256 research outputs found
On the Round Complexity of Randomized Byzantine Agreement
We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that:
1) BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1/2+ o(1)].
2) BA protocols resilient against n/4 corruptions terminate at the end of the second round with probability at most 1-Theta(1).
3) For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against n/3 [resp., n/4] corruptions terminate at the end of the second round with probability at most o(1) [resp., 1/2 + o(1)].
The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI).
The third bound essentially matches the recent protocol of Micali (ITCS\u2717) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability
Randomized protocols for asynchronous consensus
The famous Fischer, Lynch, and Paterson impossibility proof shows that it is
impossible to solve the consensus problem in a natural model of an asynchronous
distributed system if even a single process can fail. Since its publication,
two decades of work on fault-tolerant asynchronous consensus algorithms have
evaded this impossibility result by using extended models that provide (a)
randomization, (b) additional timing assumptions, (c) failure detectors, or (d)
stronger synchronization mechanisms than are available in the basic model.
Concentrating on the first of these approaches, we illustrate the history and
structure of randomized asynchronous consensus protocols by giving detailed
descriptions of several such protocols.Comment: 29 pages; survey paper written for PODC 20th anniversary issue of
Distributed Computin
The Contest Between Simplicity and Efficiency in Asynchronous Byzantine Agreement
In the wake of the decisive impossibility result of Fischer, Lynch, and
Paterson for deterministic consensus protocols in the aynchronous model with
just one failure, Ben-Or and Bracha demonstrated that the problem could be
solved with randomness, even for Byzantine failures. Both protocols are natural
and intuitive to verify, and Bracha's achieves optimal resilience. However, the
expected running time of these protocols is exponential in general. Recently,
Kapron, Kempe, King, Saia, and Sanwalani presented the first efficient
Byzantine agreement algorithm in the asynchronous, full information model,
running in polylogarithmic time. Their algorithm is Monte Carlo and drastically
departs from the simple structure of Ben-Or and Bracha's Las Vegas algorithms.
In this paper, we begin an investigation of the question: to what extent is
this departure necessary? Might there be a much simpler and intuitive Las Vegas
protocol that runs in expected polynomial time? We will show that the
exponential running time of Ben-Or and Bracha's algorithms is no mere accident
of their specific details, but rather an unavoidable consequence of their
general symmetry and round structure. We define a natural class of "fully
symmetric round protocols" for solving Byzantine agreement in an asynchronous
setting and show that any such protocol can be forced to run in expected
exponential time by an adversary in the full information model. We assume the
adversary controls Byzantine processors for , where is an
arbitrary positive constant . We view our result as a step toward
identifying the level of complexity required for a polynomial-time algorithm in
this setting, and also as a guide in the search for new efficient algorithms.Comment: 21 page
Communication Lower Bounds for Cryptographic Broadcast Protocols
Broadcast protocols enable a set of parties to agree on the input of a
designated sender, even facing attacks by malicious parties. In the
honest-majority setting, randomization and cryptography were harnessed to
achieve low-communication broadcast with sub-quadratic total communication and
balanced sub-linear cost per party. However, comparatively little is known in
the dishonest-majority setting. Here, the most communication-efficient
constructions are based on Dolev and Strong (SICOMP '83), and sub-quadratic
broadcast has not been achieved. On the other hand, the only nontrivial
communication lower bounds are restricted to deterministic
protocols, or against strong adaptive adversaries that can perform "after the
fact" removal of messages.
We provide new communication lower bounds in this space, which hold against
arbitrary cryptography and setup assumptions, as well as a simple protocol
showing near tightness of our first bound.
1) We demonstrate a tradeoff between resiliency and communication for
protocols secure against static corruptions. For example,
messages are needed when the number of honest
parties is ; messages are needed for
honest parties; and messages are needed for
honest parties.
Complementarily, we demonstrate broadcast with
total communication facing any constant fraction of static corruptions.
2) Our second bound considers corruptions and a weakly adaptive
adversary that cannot remove messages "after the fact." We show that any
broadcast protocol within this setting can be attacked to force an arbitrary
party to send messages to other parties. This rules out, for example,
broadcast facing 51% corruptions in which all non-sender parties have sublinear
communication locality.Comment: A preliminary version of this work appeared in DISC 202
Optimal and Player-Replaceable Consensus with an Honest Majority
We construct a Byzantine Agreement protocol that tolerates t < n/2 corruptions, is very efficient in terms of the number of rounds and the number of bits of communication, and satisfies a strong notion of robustness called player replaceability (defined in [Mic16]). We provide an analysis of our protocol when executed on real-world networks such as the ones employed in the bitcoin protocol
- …