tendermint的共識詳解(論文翻譯)

由於文章由markdown的方式編寫, 部分鏈接與圖片顯示可能存在問題, 大家可以移步到github源查看.
本文爲tendermint paper: The latest gossip on BFT consensus的讀書筆記, 本文旨在理清論文中所講的BFT共識. 如果您在閱讀過程中有任何意見可以發起ISSUE, 如果喜歡的話可以點擊star.

引言

Consensus is one of the most fundamental problems in distributed computing. It is important because of it’s role in State Machine Replication (SMR), a generic approach for replicating services that can be modeled as a deterministic state machine [1], [2]. The key idea of this approach is that service replicas start in the same initial state, and then execute requests (also called transactions) in the same order; thereby guaranteeing that replicas stay in sync with each other. The role of consensus in the SMR approach is ensuring that all replicas receive transactions in the same order. Traditionally, deployments of SMR based systems are in data-center settings (local area network), have a small number of replicas (three to seven) and are typically part of a single administration domain (e.g., Chubby [3]); therefore they handle benign (crash) failures only, as more general forms of failure (in particular, malicious or Byzantine faults) are considered to occur with only negligible probability.

共識是最基礎的問題在分佈式計算中. 由於共識在狀態機複製(SMR)中扮演重要角色, 複製服務的通用方法可以將其建模爲確定行狀態機. 方法的關鍵點是拷貝服務啓始與一個相同的初始狀態, 然後以一致的順序執行請求(也可被稱爲交易); 因此保證複製狀態保持同步. 共識在在SMR的方法中作用是保證接收的交易按照按照一致的順序. 傳統地, 基於SMR系統的部署是用在數據中心(本地局域網), 只有比較小的拷貝數(3-7)並且通常是單個管理域的一部分; 因此他們僅處理良性故障(奔潰), 對於更普遍形式的故障(尤其是惡意的, 或拜占庭故障)被認爲發生的可能性極小.

正文

正文部分不會做全翻譯, 但會對重要的特性單獨拿出來翻譯

The Tendermint consensus algorithm is inspired by the PBFT SMR algorithm [8] and the DLS algorithm for authenticated faults (the Algorithm 2 from [6]).

tendermint的共識所發受到pbft smr算法與dls算法中授權故障部分的啓發.

Tendermint is not presented in the basic round model of [6]. Furthermore, we use the term round differently than in [6]; in Tendermint a round denotes a sequence of communication steps instead of a single communication step in [6]

tendermint並不是DLS基本的回合模型. 更進一步, 我們使用了round模型有別於DLS. tendermint中每一回合代表一系列的通信步驟而非DLS中的單一通信步驟.

To ensure that a proposed value is accepted by all correct processes a proposer will 1) build the global state by receiving messages from other processes, 2) select the safe value to propose and 3) send the selected value together with the signed messages received in the first step to support it. The value v_i that a correct process sends to the next proposer normally corresponds to a value the process considers as acceptable for a decision:

• in PBFT [8] and DLS [6] it is not the value itself but a set of 2f + 1 signed messages with the same value id,
• in Fast Byzantine Paxos [11] the value itself is being sent.

爲了確保提案被所有正確處理單元接收, 提議者需要做到:

1. 建立全局狀態通過接收來自其他所有處理單元的消息
2. 選擇安全的值進行提議
3. 發送挑選的值與支持該值的在第一步接收到的簽名消息.
   按照正確的過程發送給下一個提議者的值v_i通常對應於該過程認爲可以接受的值:

• 在pbft和dls中, 提議值並非數值本身而是指被2f+1簽名的值;
• 在快速拜占庭paxos中該值正是被髮送的值.

[外鏈圖片轉存失敗,源站可能有防盜鏈機制,建議將圖片保存下來直接上傳(img-HFOe0aWe-1579511906830)(./proposer_change.png)]

In both cases, using this mechanism in our system model (ie. high number of nodes over gossip based network) would have high communication complexity that increases with the number of processes: in the first case as the message sent depends on the total number of processes, and in the second case as the value (block of transactions) is sent by each process. The set of messages received in the first step are normally piggybacked on the proposal message (in the Figure 1 denoted with [v_1…4]) to justify the choice of the selected value x. Note that sending this message also does not scale with the number of processes in the system.

兩方面共同的, 在我們的系統模型中使用該機制(也就大量節點使用gossip的基礎網絡)會隨着處理單元數目的增加在交流上變得格外複雜: 第一種情況該值的消息發送依賴於處理單元的數目, 而第二種情況該值(塊中的交易)是由該輪的處理單元發送. 這一類在第一輪接收的消息通常會包含在提議的消息中(圖1中的v_1…4)爲了證明選擇值x的合理性. 請注意, 發送此消息也不會隨着系統中處理單元的數量增長而擴展.

We designed a novel termination mechanism for Tendermint that better suits the system model we consider. It does not require additional communication (neither sending new messages nor piggybacking information on the existing messages) and it is fully based on the communication pattern that is very similar to the normal case in PBFT [8]. Therefore, there is only a single mode of execution in Tendermint, i.e., there is no separation between the normal and the recovery mode, which is the case in other PBFT-like protocols (e.g., [8], [12] or [13]). We believe this makes Tendermint simpler to understand and implement correctly

我們爲tendermint設計了新型的終止機制, 我們認爲其更適合系統模型. 該機制不需要額外的通信(既不發送新消息也不需要在當前存在的消息中附帶信息)並且完全是依據非常類似與pbft的通信模式. 因此, 在tendermint只有一種執行類型, 例如, 普通模式和恢復模式沒有區別, 這與其他類pbft協議不同. 我們相信這使tendermint更簡單去理解與實現更正確.

Note that the orthogonal approach for reducing message complexity in order to improve scalability and decentralization (number of processes) of BFT consensus algorithms is using advanced cryptography (for example Boneh-Lynn-Shacham (BLS) signatures [14]) as done for example in SBFT [15]

值得注意的是爲了降低BFT共識算法的信息複雜度以提升可擴展性以及分散性(可容納的處理單元數量)的正交方法目前正在使用高級的加密方法(例如Boneh-Lynn-Shacham (BLS) 簽名, 該方法就用於SBFT共識中)

Processes in our model are not part of a single administration domain; therefore we cannot enforce a direct network connectivity between all processes. Instead, we assume that each process is connected to a subset of processes called peers, such that there is an indirect communication channel between all correct processes

處理單元在我們的模型中並不一定只是單一管理域的一部分; 因此我們不能強制網絡爲一個直連網絡: 連接了所有處理單元. 相反, 我們只能假設每一個處理單元知識與一個子集的處理單元(謂之peer)相連, 因此存在非直接通信的通道連接所有正確的處理單元.

定義

規定θ爲系統的執行時間上限; GST(Global Stabilization Time): 消息在正確的處理單元中通信所需要經過多少時間後才被認爲可靠(消息傳播時間t > GST, 消息才被認爲可靠, 總時間T = t + θ).

We assume that process steps (which might include sending and receiving messages) take zero time. Processes are equipped with clocks so they can measure local timeouts. All protocol messages are signed, i.e., when a correct process q receives a signed message m from its peer, the process q can verify who was the original sender of the message m.

我們假設處理某些步驟(包括接收和發送消息)耗時爲零. 所有處理單元都配備時鐘, 所以他們可以推斷本地超時. 所有的協議消息都是被簽名的, 例如, 當正確的處理單元q從peer接收了簽名的消息m, 處理單元q能夠驗證誰是這個消息m原始的發送人.

Gossip communication: If a correct process Preceives some message m at time t, all correct processes will receive m before max{t, GST } + θ.

gossip通信: 如果正確的處理單元p接收到消息m的時間爲t, 所有正確的處理單元接收到m的時間會小於max{t, GST } + θ.

State machine replication (SMR) is a general approach for replicating services modeled as a deterministic state machine [1], [2]. The key idea of this approach is to guarantee that all replicas start in the same state and then apply requests from clients in the same order, thereby guaranteeing that the replicas’ states will not diverge.

複製狀態機(SMR)是用於複製建模服務爲了確定性狀態機的通用方法. 其關鍵思想是保證所有複製都起始於一個相同狀態然後以相同順序執行來自客戶端一致順序的請求, 因此保證複製的狀態不會分叉.

Tendermint solves state machine replication by sequentially executing consensus instances to agree on each block of transactions that are then executed by the service being replicated. We consider a variant of the Byzantine consensus problem called Validity Predicate-based Byzantine consensus that is motivated by blockchain systems [17]. The problem is defined by an agreement, a termination, and a validity property.

• Agreement: No two correct processes decide on different values.
• Termination: All correct processes eventually decide on a value.
• Validity: A decided value is valid, i.e., it satisfies the predefined predicate denoted valid().

tendermint通過順序執行共識實例來校驗區塊中的交易, 然後由複製的服務來執行, 以解決狀態複製的問題. 我們考慮拜占庭共識問題的變種, 它是由區塊鏈系統驅動的基於有效性憑證的拜占庭共識. 該問題由一致性, 最終性以及有效性定義.

• 一致性: 不存在正確的處理單元選擇不同的值.
• 最終性: 所有正確的處理單元最終會選擇同一個值.
• 有效性: 決定的值都是有效的, 例如, 它能通過預定義爲valid()的校驗.

For example, the condition 2f + 1<PRECOMMIT, h_p, r, id(v)>, evaluates to true upon reception of PRECOMMIT messages for height h_p, a round r and with value equal to id(v) whose senders have aggregate voting power at least equal to 2f + 1

例如, 2f + 1<PRECOMMIT, h_p, r, id(v)>的條件, 執行爲true依據PRECOMMIT消息具備接收的區塊高度h_p, 輪數爲r以及值與id(v)一致, 並且消息的合計投票權重至少達到2f + 1.

The variables with index p are process local state variables, while variables without index p are value placeholders. The sign * denotes any value.

變量有p下標爲過程局部變量, 而沒有p下標變量爲佔位符. 標記*表示任意值.

We denote with n the total voting power of processes in the system, and we assume that the total voting power of faulty processes in the system is bounded with a system parameter f. The algorithm assumes that n > 3f, i.e., it requires that the total voting power of faulty processes is smaller than one third of the total voting power. For simplicity we present the algorithm for the case n = 3f + 1.

簡譯: 文章中指定了投票權值要達到n, 並且n = 3f + 1, 其中f定義爲拜占庭節點的投票權值總和.

The algorithm proceeds in rounds, where each round has a dedicated proposer. The mapping of rounds to proposers is known to all processes and is given as a function proposer(h, round), returning the proposer for the round round in the consensus instance h. We assume that the proposer selection function is weighted roundrobin, where processes are rotated proportional to their voting power7. The internal protocol state transitions are triggered by message reception and by expiration of timeouts. There are three timeouts in Algorithm 1: timeoutPropose, timeoutPrevote and timeoutPrecommit. The timeouts prevent the algorithm from blocking and waiting forever for some condition to be true, ensure that processes continuously transition between rounds, and guarantee that eventually (after GST) communication between correct processes is timely and reliable so they can decide. The last role is achieved by increasing the timeouts with every new round r, i.e, timeoutX® = initTimeoutX + r * timeoutDelta; they are reset for every new height (consensus instance).

算法以輪進行處理, 每一輪都會有一個專門的提議人. 每一輪對應的提議人對所有處理單元來說都是已知的並由函數proposer(h, round), 該函數返回共識實例h下round輪的提議者. 我們假設提議者選擇爲加權輪詢, 該過程按其投票權成比例輪換. 內部協議狀態轉換由消息接收和超時到期觸發. 在算法1中有3種超時: timeoutPropose, timeoutPrevote以及timeoutPrecommit. 超時是爲了防止算法因爲等待某些條件爲true導致堵塞甚至永久等待, 以及保證每一輪之間連續地處理轉換, 並且最終保證(GST時間之後)正確的處理單元之間通信是及時的和可靠地因此需要定義這些超時. 最後一個角色是通過在每個新回合r中增加超時來實現的, 例如 timeoutX® = initTimeoutX + r*timeoutDelta; 該時間會在每個新高度重置(共識實例).

Processes exchange the following messages in Tendermint: PROPOSAL, PREVOTE and PRECOMMIT. The PROPOSAL message is used by the proposer of the current round to suggest a potential decision value, while PREVOTE and PRECOMMIT are votes for a proposed value. According to the classification of consensus algorithms from [10], Tendermint, like PBFT [7] and DLS [6], belongs to class 3, so it requires two voting steps (three communication exchanges in total) to decide a value. The Tendermint consensus algorithm is designed for the blockchain context where the value to decide is a block of transactions (ie. it is potentially quite large, consisting of many transactions). Therefore, in the Algorithm 1 (similar as in [7]) we are explicit about sending a value (block of transactions) and a small, constant size value id (a unique value identifier, normally a hash of the value, i.e., if id(v) = id(v′), then v = v′). The PROPOSAL message is the only one carrying the value; PREVOTE and PRECOMMIT messages carry the value id. A correct process decides on a value v in Tendermint upon receiving the PROPOSAL for v and 2f +1 voting-power equivalent PRECOMMIT messages for id(v) in some round r. In order to send PRECOMMIT message for v in a round r, a correct process waits to receive the PROPOSAL and 2f +1 of the corresponding PREVOTE messages in the round r. Otherwise, it sends PRECOMMIT message with a special nil value. This ensures that correct processes can PRECOMMIT only a single value (or nil) in a round. As proposers may be faulty, the proposed value is treated by correct processes as a suggestion (it is not blindly accepted), and a correct process tells others if it accepted the PROPOSAL for value v by sending PREVOTE message for id(v); otherwise it sends PREVOTE message with the special nil value.

tendermint中處理單元交換以下消息: PROPOSAL, PREVOTE以及PRECOMMIT. PROPOSAL是提議者用於在當前輪建議一個可能的決定值, 而PROPOSAL和PRECOMMIT是對提議的值進行投票. 根據共識算法的分類, tendermint, PBFT以及DLS屬於第3類, 所以需要兩輪投票步驟(通信消息總共需要交換3次)來決定值. tendermint的共識算法是設計用於區塊上下文, 該上下文用於決定值也正是區塊中的交易(例如, 交易可能會很大, 包含大量的交易). 因此, 在算法1中我們顯示發送值(區塊中的交易)以及一個定長的值ID(一個獨一的標識符, 通常爲hash). PROPOSAL消息是唯一包含值的; PREVOTE和PRECOMMIT消息只包含值ID. 在tendermint一個正確的處理單元決定值v需要包含v的PROPOSAL得到2f + 1的票權以及PRECOMMIT也得到了對id(v)同等的票權在同一輪r中. 爲了在r輪發送v對應的PRECOMMIT消息, 每個正確的處理單元在輪r需要等待PROPOSAL消息以及2f + 1票權對應的 PREVOTE消息. 否則, 該單元將會發送一個特殊空值的PRECOMMIT消息. 這確保的處理單元發送的PRECOMMIT消息只能爲同一個值或nil值. 由於提議人可能會作惡, 所以提議人的值對於正確的處理單元而言只是一個建議值(並非盲目接受), 並且正確的處理單元告知其他單元如果他接受了該PROPOSAL對應的值v, 他將會向其他單元發送v對應的PREVOTE消息即爲對id(v)的簽名消息; 否則其會發送一個特殊的空值PREVOTE消息.

Every process maintains the following variables in the Algorithm 1: step, lockedValue, lockedRound, validValue and validRound. The step denotes the current state of the internal Tendermint state machine, i.e., it reflects the stage of the algorithm execution in the current round. The lockedValue stores the most recent value (with respect to a round number) for which a PRECOMMIT message has been sent. The lockedRound is the last round in which the process sent a PRECOMMIT message that is not nil. We also say that a correct process locks a value v in a round r by setting lockedValue = v and lockedRound = r before sending PRECOMMIT message for id(v). As a correct process can decide a value v only if 2f + 1 PRECOMMIT messages for id(v) are received, this implies that a possible decision value is a value that is locked by at least f +1 voting power equivalent of correct processes. Therefore, any value v for which PROPOSAL and 2f +1 of the corresponding PREVOTE messages are received in some round r is a possible decision value. The role of the validValue variable is to store the most recent possible decision value; the validRound is the last round in which validValue is updated. Apart from those variables, a process also stores the current consensus instance (hp, called height in Tendermint), and the current round number (roundp) and attaches them to every message. Finally, a process also stores an array of decisions, decisionp (Tendermint assumes a sequence of consensus instances, one for each height).

每一個處理單元維護人需要維持以下情況: step, lockValue, lockedRound, validValue以及 validRound. step表示當前tendermint狀態機的狀態, 例如, step表示在當前輪中算法算法執行到的位置. lockedValue存儲着最新的值(對應與輪值)爲此一條PRECOMMIT消息已經被髮送了. lockedRound是最新輪此時處理單元發送的PRECOMMIT消息不位nil. 我們也可以說正確處理單元鎖住輪r的值v可以設置lockedValue = v以及lockedRound = r在發送id(v)對應的PRECOMMIT消息之前. 對於一個正確的處理單元能決定值v只有當收到了對應id(v)的2f + 1票權的PRECOMMIT消息, 這說明了一個可能的確定值是一個至少鎖定了f + 1票權等價的處理單元的值. 因此, 包含任何值v的PROPOSAL得到2f + 1票權的對應PREVOTE消息在同一輪r那麼該值可能就是確定的值. validValue存儲着最新的可能值; validRound是validValue更新的最新一輪. 不僅包括這些值, 處理單元也存儲着當前的共識實例(hp, 稱之爲tendermint高度), 以及當前的輪數(roundp)並且將他們包含在所有交易中. 最後, 處理單元會存儲一個決定值的序列decisionp(tendermint假設一系列的共識實例對應每一個高度)

Every round starts by a proposer suggesting a value with the PROPOSAL message (see line 19). In the initial round of each height, the proposer is free to chose the value to suggest. In the Algorithm 1, a correct process obtains a value to propose using an external function getValue() that returns a valid value to propose. In the following rounds, a correct proposer will suggest a new value only if validValue = nil; otherwise validValue is proposed (see lines 15-18). In addition to the value proposed, the PROPOSAL message also contains the validRound so other processes are informed about the last round in which the proposer observed validValue as a possible decision value. Note that if a correct proposer p sends validValue with the validRound in the PROPOSAL, this implies that the process Preceived PROPOSAL and the corresponding 2f + 1 PREVOTE messages for validValue in the round validRound. If a correct process sends PROPOSAL message with validValue (validRound > −1) at time t > GST , by the Gossip communication property, the corresponding PROPOSAL and the PREVOTE messages will be received by all correct processes before time t+θ. Therefore, all correct processes will be able to verify the correctness of the suggested value as it is supported by the PROPOSAL and the corresponding 2f + 1 voting power equivalent PREVOTE messages.

每一輪開始於一個提議者以PROPOSAL消息建議一個值. 在沒一個高度的最初始高度, 提議者可以自由的選擇值來提議. 在算法1中, 一個正確的處理單元通過外部函數getValue()返回一個有效值的進行提議. 在接下來的輪, 一個正確的提議者會建議一個新值在validValue = nil的條件下; 否者validValue會被用於提議. 除了值提議意外, PROPOSAL消息也包含了validRound因此其他處理單元會被告知最新輪在PROPOSAL消息中validValue被提議者視爲決定的值. 注意如果一個正確的提議人p在validRound發送包含validValue的PROPOSAL消息, 這說明了處理單元p接收到了PROPOSAL消息以及對應的2f + 1票權的PREVOTE消息接受在validRound輪的validValue值. 如果一個正確的提議人發送包含validValue(validRound > −1)的PROPOSAL消息在時間t > GST的情況下, 憑藉gossip的通信特性PROPOSAL以及PREVOTE的消息在時間t+θ之前被正確的處理單元接收. 因此, 所有正確的處理單元可以驗證PROPOSAL消息提議的建議值以及2f + 1票權對應的PREVOTE消息.

A correct process p accepts the proposal for a value v (send PREVOTE for id(v)) if an external valid function returns true for the value v, and if p hasn’t locked any value (lockedRound = −1) or p has locked the value v (lockedValue = v); see the line 23. In case the proposed pair is (v, vr ≥ 0) and a correct process p has locked some value, it will accept v if it is a more recent possible decision value8, vr > lockedRoundp, or if lockedValue = v (see line 29). Otherwise, a correct process will reject the proposal by sending PREVOTE message with nil value. A correct process will send PREVOTE message with nil value also in case timeoutPropose expiredValuep (it is triggered when a correct process starts a new round) and a process has not sent PREVOTE message in the current round yet (see the line 57)

簡譯: 在正確的處理單元收到v的PROPOSAL後, 想要發送id(v)的PREVOTE需要滿足以下條件:

• 建議值v必須通過了外部校驗函數的校驗;
• 依據處理單元自身lockedRound和lockedValue不同, 做一下區分:
  1. lockedRound = -1時, 即處理單元未鎖定任何值或者lockedValue = v, 即所定製一致的情況, 處理單元會發送id(v)的PREVOTE消息
  2. lockedRound不爲-1時, 此時如果vr > lockedRoundp或者lockedValue = v, 處理單元會發送id(v)的PREVOTE消息
• 以上兩點有一點不符合的處理單元將會拒絕該提議發送值爲nil的PREVOTE消息
• 爲了防止當前輪被更新設置了timeoutPropose超時, 一旦超時同樣會發送值爲nil的PREVOTE消息

If a correct process receives PROPOSAL message for some value v and 2f + 1 PREVOTE messages for id(v), then it sends PRECOMMIT message with id(v). Otherwise, it sends PRECOMMIT nil. A correct process will send PRECOMMIT message with nil value also in case timeoutPrevote expired (it is started when a correct process sent PREVOTE message and received any 2f + 1 PREVOTE messages) and a process has not sent PRECOMMIT message in the current round yet (see the line 65). A correct process decides on some value v if it receives in some round r PROPOSAL message for v and 2f + 1 PRECOMMIT messages with id(v) (see the line 51). To prevent the algorithm from blocking and waiting forever for this condition to be true, the Algorithm 1 relies on timeoutPrecommit. It is triggered after a process receives any set of 2f +1 PRECOMMIT messages for the current round. If the timeoutPrecommit expires and a process has not decided yet, the process starts the next round (see the line 65). When a correct process p decides, it starts the next consensus instance (for the next height). The Gossip communication property ensures that PROPOSAL and 2f + 1 PREVOTE messages that led p to decide are eventually received by all correct processes, so they will also decide.

簡譯: 在正確的處理單元收到v的PROPOSAL消息以及2f + 1票權的id(v)的PREVOTE消息, 節點纔會發送id(v)的PRECOMMIT消息, 否則處理單元只會發送值爲nil的PRECOMMIT消息. 在超時timeoutP滿足時, 正確的處理單元同樣會發送值爲nil的PRECOMMIT. 只有當處理單元收到v的PROPOSAL以及2f + 1的id(v)的PRECOMMIT消息時纔會決定v爲最終值. 爲了防止算法堵塞甚至死鎖, 算法1實現了timeoutPrecommit超時. 當收到任何值的2f + 1的PRECOMMIT時會啓動一個超時處理線程, 如果超時timeoutPrecommit滿足時, 處理單元會啓動新的一輪. 正確的結果會使處理單元啓動新的共識實例(下一個高度). gossip的通信特徵保證所有正確的處理單元可以接收到由p決定的PROPOSAL和2f + 1的PREVOTE消息, 所以所有單元會共同決定.

tendermint機制

Note that it could happen that during good period, no correct process locks a value, but some correct process q updates validValue and validRound during some round. As no correct process locks a value in this case, validValueq and validRoundq will also be acceptable by all correct processes as validRoundq > lockedRoundc for every correct process c and as the Gossip communication property ensures that the corresponding PREVOTE messages that q received in the round validRoundq are received by all correct processes θ time later

簡譯: 有可能在正確的流程下發生這種情況, 不會有正確的處理單元會鎖定一個值, 但是正確處理單元q會在一些輪中更新validValue和validRound. 由於在該情況下沒有正確的處理單元鎖定值, 因此對於所有正確的處理單元c會接受validValueq以及validRoundq, 因爲validRoundq > lockedRoundc. 並且Gossip的通信特徵保證q接收的對應的PREVOTE消息在θ時間之後被正確的處理單元接收.

Therefore, updating validValue and validRound variables, and the Gossip communication property, together ensures that eventually, during the good period, there exists a round with a correct proposer whose proposed value will be accepted by all correct processes, and all correct processes will terminate in that round. Note that this mechanism, contrary to the common termination mechanism illustrated in the Figure 1, does not require exchanging any additional information in addition to messages already sent as part of what is normally being called ”normal” case.

簡譯: 在正確情況下更新validValue和validRound變量, 存在一個回合正確的提議人的建議值會被所有處理單元接受同事終止該輪. 注意在該機制下, 不同於圖一所描述的那樣不需要交換任何額外的信息由於消息已經作爲通常情況的一部分.

tendemrint共識證明

之後爲tendermint共識相關的引理和證明. 由於該部分非常嚴謹, 翻譯與原文請參照閱讀, 部分證明可能不會給出翻譯.

Lemma 1. For all f ≥ 0, any two sets of processes with voting power at least equal to 2f + 1 have at least one correct process in common.

引理1: 對於所有f > 0, 任何處理單元的兩個子集如果票權都達到了至少2f + 1, 那麼至少有一個正確處理單元同時存在於連個子集中.

Proof: As the total voting power is equal to n = 3f + 1, we have 2(2f + 1) = n + f + 1. This means
that the intersection of two sets with the voting power equal to 2f + 1 contains at least f + 1 voting power in common, i.e., at least one correct process (as the total voting power of faulty processes is f). The result follows directly from this.

證明: 相信這是個一目瞭然的引理. 總數n = 3f + 1, 而我們有2(2f + 1) = n + f + 1, 所以至少有1個是我們所說的那個"倒戈"的"正確處理單元"

Lemma 2. If f + 1 correct processes lock value v in round r0 (lockedValue = v and lockedRound = r0), then in all rounds r > r0, they send PREVOTE for id(v) or nil

引理2: 如果有f + 1數量的正確節點鎖定了值ｖ和輪r0(即lockedValue = v以及lockedRound = r0), 然後在所有輪中r > r0, 他們都將只會發送id(v)或nilPREVOTE消息.(這是一個比較high level的引理了)

Proof: We prove the result by induction on r.
Base step r = r0 +1 : Let’s denote with C the set of correct processes with voting power equal to f +1. By the rules at line 22 and line 28, the processes from the set C can’t accept PROPOSAL for any value different from v in round r, and therefore can’t send a <PREVOTE, heightp, r, id(v′)> message, if v′ != v. Therefore, the Lemma holds for the base step.

證明: 我們通過引入r來證明結果.
基本步r = r0 + 1: C集表示f + 1票權的正確處理單元. 在僞代碼22和28行指出C集不會在r輪接受非v的PROPOSAL, 也因此不會發送一個<PREVOTE, heightp, r, id(v′)>消息, 如果v′ != v. 所以引理滿足基本步的情況

Induction step from r1 to r1 + 1: We assume that no process from the set C has sent PREVOTE for values different than id(v) or nil until round r1 + 1. We now prove that the Lemma also holds for round r1 + 1. As processes from the set C send PREVOTE for id(v) or nil in rounds r0 ≤ r ≤ r1, by Lemma 1 there is no value v′ != v for which it is possible to receive 2f + 1 PREVOTE messages in those rounds (i). Therefore, we have for all processes from the set C, lockedValue = v and lockedRound ≥ r0. Let’s assume by a contradiction that a process q from the set C sends PREVOTE in round r1 + 1 for value id(v′), where v′ != v. This is possible only by line 30. Note that this implies that q received 2f + 1 <PREVOTE, hq, r, id(v′)> messages, where r > r0 and r < r1 + 1 (see line 29). A contradiction with (i) and Lemma 1.

簡譯: 證明: 看過了基本步顯然不夠嚴謹, 再來看看遞歸步: 從r1到r1 + 1: r1 > r0: 假設在r1 + 1前集C不會發送處理id(v)或nil以外的PREVOTE消息. 然後我們在推廣到r1 + 1. 根據引理1的情況, C集成員不可能收到2f + 1票權的id(v’)(並且v’ != v)的 PREVOTE消息. 我們進一步假設一個矛盾, 存在一個C集處理單元q在輪r1 + 1發送了id(v′)的PREVOTE消息, 且v’ != v. 該情況只可能發生在30行代碼. 注意該情況建立在q收到了<PREVOTE, hq, r, id(v′)>消息, 其中r0 < r < r1 + 1. 違背了引理1.

Lemma 3. Algorithm 1 satisfies Agreement.

引理3: 算法1滿足一致性.

We prove the case r > r0 by contradiction. By the rule 49, p has received at least 2f + 1 votingpower equivalent of <PRECOMMIT, hp, r0, id(v)> messages, i.e., at least f +1 voting-power equivalent correct processes have locked value v in round r0 and have sent those messages (i). Let denote this set of messages with C. On the other side, q has received at least 2f + 1 voting power equivalent of <PRECOMMIT, hq, r, id(v′)> messages. As the voting power of all faulty processes is at most f, some correct process c has sent one of those messages. By the rule at line 36, c has locked value v′ in round r before sending <PRECOMMIT, hq, r, id(v′)>. Therefore c has received 2f + 1 PREVOTE messages for id(v′) in round r > r0 (see line 36). By Lemma 1, a process from the set C has sent PREVOTE message for id(v′) in round r. A contradiction with (i) and Lemma 2.

簡譯: 證明: 簡而言之, 將引理1和引理2擴展到PRECOMMIT階段. 當存在2f + 1的<PRECOMMIT, h, r0, id(v)>的消息, 之後又存在了2f + 1的<PRECOMMIT, h, r, id(v’)>的消息, 根據引理1就說明C集中有c發送了<PRECOMMIT, h, r, id(v’)>的消息, c發送該消息必然是因爲有2f + 1的id(v’)的PREVOTE消息(由於36行代碼的限制), 那麼說C集中有c’發送了id(v’)的PREVOTE消息, 而r > r0, 顯然與引理2不符.

Lemma 4. Algorithm 1 satisfies Validity.

引理4: 算法1滿足有效性

Proof: Trivially follows from the rule at line 50 which ensures that only valid values can be decided.

值的有效性證明是通過外部函數提供的50行代碼

Lemma 5. If we assume that:

1. a correct process p is the first correct process to enter a round r > 0 at time t > GST (for every correct process c, roundc ≤ r at time t)
2. the proposer of round r is a correct process q
3. for every correct process c, lockedRoundc ≤ validRoundq at time t
4. timeoutPropose® > 2θ+timeoutPrecommit(r−1), timeoutPrevote® > 2θ and timeoutPrecommit® > 2θ,
   then all correct processes decide in round r before t + 4θ + timeoutPrecommit(r − 1).

引理5. 如果我們假設:

1. 一個正確的處理單元p作爲第一個正確處理單元進入輪r(r > 0)在時間t > GST(對於其他所有正確的處理單元c, roundc <= r在時間t)
2. 在輪r的提議人是正確處理單元q
3. 對於每一個正確處理單元c, 在時間t滿足lockedRoundc ≤ validRoundq
4. timeoutPropose® > 2θ+timeoutPrecommit(r−1), timeoutPrevote® > 2θ 以及timeoutPrecommit® > 2θ,

Proof: As p is the first correct process to enter round r, it executed the line 67 after timeoutPrecommit(r−1) expired. Therefore, p received 2f + 1 PRECOMMIT messages in the round r − 1 before time t. By the Gossip communication property, all correct processes will receive those messages the latest at time t + θ. Correct processes that are in rounds < r− 1 at time t will enter round r− 1 (see the rule at line 56) and trigger timeoutPrecommit(r − 1) (see rule 47) by time t + θ. Therefore, all correct processes will start round r by time t + θ + timeoutPrecommit(r − 1) (i).

簡譯: 證明: 對於p作爲第一個進入輪r的正確處理單元, 在timeoutPrecommit(r−1)到期後, 會進入67代碼段的執行. 因此, 在時間t之前p會接收2f + 1的PRECOMMIT消息在r - 1輪. 基於Gossip的通信特性, 所有正確處理單元會在時間至少時間t + &theta都受到這些消息. 在時間t正確的處理單元所在輪 < r− 1會進入r - 1輪(參看56行代碼段邏輯)並且在時間t + θ之前觸發timeoutPrecommit(r − 1)(參看47代碼段). 因此, 所有正確處理單元將啓動輪r當時間超過t + θ + timeoutPrecommit(r − 1)(假設1)

In the worst case, the process q is the last correct process to enter round r, so q starts round r and sends PROPOSAL message for some value v at time t + θ + timeoutPrecommit(r − 1). Therefore, all correct processes receive the PROPOSAL message from q the latest by time t + 2θ + timeoutPrecommit(r − 1). Therefore, if timeoutPropose® > 2θ + timeoutPrecommit(r − 1), all correct processes will receive PROPOSAL message before timeoutPropose® expires.

簡譯: 證明: 最壞的情況下, q處理單元是最後一個正確處理單元進入r輪, 所以q從r輪開始以及發送v值的PROPOSAL消息在時間t + θ + timeoutPrecommit(r − 1). 因此所有正確的處理單元接收到來自q的PROPOSAL最多在時間t + 2θ + timeoutPrecommit(r − 1)之前. 因此如果timeoutPropose® > 2θ + timeoutPrecommit(r − 1), 那麼所有的正確處理單元都會在timeoutPropose®超時之前收到PROPOSAL消息.

By (3) and the rules at line 22 and 28, all correct processes will accept the PROPOSAL message for value v and will send a PREVOTE message for id(v) by time t + 2θ + timeoutPrecommit(r − 1). Note that by the Gossip communication property, the PREVOTE messages needed to trigger the rule at line 28 are received before time t + θ.

通過第3點以及代碼22和28行的規定, 所有正確的處理單元會接受v值的PROPOSAL消息以及發送id(v)的PREVOTE消息在時間t + 2θ + timeoutPrecommit(r − 1)之前. 注意基於gossip的通信特點, 在時間t + θ之前接收到的PREVOTE消息需要觸發28行代碼處的邏輯.

By time t + 3θ + timeoutPrecommit(r − 1), all correct processes will receive PROPOSAL for v and 2f + 1 corresponding PREVOTE messages for id(v). By the rule at line 36, all correct processes will send a PRECOMMIT message (see line 40) for id(v) by time t + 3θ + timeoutPrecommit(r − 1). Therefore, by time t + 4θ + timeoutPrecommit(r − 1), all correct processes will have received the PROPOSAL for v and 2f + 1 PRECOMMIT messages for id(v), so they decide at line 51 on v.

在時間t + 3θ + timeoutPrecommit(r − 1)之前, 所有的處理單元會接收到v的PROPOSAL以及2f + 1的id(v)的PREVOTE消息. 依據36行代碼的規定, 所有正確的處理單元會發送id(v)PRECOMMIT消息(參看第40行代碼)在時間t + 3θ + timeoutPrecommit(r − 1)之前. 因此, 在時間t + 4θ + timeoutPrecommit(r − 1)之前, 所有的正確處理單元都將收到v的PROPOSAL消息以及2f + 1的id(v)的PRECOMMIT消息, 所以在51行代碼他們將會決定v.

This scenario holds if every correct process q sends a PRECOMMIT message before timeoutPrevote® expires, and if timeoutPrecommit® does not expire before t + 4θ + timeoutPrecommit(r − 1). Let’s assume that a correct process c1 is the first correct process to trigger timeoutPrevote® (see the rule at line 34) at time t1 > t. This implies that before time t1, c1 received a PROPOSAL (stepc1 must be prevote by the rule at line 34) and a set of 2f + 1 PREVOTE messages. By time t1 + θ, all correct processes will receive those messages. Note that even if some correct process was in the smaller round before time t1, at time t1 + θ it will start round r after receiving those messages (see the rule at line 55). Therefore, all correct processes will send their PREVOTE message for id(v) by time t1 + θ, and all correct processes will receive those messages the by time t1 + 2θ. Therefore, as timeoutPrevote® > 2θ, this ensures that all correct processes receive PREVOTE messages from all correct processes before their respective local timeoutPrevote® expire.

如果所有處理單元q都發送了PRECOMMIT消息在timeoutPrevote®超時前, 並且在t + 4θ + timeoutPrecommit(r − 1)之前timeoutPrecommit®還未超時. 我們假設有一個正確處理單元c1是第一個觸發timeoutPrevote®(34行代碼)的正確處理單元在時間t1 > t. 這說明了在時間t1之前, c1收到了一個PROPOSAL消息(stepc1必須已經被預投了在34行代碼)以及一個2f + 1的PREVOTE的消息集. 在時間t1 + θ之前, 所有的正確處理單元都將接收到這些消息. 注意到在時間t1前甚至會有正確的處理單元在更小數值的輪中, 那麼在時間t1 + θ根據55行代碼該單元將會啓動新的輪r在接收到這些消息之後. 因此, 所有的處理單元在時間t1 + θ會發送id(v)的PREVOTE消息. 因此在timeoutPrevote® > 2θ, 這確保了所有正確的處理在timeoutPrevote®超時前能接收到來自所有正確處理單元的PREVOTE消息.

On the other hand, timeoutPrecommit® is triggered in a correct process c2 after it receives any set of 2f + 1 PRECOMMIT messages for the first time. Let’s denote with t2 > t the earliest point in time timeoutPrecommit® is triggered in some correct process c2. This implies that c2 has received at least f + 1 PRECOMMIT messages for id(v) from correct processes, i.e., those processes have received PROPOSAL for v and 2f + 1 PREVOTE messages for id(v) before time t2. By the Gossip communication property, all correct processes will receive those messages by time t2 + θ, and will send PRECOMMIT messages for id(v). Note that even if some correct processes were at time t2 in a round smaller than r, by the rule at line 55 they will enter round r by time t2 + θ. Therefore, by time t2 + 2θ, all correct processes will receive PROPOSAL for v and 2f + 1 PRECOMMIT messages for id(v). So if timeoutPrecommit® > 2θ, all correct processes will decide before the timeout expires.

另一方面, 正確的處理單元c2在第一次收到任何的2f + 1的PRECOMMIT消息後會觸發timeoutPrecommit®. 讓我們用t2(t2 > t)來表示最早單元c2的觸發timeoutPrecommit®的時間. 這說明了c2 至少從其他正確處理單元那邊接收到了id(v)的f + 1的PRECOMMIT消息, 因此, 這些處理單元已經接收到了v的PROPOSAL消息和id(v)的2f + 1的PREVOTE消息在時間t2之前. 根據Gossip的通信特徵, 所有的正確處理單元將會接收到這些消息在t2 + θ時間, 並且發送id(v)的PRECOMMIT消息. 注意到在時間t2前甚至會有正確的處理單元在更小數值的輪中, 那麼在時間t2 + θ根據55行代碼該單元將會啓動新的輪r在接收到這些消息之後. 因此在時間t2 + 2θ, 所有正確的處理單元都將接收到v的PROPOSAL消息和id(v)的2f + 1的PRECOMMIT消息. 所以如果timeoutPrecommit® > 2θ, 所有正確的處理單元將會決定值在超時到時前.

Lemma 6. If a correct process p locks a value v at time t0 > GST in some round r (lockedValue = v and lockedRound = r) and timeoutPrecommit® > 2θ, then all correct processes set validValue to v and validRound to r before starting round r + 1.

引理6: 如果正確處理單元p在時間t0(t0 > GST)在輪r(lockedValue = v以及lockedRound = r)以及timeoutPrecommit® > 2θ的情況下, 那麼所有的正確處理單元將會設置validValue爲v並且validRound爲r在啓動r + 1輪前.

Proof: In order to prove this Lemma, we need to prove that if the process p locks a value v at time t0, then no correct process will leave round r before time t0 + θ (unless it has already set validValue to v and validRound to r). It is sufficient to prove this, since by the Gossip communication property the messages that p received at time t0 and that triggered rule at line 36 will be received by time t0 + θ by all correct processes, so all correct processes that are still in round r will set validValue to v and validRound to r (by the rule at line 36). To prove this, we need to compute the earliest point in time a correct process could leave round r without updating validValue to v and validRound to r (we denote this time with t1). The Lemma is correct if t0 + θ < t1.

簡譯: 證明: 爲了證明該引理, 我們需要證明如果處理單元p鎖定了一個v值在時間t0, 那麼不存在正確的處理單元在時間t0 + θ前離開r輪(除非該單元配置了validValue爲v以及validRound爲r). 很充分的可以證明這一點, 通過gossip的通信特點p在時間t0接收到的消息那麼會在時間t0 + θ所有正確的處理單元會觸發36行的代碼邏輯, 那麼所有的正確處理單元會在輪r配置了validValue爲v以及validRound爲r. 爲了證明這點, 我們需要計量最早的處理單元在不更新validValue爲v以及validRound爲r的情況下離開r輪的最早時間. 依據該引理, 應該是t0 + θ < t1.

If the process p locks a value v at time t0, this implies that p received the valid PROPOSAL message for v and 2f + 1 <PREVOTE, h, r, id(v)> at time t0. At least f + 1 of those messages are sent by correct processes. Let’s denote this set of correct processes as C. By Lemma 1 any set of 2f + 1 PREVOTE messages in round r contains at least a single message from the set C.

如果處理單元p鎖定了v值在時間t0, 這說明了單元p接收到了有效的v的PROPOSAL消息以及2f + 1的<PREVOTE, h, r, id(v)>的消息在時間t0. 所以至少f + 1的消息是由正確的處理單元發送. 讓我們將這個正確的處理單元集合稱爲C. 基於引理1任何其他的2f + 1的PREVOTE的消息集合在r輪至少包含一個來自集合C的該消息.

Let’s denote as time t the earliest point in time a correct process, c1, triggered timeoutPrevote®. This implies that c1 received 2f + 1 PREVOTE messages (see the rule at line 34), where at least one of those messages was sent by a process c2 from the set C. Therefore, process c2 had received PROPOSAL message before time t. By the Gossip communication property, all correct processes will receive PROPOSAL and 2f +1 PREVOTE messages for round r by time t + θ. The latest point in time p will trigger timeoutPrevote® is t + θ9. So the latest point in time p can lock the value v in round r is t0 = t + θ+ timeoutPrevote® (as at this point timeoutPrevote® expires, so a process sends PRECOMMIT nil and updates step to precommit, see line 61).

我們用t表示最早由正確的處理單元c1觸發timeoutPrevote®的時間. 這說明了c1接收到了2f + 1的PREVOTE消息(參照34行代碼), 在這裏至少需要一個C集的c2單元發送了該消息. 那麼c2必然已經在t時間之前接收到了該PROPOSAL消息. 基於Gossip通信特點, 所有的正確處理單元將會接收到2f + 1的PREVOTE消息在r輪在時間 t + θ. 單元p能夠觸發timeoutPrevote®最晚時間爲t + θ. 同樣單元p能夠鎖定v值與r輪的最晚時間爲t0 = t + θ+ timeoutPrevote®

Note that according to the Algorithm 1, a correct process can not send a PRECOMMIT message before receiving 2f+1 PREVOTE messages. Therefore, no correct process can send a PRECOMMIT message in round r before time t. If a correct process sends a PRECOMMIT message for nil, it implies that it has waited for the full duration of timeoutPrevote® (see line 63)10. Therefore, no correct process can send PRECOMMIT for nil before time t + timeoutPrevote® (*).

根據算法1注意到, 一個正確的處理不能在接收到2f + 1PREVOTE的消息前發送PRECOMMIT消息. 因此, 沒有正確的處理單元能夠發送PRECOMMIT的消息在r輪在時間t之前. 如果正確的處理單元發送了nil的PRECOMMIT消息, 說明了該單元等待了完整的timeoutPrevote®的時間(在63行代碼). 因此, 沒有正確的處理單元能夠發送nil的PRECOMMIT消息在時間t + timeoutPrevote®之前(*).

A correct process q that enters round r+1 must wait (i) timeoutPrecommit® (see line 67) or (ii) receiving f + 1 messages from the round r + 1 (see the line 55). In the former case, q receives 2f + 1 PRECOMMIT messages before starting timeoutPrecommit®. If at least a single PRECOMMIT message from a correct process (at least f + 1 voting power equivalent of those messages is sent by correct processes) is for nil, then q cannot start round r + 1 before time t1 = t + timeoutPrevote® + timeoutPrecommit® (see (*)). Therefore in this case we have: t0 + θ < t1, i.e., t + 2θ + timeoutPrevote® < t + timeoutPrevote® + timeoutPrecommit®, and this is true whenever timeoutPrecommit® > 2θ, so Lemma holds in this case.

一個正確的處理單元q能夠保證進入輪r + 1必須等待(i)timeoutPrecommit®(67行代碼)或者(ii)接收到了f + 1的消息在輪r + 1(55行代碼). 前一種情況, q接收到了2f + 1的PRECOMMIT消息在timeoutPrecommit®開啓前. 如果有一個正確的處理單元發送了nil的PRECOMMIT消息(至少f + 1的票權的消息發送自正確的處理單元), 那麼q不能開啓r + 1輪在時間t1 = t + timeoutPrevote® + timeoutPrecommit®之前(參看(*)). 因此該情況下我們得出: t0 + θ < t1, 例如t + 2θ + timeoutPrevote® < t + timeoutPrevote® + timeoutPrecommit®, 因此只要滿足timeoutPrecommit® > 2θ, 那麼引理滿足該情況.

If in the set of 2f + 1 PRECOMMIT messages q receives, there is at least a single PRECOMMIT for id(v) message from a correct process c, then q can start the round r + 1 the earliest at time t1 = t + timeoutPrecommit®. In this case, by the Gossip communication property, all correct processes will receive PROPOSAL and 2f +1 PREVOTE messages (that c received before time t) the latest at time t+θ. Therefore, q will set validValue to v and validRound to r the latest at time t+θ. As t+θ < t+timeoutPrecommit®, whenever timeoutPrecommit® > θ, the Lemma holds also in this case.

如果q接收到了在2f + 1的PRECOMMIT消息, 那麼至少有一個單元c發送了id(v)的PRECOMMIT消息, 那麼單元q能夠啓動r + 1輪在最早的時間t1(t1 = t + timeoutPrecommit®). 該情況下, 基於gossip的通信特徵, 所有的處理單元能夠接收到PROPOSAL消息和2f + 1的PREVOTE消息(單元c在時間t接收)最晚時間爲t+θ. 因此, q會配置validValue爲v以及validRound爲r的最晚時間在t+θ. 由於t+θ < t+timeoutPrecommit®, 通過timeoutPrecommit® > θ得出, 所以該引理滿足該情況.

In case (ii), q received at least a single message from a correct process c from the round r + 1. The earliest point in time c could have started round r +1 is t+timeoutPrecommit® in case it received a PRECOMMIT message for v from some correct process in the set of 2f + 1 PRECOMMIT messages it received. The same reasoning as above holds also in this case, so q set validValue to v and validRound to r the latest by time t + θ. As t + θ < t + timeoutPrecommit®, whenever timeoutPrecommit® > θ, the Lemma holds also in this case.

在情況(ii), 單元q至少接收要接收到一個來自正確處理單元c在r + 1輪發的消息. 單元c最早能夠啓動r + 1輪的時間是t+timeoutPrecommit®除非c接收到了來自正確處理單元id(v)的2f + 1的PRECOMMIT消息. 在這種情況下也適用上述情況, 所以單元q設置了validValue爲v以及validRound爲r的最晚時間爲t + θ. 由於t + θ < t + timeoutPrecommit®, 只要timeoutPrecommit® > θ滿足, 該引理就滿足這種情況.

Lemma 7. Algorithm 1 satisfies Termination.

引理7: 算法1滿足最終性

Proof: Lemma 5 defines a scenario in which all correct processes decide. We now prove that within a bounded duration after GST such a scenario will unfold. Let’s assume that at time GST the highest round started by a correct process is r0, and that there exists a correct process p such that the following holds: for every correct process c, lockedRoundc ≤ validRoundp. Furthermore, we assume that p will be the proposer in some round r1 > r (this is ensured by the proposer function).

簡譯: 證明: 引理5給出了一個情形: 所有正確處理單元決定值. 我們現在證明在GST之後的有限時間內, 該情況將會發生. 讓我們假設在時間GST最高的r0輪由正確處理單元發起, 並且存在一個正確處理單元p滿足以下情況: 對於任意處理單元c, lockedRoundc ≤ validRoundp. 更進一步, 我們假設單元p將會在輪r1(r1 > r)稱爲提議人.

We have two cases to consider. In the first case, for all rounds r ≥ r0 and r < r1, no correct process locks a value (set lockedRound to r). So in round r1 we have the scenario from the Lemma 5, so all correct processes decides in round r1.

那我們需要考慮兩種情況. 第一情況, 對於所有了輪r >= r0以及r < r1, 沒有正確的處理單元能夠鎖定一個值(即置lockedRound爲r). 所以在r1輪我們可以得到如此情形, 所有的正確的處理單元在輪r1決定值.

In the second case, a correct process locks a value v in round r2, where r2 ≥ r0 and r2 < r1. Let’s assume that r2 is the highest round before r1 in which some correct process q locks a value. By Lemma 6 at the end of round r2 the following holds for all correct processes c: validValuec = lockedValueq and validRoundc = r2. Then in round r1, the conditions for the Lemma 5 holds, so all correct processes decide.

第二種情況, 一個正確的處理單元在r2輪鎖定了值v, 並且r2 ≥ r0以及r2 < r1. 我們可以假設r2是r1前的最大輪並且一些正確的處理單元q在該輪鎖定了值. 基於引理6在r2輪末尾對於所有正確處理單元c滿足該情況: validValuec = lockedValueq以及 validRoundc = r2. 然後進入r1輪, 由於引理5成立, 所以所有的正確處理單元都將參與值決定.

結論

We have proposed a new Byzantine-fault tolerant consensus algorithm that is the core of the Tendermint BFT SMR platform. The algorithm is designed for the wide area network with high number of mutually distrusted nodes that communicate over gossip based peer-to-peer network. It has only a single mode of execution and the communication pattern is very similar to the ”normal” case of the state-of-the art PBFT algorithm. The algorithm ensures termination with a novel mechanism that takes advantage of the gossip based communication between nodes. The proposed algorithm and the proofs are simple and elegant, and we believe that this makes it easier to understand and implement correctly.

簡譯: 我們提出了一種全新的拜占庭容錯共識算法其爲tendermint BFT SMR平臺的核心. 該算法是爲擁有大量互不信任節點的大規模網絡實現基於gossip的點對點通信而設計. 該算法只有一種執行模式以及通信模式與最新的PBFT算法的普通情況類似. 該算法運用gossip爲基礎通信的優點保證了新型的機制的最終性. 所提出的算法證明簡單而優雅, 我們相信這使得該算法更容易理解和正確實現.

Algorithm 1 Tendermint consensus algorithm

---

Initialization:
    hp := 0 /* current height, or consensus instance we are currently executing */
    roundp := 0 /* current round number */
    stepp ∈ {propose, prevote, precommit}
    decisionp[] := nil
    lockedValuep := nil
    lockedRoundp := −1
    validValuep := nil
    validRoundp := −1
upon start do StartRound(0)
Function StartRound(round) :
    roundp ← round
    stepp ← propose
    if proposer(hp, roundp) = p then
        if validValuep != nil then
            proposal ← validValuep
        else
            proposal ← getValue()
        broadcast <PROPOSAL, hp, roundp, proposal, validRoundp>
    else
        schedule OnTimeoutPropose(hp, roundp) to be executed after timeoutPropose(roundp)
upon <PROPOSAL, hp, roundp, v, −1> from proposer(hp, roundp) while stepp = propose do
    if valid(v) ∧ (lockedRoundp = −1 ∨ lockedValuep = v) then
        broadcast <PREVOTE, hp, roundp, id(v)>
    else
        broadcast <PREVOTE, hp, roundp, nil>
    stepp ← prevote
upon <PROPOSAL, hp, roundp, v, vr> from proposer(hp, roundp) AND 2f + 1 <PREVOTE, hp, vr, id(v)> while stepp = propose ∧ (vr ≥ 0 ∧ vr < roundp) do
    if valid(v) ∧ (lockedRoundp ≤ vr ∨ lockedValuep = v) then
        broadcast <PREVOTE, hp, roundp, id(v)>
    else
        broadcast <PREVOTE, hp, roundp, nil>
    stepp ← prevote
upon 2f + 1 <PREVOTE, hp, roundp, ∗> while stepp = prevote for the first time do
    schedule OnTimeoutPrevote(hp, roundp) to be executed after timeoutPrevote(roundp)
upon <PROPOSAL, hp, roundp, v, ∗> from proposer(hp, roundp) AND 2f + 1 <PREVOTE, hp, roundp, id(v)> while valid(v) ∧ stepp ≥ prevote for the first time do
    if stepp = prevote then
        lockedValuep ← v
        lockedRoundp ← roundp
        broadcast <PRECOMMIT, hp, roundp, id(v)>
        stepp ← precommit
    validValuep ← v
    validRoundp ← roundp
upon 2f + 1 <PREVOTE, hp, roundp, nil> while stepp = prevote do
    broadcast <PRECOMMIT, hp, roundp, nil>
    stepp ← precommit
upon 2f + 1 <PRECOMMIT, hp, roundp, ∗> for the first time do
    schedule OnTimeoutPrecommit(hp, roundp) to be executed after timeoutPrecommit(roundp)
upon <PROPOSAL, hp, r, v, ∗> from proposer(hp, r) AND 2f + 1 <PRECOMMIT, hp, r, id(v)> while decisionp[hp] = nil do
    if valid(v) then
        decisionp[hp] = v
        hp ← hp + 1
        reset lockedRoundp, lockedValuep, validRoundp and validValuep to initial values and empty message log
        StartRound(0)
upon f + 1 <∗, hp, round, ∗, ∗> with round > roundp do
    StartRound(round)
Function OnTimeoutPropose(height, round) :
    if height = hp ∧ round = roundp ∧ stepp = propose then
        broadcast <PREVOTE, hp, roundp, nil>
        stepp ← prevote
Function OnTimeoutPrevote(height, round) :
    if height = hp ∧ round = roundp ∧ stepp = prevote then
        broadcast <PRECOMMIT, hp, roundp, nil>
        stepp ← precommit
Function OnTimeoutPrecommit(height, round) :
    if height = hp ∧ round = roundp then
        StartRound(roundp + 1)