research-article

The Power of Shunning: Efficient Asynchronous Byzantine Agreement Revisited*

Authors:
Laasya Bangalore

University of Rochester, United States, Wegmans Hall, Rochester, NY

University of Rochester, United States, Wegmans Hall, Rochester, NY
View Profile

,
Ashish Choudhury

International Institute of Information Technology Bangalore, India

International Institute of Information Technology Bangalore, India
View Profile

,
Arpita Patra

Indian Institute of Science, Bangalore, India

Indian Institute of Science, Bangalore, India

0000-0002-0188-6558
View Profile

Authors Info & Claims

Journal of the ACM Volume 67 Issue 3Article No.: 14pp 1–59https://doi.org/10.1145/3388788

Published:18 May 2020Publication History

Journal of the ACM

Abstract

The problem of Byzantine Agreement (BA) is of interest to both the distributed computing and cryptography communities. Following well-known results from distributed computing literature, the BA problem in the asynchronous network setting encounters inevitable non-termination issues. The impasse is overcome via randomization that allows construction of BA protocols in two flavors of termination guarantee—with overwhelming probability and with probability one. The latter type, termed as almost-surely terminating BA, is the main focus of this article. An eluding problem in the domain of almost-surely terminating BA is achieving a constant expected running time. Our primary contribution in this work makes significant progress in this direction.

In a setting with n parties and an adversary with unbounded computing power controlling at most t parties in a Byzantine fashion, we present two almost-surely terminating BA protocols in the asynchronous setting:

○ With the optimal resilience of t < n/3, our first protocol runs for an expected O(n) time. The existing protocols in the same setting either run for an expected O(n²) time (Abraham et al., PODC 2008) or require exponential computing power from the honest parties (Wang, CoRR 2015). In terms of communication complexity, our construction outperforms all the known constructions with t < n/3 that offer almost-surely terminating feature.

○ With the resilience of t < n/3 + ϵ for any ϵ > 0, our second protocol runs for an expected O(1/ϵ) time. The expected running time of our protocol turns constant when ϵ is a constant fraction. The known constructions with a constant expected running time either require ϵ to be at least 1 (Feldman-Micali, STOC 1988 and Patra-Pandu Rangan, PODC 2010), implying t < n/4, or call for exponential computing power from the parties (Wang, CoRR 2015).

We follow the traditional route of building BA via common coin protocol that in turn reduces to Asynchronous Verifiable Secret-Sharing (AVSS). Our constructions are built on a variant of AVSS that is termed as shunning. A shunning AVSS fails to offer the properties of AVSS when the corrupt parties strike, but allows the honest parties to locally detect and shun a set of corrupt parties for any future communication. Our shunning AVSS with t < n/3 and t < n/3 + ϵ guarantee Ω(n) and, respectively, Ω(ϵ t²) conflicts to be revealed when failure occurs. Turning this shunning AVSS to a common coin protocol efficiently constitutes yet another contribution of this work.

As a secondary contribution, we show the power of the shunning technique and present a highly efficient cryptographically secure shunning AVSS, which is used further to design an asynchronous BA protocol with the optimal resilience of t < n/3 in the cryptographic setting. Our construct achieves an amortized expected communication complexity of O(n²) bits for reaching agreement on a single bit while consuming a constant expected running time. This property has been achieved for the first time in the cryptographic setting and that, too, with standard cryptographic assumptions. The best-known existing construction (Cachin et al., CCS 2002), while still needing more communication complexity than ours, is proven secure only in the Random-Oracle Model (ROM).

References

I. Abraham, D. Dolev, and J. Y. Halpern. 2008. An almost-surely terminating polynomial protocol for asynchronous Byzantine agreement with optimal resilience. In Proceedings of the PODC. ACM, 405--414.Google Scholar
H. Attiya and J. Welch. 2004. Distributed Computing: Fundamentals, Simulations, and Advanced Topics. Vol. 19. John Wiley 8 Sons.Google ScholarDigital Library
M. Backes, A. Datta, and A. Kate. 2013. Asynchronous computational VSS with reduced communication complexity. In Proceedings of the CT-RSA (Lecture Notes in Computer Science), Vol. 7779. Springer, 259--276.Google Scholar
M. Backes, A. Kate, and A. Patra. 2011. Computational verifiable secret sharing revisited. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 7073. Springer, 590--609.Google Scholar
Z. Beerliová-Trubíniová and M. Hirt. 2008. Perfectly-secure MPC with linear communication complexity. In Proceedings of the TCC (Lecture Notes in Computer Science), Vol. 4948. Springer Verlag, 213--230.Google Scholar
M. Bellare and P. Rogaway. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the CCS. ACM, 62--73.Google Scholar
M. Ben-Or. 1983. Another advantage of free choice (extended abstract): Completely asynchronous agreement protocols. In Proceedings of the PODC. ACM, 27--30.Google ScholarDigital Library
M. Ben-Or, S. Goldwasser, and A. Wigderson. 1988. Completeness theorems for non-cryptographic fault-tolerant distributed computation (extended abstract). In Proceedings of the STOC, J. Simon (Ed.). ACM, 1--10.Google Scholar
M. Ben-Or, E. Pavlov, and V. Vaikuntanathan. 2006. Byzantine agreement in the full-information model in O(log n) rounds. In Proceedings of the STOC. ACM, 179--186.Google Scholar
D. Boneh and X. Boyen. 2004. Short signatures without random oracles. In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science), Vol. 3027. Springer, 56--73.Google Scholar
G. Bracha. 1984. An asynchronous [(n-1)/3]-resilient consensus protocol. In Proceedings of the PODC. ACM, 154--162.Google ScholarDigital Library
C. Cachin, K. Kursawe, A. Lysyanskaya, and R. Strobl. 2002. Asynchronous verifiable secret sharing and proactive cryptosystems. In Proceedings of the CCS. ACM, 88--97.Google Scholar
C. Cachin, K. Kursawe, and V. Shoup. 2000. Random oracles in Constantipole: Practical asynchronous Byzantine agreement using cryptography (extended abstract). In Proceedings of the PODC. ACM, 123--132.Google Scholar
C. Cachin, K. Kursawe, and V. Shoup. 2005. Random oracles in Constantinople: Practical asynchronous Byzantine agreement using cryptography. J. Cryptology 18, 3 (2005), 219--246.Google ScholarDigital Library
R. Canetti. 1995. Studies in Secure Multiparty Computation and Applications. Ph.D. Dissertation. Weizmann Institute, Israel.Google Scholar
R. Canetti, O. Goldreich, and S. Halevi. 2004. The random oracle methodology, revisited. J. ACM 51, 4 (2004), 557--594.Google ScholarDigital Library
R. Canetti and T. Rabin. 1993. Fast asynchronous Byzantine agreement with optimal resilience. In Proceedings of the STOC. 42--51.Google Scholar
B. Chor and B. A. Coan. 1985. A simple and efficient randomized Byzantine agreement algorithm. IEEE Trans. Softw. Eng. 11, 6 (1985), 531--539.Google ScholarDigital Library
R. Cramer and I. Damgård. 2005. Multiparty Computation, an Introduction. Contemporary Cryptography. Birkhåuser Basel.Google Scholar
R. Cramer, I. Damgård, and J. B. Nielsen. 2015. Secure Multiparty Computation and Secret Sharing. Cambridge University Press.Google Scholar
I. Damgård and J. B. Nielsen. 2007. Scalable and unconditionally secure multiparty computation. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 4622. Springer Verlag, 572--590.Google Scholar
P. Feldman and S. Micali. 1988. Optimal algorithms for Byzantine agreement. In Proceedings of the STOC. ACM, 148--161.Google Scholar
M. J. Fischer, N. A. Lynch, and M. Paterson. 1985. Impossibility of distributed consensus with one faulty process. J. ACM 32, 2 (1985), 374--382.Google ScholarDigital Library
M. Fitzi. 2002. Generalized Communication and Security Models in Byzantine Agreement. Ph.D. Dissertation. ETH Zurich.Google Scholar
M. K. Franklin and M. Yung. 1992. Communication complexity of secure computation (extended abstract). In Proceedings of the STOC. ACM, 699--710.Google Scholar
R. Gennaro, M. O. Rabin, and T. Rabin. 1998. Simplified VSS and fact-track multiparty computations with applications to threshold cryptography. In Proceedings of the PODC. ACM, 101--111.Google Scholar
O. Goldreich. 2004. The Foundations of Cryptography - Volume 2, Basic Applications. Cambridge University Press.Google ScholarDigital Library
O. Goldreich, S. Micali, and A. Wigderson. 1987. How to play any mental game or a completeness theorem for protocols with honest majority. In Proceedings of the STOC. ACM, 218--229.Google Scholar
L. Grassi, C. Rechberger, D. Rotaru, P. Scholl, and N. P. Smart. 2016. MPC-friendly symmetric key primitives. In Proceedings of the CCS. ACM, 430--443.Google Scholar
J. A. Garay and A. Kiayias. 2018. SoK: A Consensus Taxonomy in the Blockchain Era. IACR Cryptology ePrint Archive. Report number 754. https://eprint.iacr.org/2018/754.Google Scholar
A. Kate, G. M. Zaverucha, and I. Goldberg. 2010. Constant-size commitments to polynomials and their applications. In Proceedings of the ASIACRYPT (Lecture Notes in Computer Science), Vol. 6477. Springer, 177--194.Google Scholar
J. Katz and Y. Lindell. 2014. Introduction to Modern Cryptography, Second Edition. CRC Press.Google Scholar
V. King and J. Saia. 2016. Byzantine agreement in expected polynomial time. J. ACM 63, 2 (2016), 13:1--13:21.Google ScholarDigital Library
N. A. Lynch. 1996. Distributed Algorithms. Morgan Kaufmann.Google Scholar
F. J. MacWilliams and N. J. A. Sloane. 1978. The Theory of Error Correcting Codes. North-Holland Publishing Company.Google Scholar
A. Patra. 2011. Error-free multi-valued broadcast and Byzantine agreement with optimal communication complexity. In Proceedings of the OPODIS (Lecture Notes in Computer Science), Vol. 7109. Springer, 34--49.Google ScholarDigital Library
A. Patra, A. Choudhury, and C. Pandu Rangan. 2014. Asynchronous Byzantine agreement with optimal resilience. Distrib. Comput. 27, 2 (2014), 111--146.Google ScholarDigital Library
A. Patra and C. Pandu Rangan. 2010. Brief announcement: Communication efficient asynchronous Byzantine agreement. In Proceedings of the PODC. ACM, 243--244.Google Scholar
M. C. Pease, R. E. Shostak, and L. Lamport. 1980. Reaching agreement in the presence of faults. J. ACM 27, 2 (1980), 228--234.Google ScholarDigital Library
T. P. Pedersen. 1991. Non-interactive and information-theoretic secure verifiable secret sharing. In Proceedings of the CRYPTO (Lecture Notes in Computer Science), Vol. 576. Springer, 129--140.Google Scholar
Michael O. Rabin. 1983. Randomized Byzantine generals. In Proceedings of the FOCS. IEEE Computer Society, 403--409.Google ScholarDigital Library
T. Rabin and M. Ben-Or. 1989. Verifiable secret sharing and multiparty protocols with honest majority (extended abstract). In Proceedings of the STOC. ACM, 73--85.Google Scholar
A. Shamir. 1979. How to share a secret. Commun. ACM 22, 11 (1979), 612--613.Google ScholarDigital Library
V. Shoup. 2000. Practical threshold signatures. In Proceedings of the EUROCRYPT (Lecture Notes in Computer Science), Vol. 1807. Springer, 207--220.Google ScholarCross Ref
C. Wang. 2015. Asynchronous Byzantine agreement with optimal resilience and linear complexity. CoRR abs/1507.06165 (2015).Google Scholar
A. C. Yao. 1982. Protocols for secure computations (extended abstract). In Proceedings of the FOCS. IEEE Computer Society, 160--164.Google Scholar

Index Terms

The Power of Shunning: Efficient Asynchronous Byzantine Agreement Revisited*
1. Security and privacy
  1. Cryptography
    1. Information-theoretic techniques
2. Theory of computation
  1. Computational complexity and cryptography
    1. Communication complexity
    2. Cryptographic protocols
  2. Design and analysis of algorithms
    1. Distributed algorithms

Recommendations

Asynchronous Byzantine Agreement with optimal resilience

We present an efficient, optimally-resilient Asynchronous Byzantine Agreement (ABA) protocol involving $$n = 3t+1$$n=3t+1 parties over a completely asynchronous network, tolerating a computationally unbounded Byzantine adversary, capable of corrupting ...
Read More
Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited
PODC '18: Proceedings of the 2018 ACM Symposium on Principles of Distributed Computing

The problem of Byzantine Agreement (BA) is of interest to both distributed computing and cryptography community. Following well-known results from the distributed computing literature, BA problem in the asynchronous network setting encounters inevitable ...
Read More
An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience
PODC '08: Proceedings of the twenty-seventh ACM symposium on Principles of distributed computing

Consider an asynchronous system with private channels and n processes, up to t of which may be faulty. We settle a longstanding open question by providing a Byzantine agreement protocol that simultaneously achieves three properties: (optimal) resilience:...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
Journal of the ACM Volume 67, Issue 3
Distributed Computing, Parameterized Complexity Theory, Randomized Algorithms, and Computational Geometry
June 2020
189 pages
ISSN:0004-5411
EISSN:1557-735X
DOI:10.1145/3400020
Editor:
Éva Tardos
Cornell University
Issue’s Table of Contents
Copyright © 2020 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 18 May 2020
- Online AM: 7 May 2020
- Accepted: 1 February 2020
- Revised: 1 June 2019
- Received: 1 May 2018
Published in jacm Volume 67, Issue 3

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Byzantine agreement
Distributed computing
common coin
secret sharing
Qualifiers
- research-article
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 10
  Total Citations
  View Citations
- 469
  Total Downloads
- Downloads (Last 12 months)74
- Downloads (Last 6 weeks)12
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format .

View HTML Format

The Power of Shunning: Efficient Asynchronous Byzantine Agreement Revisited*

Journal of the ACM

Abstract

References

Cited By

Index Terms

Recommendations

Asynchronous Byzantine Agreement with optimal resilience

Almost-Surely Terminating Asynchronous Byzantine Agreement Revisited

An almost-surely terminating polynomial protocol for asynchronous byzantine agreement with optimal resilience