3,992 research outputs found
On the Round Complexity of Randomized Byzantine Agreement
We prove lower bounds on the round complexity of randomized Byzantine agreement (BA) protocols, bounding the halting probability of such protocols after one and two rounds. In particular, we prove that:
1) BA protocols resilient against n/3 [resp., n/4] corruptions terminate (under attack) at the end of the first round with probability at most o(1) [resp., 1/2+ o(1)].
2) BA protocols resilient against n/4 corruptions terminate at the end of the second round with probability at most 1-Theta(1).
3) For a large class of protocols (including all BA protocols used in practice) and under a plausible combinatorial conjecture, BA protocols resilient against n/3 [resp., n/4] corruptions terminate at the end of the second round with probability at most o(1) [resp., 1/2 + o(1)].
The above bounds hold even when the parties use a trusted setup phase, e.g., a public-key infrastructure (PKI).
The third bound essentially matches the recent protocol of Micali (ITCS\u2717) that tolerates up to n/3 corruptions and terminates at the end of the third round with constant probability
The Contest Between Simplicity and Efficiency in Asynchronous Byzantine Agreement
In the wake of the decisive impossibility result of Fischer, Lynch, and
Paterson for deterministic consensus protocols in the aynchronous model with
just one failure, Ben-Or and Bracha demonstrated that the problem could be
solved with randomness, even for Byzantine failures. Both protocols are natural
and intuitive to verify, and Bracha's achieves optimal resilience. However, the
expected running time of these protocols is exponential in general. Recently,
Kapron, Kempe, King, Saia, and Sanwalani presented the first efficient
Byzantine agreement algorithm in the asynchronous, full information model,
running in polylogarithmic time. Their algorithm is Monte Carlo and drastically
departs from the simple structure of Ben-Or and Bracha's Las Vegas algorithms.
In this paper, we begin an investigation of the question: to what extent is
this departure necessary? Might there be a much simpler and intuitive Las Vegas
protocol that runs in expected polynomial time? We will show that the
exponential running time of Ben-Or and Bracha's algorithms is no mere accident
of their specific details, but rather an unavoidable consequence of their
general symmetry and round structure. We define a natural class of "fully
symmetric round protocols" for solving Byzantine agreement in an asynchronous
setting and show that any such protocol can be forced to run in expected
exponential time by an adversary in the full information model. We assume the
adversary controls Byzantine processors for , where is an
arbitrary positive constant . We view our result as a step toward
identifying the level of complexity required for a polynomial-time algorithm in
this setting, and also as a guide in the search for new efficient algorithms.Comment: 21 page
Round-Efficient Byzantine Agreement and Multi-Party Computation with Asynchronous Fallback
Protocols for Byzantine agreement (BA) and secure multi-party computation (MPC) can be classified according to the underlying communication model. The two most commonly considered models are the synchronous one and the asynchronous one. Synchronous protocols typically lose their security guarantees as soon as the network violates the synchrony assumptions. Asynchronous protocols remain secure regardless of the network conditions, but achieve weaker security guarantees even when the network is synchronous.
Recent works by Blum, Katz and Loss [TCC\u2719], and Blum, Liu-Zhang and Loss [CRYPTO\u2720] introduced BA and MPC protocols achieving security guarantees in both settings: security up to corruptions in a synchronous network, and up to corruptions in an asynchronous network, under the provably optimal threshold trade-offs and . However, current solutions incur a high synchronous round complexity when compared to state-of-the-art purely synchronous protocols. When the network is synchronous, the round complexity of BA protocols is linear in the number of parties, and the round complexity of MPC protocols also depends linearly on the depth of the circuit to evaluate.
In this work, we provide round-efficient constructions for both primitives with optimal resilience: fixed-round and expected constant-round BA protocols, and an MPC protocol whose round complexity is independent of the circuit depth
Randomized protocols for asynchronous consensus
The famous Fischer, Lynch, and Paterson impossibility proof shows that it is
impossible to solve the consensus problem in a natural model of an asynchronous
distributed system if even a single process can fail. Since its publication,
two decades of work on fault-tolerant asynchronous consensus algorithms have
evaded this impossibility result by using extended models that provide (a)
randomization, (b) additional timing assumptions, (c) failure detectors, or (d)
stronger synchronization mechanisms than are available in the basic model.
Concentrating on the first of these approaches, we illustrate the history and
structure of randomized asynchronous consensus protocols by giving detailed
descriptions of several such protocols.Comment: 29 pages; survey paper written for PODC 20th anniversary issue of
Distributed Computin
- …