Abstract
The problem of Byzantine Agreement (BA) is of interest to both the distributed computing and cryptography communities. Following well-known results from distributed computing literature, the BA problem in the asynchronous network setting encounters inevitable non-termination issues. The impasse is overcome via randomization that allows construction of BA protocols in two flavors of termination guarantee—with overwhelming probability and with probability one. The latter type, termed as almost-surely terminating BA, is the main focus of this article. An eluding problem in the domain of almost-surely terminating BA is achieving a constant expected running time. Our primary contribution in this work makes significant progress in this direction.
In a setting with n parties and an adversary with unbounded computing power controlling at most t parties in a Byzantine fashion, we present two almost-surely terminating BA protocols in the asynchronous setting:
○ With the optimal resilience of t < n/3, our first protocol runs for an expected O(n) time. The existing protocols in the same setting either run for an expected O(n2) time (Abraham et al., PODC 2008) or require exponential computing power from the honest parties (Wang, CoRR 2015). In terms of communication complexity, our construction outperforms all the known constructions with t < n/3 that offer almost-surely terminating feature.
○ With the resilience of t < n/3 + ϵ for any ϵ > 0, our second protocol runs for an expected O(1/ϵ) time. The expected running time of our protocol turns constant when ϵ is a constant fraction. The known constructions with a constant expected running time either require ϵ to be at least 1 (Feldman-Micali, STOC 1988 and Patra-Pandu Rangan, PODC 2010), implying t < n/4, or call for exponential computing power from the parties (Wang, CoRR 2015).
We follow the traditional route of building BA via common coin protocol that in turn reduces to Asynchronous Verifiable Secret-Sharing (AVSS). Our constructions are built on a variant of AVSS that is termed as shunning. A shunning AVSS fails to offer the properties of AVSS when the corrupt parties strike, but allows the honest parties to locally detect and shun a set of corrupt parties for any future communication. Our shunning AVSS with t < n/3 and t < n/3 + ϵ guarantee Ω(n) and, respectively, Ω(ϵ t2) conflicts to be revealed when failure occurs. Turning this shunning AVSS to a common coin protocol efficiently constitutes yet another contribution of this work.
As a secondary contribution, we show the power of the shunning technique and present a highly efficient cryptographically secure shunning AVSS, which is used further to design an asynchronous BA protocol with the optimal resilience of t < n/3 in the cryptographic setting. Our construct achieves an amortized expected communication complexity of O(n2) bits for reaching agreement on a single bit while consuming a constant expected running time. This property has been achieved for the first time in the cryptographic setting and that, too, with standard cryptographic assumptions. The best-known existing construction (Cachin et al., CCS 2002), while still needing more communication complexity than ours, is proven secure only in the Random-Oracle Model (ROM).
- I. Abraham, D. Dolev, and J. Y. Halpern. 2008. An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience. In Proceedings of the PODC. ACM, 405--414.Google Scholar
- H. Attiya and J. Welch. 2004. Distributed Computing: Fundamentals, Simulations, and Advanced Topics. Vol. 19. John Wiley 8 Sons.Google ScholarDigital Library
- M. Backes, A. Datta, and A. Kate. 2013. Asynchronous computational VSS with reduced communication complexity. In Proceedings of the CT-RSA (Lecture Notes in Computer Science), Vol. 7779. Springer, 259--276.Google Scholar
- M. Backes, A. Kate, and A. Patra. 2011. Computational verifiable secret sharing revisited. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 7073. Springer, 590--609.Google Scholar
- Z. Beerliová-Trubíniová and M. Hirt. 2008. Perfectly-secure MPC with linear communication complexity. In Proceedings of the TCC (Lecture Notes in Computer Science), Vol. 4948. Springer Verlag, 213--230.Google Scholar
- M. Bellare and P. Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the CCS. ACM, 62--73.Google Scholar
- M. Ben-Or. 1983. Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In Proceedings of the PODC. ACM, 27--30.Google ScholarDigital Library
- M. Ben-Or, S. Goldwasser, and A. Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In Proceedings of the STOC, J. Simon (Ed.). ACM, 1--10.Google Scholar
- M. Ben-Or, E. Pavlov, and V. Vaikuntanathan. 2006. Byzantine agreement in the full-information model in O(log n) rounds. In Proceedings of the STOC. ACM, 179--186.Google Scholar
- D. Boneh and X. Boyen. 2004. Short signatures without random oracles. In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science), Vol. 3027. Springer, 56--73.Google Scholar
- G. Bracha. 1984. An asynchronous [(n-1)/3]-resilient consensus protocol. In Proceedings of the PODC. ACM, 154--162.Google ScholarDigital Library
- C. Cachin, K. Kursawe, A. Lysyanskaya, and R. Strobl. 2002. Asynchronous verifiable secret sharing and proactive cryptosystems. In Proceedings of the CCS. ACM, 88--97.Google Scholar
- C. Cachin, K. Kursawe, and V. Shoup. 2000. Random oracles in Constantipole: Practical asynchronous Byzantine agreement using cryptography (extended abstract). In Proceedings of the PODC. ACM, 123--132.Google Scholar
- C. Cachin, K. Kursawe, and V. Shoup. 2005. Random oracles in Constantinople: Practical asynchronous Byzantine agreement using cryptography. J. Cryptology 18, 3 (2005), 219--246.Google ScholarDigital Library
- R. Canetti. 1995. Studies in Secure Multiparty Computation and Applications. Ph.D. Dissertation. Weizmann Institute, Israel.Google Scholar
- R. Canetti, O. Goldreich, and S. Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557--594.Google ScholarDigital Library
- R. Canetti and T. Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the STOC. 42--51.Google Scholar
- B. Chor and B. A. Coan. 1985. A simple and efficient randomized Byzantine agreement algorithm. IEEE Trans. Softw. Eng. 11, 6 (1985), 531--539.Google ScholarDigital Library
- R. Cramer and I. Damgård. 2005. Multiparty Computation, an Introduction. Contemporary Cryptography. Birkhåuser Basel.Google Scholar
- R. Cramer, I. Damgård, and J. B. Nielsen. 2015. Secure Multiparty Computation and Secret Sharing. Cambridge University Press.Google Scholar
- I. Damgård and J. B. Nielsen. 2007. Scalable and unconditionally secure multiparty computation. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 4622. Springer Verlag, 572--590.Google Scholar
- P. Feldman and S. Micali. 1988. Optimal algorithms for Byzantine agreement. In Proceedings of the STOC. ACM, 148--161.Google Scholar
- M. J. Fischer, N. A. Lynch, and M. Paterson. 1985. Impossibility of distributed consensus with one faulty process. J. ACM 32, 2 (1985), 374--382.Google ScholarDigital Library
- M. Fitzi. 2002. Generalized Communication and Security Models in Byzantine Agreement. Ph.D. Dissertation. ETH Zurich.Google Scholar
- M. K. Franklin and M. Yung. 1992. Communication complexity of secure computation (extended abstract). In Proceedings of the STOC. ACM, 699--710.Google Scholar
- R. Gennaro, M. O. Rabin, and T. Rabin. 1998. Simplified VSS and fact-track multiparty computations with applications to threshold cryptography. In Proceedings of the PODC. ACM, 101--111.Google Scholar
- O. Goldreich. 2004. The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press.Google ScholarDigital Library
- O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the STOC. ACM, 218--229.Google Scholar
- L. Grassi, C. Rechberger, D. Rotaru, P. Scholl, and N. P. Smart. 2016. MPC-friendly symmetric key primitives. In Proceedings of the CCS. ACM, 430--443.Google Scholar
- J. A. Garay and A. Kiayias. 2018. SoK: A Consensus Taxonomy in the Blockchain Era. IACR Cryptology ePrint Archive. Report number 754. https://eprint.iacr.org/2018/754.Google Scholar
- A. Kate, G. M. Zaverucha, and I. Goldberg. 2010. Constant-size commitments to polynomials and their applications. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 6477. Springer, 177--194.Google Scholar
- J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography, Second Edition. CRC Press.Google Scholar
- V. King and J. Saia. 2016. Byzantine agreement in expected polynomial time. J. ACM 63, 2 (2016), 13:1--13:21.Google ScholarDigital Library
- N. A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.Google Scholar
- F. J. MacWilliams and N. J. A. Sloane. 1978. The Theory of Error Correcting Codes. North-Holland Publishing Company.Google Scholar
- A. Patra. 2011. Error-free multi-valued broadcast and Byzantine agreement with optimal communication complexity. In Proceedings of the OPODIS (Lecture Notes in Computer Science), Vol. 7109. Springer, 34--49.Google ScholarDigital Library
- A. Patra, A. Choudhury, and C. Pandu Rangan. 2014. Asynchronous Byzantine agreement with optimal resilience. Distrib. Comput. 27, 2 (2014), 111--146.Google ScholarDigital Library
- A. Patra and C. Pandu Rangan. 2010. Brief announcement: Communication efficient asynchronous Byzantine agreement. In Proceedings of the PODC. ACM, 243--244.Google Scholar
- M. C. Pease, R. E. Shostak, and L. Lamport. 1980. Reaching agreement in the presence of faults. J. ACM 27, 2 (1980), 228--234.Google ScholarDigital Library
- T. P. Pedersen. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 576. Springer, 129--140.Google Scholar
- Michael O. Rabin. 1983. Randomized Byzantine generals. In Proceedings of the FOCS. IEEE Computer Society, 403--409.Google ScholarDigital Library
- T. Rabin and M. Ben-Or. 1989. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In Proceedings of the STOC. ACM, 73--85.Google Scholar
- A. Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612--613.Google ScholarDigital Library
- V. Shoup. 2000. Practical threshold signatures. In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science), Vol. 1807. Springer, 207--220.Google ScholarCross Ref
- C. Wang. 2015. Asynchronous Byzantine agreement with optimal resilience and linear complexity. CoRR abs/1507.06165 (2015).Google Scholar
- A. C. Yao. 1982. Protocols for secure computations (extended abstract). In Proceedings of the FOCS. IEEE Computer Society, 160--164.Google Scholar
Index Terms
- The Power of Shunning: Efficient Asynchronous Byzantine Agreement Revisited*
Recommendations
Asynchronous Byzantine Agreement with optimal resilience
We present an efficient, optimally-resilient Asynchronous Byzantine Agreement (ABA) protocol involving $$n = 3t+1$$n=3t+1 parties over a completely asynchronous network, tolerating a computationally unbounded Byzantine adversary, capable of corrupting ...
Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited
PODC '18: Proceedings of the 2018 ACM Symposium on Principles of Distributed ComputingThe problem of Byzantine Agreement (BA) is of interest to both distributed computing and cryptography community. Following well-known results from the distributed computing literature, BA problem in the asynchronous network setting encounters inevitable ...
An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience
PODC '08: Proceedings of the twenty-seventh ACM symposium on Principles of distributed computingConsider an asynchronous system with private channels and n processes, up to t of which may be faulty. We settle a longstanding open question by providing a Byzantine agreement protocol that simultaneously achieves three properties: (optimal) resilience:...
Comments