pbft | Implementation of the Practical Byzantine Fault Tolerant | Continuous Deployment library

Messages to and between actors in Akka.NET are passed asynchronously. What happens in your example, is that you're Telling a message to an actor and exiting the program immediately afterwards, before actor got a chance to process the message.

You can either suspend main thread (using eg. Console.ReadLine()) in your example, or - if you need to be sure that actor had processed the message before going forward - use combination of actor.Ask(message, cancellationToken) on the caller side (which will return Task, that completes once actor sends a response back) and Sender.Tell(response) inside your actor's receive method:

The answer is: "It depends".

In Fabric, the consensus mechanism is pluggable, and as a result - anyone can implement its own ordering service as long as it implements the AtomicBroadcast gRPC API:

pbft is a consensus algorithm given by Barbara Liskov and Miguel Castro in 1999 in order to prevent malicious attacks as malicious attacks and software errors can cause faulty nodes to exhibit Byzantine (i.e., arbitrary) behavior. pBFT was designed to work efficiently in asynchronous systems as compared to previous bft algorithms which only worked on synchronous systems.

here is the research paper which states that

Practical algorithm for state machine replication that tolerates Byzantine faults. The algorithm offers both liveness and safety provided at most ⌊n-1 / 3⌋ out of a total of replicas are simultaneously faulty. This means that clients eventually receive replies to their requests and those replies are correct according to linearizability. The algorithm works in asynchronous systems like the Internet and it incorporates important optimizations that enable it to perform efficiently

Double-spending is a potential flaw in a digital or electronic cash scheme in which the same single digital token can be spent more than once. Unlike physical cash, a digital token consists of a digital file that can be duplicated or falsified.

A double-spending attack is a potential attack against cryptocurrencies that has happened to several cryptocurrencies, e.g. due to the 51% attack.

But this problem can be prevented using consensus algorithms and blockchain

If two transactions attempt to spend the same tokens, each node will consider the first transaction it sees to be valid, and the other invalid. Once the nodes disagree, there is no way to determine true balances, as each node's observations are considered equally valid , a way to bring the nodes back in sync is using consensus algorithms and with blockchain the transactions in this system are never technically "final" as a conflicting chain of blocks can always outgrow the current canonical chain, however as blocks are built on top of a transactions, it becomes increasingly unlikely/costly for another chain to overtake it and hence preventing the double spending problem.

I assume you are setting up your orderers with a BFT consensus plugin such as BFT-SMART. BFT algorithms are only required if you want to tolerate malicious faults. If you're only concerned about crash faults, you can also use Kafka consensus, which tolerates up to 50% crashing nodes.

So if you're setting up a business network, each partner should be running one ordering node. The number of tolerated malicious partners depends on your total number of partners. So if you have 4 partners, one of them can be malicious without your network breaking down, if you have 7 partners, you tolerate two, etc.

So it's not really a conscious choice that you're making in how many replicas to run. The number of tolerated malicious nodes depends on the number of independent partners you have running ordering nodes. There is no point in having one organization run multiple ordering nodes, since they could manipulate all of them if they were acting maliciously.

I understood that BFT (Byzantine Fault Tolerance) is a property of some algorithms and pBFT is an algorithm itself. Is that right?

Yes.

This rule that 2/3 of the nodes in the network are enough to reach consensus, is it for all BFT algorithms or just pBFT?

Algorithms for Byzantine agreement can tolerate at most f failures in 3f+1 nodes, but they may not even be able to tolerate that many. The reasoning is that, if the Byzantine nodes stop participating, then n-f nodes have to be able to reach consensus, but if message delays temporarily hide f good nodes, then the remaining good nodes should be in the majority (so n-f >= 2f+1, and n >= 3f+1).

Also what is the difference between Byzantine Agreement and BFT?

The former is a distributed computing problem, more often referred to as consensus. The latter is a property of a protocol.

If more than 2/3 of validators are malicious, there's not much hope. Expect maybe for minority to fork out.

We're currently working on #200 which is suppose to help address the case where 1/3+ of validators are malicious. "We need to boot into a "recovery mode" protocol so validators can publish evidence, find out who shit the bed, kick them out and restart". You can read more on proof of fork accountability here

The following assertion is incorrect

In your step 2, the peer does not store the state. Rather, it has simulated the proposal and records the read and write sets for the transaction (the read set being the state prior to the simulation, the write set being what will be committed/written to the ledger after ordering and subsequent validation against endorsement policy (in step 5).

The flow is:

1. client submits transaction proposal to 1-n endorsing peers in channel

2. endorsing peers simulate transaction, returning signed read/write set to client

3. client compares results, packages up simulated transactions and sends to ordering service

4. ordering service performs consensus and adds transaction to a block ordering service broadcasts to validating peers in channel

5. validating peers validate the transactions in a block to ensure that a) the read set is unchanged, b) the endorsement policy is satisfied and c) all signatures are valid.

6. finally the validating peer applies the write-set to update world state and the block is added to the ledger even with invalid (uncommitted) transactions.

Hope this helps. You can find more information in the documentation.

How do nodes know which one is the correct chain?

For tolerating Byzantine faulty nodes, It needs at least 3f+1 nodes in the network. PBFT is one of the algorithms which can tolerate Byzantine failure. So PBFT can tolerate up to f Byzantine nodes. f number of malicious nodes can be tolerated if you use PBFT. If there are f number of malicious nodes which keep failing to write block into its chain, resulting in inconsistency with correct nodes, then one can figure that the same chains from rest 2f + 1 nodes are correct. (Correct nodes always output exactly same data to the same request in same order).

Does "other nodes" means all nodes in the network? How to make sure if all nodes included in the consensus because there is not a centralized agency.

In PBFT setup, identities of all nodes should be established. To do that, there should be central authority to determine whether a node can join the network or not. (Important: central authority only engages in identity management, not the algorithm itself)

Why this is needed? It's because PBFT works by voting mechanism and voting is not secure when anyone (including malicious node) can join the network. For example, a proposed value by the primary only can be recorded to all nodes in the way of state machine replication, which it means that there needs at least 2f + 1 agreed matching messages for the value to be accepted to the correct nodes.

Without the trusted identity management, Sybil attack is possible. And this is the main reason why PBFT is not for the open blockchain which allows any node can freely join or leave the network.