Resilient Asymptotic Consensus

in
Robust Networks
Heath J. LeBlanc, Member, IEEE,
Haotian Zhang, Student Member, IEEE,
Xenofon Koutsoukos, Senior Member, IEEE,
Shreyas Sundaram, Member, IEEE

I. ABSTRACT
Resilient consensus in the presence of misbehaving nodes was studied.
Fault-tolerant consensus algorithms typically assume knowledge of
nonlocal information; however, this assumption is not suitable for largescale dynamic networks. To remedy this, we focus on local strategies

(algorithms) that provide resilience to faults and compromised nodes.

Traditional metrics such as connectivity are not adequate to characterize

the behavior of such algorithms.

Solution = novel graph-theoretic property network robustness.

A. DEFINITIONS
Local (vs Nonlocal) Information: information obtained by each node
only with neighbors in the network.

Approximate Agreement: they should converge to a relatively small

convex set contained in the convex hull of their initial values
Cardinalitiy of S |S|: number of elements in the set S

Underlying Graph: Let D=(V, E) be digraph. Make its edges undirected

resulting in the edge set (D) = (V,Eunderlying)

(Cont).
(j, i) E[t] models information flow from node j to node i at time-step t.

Rooted out-branching: there exists a node r, the root, such that for
each i V, there exists a path from r to i.
In (vs Out) Neighbors: Vi[t] = {j V: (j, i) E[t]} and the (in-) degree
of i is denoted di[t] =|Vi[t]| and the set of out-neighbors of node i at
time-step t is defined as Vout i [t] = {j V : (i, j) E[t]}.
Inclusive Neighbors: each node has access to its own state at time-step
t, we also consider the inclusive neighbors of node i, denoted Ji[t] =
Vi[t]{i}.

B. PREVIOUS WORKS
Approximate Byzantine Consensus: nodes are required to achieve
approximate agreement in the presence of misbehaving nodes.
Solution = MSR algorithm (Mean-Subsequence-Reduced) : each node
disregards the largest and smallest F values received from its neighbors
and updates its state to be the average of a carefully chosen subset of
the remaining values
ARC-P ,W-MSR algoritmhs introduced earlier.

C. CONTRIBUTIONS
In this paper, it was shown that traditional graph theoretic properties such as
connectivity and minimum degree, which have played a vital role in
characterizing the resilience of distributed algorithms are not adequate when

the nodes make purely local decisions (i.e., without knowing nonlocal
aspects of the network topology). Instead, we introduce a novel topological

property, referred to as network robustness, and show that this concept is the
key property for reasoning about the ability of purely local algorithms to
succeed.

II. PROBLEM FORMULATION

Time varying network. Let D=(V,E(t)) be digraph where t 0

A is the set of adversary (misbehaving) nodes and N is the set of

normal nodes.
Update Model :

Threat Models
Byzantine: does not send information or sends wrong information
Malicious: sends wrong information. ( applies update rule differently)
Malicious = Byzantine but not vice versa.

Scope of Threats
F - total set means at most F nodes in
network.
F - local set means at most F nodes in
only the neighborhoods of other nodes.
f-fraction local set means at most
f.(# of neighbors) nodes where 0 f 1
in only the neighborhoods of other
nodes.

Resilient Asymptotic Consensus

Let M[t] and m[t] be the maximum and minimum
values of the normal nodes at time-step t,
respectively.

 The resilient asymptotic consensus problem has two important

conditions:
1 ) agreement : the normal nodes must reach asymptotic consensus in
the presence of misbehaving nodes given a particular threat model (e.g.,
malicious) and scope of threat (e.g., F-total).
2) safety : it is required that the interval [m[0],M[0]] is an invariant set
for the normal nodes; this is a safety condition the interval is known to
be safe.
3) validity: the consensus quantity that the values of the normal nodes
converge to must lie within the range of initial values of the normal
nodes.(= agreement + safety)

III. CONSENSUS ALGORTHM

Given these conditions, a necessary and sufficient
condition for reaching asymptotic consensus in timeinvariant networks is that the digraph has a rooted
out-branching, also called a rooted directed
spanning tree. (Ren & Beard )

Description of W-MSR
There are a few key differences between the operations used in
the W-MSR algorithm and the MSR algorithm given in [30].

W-MSR

MSR

- only the extreme values that

are strictly larger or strictly
smaller than the given nodes
value are removed

- remove the largest and smallest F

values. Since the nodes own value
may be one of the F extreme
values, the MSR algorithm may
throw away this useful (correct)
information

- uses all values retained after

removing the extreme values.
- allows for weighted

averages.

- may select only a subsequence of

the remaining values to use in the
update
- averages the remaining values

IV. Robust Network Topologies

When the nodes in the network use only local information, the following
proposition suggests that connectivity is no longer a promising metric.

Here, n=8, F=2 and K=5 which is connectivity. X and Y are subgraphs
and each node in X has exactly F=2 neighbors in Y and vice versa. Initial
values of nodes in X and Y are a,b R, with a b, then asymptotic
consensus is not achieved whenever W-MSR is used with parameter F.
This is because each node views the values of its F neighbors from the
opposing set as extreme, and removes all of these values from its list.
The only remaining values for each node are from its own set, and thus
no node ever changes its value.

Suppose these two nodes 2 and 8 are malicious and initial

values of nodes in X and Y are a and b. These malicious nodes
are able to prevent consensus by maintaining their initial
values whenever normal nodes use W-MSR with parameter F
= 2.
Solution = make network more robust or specify a min
number of nodes that are influenced by outside of their set.

V. Resilient Consensus Analysis

Here, characterization of networks where the agreement condition is
satisfied was provided for each threat models defined earlier.
Safety condition: