{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"共識算法,可以理解爲是","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"爲了實現分佈式一致性協議而產生的一系列流程與規則","attrs":{}},{"type":"text","text":"。當分佈在不同地域的節點都按照這套規則進行協商交互之後,最終總能就某個/某些問題得到一致的決策,從而實現分佈式系統中不同節點的一致性。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"起源","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"早期的計算機應用大都是單體架構,即單個處理器就能夠承接所有的計算任務、讀寫任務等,那時候的計算機只需要負責將自己收到的任務按序執行、提交併返回即可,因此在那個時期,研究人員的主要研究內容是如何將單核處理器的性能優化到極致。然而,隨着互聯網的出現與發展,數據量呈現爆發式增長,單靠一個處理器已經無法滿足常規的業務需求,分佈式系統架構橫空出世。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統簡單來說就是一系列處理器/節點通過消息交互的形式協同處理一系列的事務,從而達到橫向擴展性能、提升災備屬性的效果。爲了能夠達到橫向擴展,需要所有節點共享相同的數據副本,自然而然地也就解決了單點故障的問題。分佈式系統極大提升了單體架構的性能上限,但也不可避免地引入了分佈式一致性問題。分佈式一致性問題指的是:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在分佈式系統中,當某些節點出現異常時,如何保證整個系統對外的表現仍然一致。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這裏需要關注3個詞語,即“某些”、“異常”以及“一致”。","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一致:分佈式一致性大致分爲強一致性、弱一致性、最終一致性,由於各個分類涉及的細節較多,本文不做過多贅述。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"異常:在分佈式系統中,不同節點通常分佈在不同的地域,因此同一時間不同節點的狀態可能不受控。節點可能出現一些","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"良性錯誤","attrs":{}},{"type":"text","text":",例如宕機、網絡延遲/斷開等;也可能出現一些","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"惡意錯誤","attrs":{}},{"type":"text","text":",例如僞造消息、向不同節點發送不同的投票等。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"良性錯誤","attrs":{}},{"type":"text","text":"通常是由於機器/網絡故障導致的節點暫時不在線,通過人爲介入是可以恢復到宕機之前的狀態的,因此不會對整個系統的安全性造成威脅;而","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"惡意錯誤","attrs":{}},{"type":"text","text":"也就是我們通常所說的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"拜占庭錯誤","attrs":{}},{"type":"text","text":",則可能由於某些節點的惡意攻擊導致整個集羣出現不可預估的崩潰。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"某些:爲了應對上述兩種不同類型的錯誤(非拜占庭錯誤與拜占庭錯誤),我們需要設計不同的協議來解決/容忍有限量的錯誤。通常來說,非拜占庭容錯的共識算法能夠容忍不超過1/2的節點出現良性錯誤;拜占庭容錯的共識算法能夠容忍不超過1/3的節點出現良性/惡意錯誤。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統的一致性問題早在上世紀七八十年代就開始了研究,奠定了非常紮實的理論基礎,不過在後來相當長的一段時間內理論研究幾乎停滯。直到近年來,區塊鏈系統的出現又促進了分佈式一致性問題研究的蓬勃發展。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"本文將分別介紹分佈式領域內一些非常重要的模型假設/定理/理論等。","attrs":{}},{"type":"text","text":"隨後,將從傳統分佈式一致性算法與典型區塊鏈共識算法的角度剖析共識算法的發展歷程。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"網絡模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統建立在許多通過網絡連接或者其他方式進行消息通信的節點之上,而網絡通信的不確定性會限制共識算法的設計。通信模型定義了不同消息延遲對於分佈式系統的限制能力。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"總的來說,一共存在三種類型的通信模型,分別是同步模型、異步模型與部分同步模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(1) 同步模型(Synchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在同步模型中,所有節點之間的消息通信都存在一個已知的延遲上界,並且不同節點處理事務的相對速度差值有一個已知上界。同步模型是一個非常理想的通信模型,在現實生活中幾乎不可見,但是在分佈式系統的理論研究中卻發揮着及其重要的作用,許多早期的分佈式一致性算法都是在同步網絡假設下設計的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(2) 異步模型(Asynchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在異步模型中,上述的假設上界都不存在,因此異步模型比較符合現實的互聯網環境。異步與同步相比,是一種更通用的情況。一個適用於異步系統的算法,也能被用於同步系統,但是反過來並不成立。在異步模型中設計一個正確的共識算法已經被證明是不可能的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(3) 部分同步模型(Partial Synchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"部分同步模型是界於同步模型與異步模型之間的一種通信模型,於1988年由Dwork, Lynch等人在論文[1]中提出。該模型中假設存在一個全局穩定時鐘GST(Global Stabilization Time),在GST之前整個系統可能處於異步狀態,但是在GST之後,整個系統可以恢復到同步狀態。部分同步模型的時序假設比較貼合現實世界中對共識算法的需求,即共識總是可以在同步狀態下完成,然而一旦網絡出現問題,共識可能會進入一段時間的阻塞,直至網絡恢復正常。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"拜占庭將軍問題","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1982年,Leslie Lamport、Robert Shostak和Marshall Pease三位科學家發表了一篇論文[2],提出了著名的拜占庭將軍問題。拜占庭將軍問題首次假設了分佈式系統中存在惡意節點的情況,並給出了在同步網絡模型下的解法(雖然在此之前,同步模型與異步模型還沒有明確的定義)。在拜占庭將軍問題中,節點不止會出現宕機或者斷網等良性錯誤,還有可能出現任意情況的拜占庭錯誤,例如硬件或者軟件故障導致的節點不按程序邏輯運行,甚至於節點程序被人惡意操縱等等。總之,拜占庭錯誤更加貼近於實際生活中面臨的故障模型,同時它也是分佈式系統中最難解決的故障模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據是否容忍拜占庭錯誤,我們可以將共識算法分爲兩類:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"CFT類共識算法:僅能夠容忍宕機、網絡延遲/斷開等良性錯誤的共識算法","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"BFT類共識算法:除了能夠容忍上述錯誤,還能夠容忍任意類型的惡意攻擊的共識算法","attrs":{}}]}]}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"FLP不可能定理","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1985年,Fischer、Lynch和Patterson三位科學家發表了論文[3],提出了著名的FLP不可能定理。作爲分佈式系統領域內最重要的定理之一,它給出了一個非常重要結論:在一個異步通信網絡中,只要存在一個故障節點,那麼就不存在一種完美的共識算法可以正確的終止。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FLP的出現,從理論的角度告訴人們可以不用再想方設法地去設計一個異步網絡中始終能夠達成一致的共識算法。因此,後續的共識算法設計中通常會在某些方面做出妥協,例如網絡假設不再是異步模型而是選擇部分同步模型,即允許存在一定時間的異步網絡狀態,該期間無法達成共識,但是隻要網絡恢復到同步狀態,就可以立即完成共識,這樣雖然對於系統的活性有一定的影響,但是隻要能夠保證系統的安全性,依然是一個可接受的共識算法。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"CAP理論","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2000年,加州大學伯克利分校的Eric Brewer教授在ACM PODC會議上提出CAP猜想。2年後,麻省理工學院的Seth Gilbert和Nancy Lynch從理論上證明了CAP。此後,CAP理論正式成爲分佈式領域的公認定理:一個分佈式系統最多隻能同時滿足如下三種特性中的兩種:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一致性(Consistency)","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可用性(Availability)","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分區容錯性(Partition tolerance)","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在分佈式系統尤其是區塊鏈系統中,營造一個高可用甚至永遠不會出錯的網絡環境需要付出高昂的代價。因此一般來說,區塊鏈系統必須滿足分區容錯性這一特質。那麼對於區塊鏈系統來說,就只能在一致性與可用性之間做出權衡與讓步。例如大型公鏈系統中有成千上萬的節點運行在世界的各個角落中,因此幾乎不可能設計出一個強一致的共識算法保證所有節點同時對外提供一致的讀寫服務。PoW算法是通過犧牲強一致性,退而求其次地滿足最終一致性、可用性與分區容錯性。儘管PoW網絡隨時有分叉的可能性,即已經上鍊的區塊有可能被回退掉,但是隨着時間的推移,靠前的區塊得到越來越多的確認,那麼其被回退的可能性就越來越低,以至於達到一種幾乎不可能被回退的最終一致性。在此期間,每一個節點都可以正常的對外提供讀寫服務。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"總結","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過前人的研究,我們已經能夠大致理解了一個共識算法能夠正確運轉的條件:即在一個傳統的分佈式系統中,一個實用的共識算法需要能夠安全地運行在部分同步網絡模型中。其實,早期分佈式一致性算法的研究大都集中在非拜占庭的部分同步網絡模型環境下,例如經典的Paxos、ViewStamped Replication、ZAB等。直到PBFT算法的提出,纔出現了第一個可實用的拜占庭容錯共識算法原型。上述這些算法本身已經能夠非常好地解決一致性的問題,因此在相當長的一段時間內,都沒有新型共識算法被提出。但是近年來,隨着人們對於共識算法可理解性、易實現性、吞吐量等要求的不斷提高,湧現出了非常多優秀的共識算法,例如CFT類的RAFT、BFT類的HotStuff等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在區塊鏈系統或者說比特幣出現之前,已經有非常多的應用從單數據中心單數據庫模式轉變成了多地多中心的分佈式數據庫模式,然而此類的應用通常還是部署在同一個機構/公司內部服務器上。與此不同的是,在區塊鏈這樣一個承載着價值傳輸的分佈式系統上,節點可能分佈在全球各地,並且不受任何單一的機構/組織控制,因此區塊鏈共識算法必須要考慮到惡意節點的存在,保證區塊鏈上的價值不會被惡意節點操縱,即區塊鏈共識算法是需要容忍拜占庭錯誤的。而爲了能夠應對拜占庭攻擊,不同的區塊鏈系統走上了不同的道路。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在公有鏈中,常見的選擇是通過工作量證明算法(PoW)來防止拜占庭攻擊","attrs":{}},{"type":"text","text":",由於每次競爭出塊權都需要解決一個非常複雜的數學難題,因此在這第一步就已經阻擋了絕大多數的攻擊者;其次,每一個新構造出來的區塊都必須經過其他礦工節點的驗證,因此不可能在區塊中包含非法/重複的交易;而如果想要僞造一條包含非法交易的鏈,除非攻擊者掌握全世界範圍內超過50%的算力,這顯然是不可能的,即便存在這樣一條鏈,一旦被發現有非法交易存在必然會導致該鏈信譽的下降從而導致巨量的損失,這對於攻擊者來說顯然也是不合算的。最終,上述的規則會引導所有嘗試出塊的節點都到一條“正確的最長鏈”上競爭,因爲這樣做纔是利益最大化的選擇。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在聯盟鏈中,常見的選擇是通過理論完備的BFT共識算法來防止拜占庭攻擊。","attrs":{}},{"type":"text","text":"由於聯盟鏈的共識節點通常由參與方機構管理,因此准入門檻本身就比較高;其次,聯盟鏈中的共識缺乏經濟激勵,因此需要通過更強的理論來進行約束。然而完全按照一個共識算法的原型來實現的話,依舊會存在一些問題。例如,傳統PBFT算法中主節點是固定的,如果能夠控制主節點,即便不讓它打包非法交易,也可以控制它偏向性地打包某些賬戶的交易,從而導致其他賬戶的交易被阻塞而無法上鍊。因此,在應用BFT共識算法的過程中,還需要爲區塊鏈特性加上一些特殊的功能,例如選擇不可預測的主節點,爲節點加上信譽值從而通過信譽值來選擇主節點等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"敬請期待下篇《什麼是共識(生活篇)》","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"對於共識算法有興趣的小夥伴,可以添加小助手桔子(18458407117)加入技術交流羣,歡迎您和我們共享觀點,共論區塊鏈的無限未來~","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"作者簡介","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"端豪","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣鏈科技基礎平臺部共識算法研究小組","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"參考文獻","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[1] Dwork C, Lynch N, Stockmeyer L. Consensus in the presence of partial synchrony[J]. Journal of the ACM (JACM), 1988, 35(2): 288-323.","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[2] Lamport L, Shostak R, Pease M. The Byzantine generals problem[M]//Concurrency: the Works of Leslie Lamport. 2019: 203-226.","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[3] Fischer M J, Lynch N A, Paterson M S. Impossibility of distributed consensus with one faulty process[J]. Journal of the ACM (JACM), 1985, 32(2): 374-382.","attrs":{}}]}]}
什麼是共識?(理論篇)
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"共識算法,可以理解爲是","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"爲了實現分佈式一致性協議而產生的一系列流程與規則","attrs":{}},{"type":"text","text":"。當分佈在不同地域的節點都按照這套規則進行協商交互之後,最終總能就某個/某些問題得到一致的決策,從而實現分佈式系統中不同節點的一致性。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"起源","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"早期的計算機應用大都是單體架構,即單個處理器就能夠承接所有的計算任務、讀寫任務等,那時候的計算機只需要負責將自己收到的任務按序執行、提交併返回即可,因此在那個時期,研究人員的主要研究內容是如何將單核處理器的性能優化到極致。然而,隨着互聯網的出現與發展,數據量呈現爆發式增長,單靠一個處理器已經無法滿足常規的業務需求,分佈式系統架構橫空出世。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統簡單來說就是一系列處理器/節點通過消息交互的形式協同處理一系列的事務,從而達到橫向擴展性能、提升災備屬性的效果。爲了能夠達到橫向擴展,需要所有節點共享相同的數據副本,自然而然地也就解決了單點故障的問題。分佈式系統極大提升了單體架構的性能上限,但也不可避免地引入了分佈式一致性問題。分佈式一致性問題指的是:","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在分佈式系統中,當某些節點出現異常時,如何保證整個系統對外的表現仍然一致。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這裏需要關注3個詞語,即“某些”、“異常”以及“一致”。","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一致:分佈式一致性大致分爲強一致性、弱一致性、最終一致性,由於各個分類涉及的細節較多,本文不做過多贅述。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"異常:在分佈式系統中,不同節點通常分佈在不同的地域,因此同一時間不同節點的狀態可能不受控。節點可能出現一些","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"良性錯誤","attrs":{}},{"type":"text","text":",例如宕機、網絡延遲/斷開等;也可能出現一些","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"惡意錯誤","attrs":{}},{"type":"text","text":",例如僞造消息、向不同節點發送不同的投票等。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"良性錯誤","attrs":{}},{"type":"text","text":"通常是由於機器/網絡故障導致的節點暫時不在線,通過人爲介入是可以恢復到宕機之前的狀態的,因此不會對整個系統的安全性造成威脅;而","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"惡意錯誤","attrs":{}},{"type":"text","text":"也就是我們通常所說的","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"拜占庭錯誤","attrs":{}},{"type":"text","text":",則可能由於某些節點的惡意攻擊導致整個集羣出現不可預估的崩潰。","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"某些:爲了應對上述兩種不同類型的錯誤(非拜占庭錯誤與拜占庭錯誤),我們需要設計不同的協議來解決/容忍有限量的錯誤。通常來說,非拜占庭容錯的共識算法能夠容忍不超過1/2的節點出現良性錯誤;拜占庭容錯的共識算法能夠容忍不超過1/3的節點出現良性/惡意錯誤。","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統的一致性問題早在上世紀七八十年代就開始了研究,奠定了非常紮實的理論基礎,不過在後來相當長的一段時間內理論研究幾乎停滯。直到近年來,區塊鏈系統的出現又促進了分佈式一致性問題研究的蓬勃發展。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"本文將分別介紹分佈式領域內一些非常重要的模型假設/定理/理論等。","attrs":{}},{"type":"text","text":"隨後,將從傳統分佈式一致性算法與典型區塊鏈共識算法的角度剖析共識算法的發展歷程。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"網絡模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分佈式系統建立在許多通過網絡連接或者其他方式進行消息通信的節點之上,而網絡通信的不確定性會限制共識算法的設計。通信模型定義了不同消息延遲對於分佈式系統的限制能力。","attrs":{}},{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"總的來說,一共存在三種類型的通信模型,分別是同步模型、異步模型與部分同步模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(1) 同步模型(Synchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在同步模型中,所有節點之間的消息通信都存在一個已知的延遲上界,並且不同節點處理事務的相對速度差值有一個已知上界。同步模型是一個非常理想的通信模型,在現實生活中幾乎不可見,但是在分佈式系統的理論研究中卻發揮着及其重要的作用,許多早期的分佈式一致性算法都是在同步網絡假設下設計的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(2) 異步模型(Asynchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在異步模型中,上述的假設上界都不存在,因此異步模型比較符合現實的互聯網環境。異步與同步相比,是一種更通用的情況。一個適用於異步系統的算法,也能被用於同步系統,但是反過來並不成立。在異步模型中設計一個正確的共識算法已經被證明是不可能的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(3) 部分同步模型(Partial Synchronous model)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"部分同步模型是界於同步模型與異步模型之間的一種通信模型,於1988年由Dwork, Lynch等人在論文[1]中提出。該模型中假設存在一個全局穩定時鐘GST(Global Stabilization Time),在GST之前整個系統可能處於異步狀態,但是在GST之後,整個系統可以恢復到同步狀態。部分同步模型的時序假設比較貼合現實世界中對共識算法的需求,即共識總是可以在同步狀態下完成,然而一旦網絡出現問題,共識可能會進入一段時間的阻塞,直至網絡恢復正常。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"拜占庭將軍問題","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1982年,Leslie Lamport、Robert Shostak和Marshall Pease三位科學家發表了一篇論文[2],提出了著名的拜占庭將軍問題。拜占庭將軍問題首次假設了分佈式系統中存在惡意節點的情況,並給出了在同步網絡模型下的解法(雖然在此之前,同步模型與異步模型還沒有明確的定義)。在拜占庭將軍問題中,節點不止會出現宕機或者斷網等良性錯誤,還有可能出現任意情況的拜占庭錯誤,例如硬件或者軟件故障導致的節點不按程序邏輯運行,甚至於節點程序被人惡意操縱等等。總之,拜占庭錯誤更加貼近於實際生活中面臨的故障模型,同時它也是分佈式系統中最難解決的故障模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據是否容忍拜占庭錯誤,我們可以將共識算法分爲兩類:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"CFT類共識算法:僅能夠容忍宕機、網絡延遲/斷開等良性錯誤的共識算法","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"BFT類共識算法:除了能夠容忍上述錯誤,還能夠容忍任意類型的惡意攻擊的共識算法","attrs":{}}]}]}],"attrs":{}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"FLP不可能定理","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1985年,Fischer、Lynch和Patterson三位科學家發表了論文[3],提出了著名的FLP不可能定理。作爲分佈式系統領域內最重要的定理之一,它給出了一個非常重要結論:在一個異步通信網絡中,只要存在一個故障節點,那麼就不存在一種完美的共識算法可以正確的終止。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"FLP的出現,從理論的角度告訴人們可以不用再想方設法地去設計一個異步網絡中始終能夠達成一致的共識算法。因此,後續的共識算法設計中通常會在某些方面做出妥協,例如網絡假設不再是異步模型而是選擇部分同步模型,即允許存在一定時間的異步網絡狀態,該期間無法達成共識,但是隻要網絡恢復到同步狀態,就可以立即完成共識,這樣雖然對於系統的活性有一定的影響,但是隻要能夠保證系統的安全性,依然是一個可接受的共識算法。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"CAP理論","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2000年,加州大學伯克利分校的Eric Brewer教授在ACM PODC會議上提出CAP猜想。2年後,麻省理工學院的Seth Gilbert和Nancy Lynch從理論上證明了CAP。此後,CAP理論正式成爲分佈式領域的公認定理:一個分佈式系統最多隻能同時滿足如下三種特性中的兩種:","attrs":{}}]},{"type":"bulletedlist","content":[{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"一致性(Consistency)","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"可用性(Availability)","attrs":{}}]}]},{"type":"listitem","attrs":{"listStyle":null},"content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"分區容錯性(Partition tolerance)","attrs":{}}]}]}],"attrs":{}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在分佈式系統尤其是區塊鏈系統中,營造一個高可用甚至永遠不會出錯的網絡環境需要付出高昂的代價。因此一般來說,區塊鏈系統必須滿足分區容錯性這一特質。那麼對於區塊鏈系統來說,就只能在一致性與可用性之間做出權衡與讓步。例如大型公鏈系統中有成千上萬的節點運行在世界的各個角落中,因此幾乎不可能設計出一個強一致的共識算法保證所有節點同時對外提供一致的讀寫服務。PoW算法是通過犧牲強一致性,退而求其次地滿足最終一致性、可用性與分區容錯性。儘管PoW網絡隨時有分叉的可能性,即已經上鍊的區塊有可能被回退掉,但是隨着時間的推移,靠前的區塊得到越來越多的確認,那麼其被回退的可能性就越來越低,以至於達到一種幾乎不可能被回退的最終一致性。在此期間,每一個節點都可以正常的對外提供讀寫服務。","attrs":{}}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"總結","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"通過前人的研究,我們已經能夠大致理解了一個共識算法能夠正確運轉的條件:即在一個傳統的分佈式系統中,一個實用的共識算法需要能夠安全地運行在部分同步網絡模型中。其實,早期分佈式一致性算法的研究大都集中在非拜占庭的部分同步網絡模型環境下,例如經典的Paxos、ViewStamped Replication、ZAB等。直到PBFT算法的提出,纔出現了第一個可實用的拜占庭容錯共識算法原型。上述這些算法本身已經能夠非常好地解決一致性的問題,因此在相當長的一段時間內,都沒有新型共識算法被提出。但是近年來,隨着人們對於共識算法可理解性、易實現性、吞吐量等要求的不斷提高,湧現出了非常多優秀的共識算法,例如CFT類的RAFT、BFT類的HotStuff等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在區塊鏈系統或者說比特幣出現之前,已經有非常多的應用從單數據中心單數據庫模式轉變成了多地多中心的分佈式數據庫模式,然而此類的應用通常還是部署在同一個機構/公司內部服務器上。與此不同的是,在區塊鏈這樣一個承載着價值傳輸的分佈式系統上,節點可能分佈在全球各地,並且不受任何單一的機構/組織控制,因此區塊鏈共識算法必須要考慮到惡意節點的存在,保證區塊鏈上的價值不會被惡意節點操縱,即區塊鏈共識算法是需要容忍拜占庭錯誤的。而爲了能夠應對拜占庭攻擊,不同的區塊鏈系統走上了不同的道路。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在公有鏈中,常見的選擇是通過工作量證明算法(PoW)來防止拜占庭攻擊","attrs":{}},{"type":"text","text":",由於每次競爭出塊權都需要解決一個非常複雜的數學難題,因此在這第一步就已經阻擋了絕大多數的攻擊者;其次,每一個新構造出來的區塊都必須經過其他礦工節點的驗證,因此不可能在區塊中包含非法/重複的交易;而如果想要僞造一條包含非法交易的鏈,除非攻擊者掌握全世界範圍內超過50%的算力,這顯然是不可能的,即便存在這樣一條鏈,一旦被發現有非法交易存在必然會導致該鏈信譽的下降從而導致巨量的損失,這對於攻擊者來說顯然也是不合算的。最終,上述的規則會引導所有嘗試出塊的節點都到一條“正確的最長鏈”上競爭,因爲這樣做纔是利益最大化的選擇。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"在聯盟鏈中,常見的選擇是通過理論完備的BFT共識算法來防止拜占庭攻擊。","attrs":{}},{"type":"text","text":"由於聯盟鏈的共識節點通常由參與方機構管理,因此准入門檻本身就比較高;其次,聯盟鏈中的共識缺乏經濟激勵,因此需要通過更強的理論來進行約束。然而完全按照一個共識算法的原型來實現的話,依舊會存在一些問題。例如,傳統PBFT算法中主節點是固定的,如果能夠控制主節點,即便不讓它打包非法交易,也可以控制它偏向性地打包某些賬戶的交易,從而導致其他賬戶的交易被阻塞而無法上鍊。因此,在應用BFT共識算法的過程中,還需要爲區塊鏈特性加上一些特殊的功能,例如選擇不可預測的主節點,爲節點加上信譽值從而通過信譽值來選擇主節點等。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"敬請期待下篇《什麼是共識(生活篇)》","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"對於共識算法有興趣的小夥伴,可以添加小助手桔子(18458407117)加入技術交流羣,歡迎您和我們共享觀點,共論區塊鏈的無限未來~","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"作者簡介","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"端豪","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"趣鏈科技基礎平臺部共識算法研究小組","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"參考文獻","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[1] Dwork C, Lynch N, Stockmeyer L. Consensus in the presence of partial synchrony[J]. Journal of the ACM (JACM), 1988, 35(2): 288-323.","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[2] Lamport L, Shostak R, Pease M. The Byzantine generals problem[M]//Concurrency: the Works of Leslie Lamport. 2019: 203-226.","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"[3] Fischer M J, Lynch N A, Paterson M S. Impossibility of distributed consensus with one faulty process[J]. Journal of the ACM (JACM), 1985, 32(2): 374-382.","attrs":{}}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章