The Byzantine Generals Problem says a set of generals who are greater than 2/3rds loyal is required to guarantee that securely issuing an order is possible the loyal generals.
Because of this, I am curious why so many physical systems opt for 2-person systems, like the two-man rule for launching nukes in the US (two authorized people are supposed to be required to authenticate any nuclear launch) or two-key systems for things like bank vaults etc. I’ve never seen 4 or 10 lock systems depicted in media and that seems like something media would play up if it existed.
On the one hand, systems with larger numbers of locks require more defecting “generals”, which by itself makes it much harder to gather/orchestrate that many people without being caught. This would also make the system more hardened to defectors, unlike the 2-man rule. If a single soviet spy infiltrates a the launch team for a silo, a launch can be subverted. Not the case with a “four-man rule”.
On the other hand, mechanical systems with more keys become more difficult to construct and keep secure. And maybe the process of vetting individuals to be launchers or vault guards doesn’t scale well, and you just want put all your eggs in the basket of being really sure that the two launchers are secure.
I asked my advisor, and he told me it’s only two because “it’s the byzantine generals problem”, which I guess it is in the sense that it’s distributed consensus. But A) it’s also not because most of these considerations are outside the theoretical limits of the problem/solution as far as I can tell (how hard it is to vet people, how hard it is to construct the physical systems which rely on the secure consensus) and B) even to the extent that it is the byzantine generals, it’s still unclear to me why that would proscribe a set of 2 generals for these systems.
Does the byzantine generals problem really prove or show that these systems are best left as 2 person systems?
Are physical locking systems with more than 2 people ever used? What, if anything, has gone into deciding that 2 is good, but 4 or 10 lock systems for is difficult to engineer around? Mostly just curious if there is some kind of disagreement across domains on what best practices are for security, and why these differences exist, and mostly if I’m totally missing something about the byzantine generals problem.