree is common. When each healthy processor has a common initial value of the source processor in the root of its ic-tree, an agreement is reached since the root is common. Thus the agreement, (Agreement) and (Validity), can be rewritten as: (Agreement’): Root s is common, and (Validity’): VOTE(s) = vs for each healthy processor, if the source processor is healthy. Otherwise, a default value U should be chosen. To prove a vertex is common, the term common frontier [4,17] is defined as follows: When every root-to-leaf path of the ic-tree contains a common vertex, the collection of the common vertices forms a common frontier. In other words, every healthy processor collects the same messages within the common frontier if a common frontier does M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 397 Level 2 of ic-treec,e,f,,h : (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δva = 5 > ( f g − (r − 1)) + = 4 (stop) Δva =5 > ( f g − (r − 1)) + 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δvc2 = 5 > ( f g − (r − 1)) + = 4 (stop) Δvc =5 > ( f g − (r − 1)) + 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δvd2 = 5 > ( f g − (r − 1)) + = 4 (stop) Δvd =5 > ( f g − (r − 1)) + 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δve2 = 5 > ( f g − (r − 1)) + = 4 (stop) Δve =6 > ( f g − (r − 1)) + 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) Δvf2 =5 > ( f g − (r − 1)) + = 4 (stop) Δvf2 = 5 > ( f g − (r − 1)) + = 4 (stop) 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δvg2 = 5 > ( f g − (r − 1)) + = 4 (stop) Δvg =6 > ( f g − (r − 1)) + 2 2 (n − (r − 1) − λ ) (n − (r − 1) − λ ) 2 = 4 (stop) Δvh2 = 5 > ( f g − (r − 1)) + = 4 (stop) Δvh =5 > ( f g − (r − 1)) + 2 2 Level 2 of ic-treed,g : 2 Fig. 4k. Execution of early stopping function in second round of message exchange phase. Table 1 The layer relationship. Group Gateway layer Non-gateway layer Ga Gb Gc Gd Ge Gf Gg Gh a b c d e f g h h, i p, q n, o l, m j, k w, x u, v s, t exist in a healthy processor’s ic-tree. Subsequently, using the same voting function VOTE to compute the root value of the ic-tree, every healthy processor can obtain the same root value because they receive the same input and use the same computing function. Since EDAP can solve the consensus/BA problem, the above concepts can be used to prove the correctness of EDAP. Before proving the correctness of EDAP, the term correct vertex is defined as: (1) Correct vertex – vertex ai of a tree is a correct vertex if processor i is healthy. In other words, a correct vertex is a place to store the value received from a healthy processor. (2) True value – for a correct vertex ai in the tree of a healthy processor i, val(ai) is the true value of vertex ai. Namely, the stored value is called the true value. By the definition of a correct vertex, the stored value is received from the healthy processors and a healthy processor always transmits the same value to other processors. The repeated vertices of ic-tree are deleted, thus the correct vertices of such an ic-tree are common. Based on the definition of correct vertex, a common frontier does exist in ic-trees. Namely, the root can be proven to be a common vertex (Agreement’) due to the existence of a common frontier, regardless of the correctness of a source processor. Based on reason above, an agreement concerning the root value is reached. Subsequently, we check the condition of (Validity’). Based on (Validity’), we know that when the source processor fails, the (Validity’) is true. This is because the proposi- tional logic P ? Q means (NOT(P) OR Q), then (NOT(P) OR Q) or (P ? Q) is true when P is false; where P implies ‘‘the source processor is healthy’’ and (P ? Q) implies BA2’. Conversely, root s is a correct vertex by the definition of a correct vertex if the source processor is healthy. If all correct vertices’ true values can be computed by EDAP, then the true value of the root can be computed because the root is also a correct vertex. By definition, the true value of the root is the initial value of the source processor if the source processor is healthy. Namely, each healthy processor’s root value is the initial value of the source processor; if the source processor is healthy, then Validity’ is true so long as the source processor is healthy. In short, Agreement’ and Validity’ are both true because no matter whether the source processor is healthy or failed, the consensus/BA problem is solved. Lemma 1. The messages sent through dormant faulty components can be detected by a healthy destination processor. Proof. A healthy destination processor can detect the message(s) from dormant faulty components if the protocol appropriately encodes a transmitted message by using either the Non-Return-to-Zero code or the Manchester code [6] before transmission. h Lemma 2. Healthy processors can receive messages from healthy processors, if c > 2(Npa + Ta) + Npd + Td. Proof. A healthy sender processor broadcasts a message to others and itself. In the worst case, a healthy processor can receive c Npd Td messages transmitted in each round of the message exchange because dormant faulty components can be detected. If c Npd Td > 2(Npa + Ta), a healthy processor can determine the nature messages from sender processors by utilizing the majority value from the values received in each message exchange round. h 398 M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 Theorem 1. A healthy processor can remove the faulty influences from dormant faulty transmission media and dormant faulty processors, if c > 2(Npa + Ta) + Npd + Td. Proof. By Lemmas 1 and 2, the theorem is proved. h Lemma 3. A healthy destination processor can detect a dormant faulty sender processor by the forwarding technique in the gateway/non-gateway model. Proof. If the height of a is 0 and a common frontier (a itself) exists, then a is common. If the height of a is r, the children of a are all in common by using induction hypothesis with the height of the children at r 1, then the vertex a is common. h Corollary 1. A root is common if a common frontier exists in the ic-tree. Theorem 3. The root of a healthy processor’s ic-tree is common. Proof. If the number of value k is greater than or equal to c b(N 1)/3c, then the sending processor has a dormant fault. The reason is that there are at most b(N 1)/3c arbitrarily faulty components in the network; hence there are at most b(N 1)/3c non-k values in the vector Vi. h Proof. By Lemmas 4, 5, and 6, and Corollary 1, the theorem is proven. h Theorem 2. A healthy processor can detect a dormant faulty processor in the network. Theorem 4. Protocol EDAP solves the consensus/BA problem in MANET. Proof. In the protocol EDAP, there are r rounds of message exchange during consensus agreement, where Npa 6 b(N 1)/3c and N > 3, so there are at least two rounds of message exchange during the message exchange phase. Each healthy processor can receive the message from the source processor during the first round of message exchange and receives other processors’ messages during the second round of message exchange. Each processor can receive all other processors’ messages that exist in the network after two rounds of message exchange. According to Lemma 3, each healthy processor can detect the dormant faulty processor in the network. h Proof. To prove the theorem, one has to show that EDAP meets the constraints (Agreement’) and (Validity’) Lemma 4. All healthy correct vertices of an ic-tree are common. Proof. After reorganization of rules, no repeatable vertices are extant in an ic-tree. At the level fp or above, the correct vertex a have at least 2fp + 1 children (N fp P 2fp + 1) of which at least fp + 1 children are correct. The true value of these fp + 1 correct vertices is common, and the majority value of vertex a is also common. The correct vertex a is common in the ic-tree if the level of a is less than fp + 1. Thus, all correct vertices of the ic-tree are common. h Lemma 5. A common frontier exists in an ic-tree. Proof. There are fp + 1 vertices along each root-to-leaf path of an ic-tree in which the root is labeled by the source name, and the others are labeled by a sequence of group names. Since at most Npa (6b(N 1)/3c) processors can have failed, at least one vertex is correct along each rootto-leaf path of the ic-tree. By Lemma 3, the correct vertex is common, and a common frontier exists in each healthy processor’s ic-tree. h Lemma 6. Let a be a vertex, where a is common if there is a common frontier in the subtree rooted at a. (Agreement’): Root s is common. By Theorem 3, (Agreement’) is satisfied. (Validity’): VOTE(s) = v for all healthy processors, if the initial value of the source is vs, say v = vs. Since most of the processors are healthy, they transmit the message to all others. As a result, each of the correct vertices of the ic-tree is common (Lemma 4), and its true value is v. By Theorem 3, this root is common. The computed value VOTE(s) = v is stored in the root for all healthy processors. (Validity’) is satisfied. h Lemma 7. Each value of a healthy processor j received from the healthy source processor h is fixed. The value is fixed in round min{fact + 3, fp + 2} when there are fact faulty processors extant. Proof. Case 1: source and receivers are healthy processors. In general, the healthy source processor j sends the initial value to the healthy receiver h in next round. Then the receiver h sends the same value to its descendant processors. Subsequently, the value in the descendant path should be the same. This is because the healthy descendant receiver does not change the original value that transfers to its descendant receivers. Case 2: source and receivers are faulty processors. The faulty source processor sends different values to faulty receiving processors; the value might alternate from round to round. Due to only fact faulty processors extant in system, the longest faulty path only has length fact. Therefore, the influences of vertices of descendant path (Pfact + 1) can be eliminated by the majority function; subsequently the values of the descendant path are fixed again based on Case 1. In other situations, these influences M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 can be eliminated when the faulty source processor versus the healthy receiver processors or the healthy source processor versus the faulty receiver processors. h Theorem 5. Protocol EDAP can achieve agreement in min{fact + 3, fp + 2} rounds. Proof. Based on the Theorem 4, one can prove that the protocol EDAP can meet the constraints of (Agreement’) and (Validity’) in the consensus/BA problem when the fact = fp. By Lemmas 4–7, and Corollary 1, the values of a descendant path are fixed to a common value in round min{fact + 3, fp + 2} and early stopping. Therefore, the constraints (Agreement’) and (Validity’) are also achieved in round min{fact + 3, fp + 2}. h 5.2. Complexity of EDAP The complexity of EDAP is judged in terms of: (1) the maximum number of allowable faulty components; (2) the minimal number of rounds. Theorem 6. The maximum number of allowable faulty components of EDAP is Npa arbitrary faulty processors, Npd dormant faulty processors, Ta arbitrary faulty transmission media, and Td dormant faulty transmission media; where is N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and connectivity of the network c should be greater than 2(Npa + Ta) + Npd + Td Proof. Wang et al. [14], indicated that the constraints of the BA problem for processor faults is only N > (b(N 1)/3c) + 2Npa + Npd and c > 2Npa + Npd in which the faulty transmission media was treated as faulty processors. In this study, the fault status of processors and transmission medium of our assumption are treated as the different fault. Therefore, we must include the transmission medium faults, and so the constraints are rewritten as N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and c > 2(Npa + Ta) + Npd + Td. Therefore, the total number of allowable faulty components of EDAP is Npa arbitrary faulty processors, Npd dormant faulty processors, Ta arbitrary transmission media, and Td dormant faulty transmission media; which is the maximum if N > (b(N 1)/3c) + 2(Npa + Ta) + Npd + Td and c > 2(Npa + Ta) + Npd + Td. h Theorem 7. EDAP requires min{fact + 3, fp + 2} rounds to solve the EBA problem in a MANET. Proof. Based on the previous works [8,17], for a fail-safe network, if the transmission medium is reliable, then fp + 1 rounds are proven to be the lower boundary for message exchanges. Therefore, the required number of rounds for solving the generalized BA/consensus problem in MANET should not be less than fp + 1. In the EBA problem, the protocol of Krings and Feyer [9] also proves that the actual number of rounds of message exchange is min{fact + 2, fp + 1} when the fallible components are processors only in well-defined connected networks without 399 faulty transmission media. However, our protocol EDAP solves the EBA problem underlying dual failure in generalized failure mode where both faulty processors and faulty transmission media exist. The protocol of Yan et al. [17], shows that two rounds of message exchanges is the minimum number of rounds needed to solve the BA problem if fp = 0. Thus, it is impossible that the number of rounds required is fp + 1. Otherwise, only one round of message exchange could solve the BA/consensus problem for the case fp = 0 in a generalized faulty assumption. This contradicts the results of Yan et al. [17]. Therefore, our protocol requires an extra round to solve the generalized failure mode according to results of Yan et al. [17]. The actual number of rounds of message exchange with EDAP is min{fact + 3, fp + 2}. However, message passing is required during the message exchange phase and this is a timeconsuming phase. The EDAP protocol is more efficient at solving the BA/consensus problem than traditional protocols [1,10,14,15,17] when the EDAP protocol stops early. h 6. Conclusion In this study, our protocol EDAP solves the EBA problem in a MANET underlying dual failure mode in fallible processors and transmission media based on the CDS-based virtual backbone. Besides, the EDAP can achieve an agreement while tolerating the maximum number of faulty processor by using the minimum number of message exchange and round. In our virtual backbone, our protocol can manage and organize the network efficiently even if the processors move around the network. It is because that only gateway processors need to maintain the routing table, and the search space is reduced to itself. Therefore, the rounds of message exchange in our protocol are more suitable for a MANET environment than those of previous results [10,14,15,17]. Besides, our protocol can achieve the agreement earlier than others by using the concept of eventual BA protocol when the numbers of messages are sufficient. If there are only two (fact = 2) arbitrary gateway processors, the at most rounds of message exchange are decreased to 5 (r = min{fact + 3, fp + 2}). Therefore, our protocol is more realistic and efficient than previous protocols in a MANET due the fact that the actual number of arbitrarily faulty processors fact is often smaller than fp. Acknowledgment This work was supported in part by the Taiwan National Science Council under Grants NSC99-2221-E-324-041MY3, NSC97-2221-E-324-007-MY3, NSC99-2221-E324022, and NSC99-2221-E018-018. References [1] O. Babaoglu, R. Drummond, Streets of Byzantium: network architectures for fast reliable broadcasts, IEEE Transactions on Data and Knowledge Engineering SE-11 (1985) 546–554. [2] V. Bharghavan, B. Das, Routing in Ad Hoc networks using minimum connected dominating sets, in: Proceedings of the International 400 [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13] M.-L. Chiang / Ad Hoc Networks 10 (2012) 388–400 Conference on Communications ’97, Montreal, Canada, 1997, pp. 376–380. O. Brukman, S. Dolev, E.K. Kolodner, A self-stabilizing autonomic recoverer for eventual Byzantine software, The Journal of Systems & Software 84 (12) (2008) 2315–2327. P. Dasgupta, Agreement under faulty interfaces, Information Processing Letters 65 (3) (2008) 125–129. N. Deo, Graph Theory with Applications to Engineering and Computer Science, Englewood Cliffs, N.J. Prentice Hall, 1974. F. Halsall, Data Links, Computer Networks and Open Systems, 4th ed., Addison-Wesley Publishers, 1995. pp. 112–125. H.S. Hsiao, Y.H. Chin, W.P. Yang, Reaching strong consensus in general network, Journal of Information Science and Engineering 18 (4) (2002) 601–625. H.C. Hsieh, J.S. Leu, W.K. Shih, A Fault-Tolerant Scheme for an Autonomous Local Wireless Sensor Network, Computer Standards & Interfaces 32 (4) (2010) 215–221. A.W. Krings, T. Fisher, The Byzantine agreement problem: optimal early stopping, in: S. Dee (Ed.), Proceedings of 32nd Hawaii International Conference on System Sciences, LNCS 520, SpringerVerlag, Berlin, 1999, pp. 1–12. L. Lamport, R. Shostak, M. Pease, The Byzantine generals problem, ACM Transactions on Programming Languages and Systems 4 (3) (1982) 382–401. K.W. Lee, H.T. Ewe, Performance study of Byzantine agreement protocol with artificial neural network, Information Sciences 177 (21) (2007) 4785–4798. H.G. Molina, F. Pittelli, S. Davidson, Applications of Byzantine agreement in database systems, ACM Transactions on Database Systems 11 (1) (1986) 27–47. I. Stojmenovic, M. Seddigh, J. Xunic, Dominating sets and neighbor elimination based broadcasting algorithms in wireless networks, IEEE Transactions on Parallel and Distributed Systems 13 (2002) 14– 25. [14] S.S. Wang, S.C. Wang, K.Q. Yan, An optimal solution for Byzantine agreement under a hierarchical cluster-oriented mobile ad-hoc network, Computers and Electrical Engineering 36 (1) (2010) 100– 113. [15] S.C. Wang, K.Q. Yan, S.S. Wang, G.Y. Zheng, Reaching agreement among virtual subnets in hybrid failure mode, IEEE Transactions on Parallel and Distributed Systems 19 (9) (2008) 1252–1262. [16] J. Wu, Extended dominating-set-based routing in ad hoc wireless networks with unidirectional links, IEEE Transactions Parallel and Distributed Systems 13 (2005) 14–25. [17] K.Q. Yan, S.S. Wang, S.C. Wang, Reaching an agreement under wormhole networks within dual failure component, International Journal of Innovative Computing, Information and Control 6 (3) (2010) 1151–1164. Mao-Lun Chiang received the M.S. degree in Information Management from Chaoyang University of Technology and the Ph.D. degree in Department of Computer Science from National Chung-Hsing University, Taiwan. He is an Assistant Professor in the Department of Information and Communication Engineering at the Chaoyang University of Technology, Taiwan. His current research interests include Ad Hoc, mobile computing, distributed data processing, and fault tolerant computing. ID 445830 Title EventuallyByzantineAgreementonCDS-basedmobileadhocnetwork http://fulltext.study/journal/480 http://FullText.Study Pages 13