The signature algorithm SM in the question of the Byzantine general and related proofs.

These contents are summarized by the author himself. If any of them is incorrect, please reply and correct them.

In the previous article, I wrote some questions about the algorithm when a signature is available. Here is a detailed explanation:

Lamport proposed in the article that the cause of the errors in verbal communication is that some traitors can lie. Here, the signature is used to prevent lying. Two conditions are added to the signature algorithm:

That is, the signature of an A4 (a) loyal general cannot be forged and the content modification can be detected. (That is, even a traitor must sign the letter intact to forward the message)

(B) Anyone can recognize the signature of a General. A traitor can forge the signature of a general. (The last half is specified in the second half of the paper ).

In addition, Lamport specifies that each message can only be copied, and then its name is added and then sent out.

The following is a specific algorithm:

For this algorithm:

The Vi in the initialization is similar to a set, which indicates the command received by General I. For example, Vi = {Attack} indicates a set because there are no repeated commands in Vi. This is clearly described in (B) of the algorithm.

In algorithm (1), the generals broadcast messages with their names to all the deputies. Note that the format here is V: 0 V, which is a command. 0 represents your identity.

(2) In (A) In this section, each Vice President will receive A message V; command V in 0 is put into their own command set Vi (because their command set is empty at the beginning, so there is no repeated problem) and then: they copy the command, add your own signature to get the message: V: 0: I and then send it to another deputy director.

In (B), because I will also receive a message from another deputy officer v: 0: 1 :...: jk. at this time, I will judge that v is not in its own command set. If it does not exist, I will add v to Vi and sign the information in the case of k <m.

Note the following points. A) if the generals are loyal, the signatures of loyal generals cannot be changed, so all commands are only V, but the signatures of messages are different, then the Deputy will not add repeated commands to Vi, so this is what lamport mentioned in the paper. If the General is loyal, then each deputy will only save a single order. The reason why this is mentioned here is the need for later proof.

B) Why is it sent when k <m, this is because each piece of information only needs to be copied to m + 1 (here, when the general is signed, it is also a signature, and we can find that each signature is a copy once ), it is unnecessary to exceed m. The reason for such a rule is that we only need to copy m + 1 and all the loyal ministers can reach an agreement.

(3) In this step, the choice function is executed when an assistant does not receive any messages. We will not receive the message here. The lamport rule is that we will not receive the message after more than one time. Here, the choice function lamport is not implemented in detail. It just thinks that this command is obtained when there is only one command in Vi. When Vi and Vj are equal, choice performs the same result, that is, they can reach an agreement that will only appear when the General is a traitor, in this way, the IC1 condition is met.

When step 3 ends, you can get the consistent command.

Next let's take a look at how lamport proves that only m + 1 copy is required.

The general idea of proof is:

Situation (1) if the general is loyal, as we mentioned when discussing algorithms, the deputy officers of all loyal ministers may only receive a single order and then pass the choice function to get the command of the General, so ic2.

Case 2: The general is a traitor. The general idea of proof is to prove Vi, and Vj is the same set. That is, you only need to prove that if I put command v into Vi in step 2, j will also put command v into Vj.

Let's verify this:

If I want to put the v command into Vi, I will certainly receive a message, V: 0: j1: j2:... jk. We will discuss the following:

(1) If j belongs to j1 ~ One of jk, since he signed the message, he certainly received the message v, so in this case it is satisfied.

(2) If j does not belong to j1 ~ Then we will discuss the scope of k in one of jk:

A. if k <m, I will definitely sign my name and forward the message to all the deputy officers. Of course, there will certainly be vice president j (according to ii in algorithm B ), in this case, j either saves v in the command set vj without v, or ignores it in the existing case. However, in either case, the Vj and Vi are consistent.

B. If k = m. At this time, I will not forward this message. But because there are only m traitors and generals are traitors, one of the m + 1 replicas must be loyal to the other, the loyal minister will directly send the message v of the traitor general to all the deputy officers without modifying the message, including j, so it can be ensured in this case.

Now we use an instance to prove that:

When n = 4 and m = 2, the fault tolerance (or exchange) can be completed only after m + 1 replication ).

Now, all the cases have been taken into consideration. If you still do not understand it, you can reply and ask.