Common use of P&l Clause in Contracts

P&l. A can be specified by: (1) a set of local pro- cess states, (2) a function init(i, v) that encodes the initial state of process pi when pi has input value v, (3) a function M (s, r) that determines the message to send in state s in round r, (4) a transition function δ(s, r, R) that determines the new state to which the process moves from state s after receiving a set of messages R in round r, and (5) a decision function decide(s) which is the decision in state s, or ⊥ if there is no decision yet (once a correct process has decided in a state s, decide(s ) remains equal to this decision in all ′ states s reachable from s). Let G(i) be the set of processes with identifier i. We name such a set a group. We say that the group G(i) is correct if all processes in G(i) are correct. At most t of the ℓ groups are not correct. In our new algorithm T (A), shown in Figure 3, three rounds simulate one round of A. We call these three rounds a phase. Each phase consists of a selection round, a deciding round and a running round. In the selection round (line 3 to 5) of a phase r, the processes within each group agree on a state for phase r. For each i, if G(i) is correct, then in each round the selected state will be the same for the processes in this group. In deciding rounds (line 6 to 9), if there is a value decided by t + 1 processes with different identifiers where str is the value of pi’s variable s at the beginning of round r in αS . In αS , pi is correct for all identifiers i such that G(i) is correct in αH . We sketch the key idea of the inductive step that proves this claim. In each running round, messages sent by the processes in a correct group G(i) are identical and indistinguishable from a single message from a unique correct process with identifier i. On the other hand, if G(i) is not correct, the processes in G(i) may send different messages to a process p (in which case p ignores the messages at line 14) or they may all send the same (arbitrary) message to p. Either way, their collective behaviour is indistinguishable from a unique Byzantine process with identifier i (which could either send nothing or an arbitrary message to p). As A is a synchronous Byzantine agreement algorithm that tolerates t Byzantine failures, all correct processes eventually decide some value v in αS . It follows from the claim above that in αH , eventually for all correct groups G(i), sr is a state where decide(sr) is v. As ℓ > 3t, at least t + 1 groups G(i) are correct and all processes in these groups eventually send v in the deciding rounds. Thus, each correct process in αH eventually decides, even if it is in a group with a Byzantine process. Furthermore, if a correct process decides in αH , it decides the value it received from t + 1 groups, at least one of which is a correct group, so it must decide v. Code for processes with identifier i Variable: 1 s = init(i, v) /* v is the value proposed by the process */ Main code: