Signed Quorum Systems

1
Signed Quorum Systems

• Haifeng Yu
• Intel Research Pittsburgh
• Presented by
• Phillip Gibbons
• Intel Research Pittsburgh

2
Traditional Quorum Systems

• Servers (e.g., 1, 2, 3) accessed by clients
• Servers may crash - but no byzantine failures
• Quorum system is a set of quorums --
• 1, 2, 2, 3, 1, 3
• Each quorum is a set of servers
• Intersection guarantee Any two quorums intersect

3
Application of Quorum Systems

• Client accesses all servers in any quorum
• Called acquire a quorum
• From intersection guarantee
• Two clients acquiring (potentially different)
  quorums must see at least one server in common
• Quorum systems useful for
• Mutual exclusion
• Consistency maintenance
• ...

4
Measures of Quality for Quorum Systems

• Availability Probability of system being
  available
• System available if any quorum available
• Assuming each server fails independently with
  probability p, p lt 0.5
• Probe complexity Expected number of messages
  needed to acquire a quorum
• Include wasted probe messages to failed servers
• PC can be larger than quorum size

5
State of Art for Quorum Systems

• Availability Barbara and Garcia-Molina87
• Majority quorum system (quorums being majority of
  servers) is optimal
• Need n/2 servers to be available
• Probe complexity
• Majority quorums PC n/2
• Fundamental tradeoff Naor and Wool98
• 1 - Availability pPC

6
Signed Quorum System Improvements

• Availability
• Majority quorum system is optimal
• Need n/2 servers to be available
• Need O(1) servers to be available
• Probe complexity
• Majority quorums PC n/2
• PC can be O(1)
• Tradeoff
• 1 - Availability pPC
• No such tradeoff

Our cost Probabilistic guarantee on
intersection
7
Outline

• Background and major contributions
• Signed quorum systems (SQS) definition and
  rationale
• Optimal SQS for availability and probe complexity
• Optimal SQS for load
• Conclusions

8
Signed Quorum System Example

• Example -1, 3, 1, -2, -3, 1, 3
• Quorum may contain negative elements (hence
  signed)
• -1 Client believes that server 1 has crashed
• (or client cannot reach server 1)
• But server 1 may or may not actually
  fail
• Possible for two quorums not to intersect (e.g.,
  -1, 3 and 1, -2, -3)
• Key Control the probability that -1,3 and 1,
  -2, -3 are both acquired (i.e. non-intersection)

9
Mismatch

• Mismatch One client reaches server i, but
  another client cannot
• Due to network problems or server crash between
  accesses
• One client acquires -1, 3 and another client
  acquires 1, -2, -3
• Must be two simultaneous mismatches (on 1 and 3)
• If two simultaneous mismatches are rare
• -1, 3 and 1, -2, -3 are both acquired with
  small prob
• In -1, 3, 1, -2, -3, 1, 3 , intersection
  happens with high prob

10
Are Multiple Mismatches Rare?

• One focus of our previous research Yu, DISC03

Probability
More results in Yu, DISC03
mismatches
For servers randomly distributed in the wide-area
11
SQS Definition

• In SQS, any two quorums
• Either intersect on positive elements
• Or mismatches 2?
• Tunable constant ? controls probability of
  non-intersection
• -1, 3, 1, -2, -3, 1, 3 is an SQS for ?
  1
• -1, 3 and 1, -2, -3 mismatches 2
• -1, 3 and 1, 3 intersect on 3
• 1, -2, -3 and 1, 3 intersect on 1

12
Comparison w/ Probabilistic Quorum Systems

• PQS Malkhi et.al01 also provides probabilistic
  intersection guarantee for better avail
• Use access strategy to control the prob that two
  non-intersecting quorums are both used
• Example 1, 2, 1, 2
• Access strategy Use each quorum with 1/3 prob
• Prob of non-intersection 2 / 9

13
Comparison w/ Probabilistic Quorum Systems

• Example 1, 2, 1, 2
• Implementing access strategy is hard in
  asynchronous systems
• Delay message from client A to server 2 -- client
  A always use the quorum 1
• Client B always use the quorum 2
• Actual prob of non-intersection 1.0
• Above problem caused by mismatches on both 1 and
  2
• PQS may need to make similar assumptions as SQS
• Availability and PC of SQS are better than PQS

14
Outline

• Background and major contributions
• Signed quorum systems (SQS) definition and
  rationale
• Optimal SQS for availability and probe complexity
• Optimal SQS for load
• Conclusions

15
Optimal Availability SQS

• Proven Q Q n and Q gt ? has optimal
  availability among all SQS
• Example n 3, ? 1
• 1, -2, -3, -1, 2, -3, -1, -2, 3,
• 1, 2, -3, 1, -2, 3, -1, 2, 3,
• 1, 2, 3
• Available as long as ? (constant) servers are
  available

16
Optimal Probe Complexity

• Previous SQS has a large probe complexity of n
• Our next SQS
• Also has optimal availability
• But probe complexity lt 2? / (1-p)
• Proven Above PC is optimal among SQS with
  optimal availability

17
Optimal Probe Complexity SQS

• Order servers into a list
• All clients use the SAME list
• A client probes servers from left to right
• Stop if 2? replies obtained - Quorum acquired
• Expected number of probes lt 2? / (1-p) Optimal
  PC
• If entire list scanned, then consider quorum
  acquired if has ? replies
• Available as long as ? servers available Optimal
  Avail

18
Optimal Probe Complexity SQS
? 2
client A 4 replies after 5 probes
client B 4 replies after 8 probes
1 2 3 4 5 6 7 8

• Only need to show that quorums acquired form an
  SQS
• The above two quorums intersect
• If not, must have at least 4 mismatches

19
Outline

• Background and major contributions
• Signed quorum systems (SQS) definition and
  rationale
• Optimal SQS for availability and probe complexity
• Optimal SQS for load
• Conclusions

20
Load

• Previous SQS has optimal availability and optimal
  PC
• But first server always busy
• A third measure of quality for quorum systems
  Load
• Defined as the load the busiest server
• For traditional quorum system
• Lower bound Malkhi et.al01 1/ sqrt(n)
• Tradeoff Naor and Wool98 1 - Availability
  pnLoad
• Tradeoff Naor and Wool98 Load 1 / PC

21
Optimal Load for SQS

• We show for SQS
• Lower bound of 1/ sqrt(n) still holds
• 1- Availability pnLoad no longer hold
• Load 1 / PC still holds
• Composition with traditional quorum systems to
  construct new SQS
• Part of the SQS is a traditional quorum system
• Result Reaching lower bounds on availability, PC
  and load
• See paper for details...

22
Conclusions

• We propose the concept of signed quorum systems
• Availability
• Previously Need n/2 servers to be available
• SQS Need ? servers to be available
• Probe complexity
• Previously 1- Availability pPC
• SQS No such tradeoff and PC lt 2? / (1-p)
• Load
• Previously 1- Availability pnLoad
• SQS No such tradeoff
• Our cost Probabilistic intersection