Formally Verified Byzantine Agreement in Presence of Link Faults

This paper shows that deterministic consensus in synchronous distributed systems with link faults is possible, despite the impossibility result of (Gray, 1978). Instead of using randomization, we overcome this impossibility by moderately restricting the inconsistency that link faults may cause system-wide. Relying upon a novel hybrid fault model that provides different classes of faults for both nodes and links, we provide a formally verified proof that the -round Byzantine agreement algorithm OMH (Lincoln & Rushby, 1993) requires "! # nodes for transparently masking at most $ broadcast and $ receive link faults (including at most arbitrary ones) per node in each round, in addition to at most , , % , "! arbitrary, symmetric, omission, and manifest node faults, provided that '&( ) * . Our approach to modeling link faults is justified by a number of theoretical results, which include tight lower bounds for the required number of nodes and an analysis of the assumption coverage in systems where links fail independently with some probability + .