Quantum Byzantine agreement

Quantum Byzantine agreement

Byzantine fault tolerant protocols are algorithms that are robust to arbitrary types of failures in distributed algorithms. With the advent and popularity of the internet, there is a need to develop algorithms that do not require any centralized control that have some guarantee of always working correctly. The Byzantine agreement protocol is an essential part of this task. In this article we describe the quantum version of the Byzantine protocol in Michael Ben-Or and Avinatan Hassidim,Fast quantum byzantine agreement,STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing,pg 481-485 [2005] ] which works in constant time.

Introduction

The Byzantine Agreement protocol is a protocol in distributed computing.It takes its name from a problem formulated by Lamport, Shostak and Pease in 1982 L. Lamport and R. Shostak and M. Pease, The Byzantine Generals Problem, ACM Trans. Program. Lang. Syst., volume 4, number 3, pg 382-401 [1982] ] , which itself is a reference to a historical problem. We give a brief summary here. The Byzantine was divided into divisions with each division being led by a General with the following properties:

*Each General is either loyal or a traitor to the Byzantine state.
*All Generals communicate by sending and receiving messages.
*There are only two commands: attack and retreat.
*All loyal Generals should agree on the same plan of action retreat or attack.
*A small linear fraction of bad Generals should not cause the protocol to fail (less than a frac{1}{3} fraction).(See Michael J. Fisher, Nancy A. Lynch,Michael S. Paterson,Impossibility of Distributed Consensus with One Faulty Process, Journal of the ACM volume 32, issue=2, pg 374-382 [http://portal.acm.org/citation.cfm?doid=3149.214121 Impossibility of Distributed Consensus with One Faulty Process] [1985] ] for the proof of the impossibility result). The problem usually is equivalently restated in the form of a commanding General and loyal Lieutenants with the General being either loyal or a traitor and the same for the Lieutenants with the following properties.

*All loyal Lieutenants carry out the same order.
*If the commanding General is loyal, all loyal Lieutenants obey the order that he sends.
*A strictly less than frac{1}{3} fraction including the commanding General are traitors.

Byzantine Failure and Resilience

Failures in an algorithm or protocol can be categorized into three main types:
# A failure to take another execution step in the algorithm: This is usually referred to as a "fail stop" fault.
# A failure where the algorithm randomly fails to execute correctly: This is called a "random fault" or "random Byzantine" fault.
# An arbitrary failure where the algorithm fails to execute the steps correctly (usually in a clever way by some adversary to make the whole algorithm fail) which also encompasses the previous two types of faults: This is called a "Byzantine fault".

A Byzantine resilient or Byzantine fault tolerant protocol or algorithm is an algorithm that is robust to all the kinds of failures mentioned above. For example, given a space shuttle with multiple redundant processors and some of the processors give incorrect data, which processors or sets of processors should be believed? The solution can be formulated as a Byzantine fault tolerant protocol.

ketch of the Algorithm

We will sketch here the asynchronous algorithm Michael Ben-Or and Avinatan Hassidim,Fast quantum byzantine agreement, STOC '05: Proceedings of the thirty-seventh annual ACM symposium on Theory of computing,pg 481-485 [2005] ] The algorithm works in two phases
*Phase 1 (Communication phase)::All messages are sent and received in this round
*Phase 2 (Computation phase)::This Phase begins only after the first phase has ended. All the messages received are processed

The protocol relies on two other algorithms to work correctly

Coin flipping protocol

*A quantum coin flipping protocol Ashwin Nayak and Peter Shor, On bit-commitment based quantum coin flipping, arxiv [http://arxiv.org/abs/quant-ph/0206123v1] ] , C. Doscher and M. Keyl, An introduction to quantum coin-tossing, arxiv [http://arxiv.org/abs/quant-ph/0206088v1] ] , I. Kerenidis, A. Nayak, coin flipping with small bias, arxiv [http://arxiv.org/abs/quant-ph/0206121v2] ] : :A coin flipping protocol is a procedure that allows two parties A and B that do not trust each other to toss a coin to win a particular object.There are two types of coin flipping protocols
** weak coin flipping protocols I. Kerenidis, A. Nayak, coin flipping with small bias, arxiv [http://arxiv.org/abs/quant-ph/0206121v2] ] : The two players A and B initially start with no inputs and they are to compute some value c_{A},c_{B} in [0,1] and be able to accuse anyone of cheating. The protocol is successful if A and B agree on the outcome. The outcome 0 is defined as A winning and 1 as B winning. The protocol has the following properties:
***If both players are honest (they follow the protocol), then they agree on the outcome of the protocol c_{A} = c_{B} with Pr(c_{A} = c_{B} = b) = frac{1}{2} for a,b in {0, 1}.
***If one of the players is honest (i.e., the other player may deviate arbitrarily from the protocol in his or her local computation), then the other party wins with probability at most frac{1}{2} + epsilon. In other words, if B is dishonest, then Pr(c_{A} = c_{B} = 1) leq frac{1}{2} + epsilon, and if A is dishonest, then Pr(c_{A} = c_{B} = 0)leq frac{1}{2} + epsilon .
** A strong coin flipping protocol: In a strong coin flipping protocol, the goal is instead to produce a random bit which is biased away from any particular value 0 or 1. Clearly, any strong coin flipping protocol with bias epsilon leads to weak coin flipping with the same bias.

Verifiable secret sharing.

* A verifiable secret sharing (VSS) protocol Verifiable secret sharing verifiable secret sharing] : A (n,k) secret sharing protocol allows a set of n players to share a secret, "s" such that only a quorum of k or more players can discover the secret. The player sharing (distributing the secret pieces) the secret is usually referred to as the dealer. A verifiable secret sharing protocol differs from a basic secret sharing protocol in that players can verify that their shares are consistent even in the presence of a malicious dealer.

The Fail-stop protocol.

Protocol QuantumCoinFlip for player P_i

#Round 1 generate the state |Coin_i angle =frac{1}{sqrt{2|0,0,ldots,0 angle + frac{1}{sqrt{2|1,1,ldots,1 angle on n qubits and send the kth qubit to the kth player keeping one part
# Generate the state |Leader_i angle= frac{1}{n^{3/2sum _{a=1}^{n^3}|a,a,ldots,a angle on "n" qubits, an equal superposition of the numbers between 1 and n^3.Distribute the "n" qubits between all the players
# Receive the quantum messages from all players and wait for the next communication round, thus forcing the adversary to choose which messages were passed.
# Round 2: Measure (in the standard base) all Leader_{j} qubits received in round I. Select the player with the highest leader value (ties broken arbitrarily) as the "leader" of the round. Measure the leader’s coin in the standard base.
# Set the output of the QuantumCoinFlip protocol: v_{i} = measurement outcome of the leader’s coin.

The Byzantine protocol.

To generate a random coin assign an integer in the range [0,n-1] to each player and each player is not allowed to chose its own random ID as each player P_k selects a random number s{_{k}^{i for every other player P_{i} and distributes this using a verifiable secret sharing scheme.

At the end of this phase players agree on which secrets were properly shared, the secrets are then opened and each player P_i is assigned the value s_i =sum , {s_{k}^{i{ ext{for all secrets properly sharedmod nThis requires private information channels so we replace the random secrets by the superposition |phi angle =frac{1}{sqrt{nsum_{a=0}^{n-1}|a angle. In which the state is encoded using a quantum verifiable secret sharing protocol (QVSS) Claude Cr´epeau, Daniel Gottesman and Adam Smith, Secure Multi-party Quantum Computation, In 34th ACM Symposium on the Theory of Computing, STOC, pg. 643–652, [2002] ] . We cannot distribute the state |phi,phi,ldots phi angle since the bad players can collapse the state. To prevent bad players from doing so we encode the state using the Quantum verifiable secret sharing (QVSS) and send each player their share of the secret. Here again the verification requires Byzantine Agreement, but replacing the agreement by the grade-cast protocol is enough. Michael Ben-Or, Elan Pavlov, Vinod Vaikuntanathan, Byzantine Agreement in the Full-Information Model in O(log n) Rounds, STOC '06: Proceedings of the thirty-eighth annual ACM symposium on Theory of computing,pg 179-186 [2006] ] Pesech Feldman and Silvio Micali. An optimal probabilistic protocol for synchronous byzantine agreement. SIAM J. Comput., pg 873–933, [1997] ] .

Grade-cast protocol

A grade-cast protocol has the following properties using the definitions in Informally, a graded broadcast protocol is a protocol with a designated player called “dealer” (the one who broadcasts) such that:
# If the dealer is good, all the players get the same message.
# Even if the dealer is bad, if some good player accepts the message, all the good players get the same message (but they may or may not accept it).A protocol P is said to be achieve graded broadcast if, at the beginning of the protocol, a designated player D (called the dealer) holds a value v, and at the end of the protocol, every player P_{i} outputs a pair (value_{i}, confidence_{i}) such that the following properties hold: (forall i, confidence_{i} in {0, 1, 2})
#If D is honest, then value_{i} = v and confidence_{i} = 2 for every honest player P_i.
# For any two honest players P_{i} and P_{j}, vert confidence_{i} - confidence_{j}vert leq 1 .
# (Consistency) For any two honest players P_{i} and P_{j}, if confidence_{i}> 0 and confidence_{j}> 0 ,then value_{i}= value_{j}.

For t < frac{n}{4} the verification stage of the QVSS protocol guarantees that for a good dealer the correct state will be encoded, and that for any, possibly faulty dealer, some particular state will be recovered during the recovery stage. We note that for the purpose of our Byzantine quantum coin flip protocol the recovery stage is much simpler. Each player measures his share of the QVSS and sends the classical value to all other players. The verification stage guarantees, with high probability, that in the presence of up to t < frac{n}{4} faulty players all the good players will recover the same classical value (which is the same value that would result from a direct measurement of the encoded state).

Remarks

Recently, a quantum protocol for Byzantine Agreement was demonstrated experimentally Sascha Gaertner, Mohamed Bourennane, Christian Kurtsiefer, Ad´an Cabello, Harald Weinfurter, Experimental Demonstration of a Quantum Protocol for Byzantine Agreement and Liar Detection, [http://arxiv.org/abs/0710.0290v1 arxiv] , [2007] ] using a four-photon polarization-entangled state. This shows that the quantum implementation of classical Byzantine Agreement protocols is indeed feasible.

References


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Outline of the Byzantine Empire — See also: Index of Byzantine Empire related articles The following outline is provided as an overview of and topical guide to the Byzantine Empire: Contents 1 Nature of the Byzantine Empire 2 Geography of the Byzantine Empire 3 Government and pol …   Wikipedia

  • Europe, history of — Introduction       history of European peoples and cultures from prehistoric times to the present. Europe is a more ambiguous term than most geographic expressions. Its etymology is doubtful, as is the physical extent of the area it designates.… …   Universalium

  • Crusades — a series of military expeditions between the 11th and 14th centuries, in which armies from the Christian countries of Europe tried to get back the Holy Land (= what is now Israel, Palestine, Jordan and Egypt) from the Muslims. The soldiers who… …   Universalium

  • Second Crusade — Infobox Military Conflict conflict=Second Crusade partof=the Crusades caption=The fall of Edessa, seen here on the right of this map (c.1140), was the proximate cause of the Second Crusade. date=1147 1149 place=Iberia, Near East (Anatolia, Levant …   Wikipedia

  • John von Neumann — Von Neumann redirects here. For other uses, see Von Neumann (disambiguation). The native form of this personal name is Neumann János. This article uses the Western name order. John von Neumann …   Wikipedia

  • Consensus (computer science) — Consensus is a problem in distributed computing that encapsulates the task of group agreement in the presence of faults.[1] In particular, any process in the group may fail at any time. Consensus is fundamental to core techniques in fault… …   Wikipedia

  • Romania — This article is about the modern country. For other uses, see Romania (disambiguation). Romania România …   Wikipedia

  • Rites — • The ceremonies, prayers, and functions of any religious body Catholic Encyclopedia. Kevin Knight. 2006. Rites     Rites     † …   Catholic encyclopedia

  • Calendar of 1997 — ▪ 1998 JANUARY JANUARY 1       Ghanaian Kofi Annan replaces Egyptian Boutros Boutros Ghali in the position of United Nations secretary general.       Among those knighted by Queen Elizabeth II in the annual New Year s Day ceremony is pop musician …   Universalium

  • Time — This article is about the measurement. For the magazine, see Time (magazine). For other uses, see Time (disambiguation). The flow of sand in an hourglass can be used to keep track of elapsed time. It also concretely represents the present as… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”