Abstract:
Byzantine agreement is the most fundamental primitive in distributed computing. All known Byzantine agreement protocols achieve quadratic or sub-quadratic messages and co...Show MoreMetadata
Abstract:
Byzantine agreement is the most fundamental primitive in distributed computing. All known Byzantine agreement protocols achieve quadratic or sub-quadratic messages and communication. We show that surprisingly, by directly assuming a random leader election oracle (that can be built from the verifiable random function), threshold signatures, and the 1/3 corruption bound, we can build Linear-BA, a binary agreement (BA) that has linear message complexity, constant expected time complexity, and a normal case that has linear communication. We extend Linear-BA to construct Linear-MBA, a multi-valued Byzantine agreement (MBA) protocol also with O(n) messages and O(1) expected time. Finally, we present Linear-MBA-SV, an MBA protocol with the strong validity property via a no-cost transformation from Linear-MBA. All the protocols above are secure under a static adversary, where a static adversary corrupts a set of replicas at the beginning of the protocol. We go on and show an impossibility result that in the adaptive adversary model (in which the adversary can selectively corrupt the replicas while the protocol is running), one cannot build a Byzantine agreement protocol with O(n) messages and O(1) expected time. Accordingly, we revise our protocol to obtain Byzantine agreement protocols with O(n) messages per round and O(n) time. Our results offer a fresh view of what is needed for linear Byzantine agreement: by examining the “needed” assumptions, one can identify the performance bottlenecks for Byzantine agreement. Meanwhile, all our protocols are efficient, as all the building blocks have efficient instantiations.
Published in: IEEE Transactions on Information Forensics and Security ( Volume: 20)