47 research outputs found
Not a COINcidence: Sub-Quadratic Asynchronous Byzantine Agreement WHP
King and Saia were the first to break the quadratic word complexity bound for
Byzantine Agreement in synchronous systems against an adaptive adversary, and
Algorand broke this bound with near-optimal resilience (first in the
synchronous model and then with eventual-synchrony). Yet the question of
asynchronous sub-quadratic Byzantine Agreement remained open. To the best of
our knowledge, we are the first to answer this question in the affirmative. A
key component of our solution is a shared coin algorithm based on a VRF. A
second essential ingredient is VRF-based committee sampling, which we formalize
and utilize in the asynchronous model for the first time. Our algorithms work
against a delayed-adaptive adversary, which cannot perform after-the-fact
removals but has full control of Byzantine processes and full information about
communication in earlier rounds. Using committee sampling and our shared coin,
we solve Byzantine Agreement with high probability, with a word complexity of
and expected time, breaking the bit barrier
for asynchronous Byzantine Agreement
Dumbo-MVBA: Optimal Multi-valued Validated Asynchronous Byzantine Agreement, Revisited
Multi-valued validated asynchronous Byzantine agreement (MVBA), proposed in the elegant work of Cachin et al. (CRYPTO \u2701), is fundamental for critical fault-tolerant services such as atomic broadcast in the asynchronous network. It was left as an open problem to asymptotically reduce the communication (where is the number of parties, is the input length, and is the security parameter). Recently, Abraham et al. (PODC \u2719) removed the term to partially answer the question when input is small. However, in other typical cases, e.g., building atomic broadcast through MVBA, the input length , and thus the communication is dominated by the term and the problem raised by Cachin et al. remains open.
We fill the gap and answer the remaining part of the above open problem. In particular, we present two MVBA protocols with communicated bits, which is optimal when . We also maintain other benefits including optimal resilience to tolerate up to adaptive Byzantine corruptions, optimal expected constant running time, and optimal messages.
At the core of our design, we propose asynchronous provable dispersal broadcast (APDB) in which each input can be split and dispersed to every party and later recovered in an efficient way. Leveraging APDB and asynchronous binary agreement, we design an optimal MVBA protocol, Dumbo-MVBA; we also present a general self-bootstrap framework Dumbo-MVBA* to reduce the communication of any existing MVBA protocols
Every Bit Counts in Consensus
Consensus enables n processes to agree on a common valid L-bit value, despite
t < n/3 processes being faulty and acting arbitrarily. A long line of work has
been dedicated to improving the worst-case communication complexity of
consensus in partial synchrony. This has recently culminated in the worst-case
word complexity of O(n^2). However, the worst-case bit complexity of the best
solution is still O(n^2 L + n^2 kappa) (where kappa is the security parameter),
far from the \Omega(n L + n^2) lower bound. The gap is significant given the
practical use of consensus primitives, where values typically consist of
batches of large size (L > n).
This paper shows how to narrow the aforementioned gap while achieving optimal
linear latency. Namely, we present a new algorithm, DARE (Disperse, Agree,
REtrieve), that improves upon the O(n^2 L) term via a novel dispersal
primitive. DARE achieves O(n^{1.5} L + n^{2.5} kappa) bit complexity, an
effective sqrt{n}-factor improvement over the state-of-the-art (when L > n
kappa). Moreover, we show that employing heavier cryptographic primitives,
namely STARK proofs, allows us to devise DARE-Stark, a version of DARE which
achieves the near-optimal bit complexity of O(n L + n^2 poly(kappa)). Both DARE
and DARE-Stark achieve optimal O(n) latency
Communication and Round Efficient Parallel Broadcast Protocols
This work focuses on the parallel broadcast primitive, where each of the parties wish to broadcast their -bit input in parallel. We consider the authenticated model with PKI and digital signatures that is secure against Byzantine faults under a synchronous network.
We show a generic reduction from parallel broadcast to a new primitive called graded parallel broadcast and a single instance of validated Byzantine agreement. Using our reduction, we obtain parallel broadcast protocols with communication ( denotes a security parameter) and expected constant rounds. Thus, for inputs of size bits, our protocols are asymptotically free.
Our graded parallel broadcast uses a novel gradecast protocol with multiple grades with asymptotically optimal communication complexity of for inputs of size bits. We also present a multi-valued validated Byzantine agreement protocol with asymptotically optimal communication complexity of for inputs of size bits in expectation and expected constant rounds. Both of these primitives are of independent interest
Towards Optimal and Practical Asynchronous Byzantine Fault Tolerant Protocols
With recent advancements in blockchain technology, people expect Byzantine fault tolerant (BFT) protocols to be deployed more frequently in wide-area networks (WAN) as opposed to conventional in-house settings. Asynchronous BFT protocols, which do not rely on any form of timing assumption, are arguably robust in such a setting. Asynchronous BFT protocols have been studied since the 1980s, but these asynchronous BFT works mainly focus on understanding the theoretical limits and possibilities. Until the recent asynchronous BFT protocol, HoneyBadgerBFT (HBBFT), was proposed, the field received renewed attention.
Dumbo family, a series of our works on the asynchronous BFT protocols, significantly pushed those protocols towards practice. First, all complexity metrics are pushed down to asymptotically optimal, simultaneously. Second, we identify the bottleneck in the state of the art and revisit the design methodology, identifying and utilizing the right components, and optimizing the protocol structure in various ways. Last but not least, we also open the box and optimize the critical components themselves. The resulting protocols are indeed significantly more performant, the latest protocol can have 100K tps and a few seconds of latency at a reasonable scale. This thesis focuses on the latest three members of the Dumbo family. To begin, we solved an open problem by proposing an optimal Multi-valued validated asynchronous Byzantine agreement protocol. Next, we present Dumbo-NG to address the challenge of latency-throughput tension by redesigning the methodology of asynchronous BFT protocols. Another benefit of the new methodology is that it can conquer the censorship threat without extra cost. Furthermore, we consider a realistic environment and present Bolt-Dumbo Transformer (BDT), a generic framework for practical optimistic asynchronous BFT to achieve the "best of both worlds" in terms of the advantages of deterministic BFT and randomized (asynchronous) BFT
All Byzantine Agreement Problems are Expensive
Byzantine agreement, arguably the most fundamental problem in distributed
computing, operates among n processes, out of which t < n can exhibit arbitrary
failures. The problem states that all correct (non-faulty) processes must
eventually decide (termination) the same value (agreement) from a set of
admissible values defined by the proposals of the processes (validity).
Depending on the exact version of the validity property, Byzantine agreement
comes in different forms, from Byzantine broadcast to strong and weak
consensus, to modern variants of the problem introduced in today's blockchain
systems. Regardless of the specific flavor of the agreement problem, its
communication cost is a fundamental metric whose improvement has been the focus
of decades of research. The Dolev-Reischuk bound, one of the most celebrated
results in distributed computing, proved 40 years ago that, at least for
Byzantine broadcast, no deterministic solution can do better than Omega(t^2)
exchanged messages in the worst case. Since then, it remained unknown whether
the quadratic lower bound extends to seemingly weaker variants of Byzantine
agreement. This paper answers the question in the affirmative, closing this
long-standing open problem. Namely, we prove that any non-trivial agreement
problem requires Omega(t^2) messages to be exchanged in the worst case. To
prove the general lower bound, we determine the weakest Byzantine agreement
problem and show, via a novel indistinguishability argument, that it incurs
Omega(t^2) exchanged messages