ERA: Epoch-Resolved Arbitration for Duelling Admins in Group Management CRDTs
This addresses surprising behavior in group management for applications like instant messaging, offering an incremental improvement to CRDT consistency.
The paper tackles the Duelling Admins problem in CRDTs, where concurrent events cause rollbacks in group permissions, and proposes ERA, an epoch-based arbitration method that introduces bounded total order to improve consistency while preserving availability.
Conflict-Free Replicated Data Types (CRDTs) are used in a range of fields for their coordination-free replication with strong eventual consistency. By prioritising availability over consistency under partition, peers accumulate events in different orders, and rely on an associative, commutative and idempotent merge function to present a materialised view of the CRDT. Under some circumstances, the state of the materialised view over time can appear to ''roll back'' previously applied events. When the materialised view is used to manage group permissions such as ones found in instant messaging applications, this can lead to surprising behaviour. Rollbacks can occur when there are multiple concurrent events, such as in the Duelling Admins problem where two equally permissioned admins concurrently revoke each other's permissions. Who wins? Different solutions and their trade-offs are examined. A Byzantine admin can exploit concurrency to influence the duel, whereby we argue that an external arbiter is required to order concurrent events. Our ERA proposal arbitrates asynchronously in batches via optional ''epoch events'', preserving availability. This introduces a bounded total order within epochs, and the resulting ''finality'' improves on the level of consistency CRDTs can provide.