The ACS and BA algorithms

[vkomenda]

I've defined the ACS algorithm and an interface to it consisting of 3 functions: new, send_proposed_value and on_input. The latter is a message handler for RB and BA messages. These two types of message are therefore joined in the types of message inputs and outputs.

Note about BA: A common coin implementation is not provided in this pull request. The coin value is constant 1 at

hbbft/src/agreement.rs

Line 174 in 15353e8

let coin: u64 = 1;

.

[afck]

Looks, good, apart from a few details. (Most of my comments are just nit-picks.)

[vkomenda]

rustfmt doesn't work with anything but Rust sources:

$ rustfmt proto/message.proto 
error: expected one of `!` or `::`, found `=`
 --> /home/vk/src/poanetwork/hbbft/proto/message.proto:1:8
  |
1 | syntax = "proto3";
  |        ^ expected one of `!` or `::` here

[afck]

Ah, sorry! You're right, of course, and indentation 2 is fine in a proto file!

[vkomenda]

Changed indentation to 4 spaces and committed.

[afck]

Let's add a TODO about amiller/HoneyBadgerBFT#59, so we don't forget to add the CONF message round later.

[vkomenda]

Added.

[afck]

Should this be called estimates instead? An output should only be produced once, I think.

Since the epochs start from 0 and are then incremented by 1, we might as well use a Vec here.

Or could we even do away with keeping the previous rounds' estimates around, and just make this a bool?

[vkomenda]

Agreement can output multiple times. That's why the termination criterion is more complex than whether the instance has output a value. I have to correct the code to reflect that. At the moment only one value is stored per agreement instance.

[afck]

Right, that's a bit ambiguous in the paper. I think the reason for the complex termination criterion is just that a node needs to keep sending messages to help the other nodes output, too. The formulation "then output b" should really be read as "then output b, unless you already have done so". For the user of the module it will certainly be more convenient if it only outputs once?

[vkomenda]

I agree on the uniqueness of output. The paper Signature-Free Asynchronous Byzantine Consensus with t < n/3 and O(n^2) Messages from which this version of BA originates has better presentation and does say "decide(v) if not yet done" in Figure 2.

[afck]

Maybe slightly simpler:

self.received_bval.values().filter(|values| values.contains(&b)).count()

[afck]

Looks like Haskell. 😁 Let's use != or ≠.

[afck]

That shouldn't be the same uid as above, should it? If I understand correctly:

• self.agreement_instances.get_mut(&uid) is the instance that decides whether the element proposed by node uid should be part of the common subset in the end.
• The parameter of Agreement::on_input should be the uid of the node that sent this particular message.

[afck]

Is that &mut a typo?

[afck]

That could also be simplified with filter(|v| **v).count(), I think.

[afck]

If only the values are needed, values() should be preferred over iter():

self.agreement_instances.values().all(Agreement::terminated)

[afck]

Maybe we should move the AgreementMessage type into the agreement module. I think the individual algorithms' modules could be pretty self-contained.

[vkomenda]

@afck, I've changed on_input_agreement considerably while working on your passing remark on uid. Please check whether you find any issues with the new version. The rationale behind the new version is that any incoming BA message should be delivered to all local BA instances since all BA messages are broadcasts, hence there is no explicit destination of a BA message.

[afck]

There's still a few details I'm not sure about. We should add extensive tests for this soon. (In a later PR, if you prefer.)

[afck]

Sorry about my remark! You were right, of course, and we should leave the indentation at 2 spaces instead of 4 here, as is the standard for proto files.

[afck]

BTreeSet::union doesn't modify the receiver, so vals will remain empty. This should probably say:

vals.extend(values)

[afck]

We could make this a HashMap<NodeUid, bool>, since multiple Aux messages from the same node can be safely ignored. (I think… can they?)

[vkomenda]

I think an agreement instance can output different AUX values in different epochs. Note that the values in AUX messages depend on the current state of bin_values which is subject to change.

[afck]

Sorry, I meant multiple Aux messages in a single epoch can be safely ignored. This container should be cleared in each epoch change, shouldn't it?

[afck]

You could make this an early return (None, None), then the rest of the method wouldn't have to be indented.

[afck]

Using random means the coin won't be "common" at all: each node will have a different value. I think that breaks the guarantee that it terminates, even without any malicious nodes. The instances take the coin value as a hint when to terminate, so an unlucky node may outlive all its remote counterparts, and never be able to output anything.

[afck]

Does self.epoch need to be incremented before this call? I imagine the BVal messages this sends should have the next epoch.

[vkomenda]

You are right. It makes sense to increment the epoch earlier.

[afck]

The message sender's ID doesn't need to be part of the message itself, I think, since it's passed into on_input anyway.

[vkomenda]

I think you are confusing CommonSubset::on_input which does not receive the ID as argument with Agreement::on_input which does. The latter gets the sender ID from the message received by CommonSubset::on_input.

[afck]

Why can't CommonSubset::on_input just pass on the sender ID to Agreement::on_input? It looks dangerous to me to have it in the message, since it would basically allow the sender to lie about their identity.

[vkomenda]

Ah, no, the sender ID is in common_subset::Input which is not a message but rather a type of input to the Common Subset algorithm. As we discussed before, AgreementMessage does not have any IDs.

[afck]

Right, I see! But then what will actually be transmitted over the network, i.e. what's the "common subset" message type? Because that will need to contain element_proposer_id, but not message_sender_id, I think. So wouldn't it be more natural to replace Input with Message, and change the signature of CommonSubset::on_input so that it takes the sender ID separately from the message?

[afck]

I wonder whether it's dangerous to change an agreement instance's estimate value later than round 0. Could this prevent termination? (Not sure about that.)

[afck]

Actually, I think the Agreement interface needs to change instead, and just ignore inputs after the first round.

[vkomenda]

I implemented this in a stricter way. There is a check has_input which returns true iff the first estimated value has been written. set_input will return an error if the input has already been provided.

[afck]

Instead of the mutable result, you could just return here on error:

let agreement_instance = self.agreement_instances
    .get_mut(&element_proposer_id)
    .ok_or(Error::NoSuchAgreementInstance)?;

[vkomenda]

Actually the mutable result helps to avoid a multiple mutable borrow conflict.

[afck]

See above: I'm worried that this could break the agreement if the instance has already progressed beyond the first round. (But it's not quite clear in the paper and I haven't thought much about it yet.)

[vkomenda]

In the paper, BA instances can set the estimated value only for the next epoch. So, if an instance hasn't been provided with input true from the ACS instance, the estimated value of the epoch 0 will remain empty until the ACS instance fills it in using Agreement::set_input(false). Then that BA can terminate as soon as the coin value is false due to the termination criterion.

[afck]

But now vals.len() will always be <= 2 (number of values instead of number of entries). Maybe it should be:

let aux_count = self.received_aux.values()
    .filter(|b| self.bin_values.contains(b))
    .count();
(aux_count, vals)

[vkomenda]

How do you define vals?

[afck]

The same way you already do.

[vkomenda]

If so then aux_count == vals.len(). So, aux_count is redundant.

[afck]

It isn't, in general: vals is a set of bools, so it has 0, 1 or 2 elements. The above aux_count would be the number of entries in the received_aux map that have one of those values, which can be anything between 0 and num_nodes. (The values() iterator doesn't deduplicate, so it will yield &true and &false as often as they appear in the map.)

[afck]

Now it will count the total number of entries in received_aux, instead of just the ones whose values are in bin_values.

[afck]

It's not sufficient that any previous estimate agrees with the coin. The output has to agree with it.

[afck]

I don't think we actually need to remember the previous estimates: Once we move on to epoch i + 1, the value from epoch i can safely be forgotten.

I think we could even just make estimate a simple bool and initialize it with false (without sending messages). Agreement::on_input would then do nothing if epoch > 0 or input has already been provided before (i.e. we'd need another has_input: bool).

We'd also need a has_output: bool. After that's true, the estimate can't change again (we don't even need to cater for that, as it's guaranteed by the algorithm itself, I think), and we can terminate as soon as in any future round has_output && coin == estimate.

[vkomenda]

For the termination criterion, I mostly agree but I think the paper asks for self.output == Some(coin). In that case do we need estimated at all? It is never read.

[vkomenda]

My mistake, estimated is used for broadcast.

[afck]

No, I think you're right: It is used for broadcasting BVal, but only at the point where we transition to a new epoch (or receive user input in epoch 0). After that we can forget it, so we don't actually have to store it in the struct at all. (But then we'd have to make output an Option<bool>, as you say. Either way is fine with me.)

[vkomenda]

Please have a look at my last commit. I added a BVal message at the start of every epoch r, r > 0. I think the paper clearly requires those.

[afck]

Looks great now! 👍

Thanks for your patience and sorry for the long list of nit-picks! I've just got one more, but we can also resolve this in another PR.

[afck]

We need to make sure we output only once.

[vkomenda]

Yes, I fixed the once-per-instance property of output too.