¹¹institutetext: Department of Computer Science, Kent State University, Kent, OH 44242, USA
¹¹email: {joglio@,khood@,sharma@cs.,mikhail@cs.}kent.edu

Byzantine Geoconsensus

Joseph Oglio Kendric Hood Gokarna Sharma Mikhail Nesterenko

Abstract

We define and investigate the consensus problem for a set of $N$ processes embedded on the $d$ -dimensional plane, $d\geq 2$ , which we call the geoconsensus problem. The processes have unique coordinates and can communicate with each other through oral messages. In contrast to the literature where processes are individually considered Byzantine, it is considered that all processes covered by a finite-size convex fault area $F$ are Byzantine and there may be one or more processes in a fault area. Similarly as in the literature where correct processes do not know which processes are Byzantine, it is assumed that the fault area location is not known to the correct processes. We prove that the geoconsensus is impossible if all processes may be covered by at most three areas where one is a fault area.

Considering the 2-dimensional embedding, on the constructive side, for $M\geq 1$ fault areas $F$ of arbitrary shape with diameter $D$ , we present a consensus algorithm that tolerates $f\leq N-(2M+1)$ Byzantine processes provided that there are $9M+3$ processes with pairwise distance between them greater than $D$ . For square $F$ with side $\ell$ , we provide a consensus algorithm that lifts this pairwise distance requirement and tolerates $f\leq N-15M$ Byzantine processes given that all processes are covered by at least $22M$ axis aligned squares of the same size as $F$ . For a circular $F$ of diameter $\ell$ , this algorithm tolerates $f\leq N-57M$ Byzantine processes if all processes are covered by at least $85M$ circles. We then extend these results to various size combinations of fault and non-fault areas as well as $d$ -dimensional process embeddings, $d\geq 3$ .

1 Introduction

The problem of Byzantine consensus [12, 17] has been attracting extensive attention from researchers and engineers in distributed systems. It has applications in distributed storage [1, 2, 4, 5, 11], secure communication [7], safety-critical systems [19], blockchain [15, 20, 22], and Internet of Things (IoT) [13].

Consider a set of $N$ processes with unique IDs that can communicate with each other. Assume that $f$ processes out of these $N$ processes are Byzantine. Assume also that which process is Byzantine is not known to correct processes, except possibly the size $f$ of Byzantine processes. The Byzantine consensus problem here requires the $N-f$ correct processes to reach to an agreement tolerating arbitrary behaviors of the $f$ Byzantine processes.

Pease et al. [17] showed that the maximum possible number of faults $f$ that can be tolerated depends on the way how the (correct) processes communicate: through oral messages or through unforgable written messages (also called signatures). An oral message is completely under the control of the sender, therefore, if the sender is Byzantine, then it can transmit any possible message. This is not true for a signed, written message. Pease et al. [17] showed that the consensus is solvable only if $f<N/3$ when communication between processes is through oral messages. For signed, written messages, they showed that the consensus is possible tolerating any number of faulty processes $f\leq N$ .

The Byzantine consensus problem discussed above assumes nothing about the locations of the processes, except that they have unique IDs. Since each process can communicate with each other, it can be assumed that the $N$ processes work under a complete graph (i.e., clique) topology consisting of $N$ vertices and $N(N-1)/2$ edges. Byzantine consensus has also been studied in arbitrary graphs [21, 17] and in wireless networks [16], relaxing the complete graph topology requirement so that a process may not be able to communicate with all other $N-1$ processes. The goal in these studies is to establish necessary and sufficient conditions for consensus to be solvable. For example, Pease et al. [17] showed that the consensus is solvable through oral messages tolerating $f$ Byzantine processes if the communication topology is $3f$ -regular. Furthermore, there is a number of studies on a related problem of Byzantine broadcast when the communication topology is not a complete graph topology, see for example [10, 18]. Byzantine broadcast becomes fairly simple for a complete graph topology.

Recently, motivated by IoT-blockchain applications, Lao et al. [13] proposed a consensus protocol, which they call Geographic-PBFT or simply G-PBFT, that extends the well-known PBFT consensus protocol by Castro and Liskov [4] to the geographic setting. The authors considered the case of fixed IoT devices embedded on geographical locations for data collection and processing. The location data can be obtained through recording location information at the installation time or can also be obtained using low-cost GPS receivers or location estimation algorithms [3, 9]. They argued that the fixed IoT devices have more computational power than other mobile IoT devices (e.g., mobile phones and sensors) and are less likely to become malicious nodes. They then exploited (geographical) location information of fixed IoT devices to reach consensus. They argued that G-PBFT avoids Sybil attacks, reduces the overhead for validating and recording transactions, and achieves high consensus efficiency and low traffic intensity. However, G-PBFT is validated only experimentally and no formal analysis is given.

In this paper, we formally define and study the Byzantine consensus problem when processes are embedded on the geographical locations in fixed unique coordinates, which we call the Byzantine geoconsensus problem. If fault locations are not constrained, the geoconsensus problem differs little from the Byzantine consensus. This is because the unique locations serve as IDs of the processes and same set of results can be established depending on whether communication between processes is through oral messages or unforgable written messages. Therefore, we relate the fault locations to the geometry of the problem, assuming that the faults are limited to a fault area $F$ (going beyond the limitation of mapping Byzantine behavior to individual processes). In other words, the fault area lifts the restriction of mapping Byzantine behavior to individual processes in the classic setting and now maps the Byzantine behavior to all the processors within a certain area in the geographical setting. Applying the classic approaches of Byzantine consensus may not exploit the collective Byzantine behavior of the processes in the fault area and hence they may not provide benefits in the geographical setting. Furthermore, we are not aware of prior work in Byzantine consensus where processes are embedded in a geometric plane while faulty processes are located in a fixed area.

In light of the recent development on location-based consensus protocols, such as G-PBFT [13], discussed above, we believe that our setting deserves a formal study. In this paper we consider the Byzantine geoconsensus problem in case the processes are embedded in a $d$ -dimensional plane, $d\geq 2$ . We study the possibility and bounds for a solution to geoconsensus. We demonstrate that geoconsensus allows quite robust solutions: all but a fixed number of processes may be Byzantine.

Contributions. Let $N$ denotes the number of processes, $M$ denotes the number of fault areas $F$ , $D$ denotes the diameter of $F$ , and $f$ denotes the number of faulty processes. Assume that each process can communicate with all other $N-1$ processes and the communication is through oral messages. Assume that all the processes covered by a faulty area $F$ are Byzantine. The correct processes know the size of each faulty area (such as its diameter, number of edges, area, etc.) and the total number $M$ of them but do not know their exact location.

In this paper, we made the following five contributions:

(i)

An impossibility result that geoconsensus is not solvable if all $N$ processes may be covered by $3$ equal size areas $F$ and one of them may be fault area. This extends to the case of $N$ processes being covered by $3M$ areas $F$ with $M$ areas being faulty.
(ii)

The algorithm BASIC that solves geoconsensus tolerating $f\leq N-(2M+1)$ Byzantine processes, provided that there are $9M+3$ processes with pairwise distance between them greater than $D$ .
(iii)

The algorithm GENERIC that solves geoconsensus tolerating $f\leq N-15M$ Byzantine processes, provided that all $N$ processes are covered by $22M$ axis-aligned squares of the same size as the fault area $F$ , removing the pairwise distance assumption in the algorithm BASIC.
(iv)

An extension of the GENERIC algorithm to circular $F$ tolerating $f\leq N-57M$ Byzantine processes if all $N$ processes are covered by $85M$ circles of same size as $F$ .
(v)

Extensions of the results (iii) and (iv) to various size combinations of fault and non-fault areas as well as to $d$ -dimensional process embeddings, $d\geq 3$ .

Our results are interesting as they provide trade-offs among $N,M,$ and $f$ , which is in contrast to the trade-off provided only between $N$ and $f$ in the Byzantine consensus literature. For example, the results in Byzantine consensus show that only $f<N/3$ Byzantine processes can be tolerated, whereas our results show that as many as $f\leq N-\alpha M$ , Byzantine processes can be tolerated provided that the processes are placed on the geographical locations so that at least $\beta M$ areas (same size as $F$ ) are needed to cover them. Here $\alpha$ and $\beta$ are both integers with $\beta\geq c\cdot\alpha$ for some constant $c$ .

Furthermore, our geoconsensus algorithms reduce the message and space complexity in solving consensus. In the Byzantine consensus literature, every process sends communication with every other process in each round. Therefore, in one round there are $O(N^{2})$ messages exchanged in total. As the consensus algorithm runs for $O(f)$ rounds, in total $O(f\cdot N^{2})$ messages are exchanged in the worst-case. In our algorithms, let $N$ processes are covered by $X$ areas of size the same as fault area $F$ . Then in a round only $O(X^{2})$ messages are exchanged. Since the algorithm runs for $O(M)$ rounds to reach geoconsensus, in total $O(M\cdot X^{2})$ messages are exchanged in the worst-case. Therefore, our geoconsensus algorithms are message (equivalently communication) efficient. The improvement on space complexity can also be argued analogously.

Finally, Pease et al. [17] showed that it is impossible to solve consensus through oral messages when $N=3f$ but there is a solution when $N\geq 3f+1$ . That is, there is no gap on the impossibility result and a solution. We can only show that it is impossible to solve consensus when all $N$ processes are covered by $3M$ areas that are the same size as $F$ but there is a solution when all $N$ processes are covered by at least $22M$ areas (for the axis-aligned squares case). Therefore, there is a general gap between the condition for impossibility and the condition for a solution. We leave this gap as open and note that it would be interesting at the same time challenging to close this gap.

Techniques. Our first contribution is established extending the impossibility proof technique of Pease et al. [17] for Byzantine consensus to the geoconsensus setting. The algorithm BASIC is established first through a leader selection to compute a set of leaders so that they are pairwise more than distance $D$ away from each other and then running carefully the Byzantine consensus algorithm of Pease et al. [17] on those leaders.

For the algorithm GENERIC, we start by covering processes by axis-aligned squares and studying how these squares may intersect with fault areas of various shapes and sizes. Determining optimal axis-aligned square coverage is NP-hard. We provide constant-ratio approximation algorithms. We also discuss how to cover processes by circular areas. Then, we use these ideas to construct algorithm GENERIC for fault areas that are either square or circular, which does not need the pairwise distance requirement of BASIC but requires the bound on the number of areas in the cover area set. Finally, we extend these ideas to develop covering techniques for higher dimensions.

Roadmap. We introduce notation and the geoconsensus problem, and establish an impossibility of geoconsensus in Section 2. We present in Section 3 algorithm BASIC. We discuss covering processes in Section 4. We then present in Section 5 algorithm GENERIC. In Section 6, we extend the results to $d$ -dimensional space, $d\geq 3$ . In Section 7, we conclude the paper with a short discussion on future work.

2 Notation, Problem Definition, and Impossibility

Processes. A computer system consists of a set ${\mathcal{P}}=\{p_{1},\ldots,p_{N}\}$ of $N$ processes. Each process $p_{i}$ embedded in the 2-dimensional plane has unique planar coordinates $(x_{i},y_{i})$ . The coordinates for higher dimensions can be defined accordingly. Each process is aware of coordinates of all the other processes and is capable of sending a message to any of them. The sender of the message may not be spoofed. Communication is synchronous. The communication between processes is through oral messages.

Byzantine faults. A process may be either correct or faulty. The fault is Byzantine. A faulty process may behave arbitrarily. This fault is permanent. To simplify the presentation, we assume that all faulty processes are controlled by a unique adversary trying to thwart the system from achieving its task.

Fault area. The adversary controls the processes as follows. Let the fault area $F$ be a finite-size convex area in the plane. Let $D$ be the diameter of $F$ , i.e. the maximum distance between any two points of $F$ . The adversary may place $F$ in any location on the plane. A process $p_{i}$ is covered by $F$ if the coordinate $(x_{i},y_{i})$ of $p_{i}$ is either in the interior or on the boundary of $F$ . Every process covered by $F$ is faulty.

Symbol	Description
$N$ ; ${\mathcal{P}}$ ; $(x_{i},y_{i})$	number of processes; $\{p_{1},\ldots,p_{N}\}$ ; planar coordinates of process $p_{i}$
$F;D$ ; $\mathcal{F}$	fault area; diameter of $F$ ; a set of fault areas $F$ with $\|\mathcal{F}\|=M$
$f$	number of faulty processes
${\mathcal{P}}_{D}$	processes in ${\mathcal{P}}$ such that pairwise distance between them is more than $D$
$A$ (or $A_{j}(R_{i})$ ); ${\mathcal{A}}$	cover area that is of same shape and size as $F$ ; a set of cover areas $A$
$n(F)$	number of cover areas $A\in{\mathcal{A}}$ that a fault area $F$ overlaps

Table 1: Notation used throughout the paper.

A fault area set or just fault set is the set $\mathcal{F}$ of identical fault areas $F$ . The size of this set is $M$ , i.e., $|\mathcal{F}|=M$ . The adversary controls the placement of all areas in $\mathcal{F}$ . Correct processes know the shape and size of the fault areas $F$ as well as $M$ , the size of $\mathcal{F}$ . However, correct processes do not know the precise placement of the fault areas $\mathcal{F}$ . For example, if $\mathcal{F}$ contains $4$ fault square fault areas $F$ with the side $\ell$ , then correct processes know that there are $4$ square fault areas with side $\ell$ each but do not know where they are located. Table 1 summarizes notation used in this paper.

Byzantine Geoconsensus. Consider the binary consensus where every correct process is input a value $v\in\{0,1\}$ and must output an irrevocable decision with the following three properties.

agreement: – no two correct processes decide differently;
validity: – if all the correct processes input the same value $v$ , then every correct process decides $v$ ;
termination: – every correct process eventually decides.

Definition 1

An algorithm solves the Byzantine geoconsensus Problem (or geoconsensus for short) for fault area set $\mathcal{F}$ , if every computation produced by this algorithm satisfies the three consensus properties.

Impossibility of Geoconsensus. Given a certain set of embedded processes ${\mathcal{P}}$ and single area $F$ , the coverage number $k$ of ${\mathcal{P}}$ by $F$ is the minimum number of such areas required to cover each node of ${\mathcal{P}}$ . We show that geoconsensus is not solvable if the coverage number $k$ is less than $4$ . When the coverage number is $3$ or less, the problem translates into classic consensus with 3 sets of peers where one of the sets is faulty. Pease et al. [17] proved the solution to be impossible. The intuition is that a group of correct processes may not be able to distinguish which of the other two groups is Byzantine and which one is correct. Hence, the correct groups may not reach consensus.

Theorem 2.1 (Impossibility of Geoconsensus)

Given a set ${\mathcal{P}}$ of $N\geq 3$ processes and an area $F$ , there exists no algorithm that solves the geoconsensus Problem if the coverage number $k$ of ${\mathcal{P}}$ by $F$ is less than $4$ .

Proof

Set $N=3\cdot\kappa$ , for some positive integer $\kappa\geq 1$ . Place three areas $A$ on the plane in arbitrary locations. To embed processes in ${\mathcal{P}}$ , consider a bijective placement function $f:{\mathcal{P}}\rightarrow{\mathcal{A}}$ such that $\kappa$ processes are covered by each area $A$ . Let $v$ and $v^{\prime}$ be two distinct input values $0$ and $1$ . Suppose one area $A$ is fault area, meaning that all $\kappa$ processes in that area are faulty.

This construction reduces the Byzantine goeconsensus problem to the impossibility construction for the classic Byzantine consensus problem given in the theorem in Section 4 of Pease et al. [17] for the $3\kappa$ processes out of which $\kappa$ are Byzantine. ∎

1 Setting: A set

{\mathcal{P}}

N

processes positioned at distinct coordinates. Each process can communicate with all other processes and knows their coordinates. There are

M\geq 1

identical fault areas

F

. The diameter of a fault area is

D

. The locations of any area

F

is not known to correct processes. Each process covered by any

F

is Byzantine.

2 Input: Each process has initial value either 0 or 1.

3 Output: Each correct process outputs decision subject to Geoconsensus.

4 Procedure for process

p_{k}\in{\mathcal{P}}

5 // leaders selection

6 Let

P_{D}\leftarrow\emptyset

P_{C}\leftarrow{\mathcal{P}}

;

7 while $P_{C}\neq\emptyset$ do

8 let

P_{3}\subset P_{D}

be a set of processes such that

\forall p_{j}\in P_{3}

\mathit{Nb}(p_{j},D)

has distance

D

independent set of at most 3;

9 let

p_{i}\in P_{3}

, located in

(x_{i},y_{i})

be the lexicographically smallest process in

P_{3}

, i.e.

\forall p_{j}\neq p_{i}\in P_{3}:

located in

(x_{j},y_{j})

either

x_{i}<x_{j}

x_{i}=x_{j}

and

y_{i}<y_{j}

;

10 add

p_{i}

P_{D}

;

11 remove

p_{i}

from

P_{C}

;

\forall p_{j}\in\mathit{Nb}(p_{i},D)

remove

p_{j}

from

P_{C}

;

15// consensus

16 if $p_{k}\in P_{D}$ then

17 run PSL algorithm, achieve decision

v

, broadcast

v

, output

v

;

18else

19 wait for messages with identical decision

v

from at least

2M+1

processes from

{\mathcal{P}}_{D}

, output

v

;

Algorithm 1 BASIC geoconsensus algorithm.

3 The BASIC Geoconsensus Algorithm

In this section, we present the algorithm we call BASIC that solves geoconsensus for up to $f<N-(2M+1),M\geq 1$ faulty processes located in fault area set $\mathcal{F}$ of size $|\mathcal{F}|=M$ provided that ${\mathcal{P}}$ contains at least $9M+3$ processes such that the pairwise distance between them is greater than the diameter $D$ of the fault areas $F\in\mathcal{F}$ .

The pseudocode of BASIC is shown in Algorithm 1. It contains two parts: the leaders selection and the consensus procedure. The first component is the selection of leaders. So as to not be covered by $F$ jointly, the leaders need to be located pairwise distance more than $D$ away from each other. Finding the largest set of such leaders is equivalent to computing the maximal independent set in a unit disk graph. This problem is known to be NP-hard [6]. We, therefore, employ a greedy heuristic.

For the leaders selection, for each process $p_{i}$ , denote by $\mathit{Nb}(p_{i},D)$ the distance $D$ neighborhood of $p_{i}$ . That is, $p_{j}\in\mathit{Nb}(p_{i},D)$ if $d(p_{i},p_{j})\leq D$ . A distance $D$ independent set for a planar graph is a set of processes such that all processes in the planar graph are at most $D$ away from the processes in this independent set. It is known [14, Lemma 3.3] that every distance $D$ graph has a neighborhood whose induced subgraph contains any independent set of size at most 3.

The set of leaders ${\mathcal{P}}_{D}\subset{\mathcal{P}}$ selection procedure operates as follows. A set $P_{C}$ of leader candidates is processed. At first, all processes are candidates. All processes whose distance $D$ neighborhood induce a subgraph with an independent set no more than $3$ are found. The process $p_{i}$ with lexicographically smallest coordinates, i.e. the process in the bottom left corner, is selected into the leader set ${\mathcal{P}}_{D}$ . Then, all processes in $\mathit{Nb}(p_{i},D)$ are removed from the leader candidate set ${\mathcal{P}}_{C}$ . This procedure repeats until ${\mathcal{P}}_{C}$ is exhausted.

The second part of BASIC relies on the classic consensus algorithm of Pease et al. [17]. We denote this algorithm as PSL. The input of PSL is the set of $3f+1$ processes such that at most $f$ of them are faulty as well as the input $1$ or $0$ for each process. As output, the correct processes provide the decisions value subject to the three properties of the solution to consensus. PSL requires $f+1$ communication rounds.

The complete BASIC operates as follows. All processes select leaders in $P_{D}$ . Then, the leaders run PSL and broadcast their decision. The rest of the correct processes, if any, adopt this decision.

Analysis of BASIC. The observation below is immediate since all processes run exactly the same deterministic leaders selection procedure.

Observation 1

For any two processes $p_{i},p_{j}\in{\mathcal{P}}$ , set $P_{D}$ computed by $p_{i}$ is the same as set $P_{D}$ computed by $p_{j}$ .

Lemma 1

If ${\mathcal{P}}$ contains at least $3x$ processes such that the distance between any pair of such processes is $>D$ , then the size of $P_{D}$ computed by processes in BASIC is $\geq x$ .

Proof

For the same problem like ours, in [14, Theorem 4.7], it is proven that the heuristic we use for the leaders selection provides a distance $D$ independent set $P_{D}$ whose size is no less than a third of optimal size. Thus, $x\leq|P_{D}|$ . The lemma follows. ∎

Lemma 2

Consider a fault area $F$ with diameter $D$ . No two processes in ${\mathcal{P}}_{D}$ are covered by $F$ .

Proof

For any two processes $p_{i},p_{j}\in{\mathcal{P}}_{D}$ , $d(p_{i},p_{j})>D$ . Since any area $F$ has diameter $D$ , no two processes $>D$ away can be covered by $F$ simultaneously. ∎

Theorem 3.1

Algorithm BASIC solves the Byzantine geoconsensus Problem for a fault area set $\mathcal{F}$ , the size of $M\geq 1$ with fault areas $F$ with diameter $D$ for $N$ processes in ${\mathcal{P}}$ tolerating $f\leq N-(2M+1)$ Byzantine faults provided that ${\mathcal{P}}$ contains at least $9M+3$ processes such that their pairwise distance is more than $D$ . The solution is achieved in $M+2$ communication rounds.

Proof

If ${\mathcal{P}}$ contains at least $9M+3$ processes whose pairwise distance is more than $D$ , then, according to Lemma 1, each processes in BASIC selects $P_{D}$ such that $|P_{D}|\geq 3M+1$ . We have $M\geq 1$ fault areas, i.e., $|\mathcal{F}|=M$ . From Lemma 2, a process $p\in{\mathcal{P}}_{D}$ can be covered by at most one fault area $F$ . Therefore, when $|P_{D}|\geq 3M+1$ , then it is guaranteed that even when $M$ processes in ${\mathcal{P}}_{D}$ are Byzantine, $2M+1$ correct processes in ${\mathcal{P}}_{D}$ can reach consensus using PSL algorithm.

In the worst case, the adversary may position fault areas of $\mathcal{F}$ such that all but $2M+1$ processes in ${\mathcal{P}}$ are covered. Hence, BASIC tolerates $N-(2M+1)$ faults.

Let us address the number of rounds that BASIC requires to achieve geoconsensus. It has two components executed sequentially: leaders election and PSL. Leaders election is done independently by all processes and requires no communication. PSL, takes $M+1$ rounds for the $2M+1$ leaders to arrive at the same decision. It takes another round for the leaders to broadcast their decision. Hence, the total number of rounds is $M+2$ . ∎

4 Covering Processes

In this section, in preparation for describing the GENERIC geoconsensus algorithm, we discuss techniques of covering processes by axis-aligned squares and circles. These techniques vary depending on the shape and alignment of the fault area $F$ .

Covering by Squares. The algorithm we describe below covers the processes by square areas $A$ of size $\ell\times\ell$ , assuming that the fault areas $F$ are also squares of the same size. Although $F$ may not be axis-aligned, we use axis-aligned areas $A$ for the cover and later determine how many such axis-aligned areas $A$ that possibly non-axis-aligned fault area $F$ may overlap. Let $A$ be positioned on the plane such that the coordinate of its bottom left corner is $(x_{1},y_{1})$ . The coordinates of its top left, top right, and bottom right corners are respectively $(x_{1},y_{1}+\ell),(x_{1}+\ell,y_{1}+\ell),$ and $(x_{1}+\ell,y_{1})$ .

Let process $p_{i}$ be at coordinate $(x_{i},y_{i})$ . We say that $p_{i}$ is covered by $A$ if and only if $x_{1}\leq x_{i}\leq x_{1}+\ell$ and $y_{1}\leq y_{i}\leq y_{1}+\ell$ . We assume that $A$ is closed, i.e., process $p_{i}$ is assumed to be covered by $A$ even when $p_{i}$ is positioned on the boundary of $A$ .

We first formally define the covering problem by square areas $A$ , which we denote by SQUARE-COVER. Let ${\mathcal{A}}$ be a set of square areas $A$ . We say that ${\mathcal{A}}$ completely covers all $N$ processes if each $p_{i}\in{\mathcal{P}}$ is covered by at least one square of ${\mathcal{A}}$ .

Definition 2 (The SQUARE-COVER problem)

Suppose $N$ processes are embedded into a 2d-plane such that the coordinates of each process are unique. The SQUARE-COVER problem is to determine if a certain number of square areas $A=\ell\times\ell$ can completely cover these $N$ processes.

Theorem 4.1

SQUARE-COVER is NP-Complete.

Proof

The proof is to show that SQUARE-COVER is equivalent to the BOX-COVER problem which was shown to be NP-Complete by Fowler et al. [8]. BOX-COVER is defined as follows: There is a set of $N$ points on the plane such that each point has unique integer coordinates. A closed box (rigid but relocatable) is set to be a square with side 2 and is axis-aligned. The problem is to decide whether a set of $k\geq 1$ identical axis-aligned closed boxes are enough to completely cover all $N$ points. Fowler et al. provided a polynomial-time reduction of 3-SAT to BOX-COVER such that $k$ boxes will suffice if and only if the 3-SAT formula is satisfiable. In this setting, SQUARE-COVER (Definition 2) reduces to BOX-COVER for $\ell=2$ . Therefore, the NP-Completeness of BOX-COVER extends to SQUARE-COVER. ∎

A Greedy Square Cover Algorithm. Since SQUARE-COVER is NP-Complete, we use a greedy approximation algorithm to find a set ${\mathcal{A}}$ of $k_{greedy}$ axis-aligned square areas $A=\ell\times\ell$ that completely cover all $N$ processes in ${\mathcal{P}}$ . We prove that $k_{greedy}\leq 2\cdot k_{opt}$ (i.e., 2-approximation), where $k_{opt}$ is the optimal number of axis-aligned squares in any algorithm to cover those $N$ processes. We call this algorithm GSQUARE. Each process $p_{i}$ can run GSQUARE independently, because $p_{i}$ knows all required input parameters for GSQUARE.

GSQUARE operates as follows. Suppose the coordinates of process $p_{i}\in{\mathcal{P}}$ are $(x_{i},y_{i})$ . Let $x_{min}=\min_{1\leq i\leq N}x_{i},x_{max}=\max_{1\leq i\leq N}x_{i},y_{min}=\min_{1\leq i\leq N}y_{i},$ and $y_{max}=\max_{1\leq i\leq N}y_{i}.$ Let $R$ be an axis-aligned rectangle with the bottom left corner at $(x_{min},y_{min})$ and the top right corner at $(x_{max},y_{max})$ . It is immediate that $R$ is the smallest axis-aligned rectangle that covers all $N$ processes. The width of $R$ is $width(R)=x_{max}-x_{min}$ and the height is $height(R)=y_{max}-y_{min}$ . See Figure 1 for illustration.

Refer to caption — Figure 1: Selection of axis-aligned smallest enclosing rectangle $R$ covering all $N$ processes in ${\mathcal{P}}$ and division of $R$ into axis-aligned slabs $R_{i}$ of height $\ell$ and width $width(R)$ . The slabs are selected such that the bottom side of each slab $R_{i}$ has at least one process positioned on it.

Cover rectangle $R$ by a set ${\mathcal{R}}$ of $m$ slabs ${\mathcal{R}}=\{R_{1},R_{2},\ldots,R_{m}\}$ . The height of each slab $R_{i}$ is $\ell$ , except for the last slab $R_{m}$ whose height may be less than $\ell$ . The width of each slab is $width(R)$ . That is this width is the same is the width of $R$ .

This slab-covering is done as follows. Let $y_{1}=y_{min}+\ell$ . The area of $R$ between two horizontal lines passing through $y_{min}$ to $y_{1}$ is the first slab $R_{1}$ . Now consider only the processes in $R$ that are not covered by $R_{1}$ . Denote that process set by ${\mathcal{P}}^{\prime}$ . Consider the bottom-most process in ${\mathcal{P}}^{\prime}$ , i.e., process $p_{min^{\prime}}=(x_{min^{\prime}},y_{min^{\prime}})\in{\mathcal{P}}^{\prime}$ . We have that $y_{min^{\prime}}>y_{min}+\ell$ . Draw two horizontal lines passing through $y_{min^{\prime}}$ and $y_{min^{\prime}}+\ell$ . The area of $R$ between these lines is in slab $R_{2}$ . Continue this way until all the points in ${\mathcal{P}}$ are covered by a slab. In the last slab $R_{m}$ , it may be the case that its height $height(R_{m})<\ell$ .

So far, we covered $R$ by a set of $m$ slabs ${\mathcal{R}}=\{R_{1},\ldots,R_{m}\}$ . We now we cover each such slab by axis-aligned square areas $A=\ell\times\ell$ . See Figure 2 for illustration. This square-covering is done as follows. Let $R_{i}$ be a slab to cover. Put area $A$ on $R_{i}$ so that the top left corner of $A$ overlaps with the top left corner of slab $R_{i}$ . Slide $A$ horizontally to the right so that there is a process in $R_{i}$ positioned on the left vertical line of $A$ . Fix that area $A$ as one cover square and name it $A_{1}({R_{i}})$ . Now consider only the points in $R_{i}$ not covered by $A_{1}(R_{i})$ . It is immediate that those points are to the right of $A_{1}(R_{i})$ . Place $A$ on those points so that there is a point in $R_{i}$ positioned on the left side of $A$ . Thus, there is no point of $R_{i}$ to the left of this second $A$ that is not covered by $A_{1}({R_{i}})$ ). Fix this as the second cover square and name it $A_{2}({R_{i}})$ . Continue in this manner to cover all the points in $R_{i}$ . Repeat this process for every slab of $R$ .

Lemma 3

Consider any two slabs $R_{i},R_{j}\in{\mathcal{R}}$ produced by GSQUARE. $R_{i}$ and $R_{j}$ do not overlap, i.e., if some process $p\in R_{i}$ , then $p\notin R_{j}$ .

Proof

It is sufficient to prove this lemma for adjacent slabs. Suppose slabs $R_{i}$ and $R_{j}$ are adjacent, i.e., $j=i+1$ . According to the operation of GSQUARE, after the location of $R_{i}$ is selected, only processes that are not covered by the slabs so far are considered for the selection of $R_{j}$ . The first such process lies above the top (horizontal) side of $R_{i}$ . Hence, there is a gap between the top side of $R_{i}$ and the bottom side of $R_{j}$ .∎

Lemma 4

Consider any two square areas $A_{j}({R_{i}})$ and $A_{k}(R_{i})$ selected by GSQUARE in slab $R_{i}\in{\mathcal{R}}$ . $A_{j}({R_{i}})$ and $A_{k}({R_{i}})$ do not overlap, i.e., if some process $p\in A_{j}({R_{i}})$ , then $p\notin A_{k}({R_{i}})$ .

Proof

It is sufficient to prove the lemma for adjacent squares. Suppose $A_{j}({R_{i}})$ and $A_{k}({R_{i}})$ are adjacent, i.e., $k=j+1$ . Consider the operation of GSQUARE in slab $R_{i}$ covered by $A_{j}({R_{i}})$ and $A_{k}({R_{i}})$ . Area $A_{k}({R_{i}})$ only covers the processes that are not covered by $A_{j}({R_{i}})$ and, therefore, to the right of the right side of $A_{j}({R_{i}})$ . As the left side of $A_{k}({R_{i}})$ is placed on the first such process, there is a non-empty gap between the two squares: $A_{j}({R_{i}})$ and $A_{k}({R_{i}})$ .∎

Lemma 5

Consider slab $R_{i}\in{\mathcal{R}}$ . Let $k({R_{i}})$ be the number of squares $A_{j}({R_{i}})$ to cover all the processes in $R_{i}$ using GSQUARE. There is no algorithm that can cover the processes in $R_{i}$ with $k^{\prime}(R_{i})$ number of squares $A_{j}({R_{i}})$ such that $k^{\prime}(R_{i})<k({R_{i}})$ .

Proof

Notice that slab $R_{i}$ has height $height(R_{i})=\ell$ which is the same as the sides of (axis-aligned) squares $A_{j}(R_{i})$ used to cover $R_{i}$ .

GSQUARE operates such that it places a square $A$ so that some process $p$ lies on the left side of this square. Consider a sequence of such processes: $\sigma\equiv\langle p_{1}\cdots p_{u},p_{u+1}\cdots p_{j}\rangle$ . Consider any pair of subsequent processes $p_{u}$ and $p_{u+1}$ in $\sigma$ with respective coordinates $(x_{u},y_{u})$ and $(x_{u+1},y_{u+1})$ . GSQUARE covers them with non-overlapping squares with side $\ell$ . Therefore, $x_{u}+\ell<x_{u+1}$ . That is, the distance between consequent processes in $\sigma$ is greater than $\ell$ . Hence, any such pair of processes may not be covered by a single square. Since the number of squares placed by GSQUARE in slab $R_{i}$ is $k$ , the number of processes in $\sigma$ is also $k$ . Any algorithm that covers these processes with axis-aligned squares requires at least $k$ squares. ∎

Let $k_{opt}({\mathcal{R}})$ be the number of axis-aligned square areas $A=\ell\times\ell$ to cover all $N$ processes in $R$ in the optimal cover algorithm. We now show that $k_{greedy}({\mathcal{R}})\leq 2\cdot k_{opt}({\mathcal{R}})$ , i.e., GSQUARE provides 2-approximation. We divide the slabs in the set ${\mathcal{R}}$ into two sets ${\mathcal{R}}_{odd}$ and ${\mathcal{R}}_{even}$ . For $1\leq i\leq m$ , let

{\mathcal{R}}_{odd}:=\{R_{i},i\mod 2\neq 0\}\text{~{}and~{}}{\mathcal{R}}_{even}:=\{R_{i},i\mod 2=0\}.

Lemma 6

Let $k({\mathcal{R}}_{odd})$ and $k({\mathcal{R}}_{even})$ be the total number of (axis-aligned) square areas $A=\ell\times\ell$ to cover the processes in the sets ${\mathcal{R}}_{odd}$ and ${\mathcal{R}}_{even}$ , respectively. Let $k_{opt}({\mathcal{R}})$ be the optimal number of axis-aligned squares $A=\ell\times\ell$ to cover all the processes in ${\mathcal{R}}$ . $k_{opt}({\mathcal{R}})\geq\max\{k({\mathcal{R}}_{odd}),k({\mathcal{R}}_{even})\}.$

Proof

Consider two slabs $R_{i}$ and $R_{i+2}$ for $i\geq 1$ . Consider a square $A_{j}(R_{i})$ placed by GSQUARE. Consider also two processes $p\in R_{i}$ and $p^{\prime}\in R_{i+2}$ , respectively. The distance between $p$ and $p^{\prime}$ is $d(p,p^{\prime})>\ell$ . Therefore, if $A_{j}(R_{i})$ covers $p$ , then it cannot cover $p^{\prime}\in R_{i+2}$ . Therefore, no algorithm can produce the optimal number of squares $k_{opt}({\mathcal{R}})$ less than the maximum between $k({\mathcal{R}}_{odd})$ and $k({\mathcal{R}}_{even})$ . ∎

Lemma 7

$k_{greedy}({\mathcal{R}})\leq 2\cdot k_{opt}({\mathcal{R}})$ .

Proof

From Lemma 5, we obtain that GSQUARE is optimal for each slab $R_{i}$ . From Lemma 6, we get that for any algorithm $k_{opt}({\mathcal{R}})\geq\max\{k({\mathcal{R}}_{odd}),k({\mathcal{R}}_{even})\}.$ Moreover, the GSQUARE produces the total number of squares $k_{greedy}({\mathcal{R}})=k({\mathcal{R}}_{odd})+k({\mathcal{R}}_{even}).$ Comparing $k_{greedy}({\mathcal{R}})$ with $k_{opt}({\mathcal{R}})$ , we get

\frac{k_{greedy}({\mathcal{R}})}{k_{opt}({\mathcal{R}})}\leq\frac{k({\mathcal{R}}_{odd})+k({\mathcal{R}}_{even})}{\max\{k({\mathcal{R}}_{odd}),k({\mathcal{R}}_{even})\}}\leq\frac{2\cdot\max\{k({\mathcal{R}}_{odd}),k({\mathcal{R}}_{even})\}}{\max\{k({\mathcal{R}}_{odd}),k({\mathcal{R}}_{even})\}}\leq 2.~{}~{}~{}~{}~{}\squareforqed

Covering by Circles. Let us formulate the covering by identical circles $C$ of diameter $\ell$ , which we denote CIRCLE-COVER. Let ${\mathcal{A}}$ be the set of circles $C$ . We say that ${\mathcal{A}}$ completely covers all the processes if every process $p_{i}\in{\mathcal{P}}$ is covered by at least one of the circles in ${\mathcal{A}}$ . The following result can be established similar to SQUARE-COVER.

Theorem 4.2

CIRCLE-COVER is NP-Complete.

A Greedy Circle Cover Algorithm. We call this algorithm GCIRCLE. Pick the square cover set ${\mathcal{A}}$ produced in Section 4. The processes covered by any square $A\in{\mathcal{A}}$ can be completely covered by 4 circles $C$ of diameter $\ell$ : Find the midpoints of the 4 sides of the square and draw the circles $C$ of diameter $\ell$ with their centers on those midpoints.

Lemma 8

Let $k^{C}_{greedy}({\mathcal{R}})$ be the number of circles $C$ of diameter $\ell$ needed to cover all the processes in ${\mathcal{P}}$ by algorithm GCIRCLE. $k^{C}_{greedy}({\mathcal{R}})\leq 8\cdot k^{C}_{opt}({\mathcal{R}})$ , where $k^{C}_{opt}({\mathcal{R}})$ is the optimal number of circles $C$ in any algorithm.

Proof

We first show that $k^{C}_{opt}({\mathcal{R}})\geq\max\{k^{S}({\mathcal{R}}_{odd}),k({\mathcal{R}}^{S}_{even})\},$ where $k^{S}({\mathcal{R}}_{odd})$ and $k^{S}({\mathcal{R}}_{even})$ , respectively, are the number of squares $A=\ell\times\ell$ to cover the slabs in ${\mathcal{R}}_{odd}$ and ${\mathcal{R}}_{even}$ . Consider any square cover $A_{j}(R_{i})$ of any slab $R_{i}$ . A circle $C$ of diameter $\ell$ can cover at most the processes in $A_{j}(R_{i})$ but not in any other square $A_{l}(R_{i})$ . This is because the perimeter of $C$ needs to pass through the left side of $A_{j}(R_{i})$ (since there is a process positioned on that line in $A_{j}(R_{i})$ ) and with diameter $\ell$ , the perimeter of $C$ can touch at most the right side of $A_{j}(R_{i})$ .

We now prove the upper bound. Since one square area $A=\ell\times\ell$ is now covered using at most 4 circles $C$ of diameter $\ell$ , GCIRCLE produces the total number of circles $k^{C}_{greedy}({\mathcal{R}})=4\cdot(k^{S}({\mathcal{R}}_{odd})+k^{S}({\mathcal{R}}_{even})).$

Comparing $k^{C}_{greedy}({\mathcal{R}})$ with $k^{C}_{opt}({\mathcal{R}})$ as in Lemma 7, we have that

\frac{k^{C}_{greedy}({\mathcal{R}})}{k^{C}_{opt}({\mathcal{R}})}\leq\frac{4\cdot(k^{S}({\mathcal{R}}_{odd})+k^{S}({\mathcal{R}}_{even}))}{\max\{k^{S}({\mathcal{R}}_{odd}),k^{S}({\mathcal{R}}_{even})\}}\leq\frac{8\cdot\max\{k^{S}({\mathcal{R}}_{odd}),k^{S}({\mathcal{R}}_{even})\}}{\max\{k^{S}({\mathcal{R}}_{odd}),k^{S}({\mathcal{R}}_{even})\}}\leq 8.~{}\squareforqed

Overlapping Fault Area. The adversary may place the fault area $F$ in any location in the plane. This means that $F$ may not necessarily be axis-aligned. Algorithms GSQUARE and GCIRCLE produce a cover set ${\mathcal{A}}$ of axis-aligned squares and circles, respectively. Therefore, the algorithm we present in the next section needs to know how many areas in ${\mathcal{A}}$ that $F$ overlaps. We now compute the bound on this number. The bound considers both square and circle areas $A$ under various size combinations of fault and non-fault areas. The lemma below is for each $A\in{\mathcal{A}}$ and $F$ being either squares of side $\ell$ or circles of diameter $\ell$ .

Lemma 9

For the processes in ${\mathcal{P}}$ , consider the cover set ${\mathcal{A}}$ consisting of the axis-aligned square areas $A=\ell\times\ell$ . Place a relocatable square area $F=\ell\times\ell$ in any orientation (not necessarily axis-aligned). $F$ overlaps no more than 7 squares $A$ . If the cover set consists of circles $C\in{\mathcal{A}}$ of diameter $\ell$ and $F$ is a circle of diameter $\ell$ , then $F$ overlaps no more than $28$ circles $C$ .

Proof

Suppose $F$ is axis-aligned. $F$ may overlap at most two squares $A$ horizontally. Indeed, the total width covered by two squares in ${\mathcal{A}}$ is $>2\ell$ since the squares do not overlap. Meanwhile, the total width of $F$ is $\ell$ . Similarly, $F$ may overlap at most two squares vertically. Combining possible horizontal and vertical overlaps, we obtain that $F$ may overlap at most 4 distinct axis-aligned areas $A$ . See Figure 3 for illustration.

Consider now that $F$ is not axis-aligned. $F$ can span at most $\sqrt{2}\ell$ horizontally and $\sqrt{2}\ell$ vertically. Therefore, horizontally, $F$ can overlap at most three areas $A$ . Vertically, $F$ can overlap three areas as well. However, not all three areas on the top and bottom rows can be overlapped at once. Specifically, not axis-aligned $F$ can only overlap 2 squares in the top row and 2 in the bottom row. Therefore, in total, $F$ may overlap at most 7 distinct axis-aligned areas. Figure 4 provides an illustration.

For the case of circular $F$ , one square area $A$ can be completely covered by 4 circles $C$ . Furthermore, square $F$ of size $\ell$ overlaps at most 7 square areas $A$ of side $\ell$ . Moreover, the circular $F$ of diameter $\ell$ can be inscribed in a square of side $\ell$ . Therefore, a circular $F$ cannot overlap more than 7 squares, and hence the circular $F$ may overlap in total at most $7\times 4=28$ circles $C$ . ∎

The first lemma below is for each $A$ being an axis-aligned square of side $\ell$ or a circle of diameter $\ell$ while $F$ being either a square of side $\ell/\sqrt{2}$ or a circle of diameter $\ell/\sqrt{2}$ . The second lemma below considers circular fault area $F$ of diameter $\sqrt{2}\ell$ .

Lemma 10

For the processes in ${\mathcal{P}}$ , consider the cover set ${\mathcal{A}}$ consisting of the axis-aligned squares $A=\ell\times\ell$ . Place a relocatable square area $F=\ell/\sqrt{2}\times\ell/\sqrt{2}$ in any orientation (not necessarily axis-aligned). $F$ overlaps no more than 4 squares $A$ . If the cover set consists of circles $C\in{\mathcal{A}}$ of diameter $\ell$ each, and $F$ is a circle of diameter $\ell/\sqrt{2}$ , then $F$ overlaps no more than 16 circles $C$ .

Proof

$F$ can extend, horizontally and vertically, at most $\sqrt{2}\cdot\ell/\sqrt{2}=\ell.$ Therefore, $F$ can overlap no more than two squares $A$ horizontally and two squares $A$ vertically.

For the case of circular $F$ of diameter $\ell/\sqrt{2}$ , it can be inscribed in a square of side $\ell/\sqrt{2}$ . This square can overlap no more than $4$ squares of $\ell\times\ell$ . Each such square can be covered by at most $4$ circles of diameter $\ell$ . Therefore, the total number of circles to overlap the circular fault area $F$ is $4\times 4=16$ . ∎

Lemma 11

For the processes in ${\mathcal{P}}$ , consider the cover set ${\mathcal{A}}$ consisting of the axis-aligned squares areas $A=\ell\times\ell$ . Place a relocatable circular fault area $F$ of diameter $\sqrt{2}\ell$ . $F$ overlaps no more than 8 squares $A$ . If ${\mathcal{A}}$ consists of circles $C$ of diameter $\ell$ , then circular $F$ of diameter $\sqrt{2}\ell$ overlaps no more than 32 circles $C$ .

Proof

Since $F$ is a circle of diameter $\sqrt{2}\ell$ , $F$ can span horizontally and vertically at most $\sqrt{2}\cdot\ell$ . Arguing similarly as in Lemma 9, $F$ can overlap either at most 3 squares $A$ in top row or 3 on the bottom row. Interestingly, if $F$ overlaps 3 squares in the top row, it can only overlap at most 2 in the bottom row and vice-versa. Therefore, in total, $F$ overlaps at most 8 distinct squares of side $\ell$ . Figure 5 provides an illustration.

Since one square of side $\ell$ can be completely covered using 4 circles of diameter $\ell$ , $F$ of diameter $\sqrt{2}\ell$ can cover at most $8\times 4=32$ circles $C$ of diameter $\ell$ . ∎

1 Setting: A set

{\mathcal{P}}

N

processes positioned at distinct planar coordinates. Each process can communicate with all other processes and knows the coordinates of all other processes. The processes covered by the fault area

F

at unknown location are Byzantine. There are

M\geq 1

of identical fault areas

F

and processes know

M

2 Input: Each process has initial value either 0 or 1.

3 Output: Each correct process outputs decision subject to geoconsensus

4 Procedure for process

p_{k}

5 // leaders selection

6 Compute the set

{\mathcal{A}}

of covers

A_{j}(R_{i})

;

7 // For each cover

A_{j}(R_{i})\in{\mathcal{A}}

{\mathcal{P}}_{min}\leftarrow

a set of processes with minimum

y

-coordinate among covered by

A_{j}(R_{i})

;

10 if $|{\mathcal{P}}_{min}|=1$ then

l_{j}(A_{j}(R_{i}))\leftarrow

the only process in

{\mathcal{P}}_{min}

;

13else

l_{j}(A_{j}(R_{i}))\leftarrow

the process in

{\mathcal{P}}_{min}

with minimum

x

-coordinate;

17Let

P_{L}

be the set of leaders, one for each

A_{j}(R_{i})\in{\mathcal{A}}

;

18 // consensus

19 if $p_{k}\in{\mathcal{P}}_{L}$ then

20 run PSL algorithm, achieve decision

v

, broadcast

v

, output

v

21else

22 wait for messages with identical decision

v

from at least

2M+1

processes from

{\mathcal{P}}_{L}

, output

v

Algorithm 2 GENERIC geoconsensus algorithm.

5 The GENERIC Geoconsensus Algorithm

We now describe an algorithm solving geoconsensus we call GENERIC for a set ${\mathcal{P}}$ of $N$ processes on the plane. Each process $p_{k}$ knows the coordinates of all other processes and can communicate with all of them. Each process $p_{k}$ knows the shape (circle, square, etc.) and size (diameter, side, etc.) of the fault area $F$ . There are $M\geq 1$ fault areas, i.e., $|\mathcal{F}|=M$ and $p_{k}$ knows $M$ . The processes do not know the orientation and location of each fault area $F$ . Fault area $F$ is controlled by an adversary and all processes covered by that area $F$ are Byzantine. Each process $p_{k}$ is given an initial value either 0 or 1. The output of each process has to comply with the three properties of geoconsensus.

The pseudocode is given in Algorithm 2. GENERIC operates as follows. Each process $p_{k}$ computes a set ${\mathcal{A}}$ of covers $A_{j}(R_{i})$ that are of same size as $F$ . Then $p_{k}$ determines the leader $l_{j}(A_{j}(R_{i}))$ in each cover $A_{j}(R_{i})$ . The process in $A_{j}(R_{i})$ with smallest $y$ -coordinate is selected as a leader. If there exist two processes with the same smallest $y$ -coordinate, then the process with the smaller $x$ -coordinate between them is picked. If $p_{k}$ is selected leader, it participates in running PSL [17]. The leaders run PSL then broadcast the achieved decision. The non-leader processes adopt it.

Analysis of GENERIC. We now study the correctness and fault-tolerance guarantees of GENERIC. In all theorems of this section, GENERIC achieves the solution in $M+2$ communication rounds. The proof for this claim is similar to that for BASIC in Theorem 3.1.

Let the fault area $F=\ell\times\ell$ be a, not necessarily axis-aligned, square.

Theorem 5.1

Given a set ${\mathcal{P}}$ of $N$ processes and one square are $F$ are positioned at an unknown location such that any process of ${\mathcal{P}}$ covered by $F$ is Byzantine. Algorithm GENERIC solves geoconsensus with the following guarantees:

•

If $F=\ell\times\ell$ and not axis-aligned and $A=\ell\times\ell$ , $f\leq N-15$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 22$ .
•

If $F=\ell\times\ell$ and axis-aligned and $A=\ell\times\ell$ , $f\leq N-9$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 13$ .
•

If $F=\ell/\sqrt{2}\times\ell/\sqrt{2}$ but $A=\ell\times\ell$ , then even if $F$ is not axis aligned, $f\leq N-9$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 13$ .

Proof

We start by proving the first case. From Lemma 9, we obtain that a square fault area $F=\ell\times\ell$ , regardless of orientation and location, can overlap at most $n(F)=7$ axis-aligned squares $A=\ell\times\ell$ . When $|{\mathcal{A}}|\geq 22$ , we have at least ${\mathcal{A}}-n(F)\geq 15$ axis-aligned squares containing only correct processes. Since GENERIC reaches consensus using only the values of the leader processes in each area $A$ , if we have $|{\mathcal{A}}|\geq 22$ areas, it is guaranteed that $\geq 2\cdot|{\mathcal{A}}|/3+1\geq 2\cdot n(F)+1$ leader processes are correct (with $n(F)=7$ ) and they can reach consensus using PSL algorithm. Regarding the number of faulty process that can be tolerated, the fault area $F$ can cover $f\leq N-15$ processes but still algorithm GSQUARE produces total $|{\mathcal{A}}|=22$ areas. All these $f\leq N-15$ faulty processes can be tolerated.

Let us address the second case. An axis-aligned square $F$ can overlap at most $n(F)=4$ axis-aligned squares $A$ . Therefore, when $|{\mathcal{A}}|\geq 13$ , we have that $|{\mathcal{A}}|-9\geq 2\cdot n(F)+1$ leader processes are correct and they can reach consensus. In this case, $f\leq N-9$ processes can be covered by $F$ and still they all can be tolerated.

Let us now address the third case, when $F=\ell/\sqrt{2}\times\ell/\sqrt{2}$ but $A=\ell\times\ell$ . Regardless of its orientation, $F$ can overlap at most $n(F)=4$ squares $A$ . Therefore, $|{\mathcal{A}}|\geq 13$ is sufficient for consensus and total $f\leq N-9$ processes can be tolerated. ∎

For the multiple fault areas $F$ with $|\mathcal{F}|=M$ , Theorem 5.1 extends as follows.

Theorem 5.2

Given a set ${\mathcal{P}}$ of $N$ processes and a set of $M\geq 1$ of square areas $F$ positioned at unknown locations such that any process of ${\mathcal{P}}$ covered by any $F$ may be Byzantine. Algorithm GENERIC solves geoconsensus with the following guarantees:

•

If each $F=\ell\times\ell$ and not axis-aligned and $A=\ell\times\ell$ , $f\leq N-15M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 22M$ .
•

If each $F=\ell\times\ell$ and axis-aligned and $A=\ell\times\ell$ , $f\leq N-9M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 13M$ .
•

If each $F=\ell/\sqrt{2}\times\ell/\sqrt{2}$ but $A=\ell\times\ell$ , then even if $F$ is not axis-aligned, $f\leq N-9M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 13M$ .

Proof

The proof for the case of $M=1$ extends to the case of $M>1$ as follows. Theorem 5.1 gives the bounds $f\leq N-\gamma$ and $|{\mathcal{A}}|\geq\delta$ for one fault area for some positive integers $\gamma,\delta$ . For $M$ fault areas, $M$ separate $|{\mathcal{A}}|$ sets are needed, with each set tolerating a single fault area $F$ . Therefore, the bounds of Theorem 5.1 extend to multiple fault areas with a factor of $M$ , i.e., GENERIC needs $M\cdot\delta$ covers and $f\leq N-M\cdot\gamma$ faulty processes can be tolerated. Using the appropriate numbers from Theorem 5.1 provides the claimed bounds. ∎

We have the following theorem for the case of circular fault set $\mathcal{F}$ , $|\mathcal{F}|=M\geq 1$ .

Theorem 5.3

Given a set ${\mathcal{P}}$ of $N$ processes and a set of $M\geq 1$ circles $F$ positioned at unknown locations such that any process of ${\mathcal{P}}$ covered by $F$ may be Byzantine. Algorithm GENERIC solves geoconsensus with the following guarantees:

•

If each $F$ and $A$ are circles of diameter $\ell$ , $f\leq N-57M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 85M$ .
•

If each $F$ is a circle of diameter $\sqrt{2}\ell$ and $A$ is a circle of diameter $\ell$ , $f\leq N-65M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 97M$ .
•

If each $F$ is a circle of diameter $\ell/\sqrt{2}$ and $A$ is a circle of diameter $\ell$ , $f\leq N-33M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 49M$ .

Proof

For the first case, we have that $n(F)=28$ , when cover set ${\mathcal{A}}$ is of circles of diameter $\ell$ and the fault area $F$ is also a circle of diameter $\ell$ . Therefore, when $|{\mathcal{A}}|\geq 85M$ , we have that at least $|{\mathcal{A}}|-n(F)\geq 57M$ circles containing only correct processes. Since Algorithm 2 reaches consensus using only the values of the leader processes in each area $A$ , when we have $|{\mathcal{A}}|\geq 85M$ , it is guaranteed that $\geq 2\cdot|{\mathcal{A}}|/3+1\geq 2\cdot n(F)M+1$ leader processes are correct and hence GENERIC can reach consensus. The fault tolerance guarantee of $f\leq N-57M$ can be shown similarly to the proof of Theorem 5.1.

For the second result, we have shown that $n(F)=32$ . Therefore, we need $|{\mathcal{A}}|\geq 3\cdot n(F)+1\geq 97$ for one faulty circle $F$ of diameter $\sqrt{2}\ell$ . For $M$ faulty circles, we need $|{\mathcal{A}}|\geq 97M$ . Therefore, the fault tolerance bound is $f\leq N-(2\cdot n(F)M+1)=N-65M$ .

For the third result, we have shown that $n(F)=16$ for a single faulty circle of diameter $\ell/\sqrt{2}$ . Therefore, we need $|{\mathcal{A}}|\geq 49M$ and $f\leq N-33M$ . ∎

6 Extensions to Higher Dimensions

Our approach can be extended to solve geoconsensus in $d$ -dimensions, $d\geq 3$ . BASIC extends as is, whereas GENERIC runs without modifications in higher dimensions so long as we determine (i) the cover set ${\mathcal{A}}$ of appropriate dimension and (ii) the overlap bound – the maximum number of $d$ -dimensional covers $A$ that the fault area $F$ may overlap. The bound on $f$ then depends on $M$ and the cover set size $|{\mathcal{A}}|$ . In what follows, we discuss 3-dimensional space. The still higher dimensions can be studied similarly.

When $d=3$ , the objective is to cover the embedded processes of ${\mathcal{P}}$ by cubes of size $\ell\times\ell\times\ell$ or spheres of diameter $\ell$ . It can be shown that the greedy cube (sphere) cover algorithm, let us call it GCUBE (GSPHERE), provides $2^{d-1}=4$ (16) approximation of the optimal cover. The idea is to appropriately extend the 2-dimensional slab-based division and axis-aligned square-based covers discussed in Section 4 to $3$ -dimensions with rectangular cuboids and cube-based covers.

Suppose the coordinates of process $p_{i}\in{\mathcal{P}}$ are $(x_{i},y_{i},z_{i})$ . GCUBE operates as follows. It first finds $x_{min},y_{min},z_{min}$ as well as $x_{max},y_{max},z_{max}$ . Then, a smallest axis-aligned (w.r.t. $x$ -axis) cuboid, i.e. rectangular parallelepiped, $R$ with the left-bottom-near corner $(x_{min},y_{min},z_{min})$ and the right-top-far corner at $(x_{max},y_{max},z_{max})$ is constructed such that $R$ covers all $N$ processes in ${\mathcal{P}}$ . Assume that $z-axis$ is away from the viewer. The depth of $R$ is $depth(R)=z_{max}-z_{min}$ ; $width(R)$ and $height(R)$ are similar to GSQUARE.

GCUBE now divides $R$ into a set ${\mathcal{R}}$ of $m$ cuboids ${\mathcal{R}}=\{R_{1},\cdots,R_{m}\}$ such that $depth(R_{i})=\ell$ but the $width(R_{i})=width(R)$ and $height(R_{i})=height(R)$ . Each $R_{i}$ is further divided into a set of ${\mathcal{R}}_{i}$ of $n$ cuboids ${\mathcal{R}}_{i}=\{R_{i1},\ldots,R_{in}\}$ such that each $R_{ij}$ has $width(R_{ij})=width(R)$ but $height(R_{ij})=\ell$ and $depth(R_{ij})=\ell$ . Each cuboid $R_{ij}$ is similar to the slab $R_{i}$ shown in Figure 2 but has depth $\ell$ .

It now remains to cover each axis-aligned cuboid $R_{ij}$ with cubic areas $A$ of side $\ell$ . Area $A$ can be put on $R_{ij}$ so that the top left corner of $A$ overlaps with the top left corner of cuboid $R_{ij}$ . Slide $A$ on the $x$ -axis to the right so that there is a process covered by $R_{ij}$ positioned on the left vertical plane of $A$ . Fix that area $A$ as one cover cube and name it $A_{1}(R_{ij})$ . Now consider only the processes in $R_{ij}$ not covered by $A_{1}(R_{ij})$ . Place another $A$ on those processes so that there is a point in $R_{ij}$ positioned on the left vertical plane of $A$ and there is no process on the left of $A$ that is not covered by $A_{1}(R_{ij})$ . Let that $A$ be $A_{2}(R_{ij})$ . Continue this way to cover all the processes in $R_{ij}$ .

Apply the procedure of covering $R_{ij}$ to all $m\times n$ cuboids. Lemma 3 can be extended to show that no two cuboids $R_{ij},R_{kl}$ overlap. Lemma 4 can be extended to show that no two cubic covers $A_{o}(R_{ij})$ and $A_{p}(R_{kl})$ overlap. For each cuboid $R_{ij}$ , Lemma 5 can be extended to show that no other algorithm produces the number of cubes $k^{\prime}(R_{ij})$ less than the number of cubes $k(R_{ij})$ produced by algorithm GCUBE.

Since the cover for each square cuboid $R_{ij}$ is individually optimal, let $k_{opt}({\mathcal{R}})$ be the number of axis-aligned cubes to cover all $N$ processes in $R$ in the optimal cover algorithm. We now show that $k_{greedy}({\mathcal{R}})\leq 4\cdot k_{opt}({\mathcal{R}})$ , i.e., GCUBE provides 4-approximation. We do this by combining two approximation bounds. The first is for the $m$ cuboids $R_{i}$ , for which we show $2$ -approximation. We then provide $2$ -approximation for each cuboid $R_{i}$ which is now divided into $n$ cuboids $R_{ij}$ . Combining these two approximations, we have, in total, a $4$ -approximation.

As in the 2-dimensional case, divide the $m$ cuboids in the set ${\mathcal{R}}$ into two sets ${\mathcal{R}}_{odd}$ snd ${\mathcal{R}}_{even}$ . Arguing as in Lemma 5, we can show that $k_{opt}({\mathcal{R}})\geq\max\{k(R_{odd}),k(R_{even})\}$ and $k_{greedy}({\mathcal{R}})=k(R_{odd})+k(R_{even})$ . Therefore, the ratio $k_{greedy}({\mathcal{R}})/k_{opt}({\mathcal{R}})\leq 2$ while dividing $R$ into $m$ cuboids.

Now consider any cuboid $R_{i}\in{\mathcal{R}}_{odd}$ ( $R_{i}\in{\mathcal{R}}_{even}$ case is analogous). $R_{i}$ is divided into a set ${\mathcal{R}}_{i}$ of $n$ cuboids $R_{ij}$ . Divide $n$ cuboids in the set ${\mathcal{R}}_{i}$ into two sets ${\mathcal{R}}{i,odd}$ and ${\mathcal{R}}{i,even}$ based on odd and even $j$ . Therefore, it can be shown that, similarly to Lemma 5, that $k_{opt}({\mathcal{R}}_{i})\geq\max\{k(R_{i,odd}),k(R_{i,even})\}$ and $k_{greedy}({\mathcal{R}}_{i})=k(R_{i,odd})+k(R_{i,even})$ . Therefore, $k_{greedy}({\mathcal{R}}_{i})/k_{opt}({\mathcal{R}}_{i})\leq 2$ . Combining the $2$ -approximations each for the two steps, we have the overall $4$ -approximation.

Let us now discuss the $16$ -approximation for spheres of diameter $\ell$ . One cube $A_{l}(R_{ij})$ of side $\ell$ can be completely covered by $4$ spheres of diameter $\ell$ . Since, for cubes, GCUBE is $4$ -approximation, we, therefore, obtain that GSPHERE is a $16$ -approximation. We omit this discussion but it can be shown that GSPHERE, appropriately extended from GCIRCLE into 3-dimensions, achieves $(2^{d-1}\cdot d^{d})=4\cdot 27=108$ approximation.

Now we need to find the overlap number $n(F)$ . Cube $A$ of side $\ell$ has diameter $D=\sqrt{3}\ell$ . That means that a cubic fault area $F$ that has the same size as $A$ can overlap at most 3 cubes $A_{l}(R_{ij})$ in all 3 dimensions. Therefore, $F$ can cover at most $3^{3}=27$ cubes $A_{l}(R_{ij})$ . For sphere $F$ of diameter $\ell$ , since one cube $A_{l}(R_{ij})$ can be completely covered by $4$ spheres of diameter $\ell$ and $F$ can be inscribed inside $A_{l}(R_{ij})$ , it overlaps the total $4\cdot 27=108$ spheres $A_{l}(R_{ij})$ . For the the axis-aligned case of cubic fault area $F$ , it can be shown that $n(F)=8$ cubes $A_{l}(R_{ij})$ . This is because it can overlap with at most $4$ cubes $A_{l}(R_{ij})$ as Figure 3 and, due to depth $\ell$ , it can go up to two layers, totaling 8. $n(F)=32$ for sphere $F$ is immediate since each cube $A_{l}(R_{ij})$ is covered by $4$ spheres of diameter $\ell$ , sphere of diameter $\ell$ can be inscribed inside a cube $A_{l}(R_{ij})$ of side $\ell$ , and a faulty cube $F$ of side $\ell$ can overlap at most 8 axis-aligned cubes $A_{l}(R_{ij})$ .

We summarize the results for cubic covers and cubic fault areas in Theorem 6.1.

Theorem 6.1

Given a set ${\mathcal{P}}$ of $N$ processes embedded in 3-d space and a set of $M\geq 1$ of cubic areas $F$ at unknown locations, such that any process of ${\mathcal{P}}$ covered by $P$ may be Byzantine. Algorithm GENERIC solves geoconsensus with the following guarantees:

•

If $F$ is cube of side $\ell$ and not axis-aligned and $A$ is also a cube of side $\ell$ , $f\leq N-55M$ faulty processes can be tolerated given that the cover set $|{\mathcal{A}}|\geq 82M$ .
•

If $F$ is cube of side $\ell$ and axis-aligned and $A$ is also a cube of side $\ell$ , $f\leq N-17M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 25M$ .
•

If $F$ is a sphere of diameter $\ell$ and $A$ is a sphere of diameter $\ell$ , $f\leq N-217M$ faulty processes can be tolerated given that $|{\mathcal{A}}|\geq 325M$ .

7 Concluding Remarks

Byzantine consensus is a relatively old, practically applicable and well-researched problem. It had been attracting extensive attention from researchers and engineers in distributed systems. In light of the recent development on location-based consensus protocols, such as G-PBFT [13], we have formally defined and studied the consensus problem of processes that are embedded in a $d$ -dimensional plane, $d\geq 2$ . We have explored both the possibility as well bounds for a solution to geoconsensus. Our results provide trade-offs on three parameters $N,M,$ and $f$ , in constant to the trade-off between only two parameters $N$ and $f$ in the Byzantine consensus literature. Our results also show the dependency of the tolerance guarantees on the shapes of the fault areas.

For future work, it would be interesting to close or reduce the gap between the condition for impossibility and a solution (as discussed in Contributions). It would also be interesting to consider fault area $F$ shapes beyond circles and squares that we studied; to investigate process coverage by non-identical squares, circles or other shapes to see whether better bounds on the set ${\mathcal{A}}$ and fault-tolerance guarantee $f$ can be obtained.

References

[1] Abd-El-Malek, M., Ganger, G.R., Goodson, G.R., Reiter, M.K., Wylie, J.J.: Fault-scalable byzantine fault-tolerant services. ACM SIGOPS Operating Systems Review 39(5), 59–74 (2005)
[2] Adya, A., Bolosky, W.J., Castro, M., Cermak, G., Chaiken, R., Douceur, J.R., Howell, J., Lorch, J.R., Theimer, M., Wattenhofer, R.P.: Farsite: Federated, available, and reliable storage for an incompletely trusted environment. ACM SIGOPS Operating Systems Review 36(SI), 1–14 (2002)
[3] Bulusu, N., Heidemann, J., Estrin, D., Tran, T.: Self-configuring localization systems: Design and experimental evaluation. ACM Transactions on Embedded Computing Systems (TECS) 3(1), 24–60 (2004)
[4] Castro, M., Liskov, B.: Practical byzantine fault tolerance and proactive recovery. ACM Transactions on Computer Systems (TOCS) 20(4), 398–461 (2002)
[5] Castro, M., Rodrigues, R., Liskov, B.: Base: Using abstraction to improve fault tolerance. ACM Transactions on Computer Systems (TOCS) 21(3), 236–269 (2003)
[6] Clark, B.N., Colbourn, C.J., Johnson, D.S.: Unit disk graphs. Discrete mathematics 86(1-3), 165–177 (1990)
[7] Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. European transactions on Telecommunications 8(5), 481–490 (1997)
[8] Fowler, R.J., Paterson, M., Tanimoto, S.L.: Optimal packing and covering in the plane are np-complete. Inf. Process. Lett. 12(3), 133–137 (1981)
[9] Hightower, J., Borriello, G.: Location systems for ubiquitous computing. computer 34(8), 57–66 (2001)
[10] Koo, C.Y.: Broadcast in radio networks tolerating byzantine adversarial behavior. In: PODC. pp. 275–282 (2004)
[11] Kubiatowicz, J., Bindel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, S., Weatherspoon, H., Weimer, W., et al.: Oceanstore: An architecture for global-scale persistent storage. ACM SIGOPS Operating Systems Review 34(5), 190–201 (2000)
[12] Lamport, L., Shostak, R., Pease, M.: The byzantine generals problem. ACM Transactions on Programming Languages and Systems 4(3), 382–401 (1982)
[13] Lao, L., Dai, X., Xiao, B., Guo, S.: G-PBFT: A location-based and scalable consensus protocol for iot-blockchain applications. In: IPDPS. pp. 664–673 (2020)
[14] Marathe, M.V., Breu, H., Hunt III, H.B., Ravi, S.S., Rosenkrantz, D.J.: Simple heuristics for unit disk graphs. Networks 25(2), 59–68 (1995)
[15] Miller, A., Xia, Y., Croman, K., Shi, E., Song, D.: The honey badger of bft protocols. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. pp. 31–42 (2016)
[16] Moniz, H., Neves, N.F., Correia, M.: Byzantine fault-tolerant consensus in wireless ad hoc networks. IEEE Transactions on Mobile Computing 12(12), 2441–2454 (2012)
[17] Pease, M., Shostak, R., Lamport, L.: Reaching agreement in the presence of faults. J. ACM 27(2), 228–234 (Apr 1980), https://doi.org/10.1145/322186.322188
[18] Pelc, A., Peleg, D.: Broadcasting with locally bounded byzantine faults. Information Processing Letters 93(3), 109–115 (Feb 2005)
[19] Rushby, J.: Bus architectures for safety-critical embedded systems. In: International Workshop on Embedded Software. pp. 306–323. Springer (2001)
[20] Sousa, J., Bessani, A., Vukolic, M.: A byzantine fault-tolerant ordering service for the hyperledger fabric blockchain platform. In: DSN. pp. 51–58. IEEE (2018)
[21] Vaidya, N.H., Tseng, L., Liang, G.: Iterative approximate byzantine consensus in arbitrary directed graphs. In: PODC. pp. 365–374 (2012)
[22] Zamani, M., Movahedi, M., Raykova, M.: Rapidchain: Scaling blockchain via full sharding. In: CCS. pp. 931–948 (2018)