Consensus-Error Analysis Framework

• Consensus-Error-Based Analysis Framework is a rigorous system-theoretic method that quantifies and models deviations in multi-agent consensus networks.
• It employs unknown-input system theory to derive precise conditions for detecting and identifying both faulty and malicious agents.
• The framework offers centralized and decentralized detection algorithms with connectivity thresholds, ensuring robust application in areas like motion coordination and clock synchronization.

A consensus-error-based analysis framework provides a rigorous methodology for quantifying, detecting, and mitigating the impact of misbehaving agents—such as faulty or malicious nodes—in distributed linear consensus networks. This framework is grounded in system theory and addresses trustworthy computation in settings fundamental to multi-agent systems, including motion coordination, clock synchronization, and distributed estimation.

1. System-Theoretic Modeling of Misbehaviors

The core innovation of the consensus-error-based analysis framework is its use of the unknown-input system-theoretic paradigm to model deviations from nominal agent behavior. In nominal form, the linear consensus network evolves according to

$x(t+1) = Ax(t)$

where $x \in \mathbb{R}^n$ is the state vector of the agents and $A$ is a row-stochastic, primitive consensus update matrix.

Misbehaving agents are represented as injecting unknown, unmeasurable disturbances into their state trajectories. Denoting the set of misbehaving agents as $K \subseteq V$ and the unknown input as $u_K(t)$, the affected dynamics read

$x(t+1) = Ax(t) + B_K u_K(t)$

where $B_K$ selects the affected nodes. Each observing agent may only have access to a subset of states through a matrix $C_j$: $y_j(t) = C_j x(t)$ This modeling aligns the detection of misbehaviors with classical unknown-input observer problems in control theory, facilitating rigorous analysis of detectability and identifiability of adversarial actions.

2. Formal Characterization of Misbehavior Detectability and Identifiability

The framework delivers precise, necessary and sufficient conditions for when misbehavior is undetectable or unidentifiable from an agent’s observations.

• An input $u_K(t)$ is undetectable by agent $j$ if it is impossible to distinguish the affected network trajectory from that of some alternative initial network state in the absence of misbehavior:

$y_j(x_1, u_K, t) = y_j(x_2, 0, t) \quad \forall t$

• A misbehavior is unidentifiable if there exists another distinct subset and possible inputs that induce indistinguishable outputs.

Explicitly (Theorem 1), unidentifiability holds if, for some $K_2 \ne K_1$ and input sequence $u_{K_2}(t)$,

$$C_j A^{t+1} \bar x = \sum_{\tau=0}^t C_j A^{t-\tau} [B_{K_1}u_{K_1}(\tau) - B_{K_2}u_{K_2}(\tau)]$$

for all $t$.

This analysis distinguishes two agent types:

• Faulty agents act independently, perhaps randomly.
• Malicious agents (Byzantine faults) coordinate to craft subtle, unidentifiable inputs.

3. Detection and Identification Limits: Topological Bounds

The network's topological connectivity imposes fundamental limits on consensus error detection and identification:

• For malicious agents: To detect and identify up to $k$ such agents, the network must be at least $2k+1$-connected.
• For faulty agents: Detection and identification require at least $k+1$-connectivity.

Formally, in a $k$-connected graph, at most $\left\lfloor (k-1)/2 \right\rfloor$ malicious or $k-1$ faulty agents can be generically identified. These thresholds are generic over almost all choices of consensus weights.

The proofs exploit the system's zero dynamics: If adversaries can excite undetectable input modes, detection or identification becomes provably impossible from available outputs.

4. Effect of Undetectable Inputs on Consensus Value

Undetectable misbehaviors can shift the final consensus value attained by the network:

• If agents change their initial conditions (a special case of undetectable input), the limit state becomes

$$\lim_{t \to \infty} x(t) = 1 \cdot \pi (x(0) + B_K c)$$

where $\pi$ is the stationary left eigenvector of $A$.

• For exponentially vanishing inputs $u_K(t)$, the total deviation is bounded by

$$\lim_{t\to\infty} \sum_{\tau=0}^t A^{t-\tau} B_K u(\tau) \preceq (1-z)^{-1} 1 \pi B_K \bar u$$

Thus, consensus errors induced by undetectable attacks are in general bounded but can shift the steady-state value arbitrarily, depending on the coordination of the adversaries and structural network properties.

Unobservable subspace attacks (those which excite only the unobservable space with respect to a given observer) yield no change in the observable consensus value.

5. Detection and Identification Algorithms

Three practical algorithmic approaches are proposed:

5.1 Local Observer-Based Detection (Algorithm 1)

Each agent maintains an observer for its neighborhood. Anomalies in the residual signal indicate misbehavior. This approach is fully distributed, requires no global network knowledge, and is computationally light, but may be unable to distinguish among multiple misbehaving agents.

5.2 Centralized Identification via Dead-Beat Residual Filters (Algorithm 2)

Agents synthesize a bank of residual generators, each sensitive to activity from specific agent subsets. By monitoring which generators exhibit persistent residuals, the system can conclusively detect and identify misbehaving agents—at the expense of exponential computation and requirement for global network knowledge.

5.3 Decentralized, Clustered Identification (Algorithm 3)

For networks with weakly connected clusters, local identification algorithms are used. Each agent filters only for potential misbehaviors within its own cluster, using block-diagonal approximations of the consensus matrix. This provides fast, scalable, locally focused identification, though detection is contingent on misbehaviors exceeding a threshold defined by inter-cluster coupling.

The table below summarizes major trade-offs:

Approach	Scope	Complexity	Knowledge Required	Detect vs Identify
Local Observer (1)	Local	Low	Local topology	Detects; may not identify
Centralized Dead-beat (2)	Global	High (Combinatorial)	Global topology	Detects and identifies
Clustered/Decentralized (3)	Cluster/Local	Low	Local cluster connectivity	Local identification

6. Real-World Applications and Impact

The consensus-error-based analysis framework has been applied in contexts such as:

• Motion coordination in robot swarms: Identifies and isolates errant or malicious robots.
• Clock synchronization in sensor networks: Robustly removes or quarantines faulty sensors injecting timing errors.
• Distributed estimation in power and sensor networks: Ensures reliable aggregation and filtering despite untrustworthy nodes.

The local identification algorithms scale to very large, clustered networks such as infrastructure grids, providing safeguards with only local information and minimal computation.

Simulations on 8-node 3-connected networks confirm theory: with the complete filter, up to two faulty agents or one malicious agent can always be detected. In larger, partitioned networks, local algorithms accurately flag local faults if the cross-cluster coupling is weak.

7. Theoretical and Practical Significance

This framework establishes system-theoretic detectability and identifiability boundaries grounded in graph connectivity, offering mathematically rigorous guarantees for multi-agent coordination under adversarial conditions. By providing both global and scalable local strategies, it addresses the needs of both small and massive distributed systems. Limitations are imposed chiefly by the network’s connectivity: insufficient connectivity results in inherent undetectable consensus errors, highlighting the importance of robust network design in secure and trustworthy multi-agent deployments.